• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2022, VIXL authors
2 // All rights reserved.
3 //
4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are met:
6 //
7 //   * Redistributions of source code must retain the above copyright notice,
8 //     this list of conditions and the following disclaimer.
9 //   * Redistributions in binary form must reproduce the above copyright notice,
10 //     this list of conditions and the following disclaimer in the documentation
11 //     and/or other materials provided with the distribution.
12 //   * Neither the name of ARM Limited nor the names of its contributors may be
13 //     used to endorse or promote products derived from this software without
14 //     specific prior written permission.
15 //
16 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS CONTRIBUTORS "AS IS" AND
17 // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 // WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 // DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
20 // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
22 // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
23 // CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
25 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 
27 #include <sys/mman.h>
28 #include <unistd.h>
29 
30 #include "test-runner.h"
31 #include "test-utils.h"
32 
33 #include "aarch64/cpu-aarch64.h"
34 #include "aarch64/disasm-aarch64.h"
35 #include "aarch64/macro-assembler-aarch64.h"
36 #include "aarch64/simulator-aarch64.h"
37 #include "aarch64/test-utils-aarch64.h"
38 #include "test-assembler-aarch64.h"
39 
40 namespace vixl {
41 namespace aarch64 {
42 
43 #ifdef VIXL_INCLUDE_SIMULATOR_AARCH64
TEST(test_metadata_mte)44 TEST(test_metadata_mte) {
45   SETUP_WITH_FEATURES(CPUFeatures::kMTE);
46 
47   size_t data_size = 320;
48   void* tagged_address = simulator.Mmap(NULL,
49                                         data_size,
50                                         PROT_READ | PROT_WRITE | PROT_MTE,
51                                         MAP_PRIVATE | MAP_ANONYMOUS,
52                                         -1,
53                                         0);
54 
55   START();
56 
57   Register tagged_heap_ptr = x20;
58   __ Mov(tagged_heap_ptr, reinterpret_cast<uintptr_t>(tagged_address));
59   for (int i = 0; i < 10; i++) {
60     __ Ldr(w0, MemOperand(tagged_heap_ptr, i * 32));
61     __ Str(w0, MemOperand(tagged_heap_ptr, i * 32));
62   }
63   __ Ldr(x2, MemOperand(tagged_heap_ptr, 8));
64   __ Ldrb(w3, MemOperand(tagged_heap_ptr, 1));
65   __ Ldrh(w4, MemOperand(tagged_heap_ptr, 67));
66 
67   __ Addg(x21, tagged_heap_ptr, 16, 2);
68 
69   END();
70 
71   if (CAN_RUN()) {
72     RUN();
73   }
74 
75   simulator.Munmap(tagged_address, data_size, PROT_MTE);
76 }
77 
78 #ifdef VIXL_NEGATIVE_TESTING
TEST(test_metadata_mte_neg)79 TEST(test_metadata_mte_neg) {
80   CPUFeatures features(CPUFeatures::kMTE);
81   SETUP_WITH_FEATURES(features);
82   size_t data_size = 320;
83   void* tagged_address = simulator.Mmap(NULL,
84                                         data_size,
85                                         PROT_READ | PROT_WRITE | PROT_MTE,
86                                         MAP_PRIVATE | MAP_ANONYMOUS,
87                                         -1,
88                                         0);
89 
90   START();
91 
92   Register tagged_heap_ptr = x20;
93   __ Mov(tagged_heap_ptr, reinterpret_cast<uintptr_t>(tagged_address));
94   __ Addg(x21, tagged_heap_ptr, 16, 2);
95 
96   // The memory tag has been changed and becomes invalid.
97   __ Ldr(w0, MemOperand(x21));
98   __ Str(w0, MemOperand(x21));
99 
100   // Out-of-bound access error.
101   __ Ldr(w0, MemOperand(tagged_heap_ptr, 320));
102   __ Str(w0, MemOperand(tagged_heap_ptr, 336));
103   __ Ldr(w0, MemOperand(tagged_heap_ptr, -8));
104   __ Str(w0, MemOperand(tagged_heap_ptr, -16));
105 
106   void* tagged_address_2 = simulator.Mmap(NULL,
107                                           data_size,
108                                           PROT_READ | PROT_WRITE | PROT_MTE,
109                                           MAP_PRIVATE | MAP_ANONYMOUS,
110                                           -1,
111                                           0);
112 
113   __ Mov(x22, reinterpret_cast<uintptr_t>(tagged_address_2));
114   simulator.Munmap(tagged_address_2, data_size, PROT_MTE);
115 
116   // Use-after-free error.
117   __ Ldr(w0, MemOperand(x22));
118 
119   END();
120 
121   if (CAN_RUN()) {
122     MUST_FAIL_WITH_MESSAGE(RUN(), "Tag mismatch.");
123   }
124 
125   simulator.Munmap(tagged_address, data_size, PROT_MTE);
126 }
127 #endif  // VIXL_NEGATIVE_TESTING
128 #endif  // VIXL_INCLUDE_SIMULATOR_AARCH64
129 }  // namespace aarch64
130 }  // namespace vixl
131