[PATCH 4/4] tests/tcg/aarch64: Add pauth-4

[Richard Henderson]

Perform the set of operations and test described in LP 1859713.

Suggested-by: Adrien GRASSEIN <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
---
 tests/tcg/aarch64/pauth-4.c       | 25 +++++++++++++++++++++++++
 tests/tcg/aarch64/Makefile.target |  2 +-
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 tests/tcg/aarch64/pauth-4.c

diff --git a/tests/tcg/aarch64/pauth-4.c b/tests/tcg/aarch64/pauth-4.c
new file mode 100644
index 0000000000..4b22e6e282
--- /dev/null
+++ b/tests/tcg/aarch64/pauth-4.c
@@ -0,0 +1,25 @@
+#include <stdint.h>
+#include <assert.h>
+
+int main()
+{
+  uintptr_t x, y;
+
+  asm("mov %0, lr\n\t"
+      "pacia %0, sp\n\t"       /* sigill if pauth not supported */
+      "eor %0, %0, #4\n\t"     /* corrupt single bit */
+      "mov %1, %0\n\t"
+      "autia %1, sp\n\t"       /* validate corrupted pointer */
+      "xpaci %0\n\t"           /* strip pac from corrupted pointer */
+      : "=r"(x), "=r"(y));
+
+  /*
+   * Once stripped, the corrupted pointer is of the form 0x0000...wxyz.
+   * We expect the autia to indicate failure, producing a pointer of the
+   * form 0x000e....wxyz.  Use xpaci and != for the test, rather than
+   * extracting explicit bits from the top, because the location of the
+   * error code "e" depends on the configuration of virtual memory.
+   */
+  assert(x != y);
+  return 0;
+}
diff --git a/tests/tcg/aarch64/Makefile.target 
b/tests/tcg/aarch64/Makefile.target
index 374c8d6830..efa67cf1e9 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -18,7 +18,7 @@ run-fcvt: fcvt
        $(call diff-out,$<,$(AARCH64_SRC)/fcvt.ref)
 
 # Pauth Tests
-AARCH64_TESTS += pauth-1 pauth-2
+AARCH64_TESTS += pauth-1 pauth-2 pauth-4
 run-pauth-%: QEMU_OPTS += -cpu max
 pauth-%: CFLAGS += -march=armv8.3-a
 
-- 
2.20.1