From 0b61cc659a992e59c157fbf0be6d50919c464613 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Tue, 28 Nov 2023 15:44:47 +0000
Subject: [PATCH] meta-arm/selftest: add test that PAC/BTI instructions are
 used

We enable PAC/BTI out of the box, but all of the pieces (such as gcc and
glibc) need to support it for the final binary to be protected.

Add a minimal test recipe to verify that the "Hello, World" binary is
using PAC/BTI, and add it to oe-selftest.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
---
 meta-arm/lib/oeqa/selftest/cases/pacbti.py  | 11 +++++++++++
 meta-arm/recipes-test/pacbti/files/pacbti.c |  9 +++++++++
 meta-arm/recipes-test/pacbti/test-pacbti.bb | 21 +++++++++++++++++++++
 3 files changed, 41 insertions(+)
 create mode 100644 meta-arm/lib/oeqa/selftest/cases/pacbti.py
 create mode 100644 meta-arm/recipes-test/pacbti/files/pacbti.c
 create mode 100644 meta-arm/recipes-test/pacbti/test-pacbti.bb

diff --git a/meta-arm/lib/oeqa/selftest/cases/pacbti.py b/meta-arm/lib/oeqa/selftest/cases/pacbti.py
new file mode 100644
index 00000000..40fe5e13
--- /dev/null
+++ b/meta-arm/lib/oeqa/selftest/cases/pacbti.py
@@ -0,0 +1,11 @@
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.core.decorator import OETestTag
+from oeqa.core.decorator.data import skipIfNotArch
+from oeqa.utils.commands import bitbake
+
+@OETestTag("meta-arm")
+class PacBtiTest(OESelftestTestCase):
+
+    @skipIfNotArch(["aarch64"])
+    def test_pac_bti(self):
+        bitbake("test-pacbti")
diff --git a/meta-arm/recipes-test/pacbti/files/pacbti.c b/meta-arm/recipes-test/pacbti/files/pacbti.c
new file mode 100644
index 00000000..618354ea
--- /dev/null
+++ b/meta-arm/recipes-test/pacbti/files/pacbti.c
@@ -0,0 +1,9 @@
+// Copyright (C) 2023 Arm Ltd
+// SPDX-License-Identifier: MIT
+
+#include <stdio.h>
+
+int main() {
+    puts("Hello, world");
+    return 0;
+}
diff --git a/meta-arm/recipes-test/pacbti/test-pacbti.bb b/meta-arm/recipes-test/pacbti/test-pacbti.bb
new file mode 100644
index 00000000..331c5854
--- /dev/null
+++ b/meta-arm/recipes-test/pacbti/test-pacbti.bb
@@ -0,0 +1,21 @@
+SUMMARY = "Test to verify that PAC/BTI is enabled"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://pacbti.c;beginline=2;endline=2;md5=6ec41034e04432ee375d0e14fba596f4"
+
+SRC_URI = "file://pacbti.c"
+
+S = "${WORKDIR}"
+
+do_compile() {
+    # Compile with -zforce-bti with fatal warnings, so the link fails if PAC/BTI
+    # is requested but gcc/glibc are built without it.
+    ${CC} ${CFLAGS} ${LDFLAGS} -z force-bti -Werror -Wl,--fatal-warnings ${S}/pacbti.c
+
+    # If we have a binary, check that the AArch64 feature list in the binary
+    # actually enables PAC/BTI.
+    ${READELF} --notes a.out | grep "AArch64 feature" >notes
+    grep BTI notes
+    grep PAC notes
+}
+
+COMPATIBLE_HOST = "aarch64.*-linux"