* [PATCH v36 22/24] selftests/x86: Add a selftest for SGX
[not found] <20200716135303.276442-1-jarkko.sakkinen@linux.intel.com>
@ 2020-07-16 13:53 ` Jarkko Sakkinen
2020-08-27 4:47 ` Nathaniel McCallum
0 siblings, 1 reply; 4+ messages in thread
From: Jarkko Sakkinen @ 2020-07-16 13:53 UTC (permalink / raw)
To: x86, linux-sgx
Cc: linux-kernel, Jarkko Sakkinen, linux-kselftest, akpm,
andriy.shevchenko, asapek, bp, cedric.xing, chenalexchen,
conradparker, cyhanish, dave.hansen, haitao.huang, josh,
kai.huang, kai.svahn, kmoy, ludloff, luto, nhorman, npmccallum,
puiterwijk, rientjes, sean.j.christopherson, tglx, yaozhangx
Add a selftest for SGX. It is a trivial test where a simple enclave
copies one 64-bit word of memory between two memory locations.
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/sgx/.gitignore | 2 +
tools/testing/selftests/sgx/Makefile | 53 +++
tools/testing/selftests/sgx/call.S | 54 +++
tools/testing/selftests/sgx/defines.h | 21 +
tools/testing/selftests/sgx/load.c | 282 +++++++++++++
tools/testing/selftests/sgx/main.c | 199 +++++++++
tools/testing/selftests/sgx/main.h | 38 ++
tools/testing/selftests/sgx/sigstruct.c | 395 ++++++++++++++++++
tools/testing/selftests/sgx/test_encl.c | 20 +
tools/testing/selftests/sgx/test_encl.lds | 40 ++
.../selftests/sgx/test_encl_bootstrap.S | 89 ++++
12 files changed, 1194 insertions(+)
create mode 100644 tools/testing/selftests/sgx/.gitignore
create mode 100644 tools/testing/selftests/sgx/Makefile
create mode 100644 tools/testing/selftests/sgx/call.S
create mode 100644 tools/testing/selftests/sgx/defines.h
create mode 100644 tools/testing/selftests/sgx/load.c
create mode 100644 tools/testing/selftests/sgx/main.c
create mode 100644 tools/testing/selftests/sgx/main.h
create mode 100644 tools/testing/selftests/sgx/sigstruct.c
create mode 100644 tools/testing/selftests/sgx/test_encl.c
create mode 100644 tools/testing/selftests/sgx/test_encl.lds
create mode 100644 tools/testing/selftests/sgx/test_encl_bootstrap.S
diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile
index 1195bd85af38..ec7be6d5a10d 100644
--- a/tools/testing/selftests/Makefile
+++ b/tools/testing/selftests/Makefile
@@ -64,6 +64,7 @@ TARGETS += user
TARGETS += vm
TARGETS += x86
TARGETS += zram
+TARGETS += sgx
#Please keep the TARGETS list alphabetically sorted
# Run "make quicktest=1 run_tests" or
# "make quicktest=1 kselftest" from top level Makefile
diff --git a/tools/testing/selftests/sgx/.gitignore b/tools/testing/selftests/sgx/.gitignore
new file mode 100644
index 000000000000..fbaf0bda9a92
--- /dev/null
+++ b/tools/testing/selftests/sgx/.gitignore
@@ -0,0 +1,2 @@
+test_sgx
+test_encl.elf
diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile
new file mode 100644
index 000000000000..95e5c4df8014
--- /dev/null
+++ b/tools/testing/selftests/sgx/Makefile
@@ -0,0 +1,53 @@
+top_srcdir = ../../../..
+
+include ../lib.mk
+
+.PHONY: all clean
+
+CAN_BUILD_X86_64 := $(shell ../x86/check_cc.sh $(CC) \
+ ../x86/trivial_64bit_program.c)
+
+ifndef OBJCOPY
+OBJCOPY := $(CROSS_COMPILE)objcopy
+endif
+
+INCLUDES := -I$(top_srcdir)/tools/include
+HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack
+ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \
+ -fno-stack-protector -mrdrnd $(INCLUDES)
+
+TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx $(OUTPUT)/test_encl.elf
+
+ifeq ($(CAN_BUILD_X86_64), 1)
+all: $(TEST_CUSTOM_PROGS)
+endif
+
+$(OUTPUT)/test_sgx: $(OUTPUT)/main.o \
+ $(OUTPUT)/load.o \
+ $(OUTPUT)/sigstruct.o \
+ $(OUTPUT)/call.o
+ $(CC) $(HOST_CFLAGS) -o $@ $^ -lcrypto
+
+$(OUTPUT)/main.o: main.c
+ $(CC) $(HOST_CFLAGS) -c $< -o $@
+
+$(OUTPUT)/load.o: load.c
+ $(CC) $(HOST_CFLAGS) -c $< -o $@
+
+$(OUTPUT)/sigstruct.o: sigstruct.c
+ $(CC) $(HOST_CFLAGS) -c $< -o $@
+
+$(OUTPUT)/call.o: call.S
+ $(CC) $(HOST_CFLAGS) -c $< -o $@
+
+$(OUTPUT)/test_encl.elf: test_encl.lds test_encl.c test_encl_bootstrap.S
+ $(CC) $(ENCL_CFLAGS) -T $^ -o $@
+
+EXTRA_CLEAN := \
+ $(OUTPUT)/test_encl.elf \
+ $(OUTPUT)/load.o \
+ $(OUTPUT)/call.o \
+ $(OUTPUT)/main.o \
+ $(OUTPUT)/sigstruct.o \
+ $(OUTPUT)/test_sgx \
+ $(OUTPUT)/test_sgx.o \
diff --git a/tools/testing/selftests/sgx/call.S b/tools/testing/selftests/sgx/call.S
new file mode 100644
index 000000000000..77131e83db42
--- /dev/null
+++ b/tools/testing/selftests/sgx/call.S
@@ -0,0 +1,54 @@
+/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */
+/**
+* Copyright(c) 2016-18 Intel Corporation.
+*/
+
+ .text
+
+ .macro ENCLU
+ .byte 0x0f, 0x01, 0xd7
+ .endm
+
+ .text
+
+ .global sgx_call_vdso
+sgx_call_vdso:
+ .cfi_startproc
+ push %r15
+ .cfi_adjust_cfa_offset 8
+ .cfi_rel_offset %r15, 0
+ push %r14
+ .cfi_adjust_cfa_offset 8
+ .cfi_rel_offset %r14, 0
+ push %r13
+ .cfi_adjust_cfa_offset 8
+ .cfi_rel_offset %r13, 0
+ push %r12
+ .cfi_adjust_cfa_offset 8
+ .cfi_rel_offset %r12, 0
+ push %rbx
+ .cfi_adjust_cfa_offset 8
+ .cfi_rel_offset %rbx, 0
+ push $0
+ .cfi_adjust_cfa_offset 8
+ push 0x48(%rsp)
+ .cfi_adjust_cfa_offset 8
+ push 0x48(%rsp)
+ .cfi_adjust_cfa_offset 8
+ push 0x48(%rsp)
+ .cfi_adjust_cfa_offset 8
+ call *eenter(%rip)
+ add $0x20, %rsp
+ .cfi_adjust_cfa_offset -0x20
+ pop %rbx
+ .cfi_adjust_cfa_offset -8
+ pop %r12
+ .cfi_adjust_cfa_offset -8
+ pop %r13
+ .cfi_adjust_cfa_offset -8
+ pop %r14
+ .cfi_adjust_cfa_offset -8
+ pop %r15
+ .cfi_adjust_cfa_offset -8
+ ret
+ .cfi_endproc
diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h
new file mode 100644
index 000000000000..be8969922804
--- /dev/null
+++ b/tools/testing/selftests/sgx/defines.h
@@ -0,0 +1,21 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright(c) 2016-19 Intel Corporation.
+ */
+
+#ifndef DEFINES_H
+#define DEFINES_H
+
+#include <stdint.h>
+
+#define PAGE_SIZE 4096
+#define PAGE_MASK (~(PAGE_SIZE - 1))
+
+#define __aligned(x) __attribute__((__aligned__(x)))
+#define __packed __attribute__((packed))
+
+#include "../../../../arch/x86/kernel/cpu/sgx/arch.h"
+#include "../../../../arch/x86/include/asm/enclu.h"
+#include "../../../../arch/x86/include/uapi/asm/sgx.h"
+
+#endif /* DEFINES_H */
diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c
new file mode 100644
index 000000000000..91407036541c
--- /dev/null
+++ b/tools/testing/selftests/sgx/load.c
@@ -0,0 +1,282 @@
+// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
+// Copyright(c) 2016-18 Intel Corporation.
+
+#include <assert.h>
+#include <elf.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/ioctl.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include "defines.h"
+#include "main.h"
+
+void encl_delete(struct encl *encl)
+{
+ if (encl->encl_base)
+ munmap((void *)encl->encl_base, encl->encl_size);
+
+ if (encl->bin)
+ munmap(encl->bin, encl->bin_size);
+
+ if (encl->fd)
+ close(encl->fd);
+
+ if (encl->segment_tbl)
+ free(encl->segment_tbl);
+
+ memset(encl, 0, sizeof(*encl));
+}
+
+static bool encl_map_bin(const char *path, struct encl *encl)
+{
+ struct stat sb;
+ void *bin;
+ int ret;
+ int fd;
+
+ fd = open(path, O_RDONLY);
+ if (fd == -1) {
+ perror("open()");
+ return false;
+ }
+
+ ret = stat(path, &sb);
+ if (ret) {
+ perror("stat()");
+ goto err;
+ }
+
+ bin = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+ if (bin == MAP_FAILED) {
+ perror("mmap()");
+ goto err;
+ }
+
+ encl->bin = bin;
+ encl->bin_size = sb.st_size;
+
+ close(fd);
+ return true;
+
+err:
+ close(fd);
+ return false;
+}
+
+static bool encl_ioc_create(struct encl *encl)
+{
+ struct sgx_secs *secs = &encl->secs;
+ struct sgx_enclave_create ioc;
+ int rc;
+
+ assert(encl->encl_base != 0);
+
+ memset(secs, 0, sizeof(*secs));
+ secs->ssa_frame_size = 1;
+ secs->attributes = SGX_ATTR_MODE64BIT;
+ secs->xfrm = 3;
+ secs->base = encl->encl_base;
+ secs->size = encl->encl_size;
+
+ ioc.src = (unsigned long)secs;
+ rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_CREATE, &ioc);
+ if (rc) {
+ fprintf(stderr, "SGX_IOC_ENCLAVE_CREATE failed: errno=%d\n",
+ errno);
+ munmap((void *)secs->base, encl->encl_size);
+ return false;
+ }
+
+ return true;
+}
+
+static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg)
+{
+ struct sgx_enclave_add_pages ioc;
+ struct sgx_secinfo secinfo;
+ int rc;
+
+ memset(&secinfo, 0, sizeof(secinfo));
+ secinfo.flags = seg->flags;
+
+ ioc.src = (uint64_t)encl->src + seg->offset;
+ ioc.offset = seg->offset;
+ ioc.length = seg->size;
+ ioc.secinfo = (unsigned long)&secinfo;
+ ioc.flags = SGX_PAGE_MEASURE;
+
+ rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc);
+ if (rc) {
+ fprintf(stderr, "SGX_IOC_ENCLAVE_ADD_PAGES failed: errno=%d.\n",
+ errno);
+ return false;
+ }
+
+ if (ioc.count != ioc.length) {
+ fprintf(stderr, "A segment not fully processed.\n");
+ return false;
+ }
+
+ return true;
+}
+
+bool encl_load(const char *path, struct encl *encl)
+{
+ Elf64_Phdr *phdr_tbl;
+ off_t src_offset;
+ Elf64_Ehdr *ehdr;
+ int i, j;
+ int ret;
+
+ memset(encl, 0, sizeof(*encl));
+
+ ret = open("/dev/sgx/enclave", O_RDWR);
+ if (ret < 0) {
+ fprintf(stderr, "Unable to open /dev/sgx\n");
+ goto err;
+ }
+
+ encl->fd = ret;
+
+ if (!encl_map_bin(path, encl))
+ goto err;
+
+ ehdr = encl->bin;
+ phdr_tbl = encl->bin + ehdr->e_phoff;
+
+ for (i = 0; i < ehdr->e_phnum; i++) {
+ Elf64_Phdr *phdr = &phdr_tbl[i];
+
+ if (phdr->p_type == PT_LOAD)
+ encl->nr_segments++;
+ }
+
+ encl->segment_tbl = calloc(encl->nr_segments,
+ sizeof(struct encl_segment));
+ if (!encl->segment_tbl)
+ goto err;
+
+ for (i = 0, j = 0; i < ehdr->e_phnum; i++) {
+ Elf64_Phdr *phdr = &phdr_tbl[i];
+ unsigned int flags = phdr->p_flags;
+ struct encl_segment *seg;
+
+ if (phdr->p_type != PT_LOAD)
+ continue;
+
+ seg = &encl->segment_tbl[j];
+
+ if (!!(flags & ~(PF_R | PF_W | PF_X))) {
+ fprintf(stderr,
+ "%d has invalid segment flags 0x%02x.\n", i,
+ phdr->p_flags);
+ goto err;
+ }
+
+ if (j == 0 && flags != (PF_R | PF_W)) {
+ fprintf(stderr,
+ "TCS has invalid segment flags 0x%02x.\n",
+ phdr->p_flags);
+ goto err;
+ }
+
+ if (j == 0) {
+ src_offset = (phdr->p_offset & PAGE_MASK) - src_offset;
+
+ seg->prot = PROT_READ | PROT_WRITE;
+ seg->flags = SGX_PAGE_TYPE_TCS << 8;
+ } else {
+ seg->prot = (phdr->p_flags & PF_R) ? PROT_READ : 0;
+ seg->prot |= (phdr->p_flags & PF_W) ? PROT_WRITE : 0;
+ seg->prot |= (phdr->p_flags & PF_X) ? PROT_EXEC : 0;
+ seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot;
+ }
+
+ seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset;
+ seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK;
+
+ printf("0x%016lx 0x%016lx 0x%02x\n", seg->offset, seg->size,
+ seg->prot);
+
+ j++;
+ }
+
+ assert(j == encl->nr_segments);
+
+ encl->src = encl->bin + src_offset;
+ encl->src_size = encl->segment_tbl[j - 1].offset +
+ encl->segment_tbl[j - 1].size;
+
+ for (encl->encl_size = 4096; encl->encl_size < encl->src_size; )
+ encl->encl_size <<= 1;
+
+ return true;
+
+err:
+ encl_delete(encl);
+ return false;
+}
+
+static bool encl_map_area(struct encl *encl)
+{
+ size_t encl_size = encl->encl_size;
+ void *area;
+
+ area = mmap(NULL, encl_size * 2, PROT_NONE,
+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+ if (area == MAP_FAILED) {
+ perror("mmap");
+ return false;
+ }
+
+ encl->encl_base = ((uint64_t)area + encl_size - 1) & ~(encl_size - 1);
+
+ munmap(area, encl->encl_base - (uint64_t)area);
+ munmap((void *)(encl->encl_base + encl_size),
+ (uint64_t)area + encl_size - encl->encl_base);
+
+ return true;
+}
+
+bool encl_build(struct encl *encl)
+{
+ struct sgx_enclave_init ioc;
+ int ret;
+ int i;
+
+ if (!encl_map_area(encl))
+ return false;
+
+ if (!encl_ioc_create(encl))
+ return false;
+
+ /*
+ * Pages must be added before mapping VMAs because their permissions
+ * cap the VMA permissions.
+ */
+ for (i = 0; i < encl->nr_segments; i++) {
+ struct encl_segment *seg = &encl->segment_tbl[i];
+
+ if (!encl_ioc_add_pages(encl, seg))
+ return false;
+ }
+
+ ioc.sigstruct = (uint64_t)&encl->sigstruct;
+ ret = ioctl(encl->fd, SGX_IOC_ENCLAVE_INIT, &ioc);
+ if (ret) {
+ fprintf(stderr, "SGX_IOC_ENCLAVE_INIT failed: errno=%d\n",
+ errno);
+ return false;
+ }
+
+ return true;
+}
diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c
new file mode 100644
index 000000000000..8d95569e7a66
--- /dev/null
+++ b/tools/testing/selftests/sgx/main.c
@@ -0,0 +1,199 @@
+// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
+// Copyright(c) 2016-18 Intel Corporation.
+
+#include <elf.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/ioctl.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include "defines.h"
+#include "main.h"
+
+static const uint64_t MAGIC = 0x1122334455667788ULL;
+vdso_sgx_enter_enclave_t eenter;
+
+struct vdso_symtab {
+ Elf64_Sym *elf_symtab;
+ const char *elf_symstrtab;
+ Elf64_Word *elf_hashtab;
+};
+
+static void *vdso_get_base_addr(char *envp[])
+{
+ Elf64_auxv_t *auxv;
+ int i;
+
+ for (i = 0; envp[i]; i++)
+ ;
+
+ auxv = (Elf64_auxv_t *)&envp[i + 1];
+
+ for (i = 0; auxv[i].a_type != AT_NULL; i++) {
+ if (auxv[i].a_type == AT_SYSINFO_EHDR)
+ return (void *)auxv[i].a_un.a_val;
+ }
+
+ return NULL;
+}
+
+static Elf64_Dyn *vdso_get_dyntab(void *addr)
+{
+ Elf64_Ehdr *ehdr = addr;
+ Elf64_Phdr *phdrtab = addr + ehdr->e_phoff;
+ int i;
+
+ for (i = 0; i < ehdr->e_phnum; i++)
+ if (phdrtab[i].p_type == PT_DYNAMIC)
+ return addr + phdrtab[i].p_offset;
+
+ return NULL;
+}
+
+static void *vdso_get_dyn(void *addr, Elf64_Dyn *dyntab, Elf64_Sxword tag)
+{
+ int i;
+
+ for (i = 0; dyntab[i].d_tag != DT_NULL; i++)
+ if (dyntab[i].d_tag == tag)
+ return addr + dyntab[i].d_un.d_ptr;
+
+ return NULL;
+}
+
+static bool vdso_get_symtab(void *addr, struct vdso_symtab *symtab)
+{
+ Elf64_Dyn *dyntab = vdso_get_dyntab(addr);
+
+ symtab->elf_symtab = vdso_get_dyn(addr, dyntab, DT_SYMTAB);
+ if (!symtab->elf_symtab)
+ return false;
+
+ symtab->elf_symstrtab = vdso_get_dyn(addr, dyntab, DT_STRTAB);
+ if (!symtab->elf_symstrtab)
+ return false;
+
+ symtab->elf_hashtab = vdso_get_dyn(addr, dyntab, DT_HASH);
+ if (!symtab->elf_hashtab)
+ return false;
+
+ return true;
+}
+
+static unsigned long elf_sym_hash(const char *name)
+{
+ unsigned long h = 0, high;
+
+ while (*name) {
+ h = (h << 4) + *name++;
+ high = h & 0xf0000000;
+
+ if (high)
+ h ^= high >> 24;
+
+ h &= ~high;
+ }
+
+ return h;
+}
+
+static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name)
+{
+ Elf64_Word bucketnum = symtab->elf_hashtab[0];
+ Elf64_Word *buckettab = &symtab->elf_hashtab[2];
+ Elf64_Word *chaintab = &symtab->elf_hashtab[2 + bucketnum];
+ Elf64_Sym *sym;
+ Elf64_Word i;
+
+ for (i = buckettab[elf_sym_hash(name) % bucketnum]; i != STN_UNDEF;
+ i = chaintab[i]) {
+ sym = &symtab->elf_symtab[i];
+ if (!strcmp(name, &symtab->elf_symstrtab[sym->st_name]))
+ return sym;
+ }
+
+ return NULL;
+}
+
+int main(int argc, char *argv[], char *envp[])
+{
+ struct sgx_enclave_exception exception;
+ struct vdso_symtab symtab;
+ Elf64_Sym *eenter_sym;
+ uint64_t result = 0;
+ struct encl encl;
+ unsigned int i;
+ void *addr;
+
+ if (!encl_load("test_encl.elf", &encl))
+ goto err;
+
+ if (!encl_measure(&encl))
+ goto err;
+
+ if (!encl_build(&encl))
+ goto err;
+
+ /*
+ * An enclave consumer only must do this.
+ */
+ for (i = 0; i < encl.nr_segments; i++) {
+ struct encl_segment *seg = &encl.segment_tbl[i];
+
+ addr = mmap((void *)encl.encl_base + seg->offset, seg->size,
+ seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0);
+ if (addr == MAP_FAILED) {
+ fprintf(stderr, "mmap() failed, errno=%d.\n", errno);
+ exit(1);
+ }
+ }
+
+ memset(&exception, 0, sizeof(exception));
+
+ addr = vdso_get_base_addr(envp);
+ if (!addr)
+ goto err;
+
+ if (!vdso_get_symtab(addr, &symtab))
+ goto err;
+
+ eenter_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave");
+ if (!eenter_sym)
+ goto err;
+
+ eenter = addr + eenter_sym->st_value;
+
+ sgx_call_vdso((void *)&MAGIC, &result, 0, EENTER, NULL, NULL,
+ (void *)encl.encl_base, &exception, NULL);
+ if (result != MAGIC) {
+ printf("FAIL: sgx_call_vdso(), expected: 0x%lx, got: 0x%lx\n",
+ MAGIC, result);
+ goto err;
+ }
+
+ /* Invoke the vDSO directly. */
+ result = 0;
+ eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, 0, 0,
+ (void *)encl.encl_base, &exception, NULL);
+ if (result != MAGIC) {
+ printf("FAIL: eenter(), expected: 0x%lx, got: 0x%lx\n",
+ MAGIC, result);
+ goto err;
+ }
+
+ printf("SUCCESS\n");
+ encl_delete(&encl);
+ exit(0);
+
+err:
+ encl_delete(&encl);
+ exit(1);
+}
diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h
new file mode 100644
index 000000000000..999422cc7343
--- /dev/null
+++ b/tools/testing/selftests/sgx/main.h
@@ -0,0 +1,38 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright(c) 2016-19 Intel Corporation.
+ */
+
+#ifndef MAIN_H
+#define MAIN_H
+
+struct encl_segment {
+ off_t offset;
+ size_t size;
+ unsigned int prot;
+ unsigned int flags;
+};
+
+struct encl {
+ int fd;
+ void *bin;
+ off_t bin_size;
+ void *src;
+ size_t src_size;
+ size_t encl_size;
+ off_t encl_base;
+ unsigned int nr_segments;
+ struct encl_segment *segment_tbl;
+ struct sgx_secs secs;
+ struct sgx_sigstruct sigstruct;
+};
+
+void encl_delete(struct encl *ctx);
+bool encl_load(const char *path, struct encl *encl);
+bool encl_measure(struct encl *encl);
+bool encl_build(struct encl *encl);
+
+int sgx_call_vdso(void *rdi, void *rsi, long rdx, u32 leaf, void *r8, void *r9,
+ void *tcs, struct sgx_enclave_exception *ei, void *cb);
+
+#endif /* MAIN_H */
diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c
new file mode 100644
index 000000000000..ceddad478672
--- /dev/null
+++ b/tools/testing/selftests/sgx/sigstruct.c
@@ -0,0 +1,395 @@
+// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
+// Copyright(c) 2016-18 Intel Corporation.
+
+#define _GNU_SOURCE
+#include <assert.h>
+#include <getopt.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include "defines.h"
+#include "main.h"
+
+struct q1q2_ctx {
+ BN_CTX *bn_ctx;
+ BIGNUM *m;
+ BIGNUM *s;
+ BIGNUM *q1;
+ BIGNUM *qr;
+ BIGNUM *q2;
+};
+
+static void free_q1q2_ctx(struct q1q2_ctx *ctx)
+{
+ BN_CTX_free(ctx->bn_ctx);
+ BN_free(ctx->m);
+ BN_free(ctx->s);
+ BN_free(ctx->q1);
+ BN_free(ctx->qr);
+ BN_free(ctx->q2);
+}
+
+static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m,
+ struct q1q2_ctx *ctx)
+{
+ ctx->bn_ctx = BN_CTX_new();
+ ctx->s = BN_bin2bn(s, SGX_MODULUS_SIZE, NULL);
+ ctx->m = BN_bin2bn(m, SGX_MODULUS_SIZE, NULL);
+ ctx->q1 = BN_new();
+ ctx->qr = BN_new();
+ ctx->q2 = BN_new();
+
+ if (!ctx->bn_ctx || !ctx->s || !ctx->m || !ctx->q1 || !ctx->qr ||
+ !ctx->q2) {
+ free_q1q2_ctx(ctx);
+ return false;
+ }
+
+ return true;
+}
+
+static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1,
+ uint8_t *q2)
+{
+ struct q1q2_ctx ctx;
+
+ if (!alloc_q1q2_ctx(s, m, &ctx)) {
+ fprintf(stderr, "Not enough memory for Q1Q2 calculation\n");
+ return false;
+ }
+
+ if (!BN_mul(ctx.q1, ctx.s, ctx.s, ctx.bn_ctx))
+ goto out;
+
+ if (!BN_div(ctx.q1, ctx.qr, ctx.q1, ctx.m, ctx.bn_ctx))
+ goto out;
+
+ if (BN_num_bytes(ctx.q1) > SGX_MODULUS_SIZE) {
+ fprintf(stderr, "Too large Q1 %d bytes\n",
+ BN_num_bytes(ctx.q1));
+ goto out;
+ }
+
+ if (!BN_mul(ctx.q2, ctx.s, ctx.qr, ctx.bn_ctx))
+ goto out;
+
+ if (!BN_div(ctx.q2, NULL, ctx.q2, ctx.m, ctx.bn_ctx))
+ goto out;
+
+ if (BN_num_bytes(ctx.q2) > SGX_MODULUS_SIZE) {
+ fprintf(stderr, "Too large Q2 %d bytes\n",
+ BN_num_bytes(ctx.q2));
+ goto out;
+ }
+
+ BN_bn2bin(ctx.q1, q1);
+ BN_bn2bin(ctx.q2, q2);
+
+ free_q1q2_ctx(&ctx);
+ return true;
+out:
+ free_q1q2_ctx(&ctx);
+ return false;
+}
+
+struct sgx_sigstruct_payload {
+ struct sgx_sigstruct_header header;
+ struct sgx_sigstruct_body body;
+};
+
+static bool check_crypto_errors(void)
+{
+ int err;
+ bool had_errors = false;
+ const char *filename;
+ int line;
+ char str[256];
+
+ for ( ; ; ) {
+ if (ERR_peek_error() == 0)
+ break;
+
+ had_errors = true;
+ err = ERR_get_error_line(&filename, &line);
+ ERR_error_string_n(err, str, sizeof(str));
+ fprintf(stderr, "crypto: %s: %s:%d\n", str, filename, line);
+ }
+
+ return had_errors;
+}
+
+static inline const BIGNUM *get_modulus(RSA *key)
+{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ return key->n;
+#else
+ const BIGNUM *n;
+
+ RSA_get0_key(key, &n, NULL, NULL);
+ return n;
+#endif
+}
+
+static RSA *gen_sign_key(void)
+{
+ BIGNUM *e;
+ RSA *key;
+ int ret;
+
+ e = BN_new();
+ key = RSA_new();
+
+ if (!e || !key)
+ goto err;
+
+ ret = BN_set_word(e, RSA_3);
+ if (ret != 1)
+ goto err;
+
+ ret = RSA_generate_key_ex(key, 3072, e, NULL);
+ if (ret != 1)
+ goto err;
+
+ BN_free(e);
+
+ return key;
+
+err:
+ RSA_free(key);
+ BN_free(e);
+
+ return NULL;
+}
+
+static void reverse_bytes(void *data, int length)
+{
+ int i = 0;
+ int j = length - 1;
+ uint8_t temp;
+ uint8_t *ptr = data;
+
+ while (i < j) {
+ temp = ptr[i];
+ ptr[i] = ptr[j];
+ ptr[j] = temp;
+ i++;
+ j--;
+ }
+}
+
+enum mrtags {
+ MRECREATE = 0x0045544145524345,
+ MREADD = 0x0000000044444145,
+ MREEXTEND = 0x00444E4554584545,
+};
+
+static bool mrenclave_update(EVP_MD_CTX *ctx, const void *data)
+{
+ if (!EVP_DigestUpdate(ctx, data, 64)) {
+ fprintf(stderr, "digest update failed\n");
+ return false;
+ }
+
+ return true;
+}
+
+static bool mrenclave_commit(EVP_MD_CTX *ctx, uint8_t *mrenclave)
+{
+ unsigned int size;
+
+ if (!EVP_DigestFinal_ex(ctx, (unsigned char *)mrenclave, &size)) {
+ fprintf(stderr, "digest commit failed\n");
+ return false;
+ }
+
+ if (size != 32) {
+ fprintf(stderr, "invalid digest size = %u\n", size);
+ return false;
+ }
+
+ return true;
+}
+
+struct mrecreate {
+ uint64_t tag;
+ uint32_t ssaframesize;
+ uint64_t size;
+ uint8_t reserved[44];
+} __attribute__((__packed__));
+
+
+static bool mrenclave_ecreate(EVP_MD_CTX *ctx, uint64_t blob_size)
+{
+ struct mrecreate mrecreate;
+ uint64_t encl_size;
+
+ for (encl_size = 0x1000; encl_size < blob_size; )
+ encl_size <<= 1;
+
+ memset(&mrecreate, 0, sizeof(mrecreate));
+ mrecreate.tag = MRECREATE;
+ mrecreate.ssaframesize = 1;
+ mrecreate.size = encl_size;
+
+ if (!EVP_DigestInit_ex(ctx, EVP_sha256(), NULL))
+ return false;
+
+ return mrenclave_update(ctx, &mrecreate);
+}
+
+struct mreadd {
+ uint64_t tag;
+ uint64_t offset;
+ uint64_t flags; /* SECINFO flags */
+ uint8_t reserved[40];
+} __attribute__((__packed__));
+
+static bool mrenclave_eadd(EVP_MD_CTX *ctx, uint64_t offset, uint64_t flags)
+{
+ struct mreadd mreadd;
+
+ memset(&mreadd, 0, sizeof(mreadd));
+ mreadd.tag = MREADD;
+ mreadd.offset = offset;
+ mreadd.flags = flags;
+
+ return mrenclave_update(ctx, &mreadd);
+}
+
+struct mreextend {
+ uint64_t tag;
+ uint64_t offset;
+ uint8_t reserved[48];
+} __attribute__((__packed__));
+
+static bool mrenclave_eextend(EVP_MD_CTX *ctx, uint64_t offset,
+ const uint8_t *data)
+{
+ struct mreextend mreextend;
+ int i;
+
+ for (i = 0; i < 0x1000; i += 0x100) {
+ memset(&mreextend, 0, sizeof(mreextend));
+ mreextend.tag = MREEXTEND;
+ mreextend.offset = offset + i;
+
+ if (!mrenclave_update(ctx, &mreextend))
+ return false;
+
+ if (!mrenclave_update(ctx, &data[i + 0x00]))
+ return false;
+
+ if (!mrenclave_update(ctx, &data[i + 0x40]))
+ return false;
+
+ if (!mrenclave_update(ctx, &data[i + 0x80]))
+ return false;
+
+ if (!mrenclave_update(ctx, &data[i + 0xC0]))
+ return false;
+ }
+
+ return true;
+}
+
+static bool mrenclave_segment(EVP_MD_CTX *ctx, struct encl *encl,
+ struct encl_segment *seg)
+{
+ uint64_t end = seg->offset + seg->size;
+ uint64_t offset;
+
+ for (offset = seg->offset; offset < end; offset += PAGE_SIZE) {
+ if (!mrenclave_eadd(ctx, offset, seg->flags))
+ return false;
+
+ if (!mrenclave_eextend(ctx, offset, encl->src + offset))
+ return false;
+ }
+
+ return true;
+}
+
+bool encl_measure(struct encl *encl)
+{
+ uint64_t header1[2] = {0x000000E100000006, 0x0000000000010000};
+ uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060};
+ struct sgx_sigstruct *sigstruct = &encl->sigstruct;
+ struct sgx_sigstruct_payload payload;
+ uint8_t digest[SHA256_DIGEST_LENGTH];
+ unsigned int siglen;
+ RSA *key = NULL;
+ EVP_MD_CTX *ctx;
+ int i;
+
+ memset(sigstruct, 0, sizeof(*sigstruct));
+
+ sigstruct->header.header1[0] = header1[0];
+ sigstruct->header.header1[1] = header1[1];
+ sigstruct->header.header2[0] = header2[0];
+ sigstruct->header.header2[1] = header2[1];
+ sigstruct->exponent = 3;
+ sigstruct->body.attributes = SGX_ATTR_MODE64BIT;
+ sigstruct->body.xfrm = 3;
+
+ /* sanity check */
+ if (check_crypto_errors())
+ goto err;
+
+ key = gen_sign_key();
+ if (!key)
+ goto err;
+
+ BN_bn2bin(get_modulus(key), sigstruct->modulus);
+
+ ctx = EVP_MD_CTX_create();
+ if (!ctx)
+ goto err;
+
+ if (!mrenclave_ecreate(ctx, encl->src_size))
+ goto err;
+
+ for (i = 0; i < encl->nr_segments; i++) {
+ struct encl_segment *seg = &encl->segment_tbl[i];
+
+ if (!mrenclave_segment(ctx, encl, seg))
+ goto err;
+ }
+
+ if (!mrenclave_commit(ctx, sigstruct->body.mrenclave))
+ goto err;
+
+ memcpy(&payload.header, &sigstruct->header, sizeof(sigstruct->header));
+ memcpy(&payload.body, &sigstruct->body, sizeof(sigstruct->body));
+
+ SHA256((unsigned char *)&payload, sizeof(payload), digest);
+
+ if (!RSA_sign(NID_sha256, digest, SHA256_DIGEST_LENGTH,
+ sigstruct->signature, &siglen, key))
+ goto err;
+
+ if (!calc_q1q2(sigstruct->signature, sigstruct->modulus, sigstruct->q1,
+ sigstruct->q2))
+ goto err;
+
+ /* BE -> LE */
+ reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE);
+ reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE);
+ reverse_bytes(sigstruct->q1, SGX_MODULUS_SIZE);
+ reverse_bytes(sigstruct->q2, SGX_MODULUS_SIZE);
+
+ EVP_MD_CTX_destroy(ctx);
+ RSA_free(key);
+ return true;
+
+err:
+ EVP_MD_CTX_destroy(ctx);
+ RSA_free(key);
+ return false;
+}
diff --git a/tools/testing/selftests/sgx/test_encl.c b/tools/testing/selftests/sgx/test_encl.c
new file mode 100644
index 000000000000..ede915399742
--- /dev/null
+++ b/tools/testing/selftests/sgx/test_encl.c
@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
+// Copyright(c) 2016-18 Intel Corporation.
+
+#include <stddef.h>
+#include "defines.h"
+
+static void *memcpy(void *dest, const void *src, size_t n)
+{
+ size_t i;
+
+ for (i = 0; i < n; i++)
+ ((char *)dest)[i] = ((char *)src)[i];
+
+ return dest;
+}
+
+void encl_body(void *rdi, void *rsi)
+{
+ memcpy(rsi, rdi, 8);
+}
diff --git a/tools/testing/selftests/sgx/test_encl.lds b/tools/testing/selftests/sgx/test_encl.lds
new file mode 100644
index 000000000000..0fbbda7e665e
--- /dev/null
+++ b/tools/testing/selftests/sgx/test_encl.lds
@@ -0,0 +1,40 @@
+OUTPUT_FORMAT(elf64-x86-64)
+
+PHDRS
+{
+ tcs PT_LOAD;
+ text PT_LOAD;
+ data PT_LOAD;
+}
+
+SECTIONS
+{
+ . = 0;
+ .tcs : {
+ *(.tcs*)
+ } : tcs
+
+ . = ALIGN(4096);
+ .text : {
+ *(.text*)
+ *(.rodata*)
+ } : text
+
+ . = ALIGN(4096);
+ .data : {
+ *(.data*)
+ } : data
+
+ /DISCARD/ : {
+ *(.comment*)
+ *(.note*)
+ *(.debug*)
+ *(.eh_frame*)
+ }
+}
+
+ASSERT(!DEFINED(.altinstructions), "ALTERNATIVES are not supported in enclaves")
+ASSERT(!DEFINED(.altinstr_replacement), "ALTERNATIVES are not supported in enclaves")
+ASSERT(!DEFINED(.discard.retpoline_safe), "RETPOLINE ALTERNATIVES are not supported in enclaves")
+ASSERT(!DEFINED(.discard.nospec), "RETPOLINE ALTERNATIVES are not supported in enclaves")
+ASSERT(!DEFINED(.got.plt), "Libcalls are not supported in enclaves")
diff --git a/tools/testing/selftests/sgx/test_encl_bootstrap.S b/tools/testing/selftests/sgx/test_encl_bootstrap.S
new file mode 100644
index 000000000000..6836ea86126e
--- /dev/null
+++ b/tools/testing/selftests/sgx/test_encl_bootstrap.S
@@ -0,0 +1,89 @@
+/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */
+/*
+ * Copyright(c) 2016-18 Intel Corporation.
+ */
+
+ .macro ENCLU
+ .byte 0x0f, 0x01, 0xd7
+ .endm
+
+ .section ".tcs", "aw"
+ .balign 4096
+
+ .fill 1, 8, 0 # STATE (set by CPU)
+ .fill 1, 8, 0 # FLAGS
+ .quad encl_ssa # OSSA
+ .fill 1, 4, 0 # CSSA (set by CPU)
+ .fill 1, 4, 1 # NSSA
+ .quad encl_entry # OENTRY
+ .fill 1, 8, 0 # AEP (set by EENTER and ERESUME)
+ .fill 1, 8, 0 # OFSBASE
+ .fill 1, 8, 0 # OGSBASE
+ .fill 1, 4, 0xFFFFFFFF # FSLIMIT
+ .fill 1, 4, 0xFFFFFFFF # GSLIMIT
+ .fill 4024, 1, 0 # Reserved
+
+ # Identical to the previous TCS.
+ .fill 1, 8, 0 # STATE (set by CPU)
+ .fill 1, 8, 0 # FLAGS
+ .quad encl_ssa # OSSA
+ .fill 1, 4, 0 # CSSA (set by CPU)
+ .fill 1, 4, 1 # NSSA
+ .quad encl_entry # OENTRY
+ .fill 1, 8, 0 # AEP (set by EENTER and ERESUME)
+ .fill 1, 8, 0 # OFSBASE
+ .fill 1, 8, 0 # OGSBASE
+ .fill 1, 4, 0xFFFFFFFF # FSLIMIT
+ .fill 1, 4, 0xFFFFFFFF # GSLIMIT
+ .fill 4024, 1, 0 # Reserved
+
+ .text
+
+encl_entry:
+ # RBX contains the base address for TCS, which is also the first address
+ # inside the enclave. By adding the value of le_stack_end to it, we get
+ # the absolute address for the stack.
+ lea (encl_stack)(%rbx), %rax
+ xchg %rsp, %rax
+ push %rax
+
+ push %rcx # push the address after EENTER
+ push %rbx # push the enclave base address
+
+ call encl_body
+
+ pop %rbx # pop the enclave base address
+
+ /* Clear volatile GPRs, except RAX (EEXIT leaf). */
+ xor %rcx, %rcx
+ xor %rdx, %rdx
+ xor %rdi, %rdi
+ xor %rsi, %rsi
+ xor %r8, %r8
+ xor %r9, %r9
+ xor %r10, %r10
+ xor %r11, %r11
+
+ # Reset status flags.
+ add %rdx, %rdx # OF = SF = AF = CF = 0; ZF = PF = 1
+
+ # Prepare EEXIT target by popping the address of the instruction after
+ # EENTER to RBX.
+ pop %rbx
+
+ # Restore the caller stack.
+ pop %rax
+ mov %rax, %rsp
+
+ # EEXIT
+ mov $4, %rax
+ enclu
+
+ .section ".data", "aw"
+
+encl_ssa:
+ .space 4096
+
+ .balign 4096
+ .space 8192
+encl_stack:
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v36 22/24] selftests/x86: Add a selftest for SGX
2020-07-16 13:53 ` [PATCH v36 22/24] selftests/x86: Add a selftest for SGX Jarkko Sakkinen
@ 2020-08-27 4:47 ` Nathaniel McCallum
2020-08-27 15:20 ` Sean Christopherson
0 siblings, 1 reply; 4+ messages in thread
From: Nathaniel McCallum @ 2020-08-27 4:47 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: X86 ML, linux-sgx, LKML, linux-kselftest, Andrew Morton,
Andy Shevchenko, asapek, Borislav Petkov, Xing, Cedric,
chenalexchen, Conrad Parker, cyhanish, Dave Hansen, Huang,
Haitao, Josh Triplett, Huang, Kai, Svahn, Kai, Keith Moyer,
Christian Ludloff, Andy Lutomirski, Neil Horman,
Patrick Uiterwijk, David Rientjes, Christopherson, Sean J,
Thomas Gleixner, yaozhangx
On Thu, Jul 16, 2020 at 9:58 AM Jarkko Sakkinen
<jarkko.sakkinen@linux.intel.com> wrote:
>
> Add a selftest for SGX. It is a trivial test where a simple enclave
> copies one 64-bit word of memory between two memory locations.
>
> Cc: linux-kselftest@vger.kernel.org
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> ---
> tools/testing/selftests/Makefile | 1 +
> tools/testing/selftests/sgx/.gitignore | 2 +
> tools/testing/selftests/sgx/Makefile | 53 +++
> tools/testing/selftests/sgx/call.S | 54 +++
> tools/testing/selftests/sgx/defines.h | 21 +
> tools/testing/selftests/sgx/load.c | 282 +++++++++++++
> tools/testing/selftests/sgx/main.c | 199 +++++++++
> tools/testing/selftests/sgx/main.h | 38 ++
> tools/testing/selftests/sgx/sigstruct.c | 395 ++++++++++++++++++
> tools/testing/selftests/sgx/test_encl.c | 20 +
> tools/testing/selftests/sgx/test_encl.lds | 40 ++
> .../selftests/sgx/test_encl_bootstrap.S | 89 ++++
> 12 files changed, 1194 insertions(+)
> create mode 100644 tools/testing/selftests/sgx/.gitignore
> create mode 100644 tools/testing/selftests/sgx/Makefile
> create mode 100644 tools/testing/selftests/sgx/call.S
> create mode 100644 tools/testing/selftests/sgx/defines.h
> create mode 100644 tools/testing/selftests/sgx/load.c
> create mode 100644 tools/testing/selftests/sgx/main.c
> create mode 100644 tools/testing/selftests/sgx/main.h
> create mode 100644 tools/testing/selftests/sgx/sigstruct.c
> create mode 100644 tools/testing/selftests/sgx/test_encl.c
> create mode 100644 tools/testing/selftests/sgx/test_encl.lds
> create mode 100644 tools/testing/selftests/sgx/test_encl_bootstrap.S
>
> diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile
> index 1195bd85af38..ec7be6d5a10d 100644
> --- a/tools/testing/selftests/Makefile
> +++ b/tools/testing/selftests/Makefile
> @@ -64,6 +64,7 @@ TARGETS += user
> TARGETS += vm
> TARGETS += x86
> TARGETS += zram
> +TARGETS += sgx
> #Please keep the TARGETS list alphabetically sorted
> # Run "make quicktest=1 run_tests" or
> # "make quicktest=1 kselftest" from top level Makefile
> diff --git a/tools/testing/selftests/sgx/.gitignore b/tools/testing/selftests/sgx/.gitignore
> new file mode 100644
> index 000000000000..fbaf0bda9a92
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/.gitignore
> @@ -0,0 +1,2 @@
> +test_sgx
> +test_encl.elf
> diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile
> new file mode 100644
> index 000000000000..95e5c4df8014
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/Makefile
> @@ -0,0 +1,53 @@
> +top_srcdir = ../../../..
> +
> +include ../lib.mk
> +
> +.PHONY: all clean
> +
> +CAN_BUILD_X86_64 := $(shell ../x86/check_cc.sh $(CC) \
> + ../x86/trivial_64bit_program.c)
> +
> +ifndef OBJCOPY
> +OBJCOPY := $(CROSS_COMPILE)objcopy
> +endif
> +
> +INCLUDES := -I$(top_srcdir)/tools/include
> +HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack
> +ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \
> + -fno-stack-protector -mrdrnd $(INCLUDES)
> +
> +TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx $(OUTPUT)/test_encl.elf
> +
> +ifeq ($(CAN_BUILD_X86_64), 1)
> +all: $(TEST_CUSTOM_PROGS)
> +endif
> +
> +$(OUTPUT)/test_sgx: $(OUTPUT)/main.o \
> + $(OUTPUT)/load.o \
> + $(OUTPUT)/sigstruct.o \
> + $(OUTPUT)/call.o
> + $(CC) $(HOST_CFLAGS) -o $@ $^ -lcrypto
> +
> +$(OUTPUT)/main.o: main.c
> + $(CC) $(HOST_CFLAGS) -c $< -o $@
> +
> +$(OUTPUT)/load.o: load.c
> + $(CC) $(HOST_CFLAGS) -c $< -o $@
> +
> +$(OUTPUT)/sigstruct.o: sigstruct.c
> + $(CC) $(HOST_CFLAGS) -c $< -o $@
> +
> +$(OUTPUT)/call.o: call.S
> + $(CC) $(HOST_CFLAGS) -c $< -o $@
> +
> +$(OUTPUT)/test_encl.elf: test_encl.lds test_encl.c test_encl_bootstrap.S
> + $(CC) $(ENCL_CFLAGS) -T $^ -o $@
> +
> +EXTRA_CLEAN := \
> + $(OUTPUT)/test_encl.elf \
> + $(OUTPUT)/load.o \
> + $(OUTPUT)/call.o \
> + $(OUTPUT)/main.o \
> + $(OUTPUT)/sigstruct.o \
> + $(OUTPUT)/test_sgx \
> + $(OUTPUT)/test_sgx.o \
> diff --git a/tools/testing/selftests/sgx/call.S b/tools/testing/selftests/sgx/call.S
> new file mode 100644
> index 000000000000..77131e83db42
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/call.S
> @@ -0,0 +1,54 @@
> +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */
> +/**
> +* Copyright(c) 2016-18 Intel Corporation.
> +*/
> +
> + .text
> +
> + .macro ENCLU
> + .byte 0x0f, 0x01, 0xd7
> + .endm
> +
> + .text
> +
> + .global sgx_call_vdso
> +sgx_call_vdso:
> + .cfi_startproc
> + push %r15
> + .cfi_adjust_cfa_offset 8
> + .cfi_rel_offset %r15, 0
> + push %r14
> + .cfi_adjust_cfa_offset 8
> + .cfi_rel_offset %r14, 0
> + push %r13
> + .cfi_adjust_cfa_offset 8
> + .cfi_rel_offset %r13, 0
> + push %r12
> + .cfi_adjust_cfa_offset 8
> + .cfi_rel_offset %r12, 0
> + push %rbx
> + .cfi_adjust_cfa_offset 8
> + .cfi_rel_offset %rbx, 0
> + push $0
> + .cfi_adjust_cfa_offset 8
> + push 0x48(%rsp)
> + .cfi_adjust_cfa_offset 8
> + push 0x48(%rsp)
> + .cfi_adjust_cfa_offset 8
> + push 0x48(%rsp)
> + .cfi_adjust_cfa_offset 8
> + call *eenter(%rip)
> + add $0x20, %rsp
> + .cfi_adjust_cfa_offset -0x20
> + pop %rbx
> + .cfi_adjust_cfa_offset -8
> + pop %r12
> + .cfi_adjust_cfa_offset -8
> + pop %r13
> + .cfi_adjust_cfa_offset -8
> + pop %r14
> + .cfi_adjust_cfa_offset -8
> + pop %r15
> + .cfi_adjust_cfa_offset -8
> + ret
> + .cfi_endproc
> diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h
> new file mode 100644
> index 000000000000..be8969922804
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/defines.h
> @@ -0,0 +1,21 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Copyright(c) 2016-19 Intel Corporation.
> + */
> +
> +#ifndef DEFINES_H
> +#define DEFINES_H
> +
> +#include <stdint.h>
> +
> +#define PAGE_SIZE 4096
> +#define PAGE_MASK (~(PAGE_SIZE - 1))
> +
> +#define __aligned(x) __attribute__((__aligned__(x)))
> +#define __packed __attribute__((packed))
> +
> +#include "../../../../arch/x86/kernel/cpu/sgx/arch.h"
> +#include "../../../../arch/x86/include/asm/enclu.h"
> +#include "../../../../arch/x86/include/uapi/asm/sgx.h"
> +
> +#endif /* DEFINES_H */
> diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c
> new file mode 100644
> index 000000000000..91407036541c
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/load.c
> @@ -0,0 +1,282 @@
> +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
> +// Copyright(c) 2016-18 Intel Corporation.
> +
> +#include <assert.h>
> +#include <elf.h>
> +#include <errno.h>
> +#include <fcntl.h>
> +#include <stdbool.h>
> +#include <stdio.h>
> +#include <stdint.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <unistd.h>
> +#include <sys/ioctl.h>
> +#include <sys/mman.h>
> +#include <sys/stat.h>
> +#include <sys/time.h>
> +#include <sys/types.h>
> +#include "defines.h"
> +#include "main.h"
> +
> +void encl_delete(struct encl *encl)
> +{
> + if (encl->encl_base)
> + munmap((void *)encl->encl_base, encl->encl_size);
> +
> + if (encl->bin)
> + munmap(encl->bin, encl->bin_size);
> +
> + if (encl->fd)
> + close(encl->fd);
> +
> + if (encl->segment_tbl)
> + free(encl->segment_tbl);
> +
> + memset(encl, 0, sizeof(*encl));
> +}
> +
> +static bool encl_map_bin(const char *path, struct encl *encl)
> +{
> + struct stat sb;
> + void *bin;
> + int ret;
> + int fd;
> +
> + fd = open(path, O_RDONLY);
> + if (fd == -1) {
> + perror("open()");
> + return false;
> + }
> +
> + ret = stat(path, &sb);
> + if (ret) {
> + perror("stat()");
> + goto err;
> + }
> +
> + bin = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
> + if (bin == MAP_FAILED) {
> + perror("mmap()");
> + goto err;
> + }
> +
> + encl->bin = bin;
> + encl->bin_size = sb.st_size;
> +
> + close(fd);
> + return true;
> +
> +err:
> + close(fd);
> + return false;
> +}
> +
> +static bool encl_ioc_create(struct encl *encl)
> +{
> + struct sgx_secs *secs = &encl->secs;
> + struct sgx_enclave_create ioc;
> + int rc;
> +
> + assert(encl->encl_base != 0);
> +
> + memset(secs, 0, sizeof(*secs));
> + secs->ssa_frame_size = 1;
> + secs->attributes = SGX_ATTR_MODE64BIT;
> + secs->xfrm = 3;
> + secs->base = encl->encl_base;
> + secs->size = encl->encl_size;
> +
> + ioc.src = (unsigned long)secs;
> + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_CREATE, &ioc);
> + if (rc) {
> + fprintf(stderr, "SGX_IOC_ENCLAVE_CREATE failed: errno=%d\n",
> + errno);
> + munmap((void *)secs->base, encl->encl_size);
> + return false;
> + }
> +
> + return true;
> +}
> +
> +static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg)
> +{
> + struct sgx_enclave_add_pages ioc;
> + struct sgx_secinfo secinfo;
> + int rc;
> +
> + memset(&secinfo, 0, sizeof(secinfo));
> + secinfo.flags = seg->flags;
> +
> + ioc.src = (uint64_t)encl->src + seg->offset;
> + ioc.offset = seg->offset;
> + ioc.length = seg->size;
> + ioc.secinfo = (unsigned long)&secinfo;
> + ioc.flags = SGX_PAGE_MEASURE;
> +
> + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc);
> + if (rc) {
> + fprintf(stderr, "SGX_IOC_ENCLAVE_ADD_PAGES failed: errno=%d.\n",
> + errno);
> + return false;
> + }
> +
> + if (ioc.count != ioc.length) {
> + fprintf(stderr, "A segment not fully processed.\n");
> + return false;
> + }
> +
> + return true;
> +}
> +
> +bool encl_load(const char *path, struct encl *encl)
> +{
> + Elf64_Phdr *phdr_tbl;
> + off_t src_offset;
> + Elf64_Ehdr *ehdr;
> + int i, j;
> + int ret;
> +
> + memset(encl, 0, sizeof(*encl));
> +
> + ret = open("/dev/sgx/enclave", O_RDWR);
> + if (ret < 0) {
> + fprintf(stderr, "Unable to open /dev/sgx\n");
> + goto err;
> + }
> +
> + encl->fd = ret;
> +
> + if (!encl_map_bin(path, encl))
> + goto err;
> +
> + ehdr = encl->bin;
> + phdr_tbl = encl->bin + ehdr->e_phoff;
> +
> + for (i = 0; i < ehdr->e_phnum; i++) {
> + Elf64_Phdr *phdr = &phdr_tbl[i];
> +
> + if (phdr->p_type == PT_LOAD)
> + encl->nr_segments++;
> + }
> +
> + encl->segment_tbl = calloc(encl->nr_segments,
> + sizeof(struct encl_segment));
> + if (!encl->segment_tbl)
> + goto err;
> +
> + for (i = 0, j = 0; i < ehdr->e_phnum; i++) {
> + Elf64_Phdr *phdr = &phdr_tbl[i];
> + unsigned int flags = phdr->p_flags;
> + struct encl_segment *seg;
> +
> + if (phdr->p_type != PT_LOAD)
> + continue;
> +
> + seg = &encl->segment_tbl[j];
> +
> + if (!!(flags & ~(PF_R | PF_W | PF_X))) {
> + fprintf(stderr,
> + "%d has invalid segment flags 0x%02x.\n", i,
> + phdr->p_flags);
> + goto err;
> + }
> +
> + if (j == 0 && flags != (PF_R | PF_W)) {
> + fprintf(stderr,
> + "TCS has invalid segment flags 0x%02x.\n",
> + phdr->p_flags);
> + goto err;
> + }
> +
> + if (j == 0) {
> + src_offset = (phdr->p_offset & PAGE_MASK) - src_offset;
> +
> + seg->prot = PROT_READ | PROT_WRITE;
> + seg->flags = SGX_PAGE_TYPE_TCS << 8;
> + } else {
> + seg->prot = (phdr->p_flags & PF_R) ? PROT_READ : 0;
> + seg->prot |= (phdr->p_flags & PF_W) ? PROT_WRITE : 0;
> + seg->prot |= (phdr->p_flags & PF_X) ? PROT_EXEC : 0;
> + seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot;
> + }
> +
> + seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset;
> + seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK;
> +
> + printf("0x%016lx 0x%016lx 0x%02x\n", seg->offset, seg->size,
> + seg->prot);
> +
> + j++;
> + }
> +
> + assert(j == encl->nr_segments);
> +
> + encl->src = encl->bin + src_offset;
> + encl->src_size = encl->segment_tbl[j - 1].offset +
> + encl->segment_tbl[j - 1].size;
> +
> + for (encl->encl_size = 4096; encl->encl_size < encl->src_size; )
> + encl->encl_size <<= 1;
> +
> + return true;
> +
> +err:
> + encl_delete(encl);
> + return false;
> +}
> +
> +static bool encl_map_area(struct encl *encl)
> +{
> + size_t encl_size = encl->encl_size;
> + void *area;
> +
> + area = mmap(NULL, encl_size * 2, PROT_NONE,
> + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
> + if (area == MAP_FAILED) {
> + perror("mmap");
> + return false;
> + }
> +
> + encl->encl_base = ((uint64_t)area + encl_size - 1) & ~(encl_size - 1);
> +
> + munmap(area, encl->encl_base - (uint64_t)area);
> + munmap((void *)(encl->encl_base + encl_size),
> + (uint64_t)area + encl_size - encl->encl_base);
> +
> + return true;
> +}
> +
> +bool encl_build(struct encl *encl)
> +{
> + struct sgx_enclave_init ioc;
> + int ret;
> + int i;
> +
> + if (!encl_map_area(encl))
> + return false;
> +
> + if (!encl_ioc_create(encl))
> + return false;
> +
> + /*
> + * Pages must be added before mapping VMAs because their permissions
> + * cap the VMA permissions.
> + */
> + for (i = 0; i < encl->nr_segments; i++) {
> + struct encl_segment *seg = &encl->segment_tbl[i];
> +
> + if (!encl_ioc_add_pages(encl, seg))
> + return false;
> + }
> +
> + ioc.sigstruct = (uint64_t)&encl->sigstruct;
> + ret = ioctl(encl->fd, SGX_IOC_ENCLAVE_INIT, &ioc);
> + if (ret) {
> + fprintf(stderr, "SGX_IOC_ENCLAVE_INIT failed: errno=%d\n",
> + errno);
> + return false;
> + }
> +
> + return true;
> +}
> diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c
> new file mode 100644
> index 000000000000..8d95569e7a66
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/main.c
> @@ -0,0 +1,199 @@
> +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
> +// Copyright(c) 2016-18 Intel Corporation.
> +
> +#include <elf.h>
> +#include <errno.h>
> +#include <fcntl.h>
> +#include <stdbool.h>
> +#include <stdio.h>
> +#include <stdint.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <unistd.h>
> +#include <sys/ioctl.h>
> +#include <sys/mman.h>
> +#include <sys/stat.h>
> +#include <sys/time.h>
> +#include <sys/types.h>
> +#include "defines.h"
> +#include "main.h"
> +
> +static const uint64_t MAGIC = 0x1122334455667788ULL;
> +vdso_sgx_enter_enclave_t eenter;
> +
> +struct vdso_symtab {
> + Elf64_Sym *elf_symtab;
> + const char *elf_symstrtab;
> + Elf64_Word *elf_hashtab;
> +};
> +
> +static void *vdso_get_base_addr(char *envp[])
> +{
> + Elf64_auxv_t *auxv;
> + int i;
> +
> + for (i = 0; envp[i]; i++)
> + ;
> +
> + auxv = (Elf64_auxv_t *)&envp[i + 1];
> +
> + for (i = 0; auxv[i].a_type != AT_NULL; i++) {
> + if (auxv[i].a_type == AT_SYSINFO_EHDR)
> + return (void *)auxv[i].a_un.a_val;
> + }
> +
> + return NULL;
> +}
> +
> +static Elf64_Dyn *vdso_get_dyntab(void *addr)
> +{
> + Elf64_Ehdr *ehdr = addr;
> + Elf64_Phdr *phdrtab = addr + ehdr->e_phoff;
> + int i;
> +
> + for (i = 0; i < ehdr->e_phnum; i++)
> + if (phdrtab[i].p_type == PT_DYNAMIC)
> + return addr + phdrtab[i].p_offset;
> +
> + return NULL;
> +}
> +
> +static void *vdso_get_dyn(void *addr, Elf64_Dyn *dyntab, Elf64_Sxword tag)
> +{
> + int i;
> +
> + for (i = 0; dyntab[i].d_tag != DT_NULL; i++)
> + if (dyntab[i].d_tag == tag)
> + return addr + dyntab[i].d_un.d_ptr;
> +
> + return NULL;
> +}
> +
> +static bool vdso_get_symtab(void *addr, struct vdso_symtab *symtab)
> +{
> + Elf64_Dyn *dyntab = vdso_get_dyntab(addr);
> +
> + symtab->elf_symtab = vdso_get_dyn(addr, dyntab, DT_SYMTAB);
> + if (!symtab->elf_symtab)
> + return false;
> +
> + symtab->elf_symstrtab = vdso_get_dyn(addr, dyntab, DT_STRTAB);
> + if (!symtab->elf_symstrtab)
> + return false;
> +
> + symtab->elf_hashtab = vdso_get_dyn(addr, dyntab, DT_HASH);
> + if (!symtab->elf_hashtab)
> + return false;
> +
> + return true;
> +}
> +
> +static unsigned long elf_sym_hash(const char *name)
> +{
> + unsigned long h = 0, high;
> +
> + while (*name) {
> + h = (h << 4) + *name++;
> + high = h & 0xf0000000;
> +
> + if (high)
> + h ^= high >> 24;
> +
> + h &= ~high;
> + }
> +
> + return h;
> +}
> +
> +static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name)
> +{
> + Elf64_Word bucketnum = symtab->elf_hashtab[0];
> + Elf64_Word *buckettab = &symtab->elf_hashtab[2];
> + Elf64_Word *chaintab = &symtab->elf_hashtab[2 + bucketnum];
> + Elf64_Sym *sym;
> + Elf64_Word i;
> +
> + for (i = buckettab[elf_sym_hash(name) % bucketnum]; i != STN_UNDEF;
> + i = chaintab[i]) {
> + sym = &symtab->elf_symtab[i];
> + if (!strcmp(name, &symtab->elf_symstrtab[sym->st_name]))
> + return sym;
> + }
> +
> + return NULL;
> +}
> +
> +int main(int argc, char *argv[], char *envp[])
> +{
> + struct sgx_enclave_exception exception;
> + struct vdso_symtab symtab;
> + Elf64_Sym *eenter_sym;
> + uint64_t result = 0;
> + struct encl encl;
> + unsigned int i;
> + void *addr;
> +
> + if (!encl_load("test_encl.elf", &encl))
> + goto err;
> +
> + if (!encl_measure(&encl))
> + goto err;
> +
> + if (!encl_build(&encl))
> + goto err;
> +
> + /*
> + * An enclave consumer only must do this.
> + */
> + for (i = 0; i < encl.nr_segments; i++) {
> + struct encl_segment *seg = &encl.segment_tbl[i];
> +
> + addr = mmap((void *)encl.encl_base + seg->offset, seg->size,
> + seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0);
My patch version is a bit behind (v32), but I suspect this still
applies. I discovered the following by accident.
In the Enarx code base, this invocation succeeds:
mmap(0x200000000000, 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED |
MAP_FIXED, sgxfd, 0)
However, this one fails with -EINVAL:
mmap(0x200000000000, 0x1000, PROT_READ | PROT_WRITE,
MAP_SHARED_VALIDATE | MAP_FIXED, sgxfd, 0)
From man mmap:
MAP_SHARED_VALIDATE (since Linux 4.15)
This flag provides the same behavior as MAP_SHARED
except that MAP_SHARED mappings ignore unknown
flags in flags. By contrast, when creating a mapping
using MAP_SHARED_VALIDATE, the kernel veri‐
fies all passed flags are known and fails the
mapping with the error EOPNOTSUPP for unknown
flags. This mapping type is also required to be able to
use some mapping flags (e.g., MAP_SYNC).
I can try again on a newer patch set tomorrow if need be. But the
documentation of mmap() doesn't match the behavior I'm seeing. A brief
look through the patch set didn't turn up anything obvious that could
be causing this.
> + if (addr == MAP_FAILED) {
> + fprintf(stderr, "mmap() failed, errno=%d.\n", errno);
> + exit(1);
> + }
> + }
> +
> + memset(&exception, 0, sizeof(exception));
> +
> + addr = vdso_get_base_addr(envp);
> + if (!addr)
> + goto err;
> +
> + if (!vdso_get_symtab(addr, &symtab))
> + goto err;
> +
> + eenter_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave");
> + if (!eenter_sym)
> + goto err;
> +
> + eenter = addr + eenter_sym->st_value;
> +
> + sgx_call_vdso((void *)&MAGIC, &result, 0, EENTER, NULL, NULL,
> + (void *)encl.encl_base, &exception, NULL);
> + if (result != MAGIC) {
> + printf("FAIL: sgx_call_vdso(), expected: 0x%lx, got: 0x%lx\n",
> + MAGIC, result);
> + goto err;
> + }
> +
> + /* Invoke the vDSO directly. */
> + result = 0;
> + eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, 0, 0,
> + (void *)encl.encl_base, &exception, NULL);
> + if (result != MAGIC) {
> + printf("FAIL: eenter(), expected: 0x%lx, got: 0x%lx\n",
> + MAGIC, result);
> + goto err;
> + }
> +
> + printf("SUCCESS\n");
> + encl_delete(&encl);
> + exit(0);
> +
> +err:
> + encl_delete(&encl);
> + exit(1);
> +}
> diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h
> new file mode 100644
> index 000000000000..999422cc7343
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/main.h
> @@ -0,0 +1,38 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Copyright(c) 2016-19 Intel Corporation.
> + */
> +
> +#ifndef MAIN_H
> +#define MAIN_H
> +
> +struct encl_segment {
> + off_t offset;
> + size_t size;
> + unsigned int prot;
> + unsigned int flags;
> +};
> +
> +struct encl {
> + int fd;
> + void *bin;
> + off_t bin_size;
> + void *src;
> + size_t src_size;
> + size_t encl_size;
> + off_t encl_base;
> + unsigned int nr_segments;
> + struct encl_segment *segment_tbl;
> + struct sgx_secs secs;
> + struct sgx_sigstruct sigstruct;
> +};
> +
> +void encl_delete(struct encl *ctx);
> +bool encl_load(const char *path, struct encl *encl);
> +bool encl_measure(struct encl *encl);
> +bool encl_build(struct encl *encl);
> +
> +int sgx_call_vdso(void *rdi, void *rsi, long rdx, u32 leaf, void *r8, void *r9,
> + void *tcs, struct sgx_enclave_exception *ei, void *cb);
> +
> +#endif /* MAIN_H */
> diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c
> new file mode 100644
> index 000000000000..ceddad478672
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/sigstruct.c
> @@ -0,0 +1,395 @@
> +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
> +// Copyright(c) 2016-18 Intel Corporation.
> +
> +#define _GNU_SOURCE
> +#include <assert.h>
> +#include <getopt.h>
> +#include <stdbool.h>
> +#include <stdint.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <sys/stat.h>
> +#include <sys/types.h>
> +#include <unistd.h>
> +#include <openssl/err.h>
> +#include <openssl/pem.h>
> +#include "defines.h"
> +#include "main.h"
> +
> +struct q1q2_ctx {
> + BN_CTX *bn_ctx;
> + BIGNUM *m;
> + BIGNUM *s;
> + BIGNUM *q1;
> + BIGNUM *qr;
> + BIGNUM *q2;
> +};
> +
> +static void free_q1q2_ctx(struct q1q2_ctx *ctx)
> +{
> + BN_CTX_free(ctx->bn_ctx);
> + BN_free(ctx->m);
> + BN_free(ctx->s);
> + BN_free(ctx->q1);
> + BN_free(ctx->qr);
> + BN_free(ctx->q2);
> +}
> +
> +static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m,
> + struct q1q2_ctx *ctx)
> +{
> + ctx->bn_ctx = BN_CTX_new();
> + ctx->s = BN_bin2bn(s, SGX_MODULUS_SIZE, NULL);
> + ctx->m = BN_bin2bn(m, SGX_MODULUS_SIZE, NULL);
> + ctx->q1 = BN_new();
> + ctx->qr = BN_new();
> + ctx->q2 = BN_new();
> +
> + if (!ctx->bn_ctx || !ctx->s || !ctx->m || !ctx->q1 || !ctx->qr ||
> + !ctx->q2) {
> + free_q1q2_ctx(ctx);
> + return false;
> + }
> +
> + return true;
> +}
> +
> +static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1,
> + uint8_t *q2)
> +{
> + struct q1q2_ctx ctx;
> +
> + if (!alloc_q1q2_ctx(s, m, &ctx)) {
> + fprintf(stderr, "Not enough memory for Q1Q2 calculation\n");
> + return false;
> + }
> +
> + if (!BN_mul(ctx.q1, ctx.s, ctx.s, ctx.bn_ctx))
> + goto out;
> +
> + if (!BN_div(ctx.q1, ctx.qr, ctx.q1, ctx.m, ctx.bn_ctx))
> + goto out;
> +
> + if (BN_num_bytes(ctx.q1) > SGX_MODULUS_SIZE) {
> + fprintf(stderr, "Too large Q1 %d bytes\n",
> + BN_num_bytes(ctx.q1));
> + goto out;
> + }
> +
> + if (!BN_mul(ctx.q2, ctx.s, ctx.qr, ctx.bn_ctx))
> + goto out;
> +
> + if (!BN_div(ctx.q2, NULL, ctx.q2, ctx.m, ctx.bn_ctx))
> + goto out;
> +
> + if (BN_num_bytes(ctx.q2) > SGX_MODULUS_SIZE) {
> + fprintf(stderr, "Too large Q2 %d bytes\n",
> + BN_num_bytes(ctx.q2));
> + goto out;
> + }
> +
> + BN_bn2bin(ctx.q1, q1);
> + BN_bn2bin(ctx.q2, q2);
> +
> + free_q1q2_ctx(&ctx);
> + return true;
> +out:
> + free_q1q2_ctx(&ctx);
> + return false;
> +}
> +
> +struct sgx_sigstruct_payload {
> + struct sgx_sigstruct_header header;
> + struct sgx_sigstruct_body body;
> +};
> +
> +static bool check_crypto_errors(void)
> +{
> + int err;
> + bool had_errors = false;
> + const char *filename;
> + int line;
> + char str[256];
> +
> + for ( ; ; ) {
> + if (ERR_peek_error() == 0)
> + break;
> +
> + had_errors = true;
> + err = ERR_get_error_line(&filename, &line);
> + ERR_error_string_n(err, str, sizeof(str));
> + fprintf(stderr, "crypto: %s: %s:%d\n", str, filename, line);
> + }
> +
> + return had_errors;
> +}
> +
> +static inline const BIGNUM *get_modulus(RSA *key)
> +{
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> + return key->n;
> +#else
> + const BIGNUM *n;
> +
> + RSA_get0_key(key, &n, NULL, NULL);
> + return n;
> +#endif
> +}
> +
> +static RSA *gen_sign_key(void)
> +{
> + BIGNUM *e;
> + RSA *key;
> + int ret;
> +
> + e = BN_new();
> + key = RSA_new();
> +
> + if (!e || !key)
> + goto err;
> +
> + ret = BN_set_word(e, RSA_3);
> + if (ret != 1)
> + goto err;
> +
> + ret = RSA_generate_key_ex(key, 3072, e, NULL);
> + if (ret != 1)
> + goto err;
> +
> + BN_free(e);
> +
> + return key;
> +
> +err:
> + RSA_free(key);
> + BN_free(e);
> +
> + return NULL;
> +}
> +
> +static void reverse_bytes(void *data, int length)
> +{
> + int i = 0;
> + int j = length - 1;
> + uint8_t temp;
> + uint8_t *ptr = data;
> +
> + while (i < j) {
> + temp = ptr[i];
> + ptr[i] = ptr[j];
> + ptr[j] = temp;
> + i++;
> + j--;
> + }
> +}
> +
> +enum mrtags {
> + MRECREATE = 0x0045544145524345,
> + MREADD = 0x0000000044444145,
> + MREEXTEND = 0x00444E4554584545,
> +};
> +
> +static bool mrenclave_update(EVP_MD_CTX *ctx, const void *data)
> +{
> + if (!EVP_DigestUpdate(ctx, data, 64)) {
> + fprintf(stderr, "digest update failed\n");
> + return false;
> + }
> +
> + return true;
> +}
> +
> +static bool mrenclave_commit(EVP_MD_CTX *ctx, uint8_t *mrenclave)
> +{
> + unsigned int size;
> +
> + if (!EVP_DigestFinal_ex(ctx, (unsigned char *)mrenclave, &size)) {
> + fprintf(stderr, "digest commit failed\n");
> + return false;
> + }
> +
> + if (size != 32) {
> + fprintf(stderr, "invalid digest size = %u\n", size);
> + return false;
> + }
> +
> + return true;
> +}
> +
> +struct mrecreate {
> + uint64_t tag;
> + uint32_t ssaframesize;
> + uint64_t size;
> + uint8_t reserved[44];
> +} __attribute__((__packed__));
> +
> +
> +static bool mrenclave_ecreate(EVP_MD_CTX *ctx, uint64_t blob_size)
> +{
> + struct mrecreate mrecreate;
> + uint64_t encl_size;
> +
> + for (encl_size = 0x1000; encl_size < blob_size; )
> + encl_size <<= 1;
> +
> + memset(&mrecreate, 0, sizeof(mrecreate));
> + mrecreate.tag = MRECREATE;
> + mrecreate.ssaframesize = 1;
> + mrecreate.size = encl_size;
> +
> + if (!EVP_DigestInit_ex(ctx, EVP_sha256(), NULL))
> + return false;
> +
> + return mrenclave_update(ctx, &mrecreate);
> +}
> +
> +struct mreadd {
> + uint64_t tag;
> + uint64_t offset;
> + uint64_t flags; /* SECINFO flags */
> + uint8_t reserved[40];
> +} __attribute__((__packed__));
> +
> +static bool mrenclave_eadd(EVP_MD_CTX *ctx, uint64_t offset, uint64_t flags)
> +{
> + struct mreadd mreadd;
> +
> + memset(&mreadd, 0, sizeof(mreadd));
> + mreadd.tag = MREADD;
> + mreadd.offset = offset;
> + mreadd.flags = flags;
> +
> + return mrenclave_update(ctx, &mreadd);
> +}
> +
> +struct mreextend {
> + uint64_t tag;
> + uint64_t offset;
> + uint8_t reserved[48];
> +} __attribute__((__packed__));
> +
> +static bool mrenclave_eextend(EVP_MD_CTX *ctx, uint64_t offset,
> + const uint8_t *data)
> +{
> + struct mreextend mreextend;
> + int i;
> +
> + for (i = 0; i < 0x1000; i += 0x100) {
> + memset(&mreextend, 0, sizeof(mreextend));
> + mreextend.tag = MREEXTEND;
> + mreextend.offset = offset + i;
> +
> + if (!mrenclave_update(ctx, &mreextend))
> + return false;
> +
> + if (!mrenclave_update(ctx, &data[i + 0x00]))
> + return false;
> +
> + if (!mrenclave_update(ctx, &data[i + 0x40]))
> + return false;
> +
> + if (!mrenclave_update(ctx, &data[i + 0x80]))
> + return false;
> +
> + if (!mrenclave_update(ctx, &data[i + 0xC0]))
> + return false;
> + }
> +
> + return true;
> +}
> +
> +static bool mrenclave_segment(EVP_MD_CTX *ctx, struct encl *encl,
> + struct encl_segment *seg)
> +{
> + uint64_t end = seg->offset + seg->size;
> + uint64_t offset;
> +
> + for (offset = seg->offset; offset < end; offset += PAGE_SIZE) {
> + if (!mrenclave_eadd(ctx, offset, seg->flags))
> + return false;
> +
> + if (!mrenclave_eextend(ctx, offset, encl->src + offset))
> + return false;
> + }
> +
> + return true;
> +}
> +
> +bool encl_measure(struct encl *encl)
> +{
> + uint64_t header1[2] = {0x000000E100000006, 0x0000000000010000};
> + uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060};
> + struct sgx_sigstruct *sigstruct = &encl->sigstruct;
> + struct sgx_sigstruct_payload payload;
> + uint8_t digest[SHA256_DIGEST_LENGTH];
> + unsigned int siglen;
> + RSA *key = NULL;
> + EVP_MD_CTX *ctx;
> + int i;
> +
> + memset(sigstruct, 0, sizeof(*sigstruct));
> +
> + sigstruct->header.header1[0] = header1[0];
> + sigstruct->header.header1[1] = header1[1];
> + sigstruct->header.header2[0] = header2[0];
> + sigstruct->header.header2[1] = header2[1];
> + sigstruct->exponent = 3;
> + sigstruct->body.attributes = SGX_ATTR_MODE64BIT;
> + sigstruct->body.xfrm = 3;
> +
> + /* sanity check */
> + if (check_crypto_errors())
> + goto err;
> +
> + key = gen_sign_key();
> + if (!key)
> + goto err;
> +
> + BN_bn2bin(get_modulus(key), sigstruct->modulus);
> +
> + ctx = EVP_MD_CTX_create();
> + if (!ctx)
> + goto err;
> +
> + if (!mrenclave_ecreate(ctx, encl->src_size))
> + goto err;
> +
> + for (i = 0; i < encl->nr_segments; i++) {
> + struct encl_segment *seg = &encl->segment_tbl[i];
> +
> + if (!mrenclave_segment(ctx, encl, seg))
> + goto err;
> + }
> +
> + if (!mrenclave_commit(ctx, sigstruct->body.mrenclave))
> + goto err;
> +
> + memcpy(&payload.header, &sigstruct->header, sizeof(sigstruct->header));
> + memcpy(&payload.body, &sigstruct->body, sizeof(sigstruct->body));
> +
> + SHA256((unsigned char *)&payload, sizeof(payload), digest);
> +
> + if (!RSA_sign(NID_sha256, digest, SHA256_DIGEST_LENGTH,
> + sigstruct->signature, &siglen, key))
> + goto err;
> +
> + if (!calc_q1q2(sigstruct->signature, sigstruct->modulus, sigstruct->q1,
> + sigstruct->q2))
> + goto err;
> +
> + /* BE -> LE */
> + reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE);
> + reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE);
> + reverse_bytes(sigstruct->q1, SGX_MODULUS_SIZE);
> + reverse_bytes(sigstruct->q2, SGX_MODULUS_SIZE);
> +
> + EVP_MD_CTX_destroy(ctx);
> + RSA_free(key);
> + return true;
> +
> +err:
> + EVP_MD_CTX_destroy(ctx);
> + RSA_free(key);
> + return false;
> +}
> diff --git a/tools/testing/selftests/sgx/test_encl.c b/tools/testing/selftests/sgx/test_encl.c
> new file mode 100644
> index 000000000000..ede915399742
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/test_encl.c
> @@ -0,0 +1,20 @@
> +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
> +// Copyright(c) 2016-18 Intel Corporation.
> +
> +#include <stddef.h>
> +#include "defines.h"
> +
> +static void *memcpy(void *dest, const void *src, size_t n)
> +{
> + size_t i;
> +
> + for (i = 0; i < n; i++)
> + ((char *)dest)[i] = ((char *)src)[i];
> +
> + return dest;
> +}
> +
> +void encl_body(void *rdi, void *rsi)
> +{
> + memcpy(rsi, rdi, 8);
> +}
> diff --git a/tools/testing/selftests/sgx/test_encl.lds b/tools/testing/selftests/sgx/test_encl.lds
> new file mode 100644
> index 000000000000..0fbbda7e665e
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/test_encl.lds
> @@ -0,0 +1,40 @@
> +OUTPUT_FORMAT(elf64-x86-64)
> +
> +PHDRS
> +{
> + tcs PT_LOAD;
> + text PT_LOAD;
> + data PT_LOAD;
> +}
> +
> +SECTIONS
> +{
> + . = 0;
> + .tcs : {
> + *(.tcs*)
> + } : tcs
> +
> + . = ALIGN(4096);
> + .text : {
> + *(.text*)
> + *(.rodata*)
> + } : text
> +
> + . = ALIGN(4096);
> + .data : {
> + *(.data*)
> + } : data
> +
> + /DISCARD/ : {
> + *(.comment*)
> + *(.note*)
> + *(.debug*)
> + *(.eh_frame*)
> + }
> +}
> +
> +ASSERT(!DEFINED(.altinstructions), "ALTERNATIVES are not supported in enclaves")
> +ASSERT(!DEFINED(.altinstr_replacement), "ALTERNATIVES are not supported in enclaves")
> +ASSERT(!DEFINED(.discard.retpoline_safe), "RETPOLINE ALTERNATIVES are not supported in enclaves")
> +ASSERT(!DEFINED(.discard.nospec), "RETPOLINE ALTERNATIVES are not supported in enclaves")
> +ASSERT(!DEFINED(.got.plt), "Libcalls are not supported in enclaves")
> diff --git a/tools/testing/selftests/sgx/test_encl_bootstrap.S b/tools/testing/selftests/sgx/test_encl_bootstrap.S
> new file mode 100644
> index 000000000000..6836ea86126e
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/test_encl_bootstrap.S
> @@ -0,0 +1,89 @@
> +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */
> +/*
> + * Copyright(c) 2016-18 Intel Corporation.
> + */
> +
> + .macro ENCLU
> + .byte 0x0f, 0x01, 0xd7
> + .endm
> +
> + .section ".tcs", "aw"
> + .balign 4096
> +
> + .fill 1, 8, 0 # STATE (set by CPU)
> + .fill 1, 8, 0 # FLAGS
> + .quad encl_ssa # OSSA
> + .fill 1, 4, 0 # CSSA (set by CPU)
> + .fill 1, 4, 1 # NSSA
> + .quad encl_entry # OENTRY
> + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME)
> + .fill 1, 8, 0 # OFSBASE
> + .fill 1, 8, 0 # OGSBASE
> + .fill 1, 4, 0xFFFFFFFF # FSLIMIT
> + .fill 1, 4, 0xFFFFFFFF # GSLIMIT
> + .fill 4024, 1, 0 # Reserved
> +
> + # Identical to the previous TCS.
> + .fill 1, 8, 0 # STATE (set by CPU)
> + .fill 1, 8, 0 # FLAGS
> + .quad encl_ssa # OSSA
> + .fill 1, 4, 0 # CSSA (set by CPU)
> + .fill 1, 4, 1 # NSSA
> + .quad encl_entry # OENTRY
> + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME)
> + .fill 1, 8, 0 # OFSBASE
> + .fill 1, 8, 0 # OGSBASE
> + .fill 1, 4, 0xFFFFFFFF # FSLIMIT
> + .fill 1, 4, 0xFFFFFFFF # GSLIMIT
> + .fill 4024, 1, 0 # Reserved
> +
> + .text
> +
> +encl_entry:
> + # RBX contains the base address for TCS, which is also the first address
> + # inside the enclave. By adding the value of le_stack_end to it, we get
> + # the absolute address for the stack.
> + lea (encl_stack)(%rbx), %rax
> + xchg %rsp, %rax
> + push %rax
> +
> + push %rcx # push the address after EENTER
> + push %rbx # push the enclave base address
> +
> + call encl_body
> +
> + pop %rbx # pop the enclave base address
> +
> + /* Clear volatile GPRs, except RAX (EEXIT leaf). */
> + xor %rcx, %rcx
> + xor %rdx, %rdx
> + xor %rdi, %rdi
> + xor %rsi, %rsi
> + xor %r8, %r8
> + xor %r9, %r9
> + xor %r10, %r10
> + xor %r11, %r11
> +
> + # Reset status flags.
> + add %rdx, %rdx # OF = SF = AF = CF = 0; ZF = PF = 1
> +
> + # Prepare EEXIT target by popping the address of the instruction after
> + # EENTER to RBX.
> + pop %rbx
> +
> + # Restore the caller stack.
> + pop %rax
> + mov %rax, %rsp
> +
> + # EEXIT
> + mov $4, %rax
> + enclu
> +
> + .section ".data", "aw"
> +
> +encl_ssa:
> + .space 4096
> +
> + .balign 4096
> + .space 8192
> +encl_stack:
> --
> 2.25.1
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v36 22/24] selftests/x86: Add a selftest for SGX
2020-08-27 4:47 ` Nathaniel McCallum
@ 2020-08-27 15:20 ` Sean Christopherson
2020-08-28 23:27 ` Jarkko Sakkinen
0 siblings, 1 reply; 4+ messages in thread
From: Sean Christopherson @ 2020-08-27 15:20 UTC (permalink / raw)
To: Nathaniel McCallum
Cc: Jarkko Sakkinen, X86 ML, linux-sgx, LKML, linux-kselftest,
Andrew Morton, Andy Shevchenko, asapek, Borislav Petkov, Xing,
Cedric, chenalexchen, Conrad Parker, cyhanish, Dave Hansen,
Huang, Haitao, Josh Triplett, Huang, Kai, Svahn, Kai,
Keith Moyer, Christian Ludloff, Andy Lutomirski, Neil Horman,
Patrick Uiterwijk, David Rientjes, Thomas Gleixner, yaozhangx
On Thu, Aug 27, 2020 at 12:47:04AM -0400, Nathaniel McCallum wrote:
> > +int main(int argc, char *argv[], char *envp[])
> > +{
> > + struct sgx_enclave_exception exception;
> > + struct vdso_symtab symtab;
> > + Elf64_Sym *eenter_sym;
> > + uint64_t result = 0;
> > + struct encl encl;
> > + unsigned int i;
> > + void *addr;
> > +
> > + if (!encl_load("test_encl.elf", &encl))
> > + goto err;
> > +
> > + if (!encl_measure(&encl))
> > + goto err;
> > +
> > + if (!encl_build(&encl))
> > + goto err;
> > +
> > + /*
> > + * An enclave consumer only must do this.
> > + */
> > + for (i = 0; i < encl.nr_segments; i++) {
> > + struct encl_segment *seg = &encl.segment_tbl[i];
> > +
> > + addr = mmap((void *)encl.encl_base + seg->offset, seg->size,
> > + seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0);
>
> My patch version is a bit behind (v32), but I suspect this still
> applies. I discovered the following by accident.
>
> In the Enarx code base, this invocation succeeds:
> mmap(0x200000000000, 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED |
> MAP_FIXED, sgxfd, 0)
>
> However, this one fails with -EINVAL:
> mmap(0x200000000000, 0x1000, PROT_READ | PROT_WRITE,
> MAP_SHARED_VALIDATE | MAP_FIXED, sgxfd, 0)
>
> From man mmap:
>
> MAP_SHARED_VALIDATE (since Linux 4.15)
> This flag provides the same behavior as MAP_SHARED
> except that MAP_SHARED mappings ignore unknown
> flags in flags. By contrast, when creating a mapping
> using MAP_SHARED_VALIDATE, the kernel veri‐
> fies all passed flags are known and fails the
> mapping with the error EOPNOTSUPP for unknown
> flags. This mapping type is also required to be able to
> use some mapping flags (e.g., MAP_SYNC).
>
> I can try again on a newer patch set tomorrow if need be. But the
> documentation of mmap() doesn't match the behavior I'm seeing. A brief
> look through the patch set didn't turn up anything obvious that could
> be causing this.
This is a bug in sgx_get_unmapped_area(). EPC must be mapped SHARED, and
so MAP_PRIVATE is disallowed. The current check is:
if (flags & MAP_PRIVATE)
return -EINVAL;
and the base "flags" are:
#define MAP_SHARED 0x01 /* Share changes */
#define MAP_PRIVATE 0x02 /* Changes are private */
#define MAP_SHARED_VALIDATE 0x03 /* share + validate extension flags */
which causes the SGX check to interpret MAP_SHARED_VALIDATE as MAP_PRIVATE.
The types are just that, types, not flag modifiers. So the SGX code needs
to be:
if ((flags & MAP_TYPE) == MAP_PRIVATE)
return -EINVAL;
or
unsigned long map_type = (flags & MAP_TYPE);
if (map_type != MAP_SHARED && map_type != MAP_SHARED_VALIDATE)
return -EINVAL;
Side topic, there is at least one existing bug of this nature, in mm/nommu.c.
I'll send a patch for that and look for any other instances of the bad
pattern.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v36 22/24] selftests/x86: Add a selftest for SGX
2020-08-27 15:20 ` Sean Christopherson
@ 2020-08-28 23:27 ` Jarkko Sakkinen
0 siblings, 0 replies; 4+ messages in thread
From: Jarkko Sakkinen @ 2020-08-28 23:27 UTC (permalink / raw)
To: Sean Christopherson
Cc: Nathaniel McCallum, X86 ML, linux-sgx, LKML, linux-kselftest,
Andrew Morton, Andy Shevchenko, asapek, Borislav Petkov, Xing,
Cedric, chenalexchen, Conrad Parker, cyhanish, Dave Hansen,
Huang, Haitao, Josh Triplett, Huang, Kai, Svahn, Kai,
Keith Moyer, Christian Ludloff, Andy Lutomirski, Neil Horman,
Patrick Uiterwijk, David Rientjes, Thomas Gleixner, yaozhangx
On Thu, Aug 27, 2020 at 08:20:51AM -0700, Sean Christopherson wrote:
> On Thu, Aug 27, 2020 at 12:47:04AM -0400, Nathaniel McCallum wrote:
> > > +int main(int argc, char *argv[], char *envp[])
> > > +{
> > > + struct sgx_enclave_exception exception;
> > > + struct vdso_symtab symtab;
> > > + Elf64_Sym *eenter_sym;
> > > + uint64_t result = 0;
> > > + struct encl encl;
> > > + unsigned int i;
> > > + void *addr;
> > > +
> > > + if (!encl_load("test_encl.elf", &encl))
> > > + goto err;
> > > +
> > > + if (!encl_measure(&encl))
> > > + goto err;
> > > +
> > > + if (!encl_build(&encl))
> > > + goto err;
> > > +
> > > + /*
> > > + * An enclave consumer only must do this.
> > > + */
> > > + for (i = 0; i < encl.nr_segments; i++) {
> > > + struct encl_segment *seg = &encl.segment_tbl[i];
> > > +
> > > + addr = mmap((void *)encl.encl_base + seg->offset, seg->size,
> > > + seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0);
> >
> > My patch version is a bit behind (v32), but I suspect this still
> > applies. I discovered the following by accident.
> >
> > In the Enarx code base, this invocation succeeds:
> > mmap(0x200000000000, 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED |
> > MAP_FIXED, sgxfd, 0)
> >
> > However, this one fails with -EINVAL:
> > mmap(0x200000000000, 0x1000, PROT_READ | PROT_WRITE,
> > MAP_SHARED_VALIDATE | MAP_FIXED, sgxfd, 0)
> >
> > From man mmap:
> >
> > MAP_SHARED_VALIDATE (since Linux 4.15)
> > This flag provides the same behavior as MAP_SHARED
> > except that MAP_SHARED mappings ignore unknown
> > flags in flags. By contrast, when creating a mapping
> > using MAP_SHARED_VALIDATE, the kernel veri‐
> > fies all passed flags are known and fails the
> > mapping with the error EOPNOTSUPP for unknown
> > flags. This mapping type is also required to be able to
> > use some mapping flags (e.g., MAP_SYNC).
> >
> > I can try again on a newer patch set tomorrow if need be. But the
> > documentation of mmap() doesn't match the behavior I'm seeing. A brief
> > look through the patch set didn't turn up anything obvious that could
> > be causing this.
>
> This is a bug in sgx_get_unmapped_area(). EPC must be mapped SHARED, and
> so MAP_PRIVATE is disallowed. The current check is:
>
> if (flags & MAP_PRIVATE)
> return -EINVAL;
>
> and the base "flags" are:
>
> #define MAP_SHARED 0x01 /* Share changes */
> #define MAP_PRIVATE 0x02 /* Changes are private */
> #define MAP_SHARED_VALIDATE 0x03 /* share + validate extension flags */
>
> which causes the SGX check to interpret MAP_SHARED_VALIDATE as MAP_PRIVATE.
> The types are just that, types, not flag modifiers. So the SGX code needs
> to be:
>
> if ((flags & MAP_TYPE) == MAP_PRIVATE)
> return -EINVAL;
Updated, thanks.
/Jarkko
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-08-28 23:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20200716135303.276442-1-jarkko.sakkinen@linux.intel.com>
2020-07-16 13:53 ` [PATCH v36 22/24] selftests/x86: Add a selftest for SGX Jarkko Sakkinen
2020-08-27 4:47 ` Nathaniel McCallum
2020-08-27 15:20 ` Sean Christopherson
2020-08-28 23:27 ` Jarkko Sakkinen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).