Re: [PATCH 1/5] selftests/sgx: Add PHDRS to encl.lds

From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: linux-sgx@vger.kernel.org
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Subject: Re: [PATCH 1/5] selftests/sgx: Add PHDRS to encl.lds
Date: Mon, 23 Mar 2020 05:52:27 +0200	[thread overview]
Message-ID: <20200323035227.GA4658@linux.intel.com> (raw)
In-Reply-To: <20200323034634.4157-1-jarkko.sakkinen@linux.intel.com>

On Mon, Mar 23, 2020 at 05:46:30AM +0200, Jarkko Sakkinen wrote:
> Improve encl.lds to create an ELF image that can be easily loaded without
> needing the conversion to a raw binary. This is achieved by adding PHDRS to
> encl.lds that describes the different segments.
> 
> With a simple Python program it is easy to see that the changes result in a
> sane memory layout [1]:
> 
> Flags Start              End
> rw-   0x0000000000200000 0x0000000000201000
> r-x   0x0000000000201000 0x0000000000202000
> rw-   0x0000000000202000 0x0000000000205000
> 
> These are the start and end positions in the enclave ELF image for
> different enclave memory areas. Since all the sections are marked as being
> allocated, an ELF enclave loader can be solely based on p_offset, p_memsz
> and p_flags fields of struct Elf64_Phdr.
> 
> [1]
> import sys
> from elftools.elf.elffile import ELFFile
> 
> PAGE_SIZE = 0x1000
> 
> if __name__ == '__main__':
>     flags2str = ['---', '--x', '-w-', '-wx', 'r--', 'r-x', 'rw-', 'rwx']
> 
>     if len(sys.argv) != 2:
>         sys.exit(1)
> 
>     with open(sys.argv[1], 'rb') as file:
>         file = ELFFile(file)
> 
>         print('{:<5} {:<18} {:<18}'.format('Flags', 'Start', 'End'))
> 
>         for seg in file.iter_segments():
>             if seg['p_type'] != 'PT_LOAD':
>                 continue
> 
>             flags = flags2str[seg['p_flags']]
> 
>             start = seg['p_offset'] & ~(PAGE_SIZE - 1)
>             end = start +
> 	          (seg['p_filesz'] + PAGE_SIZE - 1) & ~(PAGE_SIZE - 1)
> 
>             print('{:<5} 0x{:0>16x} 0x{:0>16x}'.format(flags, start, end))
> 
> Cc: Sean Christopherson <sean.j.christopherson@intel.com>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> ---
>  tools/testing/selftests/sgx/encl.lds         | 14 ++++++++++----
>  tools/testing/selftests/sgx/encl_bootstrap.S |  2 +-
>  2 files changed, 11 insertions(+), 5 deletions(-)
> 
> diff --git a/tools/testing/selftests/sgx/encl.lds b/tools/testing/selftests/sgx/encl.lds
> index 9a56d3064104..0fbbda7e665e 100644
> --- a/tools/testing/selftests/sgx/encl.lds
> +++ b/tools/testing/selftests/sgx/encl.lds
> @@ -1,25 +1,31 @@
>  OUTPUT_FORMAT(elf64-x86-64)
>  
> +PHDRS
> +{
> +	tcs PT_LOAD;
> +	text PT_LOAD;
> +	data PT_LOAD;
> +}
> +
>  SECTIONS
>  {
>  	. = 0;
>  	.tcs : {
>  		*(.tcs*)
> -	}
> +	} : tcs
>  
>  	. = ALIGN(4096);
>  	.text : {
>  		*(.text*)
>  		*(.rodata*)
> -	}
> +	} : text
>  
>  	. = ALIGN(4096);
>  	.data : {
>  		*(.data*)
> -	}
> +	} : data
>  
>  	/DISCARD/ : {
> -		*(.data*)
>  		*(.comment*)
>  		*(.note*)
>  		*(.debug*)
> diff --git a/tools/testing/selftests/sgx/encl_bootstrap.S b/tools/testing/selftests/sgx/encl_bootstrap.S
> index 3a1479f1cdcf..b9ea6130e422 100644
> --- a/tools/testing/selftests/sgx/encl_bootstrap.S
> +++ b/tools/testing/selftests/sgx/encl_bootstrap.S
> @@ -7,7 +7,7 @@
>  	.byte 0x0f, 0x01, 0xd7
>  	.endm
>  
> -	.section ".tcs", "a"
> +	.section ".tcs", "aw"
>  	.balign	4096
>  
>  	.fill	1, 8, 0			# STATE (set by CPU)
> -- 
> 2.25.1
> 

These changes have been squashed to my tree. Please provide patches
if something feels not right.

The changes were live coded on a Geminilake NUC that I brought home
last week and are tested quite extensively.

The place for improvement would be to call sgx_encl_build_segment()
based on segments in the program header table so that the permissions
would be assigned dynamically.

/Jarkko