Linux-Sgx Archive on lore.kernel.org
 help / color / Atom feed
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: linux-sgx@vger.kernel.org
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Subject: Re: [PATCH 1/5] selftests/sgx: Add PHDRS to encl.lds
Date: Mon, 23 Mar 2020 05:52:27 +0200
Message-ID: <20200323035227.GA4658@linux.intel.com> (raw)
In-Reply-To: <20200323034634.4157-1-jarkko.sakkinen@linux.intel.com>

On Mon, Mar 23, 2020 at 05:46:30AM +0200, Jarkko Sakkinen wrote:
> Improve encl.lds to create an ELF image that can be easily loaded without
> needing the conversion to a raw binary. This is achieved by adding PHDRS to
> encl.lds that describes the different segments.
> 
> With a simple Python program it is easy to see that the changes result in a
> sane memory layout [1]:
> 
> Flags Start              End
> rw-   0x0000000000200000 0x0000000000201000
> r-x   0x0000000000201000 0x0000000000202000
> rw-   0x0000000000202000 0x0000000000205000
> 
> These are the start and end positions in the enclave ELF image for
> different enclave memory areas. Since all the sections are marked as being
> allocated, an ELF enclave loader can be solely based on p_offset, p_memsz
> and p_flags fields of struct Elf64_Phdr.
> 
> [1]
> import sys
> from elftools.elf.elffile import ELFFile
> 
> PAGE_SIZE = 0x1000
> 
> if __name__ == '__main__':
>     flags2str = ['---', '--x', '-w-', '-wx', 'r--', 'r-x', 'rw-', 'rwx']
> 
>     if len(sys.argv) != 2:
>         sys.exit(1)
> 
>     with open(sys.argv[1], 'rb') as file:
>         file = ELFFile(file)
> 
>         print('{:<5} {:<18} {:<18}'.format('Flags', 'Start', 'End'))
> 
>         for seg in file.iter_segments():
>             if seg['p_type'] != 'PT_LOAD':
>                 continue
> 
>             flags = flags2str[seg['p_flags']]
> 
>             start = seg['p_offset'] & ~(PAGE_SIZE - 1)
>             end = start +
> 	          (seg['p_filesz'] + PAGE_SIZE - 1) & ~(PAGE_SIZE - 1)
> 
>             print('{:<5} 0x{:0>16x} 0x{:0>16x}'.format(flags, start, end))
> 
> Cc: Sean Christopherson <sean.j.christopherson@intel.com>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> ---
>  tools/testing/selftests/sgx/encl.lds         | 14 ++++++++++----
>  tools/testing/selftests/sgx/encl_bootstrap.S |  2 +-
>  2 files changed, 11 insertions(+), 5 deletions(-)
> 
> diff --git a/tools/testing/selftests/sgx/encl.lds b/tools/testing/selftests/sgx/encl.lds
> index 9a56d3064104..0fbbda7e665e 100644
> --- a/tools/testing/selftests/sgx/encl.lds
> +++ b/tools/testing/selftests/sgx/encl.lds
> @@ -1,25 +1,31 @@
>  OUTPUT_FORMAT(elf64-x86-64)
>  
> +PHDRS
> +{
> +	tcs PT_LOAD;
> +	text PT_LOAD;
> +	data PT_LOAD;
> +}
> +
>  SECTIONS
>  {
>  	. = 0;
>  	.tcs : {
>  		*(.tcs*)
> -	}
> +	} : tcs
>  
>  	. = ALIGN(4096);
>  	.text : {
>  		*(.text*)
>  		*(.rodata*)
> -	}
> +	} : text
>  
>  	. = ALIGN(4096);
>  	.data : {
>  		*(.data*)
> -	}
> +	} : data
>  
>  	/DISCARD/ : {
> -		*(.data*)
>  		*(.comment*)
>  		*(.note*)
>  		*(.debug*)
> diff --git a/tools/testing/selftests/sgx/encl_bootstrap.S b/tools/testing/selftests/sgx/encl_bootstrap.S
> index 3a1479f1cdcf..b9ea6130e422 100644
> --- a/tools/testing/selftests/sgx/encl_bootstrap.S
> +++ b/tools/testing/selftests/sgx/encl_bootstrap.S
> @@ -7,7 +7,7 @@
>  	.byte 0x0f, 0x01, 0xd7
>  	.endm
>  
> -	.section ".tcs", "a"
> +	.section ".tcs", "aw"
>  	.balign	4096
>  
>  	.fill	1, 8, 0			# STATE (set by CPU)
> -- 
> 2.25.1
> 

These changes have been squashed to my tree. Please provide patches
if something feels not right.

The changes were live coded on a Geminilake NUC that I brought home
last week and are tested quite extensively.

The place for improvement would be to call sgx_encl_build_segment()
based on segments in the program header table so that the permissions
would be assigned dynamically.

/Jarkko

      parent reply index

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-23  3:46 Jarkko Sakkinen
2020-03-23  3:46 ` [PATCH 2/5] selftests/sgx: Manage encl_fd in the main function Jarkko Sakkinen
2020-03-23  3:46 ` [PATCH 3/5] selftests/sgx: Move EINIT out of encl_build() Jarkko Sakkinen
2020-03-23  3:46 ` [PATCH 4/5] selftest/sgx: Replace encl_build() with encl_build_segment() Jarkko Sakkinen
2020-03-23  3:46 ` [PATCH 5/5] selftests/sgx: Load encl.elf directly in the test program Jarkko Sakkinen
2020-03-23  3:52 ` Jarkko Sakkinen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200323035227.GA4658@linux.intel.com \
    --to=jarkko.sakkinen@linux.intel.com \
    --cc=linux-sgx@vger.kernel.org \
    --cc=sean.j.christopherson@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Sgx Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-sgx/0 linux-sgx/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-sgx linux-sgx/ https://lore.kernel.org/linux-sgx \
		linux-sgx@vger.kernel.org
	public-inbox-index linux-sgx

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-sgx


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git