Linux-Sgx Archive on lore.kernel.org
 help / color / Atom feed
From: Nathaniel McCallum <npmccallum@redhat.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: X86 ML <x86@kernel.org>,
	linux-sgx@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
	linux-kselftest@vger.kernel.org,
	Andrew Morton <akpm@linux-foundation.org>,
	Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
	asapek@google.com, Borislav Petkov <bp@alien8.de>,
	"Xing, Cedric" <cedric.xing@intel.com>,
	chenalexchen@google.com, Conrad Parker <conradparker@google.com>,
	cyhanish@google.com, Dave Hansen <dave.hansen@intel.com>,
	"Huang, Haitao" <haitao.huang@intel.com>,
	Josh Triplett <josh@joshtriplett.org>,
	"Huang, Kai" <kai.huang@intel.com>,
	"Svahn, Kai" <kai.svahn@intel.com>, Keith Moyer <kmoy@google.com>,
	Christian Ludloff <ludloff@google.com>,
	Andy Lutomirski <luto@kernel.org>,
	Neil Horman <nhorman@redhat.com>,
	Patrick Uiterwijk <puiterwijk@redhat.com>,
	David Rientjes <rientjes@google.com>,
	"Christopherson, Sean J" <sean.j.christopherson@intel.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	yaozhangx@google.com
Subject: Re: [PATCH v36 22/24] selftests/x86: Add a selftest for SGX
Date: Thu, 27 Aug 2020 00:47:04 -0400
Message-ID: <CAOASepO-DuQW88hxtAJv5Ki4GNYnkGNz5qK_dTEK_y8roMdPkg@mail.gmail.com> (raw)
In-Reply-To: <20200716135303.276442-23-jarkko.sakkinen@linux.intel.com>

On Thu, Jul 16, 2020 at 9:58 AM Jarkko Sakkinen
<jarkko.sakkinen@linux.intel.com> wrote:
>
> Add a selftest for SGX. It is a trivial test where a simple enclave
> copies one 64-bit word of memory between two memory locations.
>
> Cc: linux-kselftest@vger.kernel.org
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> ---
>  tools/testing/selftests/Makefile              |   1 +
>  tools/testing/selftests/sgx/.gitignore        |   2 +
>  tools/testing/selftests/sgx/Makefile          |  53 +++
>  tools/testing/selftests/sgx/call.S            |  54 +++
>  tools/testing/selftests/sgx/defines.h         |  21 +
>  tools/testing/selftests/sgx/load.c            | 282 +++++++++++++
>  tools/testing/selftests/sgx/main.c            | 199 +++++++++
>  tools/testing/selftests/sgx/main.h            |  38 ++
>  tools/testing/selftests/sgx/sigstruct.c       | 395 ++++++++++++++++++
>  tools/testing/selftests/sgx/test_encl.c       |  20 +
>  tools/testing/selftests/sgx/test_encl.lds     |  40 ++
>  .../selftests/sgx/test_encl_bootstrap.S       |  89 ++++
>  12 files changed, 1194 insertions(+)
>  create mode 100644 tools/testing/selftests/sgx/.gitignore
>  create mode 100644 tools/testing/selftests/sgx/Makefile
>  create mode 100644 tools/testing/selftests/sgx/call.S
>  create mode 100644 tools/testing/selftests/sgx/defines.h
>  create mode 100644 tools/testing/selftests/sgx/load.c
>  create mode 100644 tools/testing/selftests/sgx/main.c
>  create mode 100644 tools/testing/selftests/sgx/main.h
>  create mode 100644 tools/testing/selftests/sgx/sigstruct.c
>  create mode 100644 tools/testing/selftests/sgx/test_encl.c
>  create mode 100644 tools/testing/selftests/sgx/test_encl.lds
>  create mode 100644 tools/testing/selftests/sgx/test_encl_bootstrap.S
>
> diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile
> index 1195bd85af38..ec7be6d5a10d 100644
> --- a/tools/testing/selftests/Makefile
> +++ b/tools/testing/selftests/Makefile
> @@ -64,6 +64,7 @@ TARGETS += user
>  TARGETS += vm
>  TARGETS += x86
>  TARGETS += zram
> +TARGETS += sgx
>  #Please keep the TARGETS list alphabetically sorted
>  # Run "make quicktest=1 run_tests" or
>  # "make quicktest=1 kselftest" from top level Makefile
> diff --git a/tools/testing/selftests/sgx/.gitignore b/tools/testing/selftests/sgx/.gitignore
> new file mode 100644
> index 000000000000..fbaf0bda9a92
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/.gitignore
> @@ -0,0 +1,2 @@
> +test_sgx
> +test_encl.elf
> diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile
> new file mode 100644
> index 000000000000..95e5c4df8014
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/Makefile
> @@ -0,0 +1,53 @@
> +top_srcdir = ../../../..
> +
> +include ../lib.mk
> +
> +.PHONY: all clean
> +
> +CAN_BUILD_X86_64 := $(shell ../x86/check_cc.sh $(CC) \
> +                           ../x86/trivial_64bit_program.c)
> +
> +ifndef OBJCOPY
> +OBJCOPY := $(CROSS_COMPILE)objcopy
> +endif
> +
> +INCLUDES := -I$(top_srcdir)/tools/include
> +HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack
> +ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \
> +              -fno-stack-protector -mrdrnd $(INCLUDES)
> +
> +TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx $(OUTPUT)/test_encl.elf
> +
> +ifeq ($(CAN_BUILD_X86_64), 1)
> +all: $(TEST_CUSTOM_PROGS)
> +endif
> +
> +$(OUTPUT)/test_sgx: $(OUTPUT)/main.o \
> +                   $(OUTPUT)/load.o \
> +                   $(OUTPUT)/sigstruct.o \
> +                   $(OUTPUT)/call.o
> +       $(CC) $(HOST_CFLAGS) -o $@ $^ -lcrypto
> +
> +$(OUTPUT)/main.o: main.c
> +       $(CC) $(HOST_CFLAGS) -c $< -o $@
> +
> +$(OUTPUT)/load.o: load.c
> +       $(CC) $(HOST_CFLAGS) -c $< -o $@
> +
> +$(OUTPUT)/sigstruct.o: sigstruct.c
> +       $(CC) $(HOST_CFLAGS) -c $< -o $@
> +
> +$(OUTPUT)/call.o: call.S
> +       $(CC) $(HOST_CFLAGS) -c $< -o $@
> +
> +$(OUTPUT)/test_encl.elf: test_encl.lds test_encl.c test_encl_bootstrap.S
> +       $(CC) $(ENCL_CFLAGS) -T $^ -o $@
> +
> +EXTRA_CLEAN := \
> +       $(OUTPUT)/test_encl.elf \
> +       $(OUTPUT)/load.o \
> +       $(OUTPUT)/call.o \
> +       $(OUTPUT)/main.o \
> +       $(OUTPUT)/sigstruct.o \
> +       $(OUTPUT)/test_sgx \
> +       $(OUTPUT)/test_sgx.o \
> diff --git a/tools/testing/selftests/sgx/call.S b/tools/testing/selftests/sgx/call.S
> new file mode 100644
> index 000000000000..77131e83db42
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/call.S
> @@ -0,0 +1,54 @@
> +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */
> +/**
> +* Copyright(c) 2016-18 Intel Corporation.
> +*/
> +
> +       .text
> +
> +       .macro ENCLU
> +       .byte 0x0f, 0x01, 0xd7
> +       .endm
> +
> +       .text
> +
> +       .global sgx_call_vdso
> +sgx_call_vdso:
> +       .cfi_startproc
> +       push    %r15
> +       .cfi_adjust_cfa_offset  8
> +       .cfi_rel_offset         %r15, 0
> +       push    %r14
> +       .cfi_adjust_cfa_offset  8
> +       .cfi_rel_offset         %r14, 0
> +       push    %r13
> +       .cfi_adjust_cfa_offset  8
> +       .cfi_rel_offset         %r13, 0
> +       push    %r12
> +       .cfi_adjust_cfa_offset  8
> +       .cfi_rel_offset         %r12, 0
> +       push    %rbx
> +       .cfi_adjust_cfa_offset  8
> +       .cfi_rel_offset         %rbx, 0
> +       push    $0
> +       .cfi_adjust_cfa_offset  8
> +       push    0x48(%rsp)
> +       .cfi_adjust_cfa_offset  8
> +       push    0x48(%rsp)
> +       .cfi_adjust_cfa_offset  8
> +       push    0x48(%rsp)
> +       .cfi_adjust_cfa_offset  8
> +       call    *eenter(%rip)
> +       add     $0x20, %rsp
> +       .cfi_adjust_cfa_offset  -0x20
> +       pop     %rbx
> +       .cfi_adjust_cfa_offset  -8
> +       pop     %r12
> +       .cfi_adjust_cfa_offset  -8
> +       pop     %r13
> +       .cfi_adjust_cfa_offset  -8
> +       pop     %r14
> +       .cfi_adjust_cfa_offset  -8
> +       pop     %r15
> +       .cfi_adjust_cfa_offset  -8
> +       ret
> +       .cfi_endproc
> diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h
> new file mode 100644
> index 000000000000..be8969922804
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/defines.h
> @@ -0,0 +1,21 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Copyright(c) 2016-19 Intel Corporation.
> + */
> +
> +#ifndef DEFINES_H
> +#define DEFINES_H
> +
> +#include <stdint.h>
> +
> +#define PAGE_SIZE 4096
> +#define PAGE_MASK (~(PAGE_SIZE - 1))
> +
> +#define __aligned(x) __attribute__((__aligned__(x)))
> +#define __packed __attribute__((packed))
> +
> +#include "../../../../arch/x86/kernel/cpu/sgx/arch.h"
> +#include "../../../../arch/x86/include/asm/enclu.h"
> +#include "../../../../arch/x86/include/uapi/asm/sgx.h"
> +
> +#endif /* DEFINES_H */
> diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c
> new file mode 100644
> index 000000000000..91407036541c
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/load.c
> @@ -0,0 +1,282 @@
> +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
> +// Copyright(c) 2016-18 Intel Corporation.
> +
> +#include <assert.h>
> +#include <elf.h>
> +#include <errno.h>
> +#include <fcntl.h>
> +#include <stdbool.h>
> +#include <stdio.h>
> +#include <stdint.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <unistd.h>
> +#include <sys/ioctl.h>
> +#include <sys/mman.h>
> +#include <sys/stat.h>
> +#include <sys/time.h>
> +#include <sys/types.h>
> +#include "defines.h"
> +#include "main.h"
> +
> +void encl_delete(struct encl *encl)
> +{
> +       if (encl->encl_base)
> +               munmap((void *)encl->encl_base, encl->encl_size);
> +
> +       if (encl->bin)
> +               munmap(encl->bin, encl->bin_size);
> +
> +       if (encl->fd)
> +               close(encl->fd);
> +
> +       if (encl->segment_tbl)
> +               free(encl->segment_tbl);
> +
> +       memset(encl, 0, sizeof(*encl));
> +}
> +
> +static bool encl_map_bin(const char *path, struct encl *encl)
> +{
> +       struct stat sb;
> +       void *bin;
> +       int ret;
> +       int fd;
> +
> +       fd = open(path, O_RDONLY);
> +       if (fd == -1)  {
> +               perror("open()");
> +               return false;
> +       }
> +
> +       ret = stat(path, &sb);
> +       if (ret) {
> +               perror("stat()");
> +               goto err;
> +       }
> +
> +       bin = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
> +       if (bin == MAP_FAILED) {
> +               perror("mmap()");
> +               goto err;
> +       }
> +
> +       encl->bin = bin;
> +       encl->bin_size = sb.st_size;
> +
> +       close(fd);
> +       return true;
> +
> +err:
> +       close(fd);
> +       return false;
> +}
> +
> +static bool encl_ioc_create(struct encl *encl)
> +{
> +       struct sgx_secs *secs = &encl->secs;
> +       struct sgx_enclave_create ioc;
> +       int rc;
> +
> +       assert(encl->encl_base != 0);
> +
> +       memset(secs, 0, sizeof(*secs));
> +       secs->ssa_frame_size = 1;
> +       secs->attributes = SGX_ATTR_MODE64BIT;
> +       secs->xfrm = 3;
> +       secs->base = encl->encl_base;
> +       secs->size = encl->encl_size;
> +
> +       ioc.src = (unsigned long)secs;
> +       rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_CREATE, &ioc);
> +       if (rc) {
> +               fprintf(stderr, "SGX_IOC_ENCLAVE_CREATE failed: errno=%d\n",
> +                       errno);
> +               munmap((void *)secs->base, encl->encl_size);
> +               return false;
> +       }
> +
> +       return true;
> +}
> +
> +static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg)
> +{
> +       struct sgx_enclave_add_pages ioc;
> +       struct sgx_secinfo secinfo;
> +       int rc;
> +
> +       memset(&secinfo, 0, sizeof(secinfo));
> +       secinfo.flags = seg->flags;
> +
> +       ioc.src = (uint64_t)encl->src + seg->offset;
> +       ioc.offset = seg->offset;
> +       ioc.length = seg->size;
> +       ioc.secinfo = (unsigned long)&secinfo;
> +       ioc.flags = SGX_PAGE_MEASURE;
> +
> +       rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc);
> +       if (rc) {
> +               fprintf(stderr, "SGX_IOC_ENCLAVE_ADD_PAGES failed: errno=%d.\n",
> +                       errno);
> +               return false;
> +       }
> +
> +       if (ioc.count != ioc.length) {
> +               fprintf(stderr, "A segment not fully processed.\n");
> +               return false;
> +       }
> +
> +       return true;
> +}
> +
> +bool encl_load(const char *path, struct encl *encl)
> +{
> +       Elf64_Phdr *phdr_tbl;
> +       off_t src_offset;
> +       Elf64_Ehdr *ehdr;
> +       int i, j;
> +       int ret;
> +
> +       memset(encl, 0, sizeof(*encl));
> +
> +       ret = open("/dev/sgx/enclave", O_RDWR);
> +       if (ret < 0) {
> +               fprintf(stderr, "Unable to open /dev/sgx\n");
> +               goto err;
> +       }
> +
> +       encl->fd = ret;
> +
> +       if (!encl_map_bin(path, encl))
> +               goto err;
> +
> +       ehdr = encl->bin;
> +       phdr_tbl = encl->bin + ehdr->e_phoff;
> +
> +       for (i = 0; i < ehdr->e_phnum; i++) {
> +               Elf64_Phdr *phdr = &phdr_tbl[i];
> +
> +               if (phdr->p_type == PT_LOAD)
> +                       encl->nr_segments++;
> +       }
> +
> +       encl->segment_tbl = calloc(encl->nr_segments,
> +                                  sizeof(struct encl_segment));
> +       if (!encl->segment_tbl)
> +               goto err;
> +
> +       for (i = 0, j = 0; i < ehdr->e_phnum; i++) {
> +               Elf64_Phdr *phdr = &phdr_tbl[i];
> +               unsigned int flags = phdr->p_flags;
> +               struct encl_segment *seg;
> +
> +               if (phdr->p_type != PT_LOAD)
> +                       continue;
> +
> +               seg = &encl->segment_tbl[j];
> +
> +               if (!!(flags & ~(PF_R | PF_W | PF_X))) {
> +                       fprintf(stderr,
> +                               "%d has invalid segment flags 0x%02x.\n", i,
> +                               phdr->p_flags);
> +                       goto err;
> +               }
> +
> +               if (j == 0 && flags != (PF_R | PF_W)) {
> +                       fprintf(stderr,
> +                               "TCS has invalid segment flags 0x%02x.\n",
> +                               phdr->p_flags);
> +                       goto err;
> +               }
> +
> +               if (j == 0) {
> +                       src_offset = (phdr->p_offset & PAGE_MASK) - src_offset;
> +
> +                       seg->prot = PROT_READ | PROT_WRITE;
> +                       seg->flags = SGX_PAGE_TYPE_TCS << 8;
> +               } else  {
> +                       seg->prot = (phdr->p_flags & PF_R) ? PROT_READ : 0;
> +                       seg->prot |= (phdr->p_flags & PF_W) ? PROT_WRITE : 0;
> +                       seg->prot |= (phdr->p_flags & PF_X) ? PROT_EXEC : 0;
> +                       seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot;
> +               }
> +
> +               seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset;
> +               seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK;
> +
> +               printf("0x%016lx 0x%016lx 0x%02x\n", seg->offset, seg->size,
> +                      seg->prot);
> +
> +               j++;
> +       }
> +
> +       assert(j == encl->nr_segments);
> +
> +       encl->src = encl->bin + src_offset;
> +       encl->src_size = encl->segment_tbl[j - 1].offset +
> +                        encl->segment_tbl[j - 1].size;
> +
> +       for (encl->encl_size = 4096; encl->encl_size < encl->src_size; )
> +               encl->encl_size <<= 1;
> +
> +       return true;
> +
> +err:
> +       encl_delete(encl);
> +       return false;
> +}
> +
> +static bool encl_map_area(struct encl *encl)
> +{
> +       size_t encl_size = encl->encl_size;
> +       void *area;
> +
> +       area = mmap(NULL, encl_size * 2, PROT_NONE,
> +                   MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
> +       if (area == MAP_FAILED) {
> +               perror("mmap");
> +               return false;
> +       }
> +
> +       encl->encl_base = ((uint64_t)area + encl_size - 1) & ~(encl_size - 1);
> +
> +       munmap(area, encl->encl_base - (uint64_t)area);
> +       munmap((void *)(encl->encl_base + encl_size),
> +              (uint64_t)area + encl_size - encl->encl_base);
> +
> +       return true;
> +}
> +
> +bool encl_build(struct encl *encl)
> +{
> +       struct sgx_enclave_init ioc;
> +       int ret;
> +       int i;
> +
> +       if (!encl_map_area(encl))
> +               return false;
> +
> +       if (!encl_ioc_create(encl))
> +               return false;
> +
> +       /*
> +        * Pages must be added before mapping VMAs because their permissions
> +        * cap the VMA permissions.
> +        */
> +       for (i = 0; i < encl->nr_segments; i++) {
> +               struct encl_segment *seg = &encl->segment_tbl[i];
> +
> +               if (!encl_ioc_add_pages(encl, seg))
> +                       return false;
> +       }
> +
> +       ioc.sigstruct = (uint64_t)&encl->sigstruct;
> +       ret = ioctl(encl->fd, SGX_IOC_ENCLAVE_INIT, &ioc);
> +       if (ret) {
> +               fprintf(stderr, "SGX_IOC_ENCLAVE_INIT failed: errno=%d\n",
> +                       errno);
> +               return false;
> +       }
> +
> +       return true;
> +}
> diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c
> new file mode 100644
> index 000000000000..8d95569e7a66
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/main.c
> @@ -0,0 +1,199 @@
> +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
> +// Copyright(c) 2016-18 Intel Corporation.
> +
> +#include <elf.h>
> +#include <errno.h>
> +#include <fcntl.h>
> +#include <stdbool.h>
> +#include <stdio.h>
> +#include <stdint.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <unistd.h>
> +#include <sys/ioctl.h>
> +#include <sys/mman.h>
> +#include <sys/stat.h>
> +#include <sys/time.h>
> +#include <sys/types.h>
> +#include "defines.h"
> +#include "main.h"
> +
> +static const uint64_t MAGIC = 0x1122334455667788ULL;
> +vdso_sgx_enter_enclave_t eenter;
> +
> +struct vdso_symtab {
> +       Elf64_Sym *elf_symtab;
> +       const char *elf_symstrtab;
> +       Elf64_Word *elf_hashtab;
> +};
> +
> +static void *vdso_get_base_addr(char *envp[])
> +{
> +       Elf64_auxv_t *auxv;
> +       int i;
> +
> +       for (i = 0; envp[i]; i++)
> +               ;
> +
> +       auxv = (Elf64_auxv_t *)&envp[i + 1];
> +
> +       for (i = 0; auxv[i].a_type != AT_NULL; i++) {
> +               if (auxv[i].a_type == AT_SYSINFO_EHDR)
> +                       return (void *)auxv[i].a_un.a_val;
> +       }
> +
> +       return NULL;
> +}
> +
> +static Elf64_Dyn *vdso_get_dyntab(void *addr)
> +{
> +       Elf64_Ehdr *ehdr = addr;
> +       Elf64_Phdr *phdrtab = addr + ehdr->e_phoff;
> +       int i;
> +
> +       for (i = 0; i < ehdr->e_phnum; i++)
> +               if (phdrtab[i].p_type == PT_DYNAMIC)
> +                       return addr + phdrtab[i].p_offset;
> +
> +       return NULL;
> +}
> +
> +static void *vdso_get_dyn(void *addr, Elf64_Dyn *dyntab, Elf64_Sxword tag)
> +{
> +       int i;
> +
> +       for (i = 0; dyntab[i].d_tag != DT_NULL; i++)
> +               if (dyntab[i].d_tag == tag)
> +                       return addr + dyntab[i].d_un.d_ptr;
> +
> +       return NULL;
> +}
> +
> +static bool vdso_get_symtab(void *addr, struct vdso_symtab *symtab)
> +{
> +       Elf64_Dyn *dyntab = vdso_get_dyntab(addr);
> +
> +       symtab->elf_symtab = vdso_get_dyn(addr, dyntab, DT_SYMTAB);
> +       if (!symtab->elf_symtab)
> +               return false;
> +
> +       symtab->elf_symstrtab = vdso_get_dyn(addr, dyntab, DT_STRTAB);
> +       if (!symtab->elf_symstrtab)
> +               return false;
> +
> +       symtab->elf_hashtab = vdso_get_dyn(addr, dyntab, DT_HASH);
> +       if (!symtab->elf_hashtab)
> +               return false;
> +
> +       return true;
> +}
> +
> +static unsigned long elf_sym_hash(const char *name)
> +{
> +       unsigned long h = 0, high;
> +
> +       while (*name) {
> +               h = (h << 4) + *name++;
> +               high = h & 0xf0000000;
> +
> +               if (high)
> +                       h ^= high >> 24;
> +
> +               h &= ~high;
> +       }
> +
> +       return h;
> +}
> +
> +static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name)
> +{
> +       Elf64_Word bucketnum = symtab->elf_hashtab[0];
> +       Elf64_Word *buckettab = &symtab->elf_hashtab[2];
> +       Elf64_Word *chaintab = &symtab->elf_hashtab[2 + bucketnum];
> +       Elf64_Sym *sym;
> +       Elf64_Word i;
> +
> +       for (i = buckettab[elf_sym_hash(name) % bucketnum]; i != STN_UNDEF;
> +            i = chaintab[i]) {
> +               sym = &symtab->elf_symtab[i];
> +               if (!strcmp(name, &symtab->elf_symstrtab[sym->st_name]))
> +                       return sym;
> +       }
> +
> +       return NULL;
> +}
> +
> +int main(int argc, char *argv[], char *envp[])
> +{
> +       struct sgx_enclave_exception exception;
> +       struct vdso_symtab symtab;
> +       Elf64_Sym *eenter_sym;
> +       uint64_t result = 0;
> +       struct encl encl;
> +       unsigned int i;
> +       void *addr;
> +
> +       if (!encl_load("test_encl.elf", &encl))
> +               goto err;
> +
> +       if (!encl_measure(&encl))
> +               goto err;
> +
> +       if (!encl_build(&encl))
> +               goto err;
> +
> +       /*
> +        * An enclave consumer only must do this.
> +        */
> +       for (i = 0; i < encl.nr_segments; i++) {
> +               struct encl_segment *seg = &encl.segment_tbl[i];
> +
> +               addr = mmap((void *)encl.encl_base + seg->offset, seg->size,
> +                           seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0);

My patch version is a bit behind (v32), but I suspect this still
applies. I discovered the following by accident.

In the Enarx code base, this invocation succeeds:
mmap(0x200000000000, 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED |
MAP_FIXED, sgxfd, 0)

However, this one fails with -EINVAL:
mmap(0x200000000000, 0x1000, PROT_READ | PROT_WRITE,
MAP_SHARED_VALIDATE | MAP_FIXED, sgxfd, 0)

From man mmap:

       MAP_SHARED_VALIDATE (since Linux 4.15)
              This flag provides the same behavior as MAP_SHARED
except that MAP_SHARED mappings ignore unknown
              flags in flags.  By contrast, when creating a mapping
using MAP_SHARED_VALIDATE, the kernel veri‐
              fies  all  passed  flags  are  known  and fails the
mapping with the error EOPNOTSUPP for unknown
              flags.  This mapping type is also required to be able to
use some mapping flags (e.g., MAP_SYNC).

I can try again on a newer patch set tomorrow if need be. But the
documentation of mmap() doesn't match the behavior I'm seeing. A brief
look through the patch set didn't turn up anything obvious that could
be causing this.

> +               if (addr == MAP_FAILED) {
> +                       fprintf(stderr, "mmap() failed, errno=%d.\n", errno);
> +                       exit(1);
> +               }
> +       }
> +
> +       memset(&exception, 0, sizeof(exception));
> +
> +       addr = vdso_get_base_addr(envp);
> +       if (!addr)
> +               goto err;
> +
> +       if (!vdso_get_symtab(addr, &symtab))
> +               goto err;
> +
> +       eenter_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave");
> +       if (!eenter_sym)
> +               goto err;
> +
> +       eenter = addr + eenter_sym->st_value;
> +
> +       sgx_call_vdso((void *)&MAGIC, &result, 0, EENTER, NULL, NULL,
> +                     (void *)encl.encl_base, &exception, NULL);
> +       if (result != MAGIC) {
> +               printf("FAIL: sgx_call_vdso(), expected: 0x%lx, got: 0x%lx\n",
> +                      MAGIC, result);
> +               goto err;
> +       }
> +
> +       /* Invoke the vDSO directly. */
> +       result = 0;
> +       eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, 0, 0,
> +              (void *)encl.encl_base, &exception, NULL);
> +       if (result != MAGIC) {
> +               printf("FAIL: eenter(), expected: 0x%lx, got: 0x%lx\n",
> +                      MAGIC, result);
> +               goto err;
> +       }
> +
> +       printf("SUCCESS\n");
> +       encl_delete(&encl);
> +       exit(0);
> +
> +err:
> +       encl_delete(&encl);
> +       exit(1);
> +}
> diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h
> new file mode 100644
> index 000000000000..999422cc7343
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/main.h
> @@ -0,0 +1,38 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Copyright(c) 2016-19 Intel Corporation.
> + */
> +
> +#ifndef MAIN_H
> +#define MAIN_H
> +
> +struct encl_segment {
> +       off_t offset;
> +       size_t size;
> +       unsigned int prot;
> +       unsigned int flags;
> +};
> +
> +struct encl {
> +       int fd;
> +       void *bin;
> +       off_t bin_size;
> +       void *src;
> +       size_t src_size;
> +       size_t encl_size;
> +       off_t encl_base;
> +       unsigned int nr_segments;
> +       struct encl_segment *segment_tbl;
> +       struct sgx_secs secs;
> +       struct sgx_sigstruct sigstruct;
> +};
> +
> +void encl_delete(struct encl *ctx);
> +bool encl_load(const char *path, struct encl *encl);
> +bool encl_measure(struct encl *encl);
> +bool encl_build(struct encl *encl);
> +
> +int sgx_call_vdso(void *rdi, void *rsi, long rdx, u32 leaf, void *r8, void *r9,
> +                 void *tcs, struct sgx_enclave_exception *ei, void *cb);
> +
> +#endif /* MAIN_H */
> diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c
> new file mode 100644
> index 000000000000..ceddad478672
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/sigstruct.c
> @@ -0,0 +1,395 @@
> +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
> +// Copyright(c) 2016-18 Intel Corporation.
> +
> +#define _GNU_SOURCE
> +#include <assert.h>
> +#include <getopt.h>
> +#include <stdbool.h>
> +#include <stdint.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <sys/stat.h>
> +#include <sys/types.h>
> +#include <unistd.h>
> +#include <openssl/err.h>
> +#include <openssl/pem.h>
> +#include "defines.h"
> +#include "main.h"
> +
> +struct q1q2_ctx {
> +       BN_CTX *bn_ctx;
> +       BIGNUM *m;
> +       BIGNUM *s;
> +       BIGNUM *q1;
> +       BIGNUM *qr;
> +       BIGNUM *q2;
> +};
> +
> +static void free_q1q2_ctx(struct q1q2_ctx *ctx)
> +{
> +       BN_CTX_free(ctx->bn_ctx);
> +       BN_free(ctx->m);
> +       BN_free(ctx->s);
> +       BN_free(ctx->q1);
> +       BN_free(ctx->qr);
> +       BN_free(ctx->q2);
> +}
> +
> +static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m,
> +                          struct q1q2_ctx *ctx)
> +{
> +       ctx->bn_ctx = BN_CTX_new();
> +       ctx->s = BN_bin2bn(s, SGX_MODULUS_SIZE, NULL);
> +       ctx->m = BN_bin2bn(m, SGX_MODULUS_SIZE, NULL);
> +       ctx->q1 = BN_new();
> +       ctx->qr = BN_new();
> +       ctx->q2 = BN_new();
> +
> +       if (!ctx->bn_ctx || !ctx->s || !ctx->m || !ctx->q1 || !ctx->qr ||
> +           !ctx->q2) {
> +               free_q1q2_ctx(ctx);
> +               return false;
> +       }
> +
> +       return true;
> +}
> +
> +static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1,
> +                     uint8_t *q2)
> +{
> +       struct q1q2_ctx ctx;
> +
> +       if (!alloc_q1q2_ctx(s, m, &ctx)) {
> +               fprintf(stderr, "Not enough memory for Q1Q2 calculation\n");
> +               return false;
> +       }
> +
> +       if (!BN_mul(ctx.q1, ctx.s, ctx.s, ctx.bn_ctx))
> +               goto out;
> +
> +       if (!BN_div(ctx.q1, ctx.qr, ctx.q1, ctx.m, ctx.bn_ctx))
> +               goto out;
> +
> +       if (BN_num_bytes(ctx.q1) > SGX_MODULUS_SIZE) {
> +               fprintf(stderr, "Too large Q1 %d bytes\n",
> +                       BN_num_bytes(ctx.q1));
> +               goto out;
> +       }
> +
> +       if (!BN_mul(ctx.q2, ctx.s, ctx.qr, ctx.bn_ctx))
> +               goto out;
> +
> +       if (!BN_div(ctx.q2, NULL, ctx.q2, ctx.m, ctx.bn_ctx))
> +               goto out;
> +
> +       if (BN_num_bytes(ctx.q2) > SGX_MODULUS_SIZE) {
> +               fprintf(stderr, "Too large Q2 %d bytes\n",
> +                       BN_num_bytes(ctx.q2));
> +               goto out;
> +       }
> +
> +       BN_bn2bin(ctx.q1, q1);
> +       BN_bn2bin(ctx.q2, q2);
> +
> +       free_q1q2_ctx(&ctx);
> +       return true;
> +out:
> +       free_q1q2_ctx(&ctx);
> +       return false;
> +}
> +
> +struct sgx_sigstruct_payload {
> +       struct sgx_sigstruct_header header;
> +       struct sgx_sigstruct_body body;
> +};
> +
> +static bool check_crypto_errors(void)
> +{
> +       int err;
> +       bool had_errors = false;
> +       const char *filename;
> +       int line;
> +       char str[256];
> +
> +       for ( ; ; ) {
> +               if (ERR_peek_error() == 0)
> +                       break;
> +
> +               had_errors = true;
> +               err = ERR_get_error_line(&filename, &line);
> +               ERR_error_string_n(err, str, sizeof(str));
> +               fprintf(stderr, "crypto: %s: %s:%d\n", str, filename, line);
> +       }
> +
> +       return had_errors;
> +}
> +
> +static inline const BIGNUM *get_modulus(RSA *key)
> +{
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +       return key->n;
> +#else
> +       const BIGNUM *n;
> +
> +       RSA_get0_key(key, &n, NULL, NULL);
> +       return n;
> +#endif
> +}
> +
> +static RSA *gen_sign_key(void)
> +{
> +       BIGNUM *e;
> +       RSA *key;
> +       int ret;
> +
> +       e = BN_new();
> +       key = RSA_new();
> +
> +       if (!e || !key)
> +               goto err;
> +
> +       ret = BN_set_word(e, RSA_3);
> +       if (ret != 1)
> +               goto err;
> +
> +       ret = RSA_generate_key_ex(key, 3072, e, NULL);
> +       if (ret != 1)
> +               goto err;
> +
> +       BN_free(e);
> +
> +       return key;
> +
> +err:
> +       RSA_free(key);
> +       BN_free(e);
> +
> +       return NULL;
> +}
> +
> +static void reverse_bytes(void *data, int length)
> +{
> +       int i = 0;
> +       int j = length - 1;
> +       uint8_t temp;
> +       uint8_t *ptr = data;
> +
> +       while (i < j) {
> +               temp = ptr[i];
> +               ptr[i] = ptr[j];
> +               ptr[j] = temp;
> +               i++;
> +               j--;
> +       }
> +}
> +
> +enum mrtags {
> +       MRECREATE = 0x0045544145524345,
> +       MREADD = 0x0000000044444145,
> +       MREEXTEND = 0x00444E4554584545,
> +};
> +
> +static bool mrenclave_update(EVP_MD_CTX *ctx, const void *data)
> +{
> +       if (!EVP_DigestUpdate(ctx, data, 64)) {
> +               fprintf(stderr, "digest update failed\n");
> +               return false;
> +       }
> +
> +       return true;
> +}
> +
> +static bool mrenclave_commit(EVP_MD_CTX *ctx, uint8_t *mrenclave)
> +{
> +       unsigned int size;
> +
> +       if (!EVP_DigestFinal_ex(ctx, (unsigned char *)mrenclave, &size)) {
> +               fprintf(stderr, "digest commit failed\n");
> +               return false;
> +       }
> +
> +       if (size != 32) {
> +               fprintf(stderr, "invalid digest size = %u\n", size);
> +               return false;
> +       }
> +
> +       return true;
> +}
> +
> +struct mrecreate {
> +       uint64_t tag;
> +       uint32_t ssaframesize;
> +       uint64_t size;
> +       uint8_t reserved[44];
> +} __attribute__((__packed__));
> +
> +
> +static bool mrenclave_ecreate(EVP_MD_CTX *ctx, uint64_t blob_size)
> +{
> +       struct mrecreate mrecreate;
> +       uint64_t encl_size;
> +
> +       for (encl_size = 0x1000; encl_size < blob_size; )
> +               encl_size <<= 1;
> +
> +       memset(&mrecreate, 0, sizeof(mrecreate));
> +       mrecreate.tag = MRECREATE;
> +       mrecreate.ssaframesize = 1;
> +       mrecreate.size = encl_size;
> +
> +       if (!EVP_DigestInit_ex(ctx, EVP_sha256(), NULL))
> +               return false;
> +
> +       return mrenclave_update(ctx, &mrecreate);
> +}
> +
> +struct mreadd {
> +       uint64_t tag;
> +       uint64_t offset;
> +       uint64_t flags; /* SECINFO flags */
> +       uint8_t reserved[40];
> +} __attribute__((__packed__));
> +
> +static bool mrenclave_eadd(EVP_MD_CTX *ctx, uint64_t offset, uint64_t flags)
> +{
> +       struct mreadd mreadd;
> +
> +       memset(&mreadd, 0, sizeof(mreadd));
> +       mreadd.tag = MREADD;
> +       mreadd.offset = offset;
> +       mreadd.flags = flags;
> +
> +       return mrenclave_update(ctx, &mreadd);
> +}
> +
> +struct mreextend {
> +       uint64_t tag;
> +       uint64_t offset;
> +       uint8_t reserved[48];
> +} __attribute__((__packed__));
> +
> +static bool mrenclave_eextend(EVP_MD_CTX *ctx, uint64_t offset,
> +                             const uint8_t *data)
> +{
> +       struct mreextend mreextend;
> +       int i;
> +
> +       for (i = 0; i < 0x1000; i += 0x100) {
> +               memset(&mreextend, 0, sizeof(mreextend));
> +               mreextend.tag = MREEXTEND;
> +               mreextend.offset = offset + i;
> +
> +               if (!mrenclave_update(ctx, &mreextend))
> +                       return false;
> +
> +               if (!mrenclave_update(ctx, &data[i + 0x00]))
> +                       return false;
> +
> +               if (!mrenclave_update(ctx, &data[i + 0x40]))
> +                       return false;
> +
> +               if (!mrenclave_update(ctx, &data[i + 0x80]))
> +                       return false;
> +
> +               if (!mrenclave_update(ctx, &data[i + 0xC0]))
> +                       return false;
> +       }
> +
> +       return true;
> +}
> +
> +static bool mrenclave_segment(EVP_MD_CTX *ctx, struct encl *encl,
> +                             struct encl_segment *seg)
> +{
> +       uint64_t end = seg->offset + seg->size;
> +       uint64_t offset;
> +
> +       for (offset = seg->offset; offset < end; offset += PAGE_SIZE) {
> +               if (!mrenclave_eadd(ctx, offset, seg->flags))
> +                       return false;
> +
> +               if (!mrenclave_eextend(ctx, offset, encl->src + offset))
> +                       return false;
> +       }
> +
> +       return true;
> +}
> +
> +bool encl_measure(struct encl *encl)
> +{
> +       uint64_t header1[2] = {0x000000E100000006, 0x0000000000010000};
> +       uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060};
> +       struct sgx_sigstruct *sigstruct = &encl->sigstruct;
> +       struct sgx_sigstruct_payload payload;
> +       uint8_t digest[SHA256_DIGEST_LENGTH];
> +       unsigned int siglen;
> +       RSA *key = NULL;
> +       EVP_MD_CTX *ctx;
> +       int i;
> +
> +       memset(sigstruct, 0, sizeof(*sigstruct));
> +
> +       sigstruct->header.header1[0] = header1[0];
> +       sigstruct->header.header1[1] = header1[1];
> +       sigstruct->header.header2[0] = header2[0];
> +       sigstruct->header.header2[1] = header2[1];
> +       sigstruct->exponent = 3;
> +       sigstruct->body.attributes = SGX_ATTR_MODE64BIT;
> +       sigstruct->body.xfrm = 3;
> +
> +       /* sanity check */
> +       if (check_crypto_errors())
> +               goto err;
> +
> +       key = gen_sign_key();
> +       if (!key)
> +               goto err;
> +
> +       BN_bn2bin(get_modulus(key), sigstruct->modulus);
> +
> +       ctx = EVP_MD_CTX_create();
> +       if (!ctx)
> +               goto err;
> +
> +       if (!mrenclave_ecreate(ctx, encl->src_size))
> +               goto err;
> +
> +       for (i = 0; i < encl->nr_segments; i++) {
> +               struct encl_segment *seg = &encl->segment_tbl[i];
> +
> +               if (!mrenclave_segment(ctx, encl, seg))
> +                       goto err;
> +       }
> +
> +       if (!mrenclave_commit(ctx, sigstruct->body.mrenclave))
> +               goto err;
> +
> +       memcpy(&payload.header, &sigstruct->header, sizeof(sigstruct->header));
> +       memcpy(&payload.body, &sigstruct->body, sizeof(sigstruct->body));
> +
> +       SHA256((unsigned char *)&payload, sizeof(payload), digest);
> +
> +       if (!RSA_sign(NID_sha256, digest, SHA256_DIGEST_LENGTH,
> +                     sigstruct->signature, &siglen, key))
> +               goto err;
> +
> +       if (!calc_q1q2(sigstruct->signature, sigstruct->modulus, sigstruct->q1,
> +                      sigstruct->q2))
> +               goto err;
> +
> +       /* BE -> LE */
> +       reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE);
> +       reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE);
> +       reverse_bytes(sigstruct->q1, SGX_MODULUS_SIZE);
> +       reverse_bytes(sigstruct->q2, SGX_MODULUS_SIZE);
> +
> +       EVP_MD_CTX_destroy(ctx);
> +       RSA_free(key);
> +       return true;
> +
> +err:
> +       EVP_MD_CTX_destroy(ctx);
> +       RSA_free(key);
> +       return false;
> +}
> diff --git a/tools/testing/selftests/sgx/test_encl.c b/tools/testing/selftests/sgx/test_encl.c
> new file mode 100644
> index 000000000000..ede915399742
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/test_encl.c
> @@ -0,0 +1,20 @@
> +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
> +// Copyright(c) 2016-18 Intel Corporation.
> +
> +#include <stddef.h>
> +#include "defines.h"
> +
> +static void *memcpy(void *dest, const void *src, size_t n)
> +{
> +       size_t i;
> +
> +       for (i = 0; i < n; i++)
> +               ((char *)dest)[i] = ((char *)src)[i];
> +
> +       return dest;
> +}
> +
> +void encl_body(void *rdi, void *rsi)
> +{
> +       memcpy(rsi, rdi, 8);
> +}
> diff --git a/tools/testing/selftests/sgx/test_encl.lds b/tools/testing/selftests/sgx/test_encl.lds
> new file mode 100644
> index 000000000000..0fbbda7e665e
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/test_encl.lds
> @@ -0,0 +1,40 @@
> +OUTPUT_FORMAT(elf64-x86-64)
> +
> +PHDRS
> +{
> +       tcs PT_LOAD;
> +       text PT_LOAD;
> +       data PT_LOAD;
> +}
> +
> +SECTIONS
> +{
> +       . = 0;
> +       .tcs : {
> +               *(.tcs*)
> +       } : tcs
> +
> +       . = ALIGN(4096);
> +       .text : {
> +               *(.text*)
> +               *(.rodata*)
> +       } : text
> +
> +       . = ALIGN(4096);
> +       .data : {
> +               *(.data*)
> +       } : data
> +
> +       /DISCARD/ : {
> +               *(.comment*)
> +               *(.note*)
> +               *(.debug*)
> +               *(.eh_frame*)
> +       }
> +}
> +
> +ASSERT(!DEFINED(.altinstructions), "ALTERNATIVES are not supported in enclaves")
> +ASSERT(!DEFINED(.altinstr_replacement), "ALTERNATIVES are not supported in enclaves")
> +ASSERT(!DEFINED(.discard.retpoline_safe), "RETPOLINE ALTERNATIVES are not supported in enclaves")
> +ASSERT(!DEFINED(.discard.nospec), "RETPOLINE ALTERNATIVES are not supported in enclaves")
> +ASSERT(!DEFINED(.got.plt), "Libcalls are not supported in enclaves")
> diff --git a/tools/testing/selftests/sgx/test_encl_bootstrap.S b/tools/testing/selftests/sgx/test_encl_bootstrap.S
> new file mode 100644
> index 000000000000..6836ea86126e
> --- /dev/null
> +++ b/tools/testing/selftests/sgx/test_encl_bootstrap.S
> @@ -0,0 +1,89 @@
> +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */
> +/*
> + * Copyright(c) 2016-18 Intel Corporation.
> + */
> +
> +       .macro ENCLU
> +       .byte 0x0f, 0x01, 0xd7
> +       .endm
> +
> +       .section ".tcs", "aw"
> +       .balign 4096
> +
> +       .fill   1, 8, 0                 # STATE (set by CPU)
> +       .fill   1, 8, 0                 # FLAGS
> +       .quad   encl_ssa                # OSSA
> +       .fill   1, 4, 0                 # CSSA (set by CPU)
> +       .fill   1, 4, 1                 # NSSA
> +       .quad   encl_entry              # OENTRY
> +       .fill   1, 8, 0                 # AEP (set by EENTER and ERESUME)
> +       .fill   1, 8, 0                 # OFSBASE
> +       .fill   1, 8, 0                 # OGSBASE
> +       .fill   1, 4, 0xFFFFFFFF        # FSLIMIT
> +       .fill   1, 4, 0xFFFFFFFF        # GSLIMIT
> +       .fill   4024, 1, 0              # Reserved
> +
> +       # Identical to the previous TCS.
> +       .fill   1, 8, 0                 # STATE (set by CPU)
> +       .fill   1, 8, 0                 # FLAGS
> +       .quad   encl_ssa                # OSSA
> +       .fill   1, 4, 0                 # CSSA (set by CPU)
> +       .fill   1, 4, 1                 # NSSA
> +       .quad   encl_entry              # OENTRY
> +       .fill   1, 8, 0                 # AEP (set by EENTER and ERESUME)
> +       .fill   1, 8, 0                 # OFSBASE
> +       .fill   1, 8, 0                 # OGSBASE
> +       .fill   1, 4, 0xFFFFFFFF        # FSLIMIT
> +       .fill   1, 4, 0xFFFFFFFF        # GSLIMIT
> +       .fill   4024, 1, 0              # Reserved
> +
> +       .text
> +
> +encl_entry:
> +       # RBX contains the base address for TCS, which is also the first address
> +       # inside the enclave. By adding the value of le_stack_end to it, we get
> +       # the absolute address for the stack.
> +       lea     (encl_stack)(%rbx), %rax
> +       xchg    %rsp, %rax
> +       push    %rax
> +
> +       push    %rcx # push the address after EENTER
> +       push    %rbx # push the enclave base address
> +
> +       call    encl_body
> +
> +       pop     %rbx # pop the enclave base address
> +
> +       /* Clear volatile GPRs, except RAX (EEXIT leaf). */
> +       xor     %rcx, %rcx
> +       xor     %rdx, %rdx
> +       xor     %rdi, %rdi
> +       xor     %rsi, %rsi
> +       xor     %r8, %r8
> +       xor     %r9, %r9
> +       xor     %r10, %r10
> +       xor     %r11, %r11
> +
> +       # Reset status flags.
> +       add     %rdx, %rdx # OF = SF = AF = CF = 0; ZF = PF = 1
> +
> +       # Prepare EEXIT target by popping the address of the instruction after
> +       # EENTER to RBX.
> +       pop     %rbx
> +
> +       # Restore the caller stack.
> +       pop     %rax
> +       mov     %rax, %rsp
> +
> +       # EEXIT
> +       mov     $4, %rax
> +       enclu
> +
> +       .section ".data", "aw"
> +
> +encl_ssa:
> +       .space 4096
> +
> +       .balign 4096
> +       .space 8192
> +encl_stack:
> --
> 2.25.1
>


  reply index

Thread overview: 80+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-16 13:52 [PATCH v36 00/24] Intel SGX foundations Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 01/24] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits Jarkko Sakkinen
2020-08-06 13:13   ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 02/24] x86/cpufeatures: x86/msr: Add Intel SGX Launch Control " Jarkko Sakkinen
2020-08-06 13:14   ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 03/24] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX Jarkko Sakkinen
2020-08-06 13:16   ` Darren Kenny
2020-08-20 15:31   ` Borislav Petkov
2020-08-21 17:35     ` Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 04/24] x86/sgx: Add SGX microarchitectural data structures Jarkko Sakkinen
2020-08-06 13:14   ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 05/24] x86/sgx: Add wrappers for ENCLS leaf functions Jarkko Sakkinen
2020-08-07  9:37   ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 06/24] x86/cpu/intel: Detect SGX support Jarkko Sakkinen
2020-08-06 13:17   ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 07/24] x86/cpu/intel: Add nosgx kernel parameter Jarkko Sakkinen
2020-08-06 13:18   ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 08/24] x86/sgx: Initialize metadata for Enclave Page Cache (EPC) sections Jarkko Sakkinen
2020-08-06 13:27   ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 09/24] x86/sgx: Add __sgx_alloc_epc_page() and sgx_free_epc_page() Jarkko Sakkinen
2020-08-06 13:29   ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 10/24] mm: Add vm_ops->mprotect() Jarkko Sakkinen
2020-08-06 13:35   ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 11/24] x86/sgx: Add SGX enclave driver Jarkko Sakkinen
2020-08-06 13:59   ` Darren Kenny
2020-08-25 16:44   ` Borislav Petkov
2020-08-26 13:46     ` Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 12/24] x86/sgx: Add SGX_IOC_ENCLAVE_CREATE Jarkko Sakkinen
2020-08-06 15:40   ` Darren Kenny
2020-08-26 14:52   ` Borislav Petkov
2020-08-27 13:24     ` Jarkko Sakkinen
2020-08-27 16:15       ` Borislav Petkov
2020-08-28 23:39         ` Jarkko Sakkinen
2020-08-29  0:21       ` Jarkko Sakkinen
2020-09-01 16:41   ` Haitao Huang
2020-09-04 11:55     ` Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES Jarkko Sakkinen
2020-08-06 16:29   ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT Jarkko Sakkinen
2020-08-06 16:40   ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 15/24] x86/sgx: Allow a limited use of ATTRIBUTE.PROVISIONKEY for attestation Jarkko Sakkinen
2020-08-06 17:00   ` Darren Kenny
2020-08-18 13:30     ` Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 16/24] x86/sgx: Add a page reclaimer Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 17/24] x86/sgx: ptrace() support for the SGX driver Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 18/24] x86/vdso: Add support for exception fixup in vDSO functions Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 19/24] x86/fault: Add helper function to sanitize error code Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 20/24] x86/traps: Attempt to fixup exceptions in vDSO before signaling Jarkko Sakkinen
2020-07-16 13:53 ` [PATCH v36 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call Jarkko Sakkinen
2020-08-06 14:55   ` Nathaniel McCallum
2020-08-10 22:23     ` Sean Christopherson
2020-08-11  7:16       ` Jethro Beekman
2020-08-11 14:54         ` Sean Christopherson
2020-08-18 14:52       ` Jarkko Sakkinen
2020-08-18 15:06         ` Jarkko Sakkinen
2020-08-18 15:15           ` Nathaniel McCallum
2020-08-18 16:43             ` Jarkko Sakkinen
2020-08-19 13:33               ` Nathaniel McCallum
2020-08-19 14:00                 ` Jethro Beekman
2020-08-19 21:23                 ` Jarkko Sakkinen
2020-08-10 23:08     ` Andy Lutomirski
2020-08-10 23:48       ` Sean Christopherson
2020-08-11  0:52         ` Andy Lutomirski
2020-08-11 15:16           ` Andy Lutomirski
2020-08-13 19:38             ` Sean Christopherson
2020-08-17 13:12       ` Nathaniel McCallum
2020-08-17 15:01         ` Andy Lutomirski
2020-08-18 15:15       ` Jarkko Sakkinen
2020-08-20  0:19         ` Andy Lutomirski
2020-08-18 14:26     ` Jarkko Sakkinen
2020-07-16 13:53 ` [PATCH v36 22/24] selftests/x86: Add a selftest for SGX Jarkko Sakkinen
2020-08-27  4:47   ` Nathaniel McCallum [this message]
2020-08-27 15:20     ` Sean Christopherson
2020-08-28 23:27       ` Jarkko Sakkinen
2020-07-16 13:53 ` [PATCH v36 23/24] docs: x86/sgx: Document SGX micro architecture and kernel internals Jarkko Sakkinen
2020-07-28 21:35   ` Pavel Machek
2020-08-06 10:21     ` Dr. Greg
2020-08-08 22:18       ` Pavel Machek
2020-08-19 20:55     ` Jarkko Sakkinen
2020-07-16 13:53 ` [PATCH v36 24/24] x86/sgx: Update MAINTAINERS Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAOASepO-DuQW88hxtAJv5Ki4GNYnkGNz5qK_dTEK_y8roMdPkg@mail.gmail.com \
    --to=npmccallum@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=asapek@google.com \
    --cc=bp@alien8.de \
    --cc=cedric.xing@intel.com \
    --cc=chenalexchen@google.com \
    --cc=conradparker@google.com \
    --cc=cyhanish@google.com \
    --cc=dave.hansen@intel.com \
    --cc=haitao.huang@intel.com \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=josh@joshtriplett.org \
    --cc=kai.huang@intel.com \
    --cc=kai.svahn@intel.com \
    --cc=kmoy@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=linux-sgx@vger.kernel.org \
    --cc=ludloff@google.com \
    --cc=luto@kernel.org \
    --cc=nhorman@redhat.com \
    --cc=puiterwijk@redhat.com \
    --cc=rientjes@google.com \
    --cc=sean.j.christopherson@intel.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    --cc=yaozhangx@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Sgx Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-sgx/0 linux-sgx/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-sgx linux-sgx/ https://lore.kernel.org/linux-sgx \
		linux-sgx@vger.kernel.org
	public-inbox-index linux-sgx

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-sgx


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git