Re: [PATCH OLK-5.10 V3 42/45] selftests/sgx: Refine the test enclave to have storage

Reviewed-by: Bamvor Zhang bamvor.zhang@suse.com

在 2/18/22 4:16 PM, Laibin Qiu 写道:

From: Jarkko Sakkinen jarkko@kernel.org

mainline inclusion from mainline-v5.14-rc1 commit 22118ce17eb8dcf2a6ba2f6fb250816ddb59685a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4SIGI CVE: NA

---

Extend the enclave to have two operations: ENCL_OP_PUT and ENCL_OP_GET. ENCL_OP_PUT stores value inside the enclave address space and ENCL_OP_GET reads it. The internal buffer can be later extended to be variable size, and allow reclaimer tests.

Intel-SIG: commit 22118ce17eb8 selftests/sgx: Refine the test enclave to have storage Backport for SGX Foundations support

Signed-off-by: Jarkko Sakkinen jarkko@kernel.org Signed-off-by: Shuah Khan skhan@linuxfoundation.org Signed-off-by: Fan Du fan.du@intel.com #openEuler_contributor Signed-off-by: Laibin Qiu qiulaibin@huawei.com

---

tools/testing/selftests/sgx/defines.h | 10 ++++ tools/testing/selftests/sgx/main.c | 57 ++++++++++++++++++----- tools/testing/selftests/sgx/test_encl.c | 19 +++++++- tools/testing/selftests/sgx/test_encl.lds | 3 +- 4 files changed, 74 insertions(+), 15 deletions(-)

diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h index 0bd73428d2f3..f88562afcaa0 100644 --- a/tools/testing/selftests/sgx/defines.h +++ b/tools/testing/selftests/sgx/defines.h @@ -18,4 +18,14 @@ #include "../../../../arch/x86/include/asm/enclu.h" #include "../../../../arch/x86/include/uapi/asm/sgx.h"

+enum encl_op_type {

• ENCL_OP_PUT,
• ENCL_OP_GET,

+};

+struct encl_op {

• uint64_t type;
• uint64_t buffer;

+};

• #endif /* DEFINES_H */

diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c index bcd0257f48e0..e252015e0c15 100644 --- a/tools/testing/selftests/sgx/main.c +++ b/tools/testing/selftests/sgx/main.c @@ -193,14 +193,14 @@ FIXTURE_TEARDOWN(enclave) encl_delete(&self->encl); }

-#define ENCL_CALL(in, out, run, clobbered) \ +#define ENCL_CALL(op, run, clobbered) \ ({ \ int ret; \ if ((clobbered)) \

• 	ret = vdso_sgx_enter_enclave((unsigned long)(in), (unsigned long)(out), 0, \
  

• 	ret = vdso_sgx_enter_enclave((unsigned long)(op), 0, 0, \
  			     EENTER, 0, 0, (run)); \
  

  else \

• 	ret = sgx_enter_enclave((void *)(in), (void *)(out), 0, EENTER, NULL, NULL, \
  

• 	ret = sgx_enter_enclave((void *)(op), NULL, 0, EENTER, NULL, NULL, \
  			(run)); \
  

  ret; \ })

@@ -215,22 +215,44 @@ FIXTURE_TEARDOWN(enclave)

TEST_F(enclave, unclobbered_vdso) {

• uint64_t result = 0;

• struct encl_op op;

• EXPECT_EQ(ENCL_CALL(&MAGIC, &result, &self->run, false), 0);

• op.type = ENCL_OP_PUT;
• op.buffer = MAGIC;
• EXPECT_EQ(ENCL_CALL(&op, &self->run, false), 0);

• EXPECT_EQ(result, MAGIC);

• EXPECT_EEXIT(&self->run);

• EXPECT_EQ(self->run.user_data, 0);

• op.type = ENCL_OP_GET;

• op.buffer = 0;

• EXPECT_EQ(ENCL_CALL(&op, &self->run, false), 0);

• EXPECT_EQ(op.buffer, MAGIC); EXPECT_EEXIT(&self->run); EXPECT_EQ(self->run.user_data, 0); }

  TEST_F(enclave, clobbered_vdso) {

• uint64_t result = 0;

• struct encl_op op;
• op.type = ENCL_OP_PUT;
• op.buffer = MAGIC;
• EXPECT_EQ(ENCL_CALL(&op, &self->run, true), 0);
• EXPECT_EEXIT(&self->run);
• EXPECT_EQ(self->run.user_data, 0);
• op.type = ENCL_OP_GET;
• op.buffer = 0;

• EXPECT_EQ(ENCL_CALL(&MAGIC, &result, &self->run, true), 0);

• EXPECT_EQ(ENCL_CALL(&op, &self->run, true), 0);

• EXPECT_EQ(result, MAGIC);

• EXPECT_EQ(op.buffer, MAGIC); EXPECT_EEXIT(&self->run); EXPECT_EQ(self->run.user_data, 0); }

@@ -245,14 +267,25 @@ static int test_handler(long rdi, long rsi, long rdx, long ursp, long r8, long r

TEST_F(enclave, clobbered_vdso_and_user_function) {

• uint64_t result = 0;

• struct encl_op op;

  self->run.user_handler = (__u64)test_handler; self->run.user_data = 0xdeadbeef;

• EXPECT_EQ(ENCL_CALL(&MAGIC, &result, &self->run, true), 0);

• op.type = ENCL_OP_PUT;
• op.buffer = MAGIC;
• EXPECT_EQ(ENCL_CALL(&op, &self->run, true), 0);
• EXPECT_EEXIT(&self->run);
• EXPECT_EQ(self->run.user_data, 0);
• op.type = ENCL_OP_GET;
• op.buffer = 0;
• EXPECT_EQ(ENCL_CALL(&op, &self->run, true), 0);

• EXPECT_EQ(result, MAGIC);

• EXPECT_EQ(op.buffer, MAGIC); EXPECT_EEXIT(&self->run); EXPECT_EQ(self->run.user_data, 0); }

diff --git a/tools/testing/selftests/sgx/test_encl.c b/tools/testing/selftests/sgx/test_encl.c index cf25b5dc1e03..734ea52f9924 100644 --- a/tools/testing/selftests/sgx/test_encl.c +++ b/tools/testing/selftests/sgx/test_encl.c @@ -4,6 +4,8 @@ #include <stddef.h> #include "defines.h"

+static uint8_t encl_buffer[8192] = { 1 };

• static void *memcpy(void *dest, const void *src, size_t n) { size_t i;

@@ -14,7 +16,20 @@ static void *memcpy(void *dest, const void *src, size_t n) return dest; }

-void encl_body(void *rdi, void *rsi) +void encl_body(void *rdi, void *rsi) {

• memcpy(rsi, rdi, 8);

• struct encl_op *op = (struct encl_op *)rdi;
• switch (op->type) {
• case ENCL_OP_PUT:

• memcpy(&encl_buffer[0], &op->buffer, 8);
  

• break;
  

• case ENCL_OP_GET:

• memcpy(&op->buffer, &encl_buffer[0], 8);
  

• break;
  

• default:

• break;
  

• } }

diff --git a/tools/testing/selftests/sgx/test_encl.lds b/tools/testing/selftests/sgx/test_encl.lds index 0fbbda7e665e..a1ec64f7d91f 100644 --- a/tools/testing/selftests/sgx/test_encl.lds +++ b/tools/testing/selftests/sgx/test_encl.lds @@ -18,9 +18,10 @@ SECTIONS .text : { *(.text*) *(.rodata*)

• FILL(0xDEADBEEF);
  

• . = ALIGN(4096);
  

  } : text

• . = ALIGN(4096); .data : { *(.data*) } : data