Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp800331pxb; Wed, 15 Sep 2021 13:35:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxsgtNSGOngfEREJVPi0/CJ1t3JE0ME7HxbKXXTDjiZd7Dm6aCEjo+QHe2umX0cUeNq78Jh X-Received: by 2002:a17:906:3148:: with SMTP id e8mr2036831eje.240.1631738103979; Wed, 15 Sep 2021 13:35:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631738103; cv=none; d=google.com; s=arc-20160816; b=iYN4XYYXWEthpiTey36YrWVtkEJYeitVNdkh6q7jzArRWjb11ZtQPcVcPvbd+PhuAN r+RkYicDSlbiGOby4qqFyMUMIZKHhnrRFr8VYnbL2leDV+yO8P+xD5lVCKDU2vYDUVrH YUYgxOWegCZwadE9vXfDASEiRzsnuz3BO5Xx+img54eDsl3XUGcU7PUT0jD/kVhIiGmU SxZgJ5r5V5eMkzhEI75AG970iNdX+dst+zIq1aoZHFWVZ8S9lANkNYWEhvVXs9CnRKgm rON4y7sZ5aIv/HR5NfbAieLJskXFP+fLALIZZ2m5JdalZ96gTPOI906SX19wtGw1oss6 RBwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=ood3Jhzw5tZfPH33pSEm+v4DI0yxpRTaolie9eemxdM=; b=b5ZtEQVAm0SNm+s/I0ExQl5QCA6EhKcgaCsyPuPxr9ivVbcMSgzgDOoL6Llj0LYzbP pdpUx+c9Y2om9iMffpz8jDurhUiDlB4ChQ4hQ4W053U0ajDVhbA1XY0HXPMfON7bqIZO AIvdG8q+4R+04EhBlU2w2Q1NQGGlK5uSXoYLbqvd/MEmBrUsSOhqJvrTxD1mELtQgq9Q 1bR2IAD4aSrNRkZP1uqzEZLlUPNDREu0thKOBzEhhx6Idsz+0uQitgdFuY38L4b2XpWG xlUizQYa5U7HAmwg/H1GTKJPW0N0fNyRuUvf6y6QGHm3mzPt3o7K289Mb29LAvDQRaUS 82Ig== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b25si986168edr.544.2021.09.15.13.34.40; Wed, 15 Sep 2021 13:35:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232377AbhIOUcw (ORCPT + 99 others); Wed, 15 Sep 2021 16:32:52 -0400 Received: from mga07.intel.com ([134.134.136.100]:13812 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231912AbhIOUce (ORCPT ); Wed, 15 Sep 2021 16:32:34 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10108"; a="286109363" X-IronPort-AV: E=Sophos;i="5.85,296,1624345200"; d="scan'208";a="286109363" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Sep 2021 13:31:14 -0700 X-IronPort-AV: E=Sophos;i="5.85,296,1624345200"; d="scan'208";a="545092777" Received: from rchatre-ws.ostc.intel.com ([10.54.69.144]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Sep 2021 13:31:14 -0700 From: Reinette Chatre To: linux-sgx@vger.kernel.org, jarkko@kernel.org, shuah@kernel.org Cc: seanjc@google.com, bp@alien8.de, dave.hansen@linux.intel.com, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 05/14] selftests/sgx: Create a heap for the test enclave Date: Wed, 15 Sep 2021 13:30:55 -0700 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jarkko Sakkinen Create a heap for the test enclave, which is allocated from /dev/null, and left unmeasured. This is beneficial by its own because it verifies that an enclave built from multiple choices, works properly. If LSM hooks are added for SGX some day, a multi source enclave has higher probability to trigger bugs on access control checks. The immediate need comes from the need to implement page reclaim tests. In order to trigger the page reclaimer, one can just set the size of the heap to high enough. Signed-off-by: Jarkko Sakkinen Signed-off-by: Reinette Chatre --- tools/testing/selftests/sgx/load.c | 29 ++++++++++++++++++++++------- tools/testing/selftests/sgx/main.c | 2 +- tools/testing/selftests/sgx/main.h | 4 +++- 3 files changed, 26 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c index f1be78984c50..9d4322c946e2 100644 --- a/tools/testing/selftests/sgx/load.c +++ b/tools/testing/selftests/sgx/load.c @@ -21,6 +21,8 @@ void encl_delete(struct encl *encl) { + struct encl_segment *heap_seg = &encl->segment_tbl[encl->nr_segments - 1]; + if (encl->encl_base) munmap((void *)encl->encl_base, encl->encl_size); @@ -30,6 +32,8 @@ void encl_delete(struct encl *encl) if (encl->fd) close(encl->fd); + munmap(heap_seg->src, heap_seg->size); + if (encl->segment_tbl) free(encl->segment_tbl); @@ -125,11 +129,10 @@ static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg) return true; } - - -bool encl_load(const char *path, struct encl *encl) +bool encl_load(const char *path, struct encl *encl, unsigned long heap_size) { const char device_path[] = "/dev/sgx_enclave"; + struct encl_segment *seg; Elf64_Phdr *phdr_tbl; off_t src_offset; Elf64_Ehdr *ehdr; @@ -181,6 +184,8 @@ bool encl_load(const char *path, struct encl *encl) ehdr = encl->bin; phdr_tbl = encl->bin + ehdr->e_phoff; + encl->nr_segments = 1; /* one for the heap */ + for (i = 0; i < ehdr->e_phnum; i++) { Elf64_Phdr *phdr = &phdr_tbl[i]; @@ -196,7 +201,6 @@ bool encl_load(const char *path, struct encl *encl) for (i = 0, j = 0; i < ehdr->e_phnum; i++) { Elf64_Phdr *phdr = &phdr_tbl[i]; unsigned int flags = phdr->p_flags; - struct encl_segment *seg; if (phdr->p_type != PT_LOAD) continue; @@ -238,10 +242,21 @@ bool encl_load(const char *path, struct encl *encl) j++; } - assert(j == encl->nr_segments); + assert(j == encl->nr_segments - 1); + + seg = &encl->segment_tbl[j]; + seg->offset = encl->segment_tbl[j - 1].offset + encl->segment_tbl[j - 1].size; + seg->size = heap_size; + seg->src = mmap(NULL, heap_size, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + seg->prot = PROT_READ | PROT_WRITE; + seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot; + seg->measure = false; + + if (seg->src == MAP_FAILED) + goto err; - encl->src_size = encl->segment_tbl[j - 1].offset + - encl->segment_tbl[j - 1].size; + encl->src_size = encl->segment_tbl[j].offset + encl->segment_tbl[j].size; for (encl->encl_size = 4096; encl->encl_size < encl->src_size; ) encl->encl_size <<= 1; diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c index e252015e0c15..6858a35fed20 100644 --- a/tools/testing/selftests/sgx/main.c +++ b/tools/testing/selftests/sgx/main.c @@ -122,7 +122,7 @@ FIXTURE_SETUP(enclave) unsigned int i; void *addr; - if (!encl_load("test_encl.elf", &self->encl)) { + if (!encl_load("test_encl.elf", &self->encl, ENCL_HEAP_SIZE_DEFAULT)) { encl_delete(&self->encl); ksft_exit_skip("cannot load enclaves\n"); } diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h index aebc69e7cdc8..b45c52ec7ab3 100644 --- a/tools/testing/selftests/sgx/main.h +++ b/tools/testing/selftests/sgx/main.h @@ -6,6 +6,8 @@ #ifndef MAIN_H #define MAIN_H +#define ENCL_HEAP_SIZE_DEFAULT 4096 + struct encl_segment { void *src; off_t offset; @@ -33,7 +35,7 @@ extern unsigned char sign_key[]; extern unsigned char sign_key_end[]; void encl_delete(struct encl *ctx); -bool encl_load(const char *path, struct encl *encl); +bool encl_load(const char *path, struct encl *encl, unsigned long heap_size); bool encl_measure(struct encl *encl); bool encl_build(struct encl *encl); -- 2.25.1