Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1971740pxb; Thu, 28 Oct 2021 13:39:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyUOJBAtxN14XgVcLImu4Yjyglzfvfx3Fbtu+n+2HPlG3nARk8h8l/Lgx/UW0zydWpeNB83 X-Received: by 2002:a17:90a:a88e:: with SMTP id h14mr15224464pjq.41.1635453545819; Thu, 28 Oct 2021 13:39:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635453545; cv=none; d=google.com; s=arc-20160816; b=QZhz3Od+VlALJKRSh94BJoBgiInKydXf5v3QTqHYusppQ1waY5WhpWgySJZzn+cBhu b9I2j7BRY+I7wwxio7DJEZgGh4HzLBWF9pRyns3acPZwJYH4J6xtDFpRz92OsZOCL/oU Zjvh0OtKQQLW68OIqk1C2CYitgFrjd9ydJoXWNikEShaNNw1j23clSy10UCT4YBgTl4B 2i1sJA4XkJRpPfmNeLc2WFow/ShUBn6Mi0FyBbDhgELLfINJYECKtxRnRucEu1Zz7YbY wgnV02egtgBo7iRHb5vhfhe4ofdp0bNP4tFoGcVZf9K9t8ZPzF6wSccHii3RYFpGrTVB 0kfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=DhuMix9IEwAKKPKFJAaBcHwKHEp4jHiFMeGb/rsHsPM=; b=BSIcA/c7TpfJoI2mZvHq//3Fv0bIPZAGYWslD2rfQsv52RbChL+a+QWKRec2AkKbBy k+xyHZWtKIC3FDSWwBNhAqMtKttc+blyIjVdFKYF1GPM2jXu99VmXsAF5J01ef+2zd3S FuEI/A8Ez4kKAqUWGm5r9+JqMkMnveWSddDafzPGzReWJIWLb0fzzmzyKdOpdSYh1ySB 3T2iJW0fzXB2F0OwbKhrBWd1+1YEdsfR9nagZ8fWqolfhh5UQ7jwhNJ3hHhlIgPRbRYe Cb1wEL+iAubqSaeD/7MJD35nlp7OO2nZjLq7834GfbIM/FGaO3joxo8nBo8UQ01vylAz bY9w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q6si5658258pfk.116.2021.10.28.13.38.53; Thu, 28 Oct 2021 13:39:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231448AbhJ1UkM (ORCPT + 99 others); Thu, 28 Oct 2021 16:40:12 -0400 Received: from mga02.intel.com ([134.134.136.20]:2686 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231298AbhJ1Uj7 (ORCPT ); Thu, 28 Oct 2021 16:39:59 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10151"; a="217692546" X-IronPort-AV: E=Sophos;i="5.87,190,1631602800"; d="scan'208";a="217692546" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2021 13:37:30 -0700 X-IronPort-AV: E=Sophos;i="5.87,190,1631602800"; d="scan'208";a="498562995" Received: from rchatre-ws.ostc.intel.com ([10.54.69.144]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2021 13:37:29 -0700 From: Reinette Chatre To: jarkko@kernel.org, linux-sgx@vger.kernel.org, shuah@kernel.org, dave.hansen@linux.intel.com Cc: seanjc@google.com, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH V2 06/15] selftests/sgx: Create a heap for the test enclave Date: Thu, 28 Oct 2021 13:37:31 -0700 Message-Id: <4ab7b25527839be72ec098e30bf070549188b03b.1635447301.git.reinette.chatre@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jarkko Sakkinen Create a heap for the test enclave, which is allocated from /dev/null, and left unmeasured. This is beneficial by its own because it verifies that an enclave built from multiple choices, works properly. If LSM hooks are added for SGX some day, a multi source enclave has higher probability to trigger bugs on access control checks. The immediate need comes from the need to implement page reclaim tests. In order to trigger the page reclaimer, one can just set the size of the heap to high enough. Signed-off-by: Jarkko Sakkinen Acked-by: Dave Hansen Signed-off-by: Reinette Chatre --- Changes since V1: - Add signature from Dave. tools/testing/selftests/sgx/load.c | 29 ++++++++++++++++++++++------- tools/testing/selftests/sgx/main.c | 2 +- tools/testing/selftests/sgx/main.h | 4 +++- 3 files changed, 26 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c index f1be78984c50..9d4322c946e2 100644 --- a/tools/testing/selftests/sgx/load.c +++ b/tools/testing/selftests/sgx/load.c @@ -21,6 +21,8 @@ void encl_delete(struct encl *encl) { + struct encl_segment *heap_seg = &encl->segment_tbl[encl->nr_segments - 1]; + if (encl->encl_base) munmap((void *)encl->encl_base, encl->encl_size); @@ -30,6 +32,8 @@ void encl_delete(struct encl *encl) if (encl->fd) close(encl->fd); + munmap(heap_seg->src, heap_seg->size); + if (encl->segment_tbl) free(encl->segment_tbl); @@ -125,11 +129,10 @@ static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg) return true; } - - -bool encl_load(const char *path, struct encl *encl) +bool encl_load(const char *path, struct encl *encl, unsigned long heap_size) { const char device_path[] = "/dev/sgx_enclave"; + struct encl_segment *seg; Elf64_Phdr *phdr_tbl; off_t src_offset; Elf64_Ehdr *ehdr; @@ -181,6 +184,8 @@ bool encl_load(const char *path, struct encl *encl) ehdr = encl->bin; phdr_tbl = encl->bin + ehdr->e_phoff; + encl->nr_segments = 1; /* one for the heap */ + for (i = 0; i < ehdr->e_phnum; i++) { Elf64_Phdr *phdr = &phdr_tbl[i]; @@ -196,7 +201,6 @@ bool encl_load(const char *path, struct encl *encl) for (i = 0, j = 0; i < ehdr->e_phnum; i++) { Elf64_Phdr *phdr = &phdr_tbl[i]; unsigned int flags = phdr->p_flags; - struct encl_segment *seg; if (phdr->p_type != PT_LOAD) continue; @@ -238,10 +242,21 @@ bool encl_load(const char *path, struct encl *encl) j++; } - assert(j == encl->nr_segments); + assert(j == encl->nr_segments - 1); + + seg = &encl->segment_tbl[j]; + seg->offset = encl->segment_tbl[j - 1].offset + encl->segment_tbl[j - 1].size; + seg->size = heap_size; + seg->src = mmap(NULL, heap_size, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + seg->prot = PROT_READ | PROT_WRITE; + seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot; + seg->measure = false; + + if (seg->src == MAP_FAILED) + goto err; - encl->src_size = encl->segment_tbl[j - 1].offset + - encl->segment_tbl[j - 1].size; + encl->src_size = encl->segment_tbl[j].offset + encl->segment_tbl[j].size; for (encl->encl_size = 4096; encl->encl_size < encl->src_size; ) encl->encl_size <<= 1; diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c index e252015e0c15..6858a35fed20 100644 --- a/tools/testing/selftests/sgx/main.c +++ b/tools/testing/selftests/sgx/main.c @@ -122,7 +122,7 @@ FIXTURE_SETUP(enclave) unsigned int i; void *addr; - if (!encl_load("test_encl.elf", &self->encl)) { + if (!encl_load("test_encl.elf", &self->encl, ENCL_HEAP_SIZE_DEFAULT)) { encl_delete(&self->encl); ksft_exit_skip("cannot load enclaves\n"); } diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h index aebc69e7cdc8..b45c52ec7ab3 100644 --- a/tools/testing/selftests/sgx/main.h +++ b/tools/testing/selftests/sgx/main.h @@ -6,6 +6,8 @@ #ifndef MAIN_H #define MAIN_H +#define ENCL_HEAP_SIZE_DEFAULT 4096 + struct encl_segment { void *src; off_t offset; @@ -33,7 +35,7 @@ extern unsigned char sign_key[]; extern unsigned char sign_key_end[]; void encl_delete(struct encl *ctx); -bool encl_load(const char *path, struct encl *encl); +bool encl_load(const char *path, struct encl *encl, unsigned long heap_size); bool encl_measure(struct encl *encl); bool encl_build(struct encl *encl); -- 2.25.1