Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp6280293iob; Tue, 10 May 2022 14:46:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxkUpta0RPxFF70gBE99FLyqMP3elzano4ljHubPWlfw4HFExWk2pGkLW0AEH/BTX4/bw/L X-Received: by 2002:a17:907:60d3:b0:6f9:6ac6:2335 with SMTP id hv19-20020a17090760d300b006f96ac62335mr14212024ejc.628.1652219204584; Tue, 10 May 2022 14:46:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652219204; cv=none; d=google.com; s=arc-20160816; b=vw2Z6Xfgkl9zfQqAX3rdX3lsV2dEA4SMrniSNZd43eeJWsCsJ6GSN61UDbp9LTjSms zsFCRPEWpgksmJUM0GigKBYBD8CG/+gGlS/AoW0qtnHc2t+o2rRcITspslijnAy3l7lP txw1V/14insWISsbCFn5myed+iGdv/zV1j4cAlCzmj4TILflLXmNDKTAULRwZgeL6Fe6 V+nXjyiO2FcxT+SsrNglyv225x4xe3GtSABdFaJiBvTLvMe3Oj2ojfEZZVn045bkOZmM JD4a9JNjYt2lAhqjZ3wWwe97/vHWbCPdowvlCuxpzBgsMqZCPMhm91ANZk2Q0gG3jdBk szsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=rYhSs3pFTZFZ+Jzl7Ci7tHY9AY21Uh2fEIc9NDayKC8=; b=X9HZrViyE3i+rPKOUZ17WG+vf0AZUDnMRXW2uVmWtqqJoUsuumxtg431Akj0lnXwTq tAQrfBIpurQV7OC5F/LwAtphiU++1JNFRi2J435+iKuu6t1kuikSxaPEuBlN8dX9VOgn oSqCg5W0JR2LLIV9j6AzIzIbMacd4REwEmUhkZM4cuzt2rCAbkyfalYKbA1xN9KsF2zt dj0S5LvThuzNxjrwdIH9j0uJCCYdDSp/7qAun0hw0QBOPbHe72JkDYXizu0aXSYXIku1 QFzcETUdT5IbtTZu3NhNIbWiQTlK73cYtwbUpX+geKNZY8lGjD4oTM2k63V9SejVjokg 7XUg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=gndejnFI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y4-20020a056402358400b00425ef7f821bsi460194edc.84.2022.05.10.14.46.20; Tue, 10 May 2022 14:46:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=gndejnFI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349367AbiEJSQl (ORCPT + 99 others); Tue, 10 May 2022 14:16:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59348 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348652AbiEJSNc (ORCPT ); Tue, 10 May 2022 14:13:32 -0400 Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6B4C2DD79; Tue, 10 May 2022 11:09:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1652206172; x=1683742172; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JwZ0nSpc5s3vuIR1PtlOQOi4Z5g3dX5mWUdeX2tOvOU=; b=gndejnFIWTANSMVvzEpWTv0X7pSn9a1pC1RTbtUtgatLYPdIByDw2jkU JFsS6Zm1o/DLuCvobyg3Y7XQrkqTUNyZkOgezQi+Cf3/sJEi4M694HciO YJLqgW4j6qOz2xi5JNCp0UKkweVcUJEn/CRt1rLnAqQc13DWYMnTA9Gyr H7GXnkOig/Z5teMpUR3BEvgVijV7uG4wJn5uK999QPFdtZHbQlktohMLc DIGHMc78l3fvt7PQ3LDzb4eeCoCN9UmAb7TTAXkv8Xjv2NFwJGMHSMDGI T+XbQU4doHOjLZz17I90f/eAmBCEeYSqyrqLeEEA/b5Awqmu6F2DxfeXg w==; X-IronPort-AV: E=McAfee;i="6400,9594,10343"; a="330057561" X-IronPort-AV: E=Sophos;i="5.91,214,1647327600"; d="scan'208";a="330057561" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 May 2022 11:09:18 -0700 X-IronPort-AV: E=Sophos;i="5.91,214,1647327600"; d="scan'208";a="541908852" Received: from rchatre-ws.ostc.intel.com ([10.54.69.144]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 May 2022 11:09:17 -0700 From: Reinette Chatre To: dave.hansen@linux.intel.com, jarkko@kernel.org, tglx@linutronix.de, bp@alien8.de, luto@kernel.org, mingo@redhat.com, linux-sgx@vger.kernel.org, x86@kernel.org, shuah@kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, kai.huang@intel.com, cathy.zhang@intel.com, cedric.xing@intel.com, haitao.huang@intel.com, mark.shanahan@intel.com, vijay.dhanraj@intel.com, hpa@zytor.com, linux-kernel@vger.kernel.org Subject: [PATCH V5 31/31] selftests/sgx: Page removal stress test Date: Tue, 10 May 2022 11:09:07 -0700 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Create enclave with additional heap that consumes all physical SGX memory and then remove it. Depending on the available SGX memory this test could take a significant time to run (several minutes) as it (1) creates the enclave, (2) changes the type of every page to be trimmed, (3) enters the enclave once per page to run EACCEPT, before (4) the pages are finally removed. Acked-by: Jarkko Sakkinen Signed-off-by: Reinette Chatre --- Changes since V4: - Rename struct sgx_enclave_modify_type -> struct sgx_enclave_modify_types. (Jarkko) Changes since V3: - Add Jarkko's Acked-by tag. - Rename SGX_IOC_ENCLAVE_MODIFY_TYPE to SGX_IOC_ENCLAVE_MODIFY_TYPES. (Jarkko) - User provides just page type to SGX_IOC_ENCLAVE_MODIFY_TYPES ioctl(), replacing secinfo. (Jarkko) - Let the SKIP() call involving SGX_IOC_ENCLAVE_MODIFY_TYPES span two lines to address checkpatch.pl warning triggered by new longer name. Changes since V2: - Rename struct sgx_enclave_modt -> struct sgx_enclave_modify_type Changes since V1: - Exit test completely on first failure of EACCEPT of a removed page. Since this is an oversubscribed test the number of pages on which this is attempted can be significant and in case of failure the per-page error logging would overwhelm the system. - Update test to call renamed ioctl() (SGX_IOC_PAGE_MODT -> SGX_IOC_ENCLAVE_MODIFY_TYPE) and provide secinfo as parameter (Jarkko). - Fixup definitions to be reverse xmas tree. - Update test to reflect page removal ioctl() and struct name change: SGX_IOC_PAGE_REMOVE->SGX_IOC_ENCLAVE_REMOVE_PAGES, struct sgx_page_remove -> struct sgx_enclave_remove_pages (Jarkko). - Ensure test is skipped when SGX2 not supported by kernel. - Cleanup comments. tools/testing/selftests/sgx/main.c | 120 +++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c index ba16671aef79..9820b3809c69 100644 --- a/tools/testing/selftests/sgx/main.c +++ b/tools/testing/selftests/sgx/main.c @@ -378,7 +378,127 @@ TEST_F(enclave, unclobbered_vdso_oversubscribed) EXPECT_EQ(get_op.value, MAGIC); EXPECT_EEXIT(&self->run); EXPECT_EQ(self->run.user_data, 0); +} + +TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900) +{ + struct sgx_enclave_remove_pages remove_ioc; + struct sgx_enclave_modify_types modt_ioc; + struct encl_op_get_from_buf get_op; + struct encl_op_eaccept eaccept_op; + struct encl_op_put_to_buf put_op; + struct encl_segment *heap; + unsigned long total_mem; + int ret, errno_save; + unsigned long addr; + unsigned long i; + + /* + * Create enclave with additional heap that is as big as all + * available physical SGX memory. + */ + total_mem = get_total_epc_mem(); + ASSERT_NE(total_mem, 0); + TH_LOG("Creating an enclave with %lu bytes heap may take a while ...", + total_mem); + ASSERT_TRUE(setup_test_encl(total_mem, &self->encl, _metadata)); + + /* + * Hardware (SGX2) and kernel support is needed for this test. Start + * with check that test has a chance of succeeding. + */ + memset(&modt_ioc, 0, sizeof(modt_ioc)); + ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPES, &modt_ioc); + + if (ret == -1) { + if (errno == ENOTTY) + SKIP(return, + "Kernel does not support SGX_IOC_ENCLAVE_MODIFY_TYPES ioctl()"); + else if (errno == ENODEV) + SKIP(return, "System does not support SGX2"); + } + + /* + * Invalid parameters were provided during sanity check, + * expect command to fail. + */ + EXPECT_EQ(ret, -1); + + /* SGX2 is supported by kernel and hardware, test can proceed. */ + memset(&self->run, 0, sizeof(self->run)); + self->run.tcs = self->encl.encl_base; + + heap = &self->encl.segment_tbl[self->encl.nr_segments - 1]; + + put_op.header.type = ENCL_OP_PUT_TO_BUFFER; + put_op.value = MAGIC; + + EXPECT_EQ(ENCL_CALL(&put_op, &self->run, false), 0); + + EXPECT_EEXIT(&self->run); + EXPECT_EQ(self->run.user_data, 0); + + get_op.header.type = ENCL_OP_GET_FROM_BUFFER; + get_op.value = 0; + + EXPECT_EQ(ENCL_CALL(&get_op, &self->run, false), 0); + + EXPECT_EQ(get_op.value, MAGIC); + EXPECT_EEXIT(&self->run); + EXPECT_EQ(self->run.user_data, 0); + /* Trim entire heap. */ + memset(&modt_ioc, 0, sizeof(modt_ioc)); + + modt_ioc.offset = heap->offset; + modt_ioc.length = heap->size; + modt_ioc.page_type = SGX_PAGE_TYPE_TRIM; + + TH_LOG("Changing type of %zd bytes to trimmed may take a while ...", + heap->size); + ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPES, &modt_ioc); + errno_save = ret == -1 ? errno : 0; + + EXPECT_EQ(ret, 0); + EXPECT_EQ(errno_save, 0); + EXPECT_EQ(modt_ioc.result, 0); + EXPECT_EQ(modt_ioc.count, heap->size); + + /* EACCEPT all removed pages. */ + addr = self->encl.encl_base + heap->offset; + + eaccept_op.flags = SGX_SECINFO_TRIM | SGX_SECINFO_MODIFIED; + eaccept_op.header.type = ENCL_OP_EACCEPT; + + TH_LOG("Entering enclave to run EACCEPT for each page of %zd bytes may take a while ...", + heap->size); + for (i = 0; i < heap->size; i += 4096) { + eaccept_op.epc_addr = addr + i; + eaccept_op.ret = 0; + + EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); + + EXPECT_EQ(self->run.exception_vector, 0); + EXPECT_EQ(self->run.exception_error_code, 0); + EXPECT_EQ(self->run.exception_addr, 0); + ASSERT_EQ(eaccept_op.ret, 0); + ASSERT_EQ(self->run.function, EEXIT); + } + + /* Complete page removal. */ + memset(&remove_ioc, 0, sizeof(remove_ioc)); + + remove_ioc.offset = heap->offset; + remove_ioc.length = heap->size; + + TH_LOG("Removing %zd bytes from enclave may take a while ...", + heap->size); + ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_REMOVE_PAGES, &remove_ioc); + errno_save = ret == -1 ? errno : 0; + + EXPECT_EQ(ret, 0); + EXPECT_EQ(errno_save, 0); + EXPECT_EQ(remove_ioc.count, heap->size); } TEST_F(enclave, clobbered_vdso) -- 2.25.1