Rename symbols for better clarity:
* 'eenter' -> 'vdso_sgx_enter_enclave' * 'sgx_call_vdso' -> 'sgx_enter_enclave'
Signed-off-by: Jarkko Sakkinen jarkko@kernel.org ---
v2: Refined thh renames just a bit.
tools/testing/selftests/sgx/call.S | 6 +++--- tools/testing/selftests/sgx/main.c | 25 +++++++++++++------------ tools/testing/selftests/sgx/main.h | 4 ++-- 3 files changed, 18 insertions(+), 17 deletions(-)
diff --git a/tools/testing/selftests/sgx/call.S b/tools/testing/selftests/sgx/call.S index 4ecadc7490f4..b09a25890f3b 100644 --- a/tools/testing/selftests/sgx/call.S +++ b/tools/testing/selftests/sgx/call.S @@ -5,8 +5,8 @@
.text
- .global sgx_call_vdso -sgx_call_vdso: + .global sgx_enter_enclave +sgx_enter_enclave: .cfi_startproc push %r15 .cfi_adjust_cfa_offset 8 @@ -27,7 +27,7 @@ sgx_call_vdso: .cfi_adjust_cfa_offset 8 push 0x38(%rsp) .cfi_adjust_cfa_offset 8 - call *eenter(%rip) + call *vdso_sgx_enter_enclave(%rip) add $0x10, %rsp .cfi_adjust_cfa_offset -0x10 pop %rbx diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c index d304a4044eb9..43da68388e25 100644 --- a/tools/testing/selftests/sgx/main.c +++ b/tools/testing/selftests/sgx/main.c @@ -21,7 +21,7 @@ #include "../kselftest.h"
static const uint64_t MAGIC = 0x1122334455667788ULL; -vdso_sgx_enter_enclave_t eenter; +vdso_sgx_enter_enclave_t vdso_sgx_enter_enclave;
struct vdso_symtab { Elf64_Sym *elf_symtab; @@ -149,7 +149,7 @@ int main(int argc, char *argv[]) { struct sgx_enclave_run run; struct vdso_symtab symtab; - Elf64_Sym *eenter_sym; + Elf64_Sym *sgx_enter_enclave_sym; uint64_t result = 0; struct encl encl; unsigned int i; @@ -194,29 +194,30 @@ int main(int argc, char *argv[]) if (!vdso_get_symtab(addr, &symtab)) goto err;
- eenter_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave"); - if (!eenter_sym) + sgx_enter_enclave_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave"); + if (!sgx_enter_enclave_sym) goto err;
- eenter = addr + eenter_sym->st_value; + vdso_sgx_enter_enclave = addr + sgx_enter_enclave_sym->st_value;
- ret = sgx_call_vdso((void *)&MAGIC, &result, 0, EENTER, NULL, NULL, &run); - if (!report_results(&run, ret, result, "sgx_call_vdso")) + ret = sgx_enter_enclave((void *)&MAGIC, &result, 0, EENTER, + NULL, NULL, &run); + if (!report_results(&run, ret, result, "sgx_enter_enclave_unclobbered")) goto err;
/* Invoke the vDSO directly. */ result = 0; - ret = eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, - 0, 0, &run); - if (!report_results(&run, ret, result, "eenter")) + ret = vdso_sgx_enter_enclave((unsigned long)&MAGIC, (unsigned long)&result, + 0, EENTER, 0, 0, &run); + if (!report_results(&run, ret, result, "sgx_enter_enclave")) goto err;
/* And with an exit handler. */ run.user_handler = (__u64)user_handler; run.user_data = 0xdeadbeef; - ret = eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, - 0, 0, &run); + ret = vdso_sgx_enter_enclave((unsigned long)&MAGIC, (unsigned long)&result, + 0, EENTER, 0, 0, &run); if (!report_results(&run, ret, result, "user_handler")) goto err;
diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h index 67211a708f04..68672fd86cf9 100644 --- a/tools/testing/selftests/sgx/main.h +++ b/tools/testing/selftests/sgx/main.h @@ -35,7 +35,7 @@ bool encl_load(const char *path, struct encl *encl); bool encl_measure(struct encl *encl); bool encl_build(struct encl *encl);
-int sgx_call_vdso(void *rdi, void *rsi, long rdx, u32 function, void *r8, void *r9, - struct sgx_enclave_run *run); +int sgx_enter_enclave(void *rdi, void *rsi, long rdx, u32 function, void *r8, void *r9, + struct sgx_enclave_run *run);
#endif /* MAIN_H */
Migrate to kselftest harness. Use a fixture test with enclave initialized and de-initialized for each of the existing three tests, in other words:
1. One FIXTURE() for managing the enclave life-cycle. 2. Three TEST_F()'s, one for each test case.
This gives a leaps better reporting than before. Here's an example transcript:
TAP version 13 1..3 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 1 enclave.unclobbered_vdso 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 2 enclave.clobbered_vdso 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 3 enclave.clobbered_vdso_and_user_function
Signed-off-by: Jarkko Sakkinen jarkko@kernel.org ---
v4: * Refine to take better use of the kselftest harness macros. * Fix: TCS base address was not initialized for a run struct.
v3: * Use helper macros.
v2: * Add the missing string argument to ksft_test_result_pass() and ksft_test_result_fail() calls.
tools/testing/selftests/sgx/main.c | 163 ++++++++++++++--------------- 1 file changed, 78 insertions(+), 85 deletions(-)
diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c index 43da68388e25..2a29883179e1 100644 --- a/tools/testing/selftests/sgx/main.c +++ b/tools/testing/selftests/sgx/main.c @@ -18,7 +18,7 @@ #include <sys/auxv.h> #include "defines.h" #include "main.h" -#include "../kselftest.h" +#include "../kselftest_harness.h"
static const uint64_t MAGIC = 0x1122334455667788ULL; vdso_sgx_enter_enclave_t vdso_sgx_enter_enclave; @@ -107,85 +107,42 @@ static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name) return NULL; }
-bool report_results(struct sgx_enclave_run *run, int ret, uint64_t result, - const char *test) -{ - bool valid = true; - - if (ret) { - printf("FAIL: %s() returned: %d\n", test, ret); - valid = false; - } - - if (run->function != EEXIT) { - printf("FAIL: %s() function, expected: %u, got: %u\n", test, EEXIT, - run->function); - valid = false; - } - - if (result != MAGIC) { - printf("FAIL: %s(), expected: 0x%lx, got: 0x%lx\n", test, MAGIC, - result); - valid = false; - } - - if (run->user_data) { - printf("FAIL: %s() user data, expected: 0x0, got: 0x%llx\n", - test, run->user_data); - valid = false; - } - - return valid; -} - -static int user_handler(long rdi, long rsi, long rdx, long ursp, long r8, long r9, - struct sgx_enclave_run *run) -{ - run->user_data = 0; - return 0; -} +FIXTURE(enclave) { + struct encl encl; + struct sgx_enclave_run run; +};
-int main(int argc, char *argv[]) +FIXTURE_SETUP(enclave) { - struct sgx_enclave_run run; + Elf64_Sym *sgx_enter_enclave_sym = NULL; struct vdso_symtab symtab; - Elf64_Sym *sgx_enter_enclave_sym; - uint64_t result = 0; - struct encl encl; unsigned int i; void *addr; - int ret;
- memset(&run, 0, sizeof(run)); - - if (!encl_load("test_encl.elf", &encl)) { - encl_delete(&encl); + if (!encl_load("test_encl.elf", &self->encl)) { + encl_delete(&self->encl); ksft_exit_skip("cannot load enclaves\n"); }
- if (!encl_measure(&encl)) + if (!encl_measure(&self->encl)) goto err;
- if (!encl_build(&encl)) + if (!encl_build(&self->encl)) goto err;
/* * An enclave consumer only must do this. */ - for (i = 0; i < encl.nr_segments; i++) { - struct encl_segment *seg = &encl.segment_tbl[i]; - - addr = mmap((void *)encl.encl_base + seg->offset, seg->size, - seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0); - if (addr == MAP_FAILED) { - perror("mmap() segment failed"); - exit(KSFT_FAIL); - } + for (i = 0; i < self->encl.nr_segments; i++) { + struct encl_segment *seg = &self->encl.segment_tbl[i]; + + addr = mmap((void *)self->encl.encl_base + seg->offset, seg->size, + seg->prot, MAP_SHARED | MAP_FIXED, self->encl.fd, 0); + EXPECT_NE(addr, MAP_FAILED); + if (addr == MAP_FAILED) + goto err; }
- memset(&run, 0, sizeof(run)); - run.tcs = encl.encl_base; - /* Get vDSO base address */ addr = (void *)getauxval(AT_SYSINFO_EHDR); if (!addr) @@ -200,32 +157,68 @@ int main(int argc, char *argv[])
vdso_sgx_enter_enclave = addr + sgx_enter_enclave_sym->st_value;
- ret = sgx_enter_enclave((void *)&MAGIC, &result, 0, EENTER, - NULL, NULL, &run); - if (!report_results(&run, ret, result, "sgx_enter_enclave_unclobbered")) - goto err; + memset(&self->run, 0, sizeof(self->run)); + self->run.tcs = self->encl.encl_base;
+err: + if (!sgx_enter_enclave_sym) + encl_delete(&self->encl);
- /* Invoke the vDSO directly. */ - result = 0; - ret = vdso_sgx_enter_enclave((unsigned long)&MAGIC, (unsigned long)&result, - 0, EENTER, 0, 0, &run); - if (!report_results(&run, ret, result, "sgx_enter_enclave")) - goto err; + ASSERT_NE(sgx_enter_enclave_sym, NULL); +}
- /* And with an exit handler. */ - run.user_handler = (__u64)user_handler; - run.user_data = 0xdeadbeef; - ret = vdso_sgx_enter_enclave((unsigned long)&MAGIC, (unsigned long)&result, - 0, EENTER, 0, 0, &run); - if (!report_results(&run, ret, result, "user_handler")) - goto err; +FIXTURE_TEARDOWN(enclave) +{ + encl_delete(&self->encl); + vdso_sgx_enter_enclave = NULL; +}
- printf("SUCCESS\n"); - encl_delete(&encl); - exit(KSFT_PASS);
-err: - encl_delete(&encl); - exit(KSFT_FAIL); +TEST_F(enclave, unclobbered_vdso) +{ + uint64_t result = 0; + + EXPECT_EQ(sgx_enter_enclave((void *)&MAGIC, &result, 0, EENTER, NULL, NULL, &self->run), 0); + + EXPECT_EQ(result, MAGIC); + EXPECT_EQ(self->run.function, EEXIT); + EXPECT_EQ(self->run.user_data, 0); +} + +TEST_F(enclave, clobbered_vdso) +{ + uint64_t result = 0; + + EXPECT_EQ(vdso_sgx_enter_enclave((unsigned long)&MAGIC, (unsigned long)&result, 0, + EENTER, 0, 0, &self->run), 0); + + + EXPECT_EQ(result, MAGIC); + EXPECT_EQ(self->run.function, EEXIT); + EXPECT_EQ(self->run.user_data, 0); } + +static int test_handler(long rdi, long rsi, long rdx, long ursp, long r8, long r9, + struct sgx_enclave_run *run) +{ + run->user_data = 0; + + return 0; +} + +TEST_F(enclave, clobbered_vdso_and_user_function) +{ + uint64_t result = 0; + + self->run.user_handler = (__u64)test_handler; + self->run.user_data = 0xdeadbeef; + + EXPECT_EQ(vdso_sgx_enter_enclave((unsigned long)&MAGIC, (unsigned long)&result, 0, + EENTER, 0, 0, &self->run), 0); + + EXPECT_EQ(result, MAGIC); + EXPECT_EQ(self->run.function, EEXIT); + EXPECT_EQ(self->run.user_data, 0); +} + +TEST_HARNESS_MAIN
Hi Jarkko,
On 5/7/2021 8:56 PM, Jarkko Sakkinen wrote:
Migrate to kselftest harness. Use a fixture test with enclave initialized and de-initialized for each of the existing three tests, in other words:
- One FIXTURE() for managing the enclave life-cycle.
- Three TEST_F()'s, one for each test case.
These changes make it easier to add tests and I think it is a valuable addition.
This gives a leaps better reporting than before. Here's an example transcript:
TAP version 13 1..3 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 1 enclave.unclobbered_vdso 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 2 enclave.clobbered_vdso 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 3 enclave.clobbered_vdso_and_user_function
The output claims to conform to TAP13 but it does not seem as though all of the output conforms to TAP13. I assume such output would confuse automated systems.
Reinette
On Tue, May 11, 2021 at 11:42:49AM -0700, Reinette Chatre wrote:
Hi Jarkko,
On 5/7/2021 8:56 PM, Jarkko Sakkinen wrote:
Migrate to kselftest harness. Use a fixture test with enclave initialized and de-initialized for each of the existing three tests, in other words:
- One FIXTURE() for managing the enclave life-cycle.
- Three TEST_F()'s, one for each test case.
These changes make it easier to add tests and I think it is a valuable addition.
This gives a leaps better reporting than before. Here's an example transcript:
TAP version 13 1..3 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 1 enclave.unclobbered_vdso 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 2 enclave.clobbered_vdso 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 3 enclave.clobbered_vdso_and_user_function
The output claims to conform to TAP13 but it does not seem as though all of the output conforms to TAP13. I assume such output would confuse automated systems.
You mean
0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03
?
/Jarkko
Hi Jarkko,
On 5/11/2021 6:10 PM, Jarkko Sakkinen wrote:
On Tue, May 11, 2021 at 11:42:49AM -0700, Reinette Chatre wrote:
Hi Jarkko,
On 5/7/2021 8:56 PM, Jarkko Sakkinen wrote:
Migrate to kselftest harness. Use a fixture test with enclave initialized and de-initialized for each of the existing three tests, in other words:
- One FIXTURE() for managing the enclave life-cycle.
- Three TEST_F()'s, one for each test case.
These changes make it easier to add tests and I think it is a valuable addition.
This gives a leaps better reporting than before. Here's an example transcript:
TAP version 13 1..3 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 1 enclave.unclobbered_vdso 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 2 enclave.clobbered_vdso 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 3 enclave.clobbered_vdso_and_user_function
The output claims to conform to TAP13 but it does not seem as though all of the output conforms to TAP13. I assume such output would confuse automated systems.
You mean
0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03
?
Yes
Reinette
On Wed, May 12, 2021 at 08:56:03AM -0700, Reinette Chatre wrote:
Hi Jarkko,
On 5/11/2021 6:10 PM, Jarkko Sakkinen wrote:
On Tue, May 11, 2021 at 11:42:49AM -0700, Reinette Chatre wrote:
Hi Jarkko,
On 5/7/2021 8:56 PM, Jarkko Sakkinen wrote:
Migrate to kselftest harness. Use a fixture test with enclave initialized and de-initialized for each of the existing three tests, in other words:
- One FIXTURE() for managing the enclave life-cycle.
- Three TEST_F()'s, one for each test case.
These changes make it easier to add tests and I think it is a valuable addition.
This gives a leaps better reporting than before. Here's an example transcript:
TAP version 13 1..3 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 1 enclave.unclobbered_vdso 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 2 enclave.clobbered_vdso 0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 ok 3 enclave.clobbered_vdso_and_user_function
The output claims to conform to TAP13 but it does not seem as though all of the output conforms to TAP13. I assume such output would confuse automated systems.
You mean
0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03
?
Yes
Thanks, just sanity checking :-)
/Jarkko
On 5/7/21 8:56 PM, Jarkko Sakkinen wrote:
Rename symbols for better clarity:
- 'eenter' -> 'vdso_sgx_enter_enclave'
- 'sgx_call_vdso' -> 'sgx_enter_enclave'
Another sentence or two here would do wonders:
'eenter' might be confused for directly calling ENCLU[EENTER]. It does not. It calls into the VDSO, which actually has the EENTER instruction.
'sgx_call_vdso' is *only* used for entering the enclave. It's not some generic SGX call into the VDSO.
Make the naming reflect that.
Right?
On Tue, May 11, 2021 at 11:49:18AM -0700, Dave Hansen wrote:
On 5/7/21 8:56 PM, Jarkko Sakkinen wrote:
Rename symbols for better clarity:
- 'eenter' -> 'vdso_sgx_enter_enclave'
- 'sgx_call_vdso' -> 'sgx_enter_enclave'
Another sentence or two here would do wonders:
'eenter' might be confused for directly calling ENCLU[EENTER]. It does not. It calls into the VDSO, which actually has the EENTER instruction.
'sgx_call_vdso' is *only* used for entering the enclave. It's not some generic SGX call into the VDSO.
Make the naming reflect that.
Right?
Agreed.
I'll spin off a yet new version of the series, taking also care of the log messages that the enclave loader emits (Renette's feedback). They should be wrapped with TH_LOG() macro I suppose.
/Jarkko
linux-kselftest-mirror@lists.linaro.org