| Message ID | 20210621190556.4B5DCBB1@viggo.jf.intel.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | selftests/sgx: remove checks for file execute permissions | expand |
Hi Dave, On 6/21/2021 12:05 PM, Dave Hansen wrote: > > The SGX selftests can fail for a bunch of non-obvious reasons > like 'noexec' permissions on /dev (which is the default *EVERYWHERE* > it seems). > > A new test mistakenly also looked for +x permission on the > /dev/sgx_enclave. File execute permissions really only apply to > the ability of execve() to work on a file, *NOT* on the ability > for an application to map the file with PROT_EXEC. SGX needs to > mmap(PROT_EXEC), but doesn't need to execve() the device file. > > Remove the check. > > Fixes: 4284f7acb78b ("selftests/sgx: Improve error detection and messages") > Reported-by: Tim Gardner <tim.gardner@canonical.com> > Cc: Jarkko Sakkinen <jarkko@kernel.org> > Cc: Reinette Chatre <reinette.chatre@intel.com> > Cc: Dave Hansen <dave.hansen@linux.intel.com> > Cc: Shuah Khan <shuah@kernel.org> > Cc: linux-sgx@vger.kernel.org > Cc: linux-kselftest@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Thank you very much for fixing this. With this applied the SGX tests are able to run again on my system. Tested-by: Reinette Chatre <reinette.chatre@intel.com> I think it is missing a "Signed-off-by". Reinette
On 6/21/21 2:08 PM, Reinette Chatre wrote: > > Thank you very much for fixing this. With this applied the SGX tests are > able to run again on my system. > > Tested-by: Reinette Chatre <reinette.chatre@intel.com> > > I think it is missing a "Signed-off-by". Right you are. I think I've done this twice in a row for one-off patches. Sheesh. Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> If anyone wants a resend with this included, please let me know.
On Mon, Jun 21, 2021 at 12:05:56PM -0700, Dave Hansen wrote: > > The SGX selftests can fail for a bunch of non-obvious reasons > like 'noexec' permissions on /dev (which is the default *EVERYWHERE* > it seems). > > A new test mistakenly also looked for +x permission on the > /dev/sgx_enclave. File execute permissions really only apply to > the ability of execve() to work on a file, *NOT* on the ability > for an application to map the file with PROT_EXEC. SGX needs to > mmap(PROT_EXEC), but doesn't need to execve() the device file. > > Remove the check. > > Fixes: 4284f7acb78b ("selftests/sgx: Improve error detection and messages") > Reported-by: Tim Gardner <tim.gardner@canonical.com> > Cc: Jarkko Sakkinen <jarkko@kernel.org> > Cc: Reinette Chatre <reinette.chatre@intel.com> > Cc: Dave Hansen <dave.hansen@linux.intel.com> > Cc: Shuah Khan <shuah@kernel.org> > Cc: linux-sgx@vger.kernel.org > Cc: linux-kselftest@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > > --- > > b/tools/testing/selftests/sgx/load.c | 16 +++------------- > 1 file changed, 3 insertions(+), 13 deletions(-) > > diff -puN tools/testing/selftests/sgx/load.c~sgx-no-file-exec tools/testing/selftests/sgx/load.c > --- a/tools/testing/selftests/sgx/load.c~sgx-no-file-exec 2021-06-21 11:48:25.226294281 -0700 > +++ b/tools/testing/selftests/sgx/load.c 2021-06-21 12:03:28.023292029 -0700 > @@ -150,16 +150,6 @@ bool encl_load(const char *path, struct > goto err; > } > > - /* > - * This just checks if the /dev file has these permission > - * bits set. It does not check that the current user is > - * the owner or in the owning group. > - */ > - if (!(sb.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) { > - fprintf(stderr, "no execute permissions on device file %s\n", device_path); > - goto err; > - } > - > ptr = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_SHARED, fd, 0); > if (ptr == (void *)-1) { > perror("mmap for read"); > @@ -169,13 +159,13 @@ bool encl_load(const char *path, struct > > #define ERR_MSG \ > "mmap() succeeded for PROT_READ, but failed for PROT_EXEC.\n" \ > -" Check that current user has execute permissions on %s and \n" \ > -" that /dev does not have noexec set: mount | grep \"/dev .*noexec\"\n" \ > +" Check that /dev does not have noexec set:\n" \ > +" \tmount | grep \"/dev .*noexec\"\n" \ > " If so, remount it executable: mount -o remount,exec /dev\n\n" > > ptr = mmap(NULL, PAGE_SIZE, PROT_EXEC, MAP_SHARED, fd, 0); > if (ptr == (void *)-1) { > - fprintf(stderr, ERR_MSG, device_path); > + fprintf(stderr, ERR_MSG); > goto err; > } > munmap(ptr, PAGE_SIZE); > _ > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> /Jarkko
On 6/21/21 3:18 PM, Dave Hansen wrote: > On 6/21/21 2:08 PM, Reinette Chatre wrote: >> >> Thank you very much for fixing this. With this applied the SGX tests are >> able to run again on my system. >> >> Tested-by: Reinette Chatre <reinette.chatre@intel.com> >> >> I think it is missing a "Signed-off-by". > > Right you are. I think I've done this twice in a row for one-off > patches. Sheesh. > > Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> > > If anyone wants a resend with this included, please let me know. > Thanks to b4/patchwork - no need to resend. I have the signed-off-by in the downloaded patch. Thank you all. Now applied to linux-kselftest next for 5.14-rc1 -- Shuah
diff -puN tools/testing/selftests/sgx/load.c~sgx-no-file-exec tools/testing/selftests/sgx/load.c --- a/tools/testing/selftests/sgx/load.c~sgx-no-file-exec 2021-06-21 11:48:25.226294281 -0700 +++ b/tools/testing/selftests/sgx/load.c 2021-06-21 12:03:28.023292029 -0700 @@ -150,16 +150,6 @@ bool encl_load(const char *path, struct goto err; } - /* - * This just checks if the /dev file has these permission - * bits set. It does not check that the current user is - * the owner or in the owning group. - */ - if (!(sb.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) { - fprintf(stderr, "no execute permissions on device file %s\n", device_path); - goto err; - } - ptr = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_SHARED, fd, 0); if (ptr == (void *)-1) { perror("mmap for read"); @@ -169,13 +159,13 @@ bool encl_load(const char *path, struct #define ERR_MSG \ "mmap() succeeded for PROT_READ, but failed for PROT_EXEC.\n" \ -" Check that current user has execute permissions on %s and \n" \ -" that /dev does not have noexec set: mount | grep \"/dev .*noexec\"\n" \ +" Check that /dev does not have noexec set:\n" \ +" \tmount | grep \"/dev .*noexec\"\n" \ " If so, remount it executable: mount -o remount,exec /dev\n\n" ptr = mmap(NULL, PAGE_SIZE, PROT_EXEC, MAP_SHARED, fd, 0); if (ptr == (void *)-1) { - fprintf(stderr, ERR_MSG, device_path); + fprintf(stderr, ERR_MSG); goto err; } munmap(ptr, PAGE_SIZE);
The SGX selftests can fail for a bunch of non-obvious reasons like 'noexec' permissions on /dev (which is the default *EVERYWHERE* it seems). A new test mistakenly also looked for +x permission on the /dev/sgx_enclave. File execute permissions really only apply to the ability of execve() to work on a file, *NOT* on the ability for an application to map the file with PROT_EXEC. SGX needs to mmap(PROT_EXEC), but doesn't need to execve() the device file. Remove the check. Fixes: 4284f7acb78b ("selftests/sgx: Improve error detection and messages") Reported-by: Tim Gardner <tim.gardner@canonical.com> Cc: Jarkko Sakkinen <jarkko@kernel.org> Cc: Reinette Chatre <reinette.chatre@intel.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Shuah Khan <shuah@kernel.org> Cc: linux-sgx@vger.kernel.org Cc: linux-kselftest@vger.kernel.org Cc: linux-kernel@vger.kernel.org --- b/tools/testing/selftests/sgx/load.c | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-)