From patchwork Tue Oct 8 04:45:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178773 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 161CC17D4 for ; Tue, 8 Oct 2019 04:46:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E95CF20679 for ; Tue, 8 Oct 2019 04:46:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729440AbfJHEqP (ORCPT ); Tue, 8 Oct 2019 00:46:15 -0400 Received: from mga11.intel.com ([192.55.52.93]:8175 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729375AbfJHEqP (ORCPT ); Tue, 8 Oct 2019 00:46:15 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566490" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:15 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 01/16] x86/vdso: sgx: Drop the pseudocode "documentation" Date: Mon, 7 Oct 2019 21:45:58 -0700 Message-Id: <20191008044613.12350-2-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Remove the pseudocode documentation of __vdso_sgx_enter_enclave(). The assembly itself needs to be cleaned up to be easily understood without pseudocode, and the extra documentation adds maintenance overhead. Only the prototype is needed to coerce kernel-doc into parsing the function comment, so that isn't lost either. Signed-off-by: Sean Christopherson --- arch/x86/entry/vdso/vsgx_enter_enclave.S | 25 +----------------------- 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S index 9331279b8fa6..96726000aa27 100644 --- a/arch/x86/entry/vdso/vsgx_enter_enclave.S +++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S @@ -58,30 +58,7 @@ typedef int (*sgx_callback)(long rdi, long rsi, long rdx, long r9, void *tcs, long ursp); int __vdso_sgx_enter_enclave(int leaf, void *tcs, struct sgx_enclave_exinfo *exinfo, - sgx_callback callback) -{ - while (leaf == EENTER || leaf == ERESUME) { - int rc; - try { - ENCLU[leaf]; - rc = 0; - if (exinfo) - exinfo->leaf = EEXIT; - } catch (exception) { - rc = -EFAULT; - if (exinfo) - *exinfo = exception; - } - - leaf = callback ? (*callback)( - rdi, rsi, rdx, exinfo, r8, r9, tcs, ursp) : rc; - } - - if (leaf > 0) - return -EINVAL; - - return leaf; -} + sgx_callback callback); #endif ENTRY(__vdso_sgx_enter_enclave) /* Prolog */ From patchwork Tue Oct 8 04:45:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178775 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 372C41709 for ; Tue, 8 Oct 2019 04:46:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2017B20679 for ; Tue, 8 Oct 2019 04:46:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729464AbfJHEqP (ORCPT ); Tue, 8 Oct 2019 00:46:15 -0400 Received: from mga11.intel.com ([192.55.52.93]:8175 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729285AbfJHEqP (ORCPT ); Tue, 8 Oct 2019 00:46:15 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566494" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:15 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 02/16] x86/vdso: sgx: Do not use exception info to pass success/failure Date: Mon, 7 Oct 2019 21:45:59 -0700 Message-Id: <20191008044613.12350-3-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Do not overload sgx_enclave_exception.leaf to indicate success vs. failure, i.e. EEXIT vs. fault. Instead, explicitly pass what would be the return value (from __vdso_sgx_enter_enclave()) to userspace's exit handler. Passing the return values makes the two flows (exit handler vs. no exit handler) symmetric and provides the exit handler with a fault indicator without requiring struct sgx_enclave_exception. Opportunistically fix the typedef for the callback to reference struct sgx_enclave_exception instead of the non-existent sgx_enclave_exinfo. Intentionally leave the local labels out of whack, they'll be cleaned up in a future patch. Signed-off-by: Sean Christopherson --- arch/x86/entry/vdso/vsgx_enter_enclave.S | 33 +++++++++++------------- 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S index 96726000aa27..06e18a2836de 100644 --- a/arch/x86/entry/vdso/vsgx_enter_enclave.S +++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S @@ -53,11 +53,11 @@ * -EFAULT if ENCL or the enclave faults or non-positive value is returned * from the callback. */ -typedef int (*sgx_callback)(long rdi, long rsi, long rdx, - struct sgx_enclave_exinfo *exinfo, long r8, - long r9, void *tcs, long ursp); +typedef int (*sgx_callback)(long rdi, long rsi, long rdx, int ret, + long r8, long r9, void *tcs, long ursp, + struct sgx_enclave_exception *e); int __vdso_sgx_enter_enclave(int leaf, void *tcs, - struct sgx_enclave_exinfo *exinfo, + struct sgx_enclave_exception *e, sgx_callback callback); #endif ENTRY(__vdso_sgx_enter_enclave) @@ -83,21 +83,12 @@ ENTRY(__vdso_sgx_enter_enclave) 2: enclu /* EEXIT path */ - xor %ebx, %ebx -3: mov 0x18(%rbp), %rcx - jrcxz 4f - mov %eax, EX_LEAF(%rcx) - jnc 4f - mov %di, EX_TRAPNR(%rcx) - mov %si, EX_ERROR_CODE(%rcx) - mov %rdx, EX_ADDRESS(%rcx) + xor %eax, %eax +3: mov %eax, %ecx -4: /* Call *callback if supplied */ + /* Call *callback if supplied */ mov 0x20(%rbp), %rax test %rax, %rax - /* At this point, %ebx holds the effective return value, which shall be - * returned if no callback is specified */ - cmovz %rbx, %rax jz 7f /* Align stack per x86_64 ABI. The original %rsp is saved in %rbx to be * restored after *callback returns. */ @@ -106,6 +97,7 @@ ENTRY(__vdso_sgx_enter_enclave) /* Clear RFLAGS.DF per x86_64 ABI */ cld /* Parameters for *callback */ + push 0x18(%rbp) push %rbx push 0x10(%rbp) /* Call *%rax via retpoline */ @@ -126,8 +118,13 @@ ENTRY(__vdso_sgx_enter_enclave) ret 5: /* Exception path */ - mov $-EFAULT, %ebx - stc + mov 0x18(%rbp), %rcx + jrcxz 52f + mov %eax, EX_LEAF(%rcx) + mov %di, EX_TRAPNR(%rcx) + mov %si, EX_ERROR_CODE(%rcx) + mov %rdx, EX_ADDRESS(%rcx) +52: mov $-EFAULT, %eax jmp 3b 6: /* Unsupported ENCLU leaf */ From patchwork Tue Oct 8 04:46:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178777 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 584931920 for ; Tue, 8 Oct 2019 04:46:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 410F220679 for ; Tue, 8 Oct 2019 04:46:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729489AbfJHEqQ (ORCPT ); Tue, 8 Oct 2019 00:46:16 -0400 Received: from mga11.intel.com ([192.55.52.93]:8175 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729375AbfJHEqP (ORCPT ); Tue, 8 Oct 2019 00:46:15 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566497" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:15 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 03/16] x86/vdso: sgx: Rename the enclave exit handler typedef Date: Mon, 7 Oct 2019 21:46:00 -0700 Message-Id: <20191008044613.12350-4-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Rename the exit handler callback to sgx_enclave_exit_handler_t so that the name itself describes the purpose of the function to some extent. Signed-off-by: Sean Christopherson --- arch/x86/entry/vdso/vsgx_enter_enclave.S | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S index 06e18a2836de..5fbe07a03e6c 100644 --- a/arch/x86/entry/vdso/vsgx_enter_enclave.S +++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S @@ -53,12 +53,12 @@ * -EFAULT if ENCL or the enclave faults or non-positive value is returned * from the callback. */ -typedef int (*sgx_callback)(long rdi, long rsi, long rdx, int ret, - long r8, long r9, void *tcs, long ursp, - struct sgx_enclave_exception *e); +typedef int (*sgx_enclave_exit_handler_t)(long rdi, long rsi, long rdx, int ret, + long r8, long r9, void *tcs, long ursp, + struct sgx_enclave_exception *e); int __vdso_sgx_enter_enclave(int leaf, void *tcs, struct sgx_enclave_exception *e, - sgx_callback callback); + sgx_enclave_exit_handler_t handler); #endif ENTRY(__vdso_sgx_enter_enclave) /* Prolog */ @@ -86,17 +86,17 @@ ENTRY(__vdso_sgx_enter_enclave) xor %eax, %eax 3: mov %eax, %ecx - /* Call *callback if supplied */ + /* Call the exit handler if supplied */ mov 0x20(%rbp), %rax test %rax, %rax jz 7f /* Align stack per x86_64 ABI. The original %rsp is saved in %rbx to be - * restored after *callback returns. */ + * restored after the exit handler returns. */ mov %rsp, %rbx and $-0x10, %rsp /* Clear RFLAGS.DF per x86_64 ABI */ cld - /* Parameters for *callback */ + /* Parameters for the exit handler */ push 0x18(%rbp) push %rbx push 0x10(%rbp) @@ -105,9 +105,9 @@ ENTRY(__vdso_sgx_enter_enclave) /* Restore %rsp to its original value left off by the enclave from last * exit */ mov %rbx, %rsp - /* Positive return value from *callback will be interpreted as an ENCLU - * leaf, while a non-positive value will be interpreted as the return - * value to be passed back to the caller. */ + /* Positive return value from the exit handler will be interpreted as + * an ENCLU leaf, while a non-positive value will be interpreted as the + * return value to be passed back to the caller. */ jmp 1b 40: /* retpoline */ call 42f From patchwork Tue Oct 8 04:46:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178779 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 82D0B2D2C for ; Tue, 8 Oct 2019 04:46:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 6223B20679 for ; Tue, 8 Oct 2019 04:46:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729500AbfJHEqQ (ORCPT ); Tue, 8 Oct 2019 00:46:16 -0400 Received: from mga11.intel.com ([192.55.52.93]:8175 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729285AbfJHEqQ (ORCPT ); Tue, 8 Oct 2019 00:46:16 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566500" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:15 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 04/16] x86/vdso: sgx: Move enclave exit handler declaration to UAPI header Date: Mon, 7 Oct 2019 21:46:01 -0700 Message-Id: <20191008044613.12350-5-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Move the typedef of the enclave exit handler to the UAPI header so that it can be consumed by userspace and kernel-doc. Add a proper comment, primarily to document the parameters. A future patch will update the comment for __vdso_sgx_enter_enclave() to better describe how the exit handler is used. Signed-off-by: Sean Christopherson --- arch/x86/entry/vdso/vsgx_enter_enclave.S | 3 --- arch/x86/include/uapi/asm/sgx.h | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S index 5fbe07a03e6c..a382f3683b48 100644 --- a/arch/x86/entry/vdso/vsgx_enter_enclave.S +++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S @@ -53,9 +53,6 @@ * -EFAULT if ENCL or the enclave faults or non-positive value is returned * from the callback. */ -typedef int (*sgx_enclave_exit_handler_t)(long rdi, long rsi, long rdx, int ret, - long r8, long r9, void *tcs, long ursp, - struct sgx_enclave_exception *e); int __vdso_sgx_enter_enclave(int leaf, void *tcs, struct sgx_enclave_exception *e, sgx_enclave_exit_handler_t handler); diff --git a/arch/x86/include/uapi/asm/sgx.h b/arch/x86/include/uapi/asm/sgx.h index 8f4660e07f6b..0515de4e67cc 100644 --- a/arch/x86/include/uapi/asm/sgx.h +++ b/arch/x86/include/uapi/asm/sgx.h @@ -81,4 +81,22 @@ struct sgx_enclave_exception { __u64 reserved[2]; }; +/** + * typedef sgx_enclave_exit_handler_t - Exit handler function accepted by + * __vdso_sgx_enter_enclave() + * + * @rdi: RDI at the time of enclave exit + * @rsi: RSI at the time of enclave exit + * @rdx: RDX at the time of enclave exit + * @ret: 0 on success (EEXIT), -EFAULT on an exception + * @r8: R8 at the time of enclave exit + * @r9: R9 at the time of enclave exit + * @tcs: Thread Control Structure used to enter enclave + * @ursp: RSP at the time of enclave exit + * @e: Pointer to struct sgx_enclave_exception (as provided by caller) + */ +typedef int (*sgx_enclave_exit_handler_t)(long rdi, long rsi, long rdx, int ret, + long r8, long r9, void *tcs, long ursp, + struct sgx_enclave_exception *e); + #endif /* _UAPI_ASM_X86_SGX_H */ From patchwork Tue Oct 8 04:46:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178781 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D181E1668 for ; Tue, 8 Oct 2019 04:46:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B9E00206C2 for ; Tue, 8 Oct 2019 04:46:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729514AbfJHEqQ (ORCPT ); Tue, 8 Oct 2019 00:46:16 -0400 Received: from mga11.intel.com ([192.55.52.93]:8175 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729375AbfJHEqQ (ORCPT ); Tue, 8 Oct 2019 00:46:16 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566503" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:15 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 05/16] x86/vdso: sgx: Add comment regarding kernel-doc shenanigans Date: Mon, 7 Oct 2019 21:46:02 -0700 Message-Id: <20191008044613.12350-6-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Move the fake SGX_KERNEL_DOC ifdef and add a comment to explicitly state that the C-style prototype exists to trigger kernel-doc parsing. Signed-off-by: Sean Christopherson --- arch/x86/entry/vdso/vsgx_enter_enclave.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S index a382f3683b48..4dfb943172ed 100644 --- a/arch/x86/entry/vdso/vsgx_enter_enclave.S +++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S @@ -14,7 +14,6 @@ .code64 .section .text, "ax" -#ifdef SGX_KERNEL_DOC /** * __vdso_sgx_enter_enclave() - Enter an SGX enclave * @leaf: ENCLU leaf, must be EENTER or ERESUME @@ -53,6 +52,8 @@ * -EFAULT if ENCL or the enclave faults or non-positive value is returned * from the callback. */ +#ifdef SGX_KERNEL_DOC +/* C-style function prototype to coerce kernel-doc into parsing the comment. */ int __vdso_sgx_enter_enclave(int leaf, void *tcs, struct sgx_enclave_exception *e, sgx_enclave_exit_handler_t handler); From patchwork Tue Oct 8 04:46:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178783 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 78E0117D4 for ; Tue, 8 Oct 2019 04:46:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5731B20679 for ; Tue, 8 Oct 2019 04:46:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729566AbfJHEqR (ORCPT ); Tue, 8 Oct 2019 00:46:17 -0400 Received: from mga11.intel.com ([192.55.52.93]:8175 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729285AbfJHEqQ (ORCPT ); Tue, 8 Oct 2019 00:46:16 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566506" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:16 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 06/16] x86/vdso: sgx: Rewrite __vdso_sgx_enter_enclave() function comment Date: Mon, 7 Oct 2019 21:46:03 -0700 Message-Id: <20191008044613.12350-7-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Rewrite the function comment for __vdso_sgx_enter_enclave() to eliminate dependencies on markup (which currently doesn't work correctly anyways), bring the comments up-to-date, and use phrasing and mood that is more consistent with the rest of the kernel. Signed-off-by: Sean Christopherson --- arch/x86/entry/vdso/vsgx_enter_enclave.S | 74 +++++++++++++++--------- 1 file changed, 46 insertions(+), 28 deletions(-) diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S index 4dfb943172ed..de54e47c83f4 100644 --- a/arch/x86/entry/vdso/vsgx_enter_enclave.S +++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S @@ -18,39 +18,57 @@ * __vdso_sgx_enter_enclave() - Enter an SGX enclave * @leaf: ENCLU leaf, must be EENTER or ERESUME * @tcs: TCS, must be non-NULL - * @ex_info: Optional struct sgx_enclave_exception instance - * @callback: Optional callback function to be called on enclave exit or - * exception + * @e: Optional struct sgx_enclave_exception instance + * @handler: Optional enclave exit handler * * **Important!** __vdso_sgx_enter_enclave() is **NOT** compliant with the - * x86-64 ABI, i.e. cannot be called from standard C code. As noted above, - * input parameters must be passed via ``%eax``, ``8(%rsp)``, ``0x10(%rsp)`` and - * ``0x18(%rsp)``, with the return value passed via ``%eax``. All other - * registers will be passed through to the enclave as is. All registers except - * ``%rbp`` must be treated as volatile from the caller's perspective, including - * but not limited to GPRs, EFLAGS.DF, MXCSR, FCW, etc... Conversely, the - * enclave being run **must** preserve the untrusted ``%rbp``. + * x86-64 ABI, i.e. cannot be called from standard C code. * - * ``callback`` has the following signature: - * int callback(long rdi, long rsi, long rdx, - * struct sgx_enclave_exinfo *exinfo, long r8, long r9, - * void *tcs, long ursp); - * ``callback`` **shall** follow x86_64 ABI. All GPRs **except** ``%rax``, - * ``%rbx`` and ``rcx`` are passed through to ``callback``. ``%rdi``, ``%rsi``, - * ``%rdx``, ``%r8``, ``%r9``, along with the value of ``%rsp`` when the enclave - * exited/excepted, can be accessed directly as input parameters, while other - * GPRs can be accessed in assembly if needed. A positive value returned from - * ``callback`` will be treated as an ENCLU leaf (e.g. EENTER/ERESUME) to - * reenter the enclave (without popping the extra data pushed by the enclave off - * the stack), while 0 (zero) or a negative return value will be passed back to - * the caller of __vdso_sgx_enter_enclave(). It is also safe to leave - * ``callback`` via ``longjmp()`` or by throwing a C++ exception. + * Input ABI: + * @leaf %eax + * @tcs 8(%rsp) + * @e 0x10(%rsp) + * @handler 0x18(%rsp) + * + * Output ABI: + * @ret %eax + * + * All general purpose registers except RAX, RBX and RCX are passed as-is to + * the enclave. RAX, RBX and RCX are consumed by EENTER and ERESUME and are + * loaded with @leaf, asynchronous exit pointer, and @tcs respectively. + * + * RBP and the stack are used to anchor __vdso_sgx_enter_enclave() to the + * pre-enclave state, e.g. to retrieve @e and @handler after an enclave exit. + * All other registers are available for use by the enclave and its runtime, + * e.g. an enclave can push additional data onto the stack (and modify RSP) to + * pass information to the optional exit handler (see below). + * + * Most exceptions reported on ENCLU, including those that occur within the + * enclave, are fixed up and reported synchronously instead of being delivered + * via a standard signal. Debug Exceptions (#DB) and Breakpoints (#BP) are + * never fixed up and are always delivered via standard signals. On synchrously + * reported exceptions, -EFAULT is returned and details about the exception are + * recorded in @e, the optional sgx_enclave_exception struct. + + * If an exit handler is provided, the handler will be invoked on synchronous + * exits from the enclave and for all synchronously reported exceptions. In + * latter case, @e is filled prior to invoking the handler. + * + * The exit handler's return value is interpreted as follows: + * >0: continue, restart __vdso_sgx_enter_enclave() with @ret as @leaf + * 0: success, return @ret to the caller + * <0: error, return @ret to the caller + * + * The userspace exit handler is responsible for unwinding the stack, e.g. to + * pop @e, u_rsp and @tcs, prior to returning to __vdso_sgx_enter_enclave(). + * The exit handler may also transfer control, e.g. via longjmp() or a C++ + * exception, without returning to __vdso_sgx_enter_enclave(). * * Return: - * 0 on success, - * -EINVAL if ENCLU leaf is not allowed, - * -EFAULT if ENCL or the enclave faults or non-positive value is returned - * from the callback. + * 0 on success, + * -EINVAL if ENCLU leaf is not allowed, + * -EFAULT if an exception occurs on ENCLU or within the enclave + * -errno for all other negative values returned by the userspace exit handler */ #ifdef SGX_KERNEL_DOC /* C-style function prototype to coerce kernel-doc into parsing the comment. */ From patchwork Tue Oct 8 04:46:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178785 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A408C1668 for ; Tue, 8 Oct 2019 04:46:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 82FC6206C2 for ; Tue, 8 Oct 2019 04:46:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729568AbfJHEqR (ORCPT ); Tue, 8 Oct 2019 00:46:17 -0400 Received: from mga11.intel.com ([192.55.52.93]:8176 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729375AbfJHEqQ (ORCPT ); Tue, 8 Oct 2019 00:46:16 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566509" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:16 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 07/16] selftests/x86: Fix linker warning in SGX selftest Date: Mon, 7 Oct 2019 21:46:04 -0700 Message-Id: <20191008044613.12350-8-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Pass a build id of "none" to the linker to suppress a warning about the build id being ignored: /usr/bin/ld: warning: .note.gnu.build-id section discarded, --build-id ignored. Co-developed-by: Cedric Xing Signed-off-by: Cedric Xing Signed-off-by: Sean Christopherson --- tools/testing/selftests/x86/sgx/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/x86/sgx/Makefile b/tools/testing/selftests/x86/sgx/Makefile index a09ef5f965dc..90da0de41504 100644 --- a/tools/testing/selftests/x86/sgx/Makefile +++ b/tools/testing/selftests/x86/sgx/Makefile @@ -27,7 +27,7 @@ $(OUTPUT)/encl.bin: $(OUTPUT)/encl.elf $(OUTPUT)/sgxsign $(OBJCOPY) -O binary $< $@ $(OUTPUT)/encl.elf: encl.lds encl.c encl_bootstrap.S - $(CC) $(ENCL_CFLAGS) -T $^ -o $@ + $(CC) $(ENCL_CFLAGS) -T $^ -o $@ -Wl,--build-id=none $(OUTPUT)/encl.ss: $(OUTPUT)/encl.bin $(OUTPUT)/sgxsign signing_key.pem $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss From patchwork Tue Oct 8 04:46:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178789 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F224F1920 for ; Tue, 8 Oct 2019 04:46:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D1229206C2 for ; Tue, 8 Oct 2019 04:46:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729587AbfJHEqR (ORCPT ); Tue, 8 Oct 2019 00:46:17 -0400 Received: from mga11.intel.com ([192.55.52.93]:8175 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729564AbfJHEqR (ORCPT ); Tue, 8 Oct 2019 00:46:17 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566512" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:16 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 08/16] selftests/x86/sgx: Use getauxval() to retrieve the vDSO base address Date: Mon, 7 Oct 2019 21:46:05 -0700 Message-Id: <20191008044613.12350-9-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Replace the open coded ELF fun with a simple getauxval() call. Suggested-by: Cedric Xing Signed-off-by: Sean Christopherson --- tools/testing/selftests/x86/sgx/main.c | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/tools/testing/selftests/x86/sgx/main.c b/tools/testing/selftests/x86/sgx/main.c index f78ff458b0dd..3a0d76c40bcc 100644 --- a/tools/testing/selftests/x86/sgx/main.c +++ b/tools/testing/selftests/x86/sgx/main.c @@ -15,6 +15,8 @@ #include #include #include +#include + #include "defines.h" #include "../../../../../arch/x86/kernel/cpu/sgx/arch.h" #include "../../../../../arch/x86/include/uapi/asm/sgx.h" @@ -30,22 +32,9 @@ struct vdso_symtab { Elf64_Word *elf_hashtab; }; -static void *vdso_get_base_addr(char *envp[]) +static void *vdso_get_base_addr(void) { - Elf64_auxv_t *auxv; - int i; - - for (i = 0; envp[i]; i++) - ; - - auxv = (Elf64_auxv_t *)&envp[i + 1]; - - for (i = 0; auxv[i].a_type != AT_NULL; i++) { - if (auxv[i].a_type == AT_SYSINFO_EHDR) - return (void *)auxv[i].a_un.a_val; - } - - return NULL; + return (void *)getauxval(AT_SYSINFO_EHDR); } static Elf64_Dyn *vdso_get_dyntab(void *addr) @@ -342,7 +331,7 @@ int main(int argc, char *argv[], char *envp[]) memset(&exception, 0, sizeof(exception)); - addr = vdso_get_base_addr(envp); + addr = vdso_get_base_addr(); if (!addr) exit(1); From patchwork Tue Oct 8 04:46:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178787 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C55E51709 for ; Tue, 8 Oct 2019 04:46:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id ADF7620679 for ; Tue, 8 Oct 2019 04:46:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729375AbfJHEqR (ORCPT ); Tue, 8 Oct 2019 00:46:17 -0400 Received: from mga11.intel.com ([192.55.52.93]:8176 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729285AbfJHEqR (ORCPT ); Tue, 8 Oct 2019 00:46:17 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566515" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:16 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 09/16] selftests/x86/sgx: Add helper function and macros to assert results Date: Mon, 7 Oct 2019 21:46:06 -0700 Message-Id: <20191008044613.12350-10-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Borrow code and ideas from the KVM selftests for asserting and reporting test results and failures. Update the existing test assertions to use the new functionality. Defer other updates, e.g. error handling, to future patches. Change the license to GPL-2.0-only to accommodate the borrowed code. Signed-off-by: Sean Christopherson --- tools/testing/selftests/x86/sgx/main.c | 52 ++++++++++++++++++++++---- 1 file changed, 45 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/x86/sgx/main.c b/tools/testing/selftests/x86/sgx/main.c index 3a0d76c40bcc..0c964bc1fca0 100644 --- a/tools/testing/selftests/x86/sgx/main.c +++ b/tools/testing/selftests/x86/sgx/main.c @@ -1,9 +1,10 @@ -// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// SPDX-License-Identifier: GPL-2.0-only // Copyright(c) 2016-18 Intel Corporation. #include #include #include +#include #include #include #include @@ -24,6 +25,47 @@ #define PAGE_SIZE 4096 static const uint64_t MAGIC = 0x1122334455667788ULL; + +void __attribute__((noinline)) test_assert(bool exp, const char *exp_str, + const char *file, unsigned int line, + const char *fmt, ...) +{ + va_list ap; + + if (exp) + return; + + va_start(ap, fmt); + + fprintf(stderr, "==== SGX Selftest Assertion Failure ====\n"); + if (exp_str) + fprintf(stderr, " %s:%u: %s\n", file, line, exp_str); + if (fmt) { + if (exp_str) + fputs(" ", stderr); + else + fprintf(stderr, " %s:%u: ", file, line); + vfprintf(stderr, fmt, ap); + fputs("\n", stderr); + } + va_end(ap); + exit(1); +} + +#define TEST_ASSERT(e, fmt, ...) \ + test_assert((e), #e, __FILE__, __LINE__, fmt, ##__VA_ARGS__) + +#define ASSERT_EQ(a, b) \ +do { \ + typeof(a) __a = (a); \ + typeof(b) __b = (b); \ + test_assert(__a == __b, NULL, __FILE__, __LINE__, \ + "%s == %s failed.\n" \ + "\t%s is %#lx\n" \ + "\t%s is %#lx", \ + #a, #b, #a, (unsigned long)__a, #b, (unsigned long)__b); \ +} while (0) + void *eenter; struct vdso_symtab { @@ -346,15 +388,11 @@ int main(int argc, char *argv[], char *envp[]) if (!encl_build(&secs, bin, bin_size, &sigstruct)) exit(1); - printf("Input: 0x%lx\n", MAGIC); sgx_call((void *)&MAGIC, &result, 0, NULL, NULL, NULL, (void *)secs.base, &exception, NULL); - if (result != MAGIC) { - fprintf(stderr, "0x%lx != 0x%lx\n", result, MAGIC); - exit(1); - } + ASSERT_EQ(result, MAGIC); - printf("Output: 0x%lx\n", result); + printf("All tests passed!\n"); exit(0); } From patchwork Tue Oct 8 04:46:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178791 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2137B18B7 for ; Tue, 8 Oct 2019 04:46:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0809420679 for ; Tue, 8 Oct 2019 04:46:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729564AbfJHEqR (ORCPT ); Tue, 8 Oct 2019 00:46:17 -0400 Received: from mga11.intel.com ([192.55.52.93]:8176 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729285AbfJHEqR (ORCPT ); Tue, 8 Oct 2019 00:46:17 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566518" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:17 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 10/16] selftests/x86/sgx: Handle setup failures via test assertions Date: Mon, 7 Oct 2019 21:46:07 -0700 Message-Id: <20191008044613.12350-11-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Use the recently added assertion framework to report errors and exit instead of propagating the error back up the stack. Using assertions reduces code and provides more detailed error messages, and has no downsides as all errors lead to exit(1) anyways, i.e. an assertion isn't blocking forward progress. Signed-off-by: Sean Christopherson --- tools/testing/selftests/x86/sgx/main.c | 170 +++++++++---------------- 1 file changed, 59 insertions(+), 111 deletions(-) diff --git a/tools/testing/selftests/x86/sgx/main.c b/tools/testing/selftests/x86/sgx/main.c index 0c964bc1fca0..5b7575a948ba 100644 --- a/tools/testing/selftests/x86/sgx/main.c +++ b/tools/testing/selftests/x86/sgx/main.c @@ -66,6 +66,17 @@ do { \ #a, #b, #a, (unsigned long)__a, #b, (unsigned long)__b); \ } while (0) +#define ASSERT_NE(a, b) \ +do { \ + typeof(a) __a = (a); \ + typeof(b) __b = (b); \ + test_assert(__a != __b, NULL, __FILE__, __LINE__, \ + "%s != %s failed.\n" \ + "\t%s is %#lx\n" \ + "\t%s is %#lx", \ + #a, #b, #a, (unsigned long)__a, #b, (unsigned long)__b); \ +} while (0) + void *eenter; struct vdso_symtab { @@ -103,23 +114,18 @@ static void *vdso_get_dyn(void *addr, Elf64_Dyn *dyntab, Elf64_Sxword tag) return NULL; } -static bool vdso_get_symtab(void *addr, struct vdso_symtab *symtab) +static void vdso_get_symtab(void *addr, struct vdso_symtab *symtab) { Elf64_Dyn *dyntab = vdso_get_dyntab(addr); symtab->elf_symtab = vdso_get_dyn(addr, dyntab, DT_SYMTAB); - if (!symtab->elf_symtab) - return false; + ASSERT_NE(symtab->elf_symtab, NULL); symtab->elf_symstrtab = vdso_get_dyn(addr, dyntab, DT_STRTAB); - if (!symtab->elf_symstrtab) - return false; + ASSERT_NE(symtab->elf_symstrtab, NULL); symtab->elf_hashtab = vdso_get_dyn(addr, dyntab, DT_HASH); - if (!symtab->elf_hashtab) - return false; - - return true; + ASSERT_NE(symtab->elf_hashtab, NULL); } static unsigned long elf_sym_hash(const char *name) @@ -157,7 +163,7 @@ static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name) return NULL; } -static bool encl_create(int dev_fd, unsigned long bin_size, +static void encl_create(int dev_fd, unsigned long bin_size, struct sgx_secs *secs) { struct sgx_enclave_create ioc; @@ -173,10 +179,7 @@ static bool encl_create(int dev_fd, unsigned long bin_size, secs->size <<= 1; area = mmap(NULL, secs->size * 2, PROT_NONE, MAP_SHARED, dev_fd, 0); - if (area == MAP_FAILED) { - perror("mmap"); - return false; - } + ASSERT_NE(area, MAP_FAILED); secs->base = ((uint64_t)area + secs->size - 1) & ~(secs->size - 1); @@ -186,16 +189,11 @@ static bool encl_create(int dev_fd, unsigned long bin_size, ioc.src = (unsigned long)secs; rc = ioctl(dev_fd, SGX_IOC_ENCLAVE_CREATE, &ioc); - if (rc) { - fprintf(stderr, "ECREATE failed rc=%d, err=%d.\n", rc, errno); - munmap((void *)secs->base, secs->size); - return false; - } - - return true; + TEST_ASSERT(!rc, "ECREATE failed rc=%d, errno=%s.\n", + rc, strerror(errno)); } -static bool encl_add_page(int dev_fd, unsigned long addr, void *data, +static void encl_add_page(int dev_fd, unsigned long addr, void *data, uint64_t flags) { struct sgx_enclave_add_page ioc; @@ -212,15 +210,10 @@ static bool encl_add_page(int dev_fd, unsigned long addr, void *data, memset(ioc.reserved, 0, sizeof(ioc.reserved)); rc = ioctl(dev_fd, SGX_IOC_ENCLAVE_ADD_PAGE, &ioc); - if (rc) { - fprintf(stderr, "EADD failed rc=%d.\n", rc); - return false; - } - - return true; + TEST_ASSERT(!rc, "EADD failed rc=%d.\n", rc); } -static bool encl_build(struct sgx_secs *secs, void *bin, +static void encl_build(struct sgx_secs *secs, void *bin, unsigned long bin_size, struct sgx_sigstruct *sigstruct) { struct sgx_enclave_init ioc; @@ -231,13 +224,9 @@ static bool encl_build(struct sgx_secs *secs, void *bin, int rc; dev_fd = open("/dev/sgx/enclave", O_RDWR); - if (dev_fd < 0) { - fprintf(stderr, "Unable to open /dev/sgx\n"); - return false; - } + TEST_ASSERT(dev_fd >= 0, "Unable to open /dev/sgx: %s\n", strerror(errno)); - if (!encl_create(dev_fd, bin_size, secs)) - goto out_dev_fd; + encl_create(dev_fd, bin_size, secs); for (offset = 0; offset < bin_size; offset += 0x1000) { if (!offset) @@ -246,108 +235,72 @@ static bool encl_build(struct sgx_secs *secs, void *bin, flags = SGX_SECINFO_REG | SGX_SECINFO_R | SGX_SECINFO_W | SGX_SECINFO_X; - if (!encl_add_page(dev_fd, secs->base + offset, - bin + offset, flags)) - goto out_map; + encl_add_page(dev_fd, secs->base + offset, bin + offset, flags); } ioc.sigstruct = (uint64_t)sigstruct; rc = ioctl(dev_fd, SGX_IOC_ENCLAVE_INIT, &ioc); - if (rc) { - printf("EINIT failed rc=%d\n", rc); - goto out_map; - } + TEST_ASSERT(!rc, "EINIT failed rc=%d, errno=%s.\n", rc, strerror(errno)); addr = mmap((void *)secs->base, PAGE_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, dev_fd, 0); - if (addr == MAP_FAILED) { - fprintf(stderr, "mmap() failed on TCS, errno=%d.\n", errno); - return false; - } + TEST_ASSERT(addr != MAP_FAILED, "mmap() failed on TCS: %s\n", + strerror(errno)); addr = mmap((void *)(secs->base + PAGE_SIZE), bin_size - PAGE_SIZE, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED | MAP_FIXED, dev_fd, 0); - if (addr == MAP_FAILED) { - fprintf(stderr, "mmap() failed, errno=%d.\n", errno); - return false; - } + TEST_ASSERT(addr != MAP_FAILED, "mmap() failed on REG page: %s\n", + strerror(errno)); close(dev_fd); - return true; -out_map: - munmap((void *)secs->base, secs->size); -out_dev_fd: - close(dev_fd); - return false; } -bool get_file_size(const char *path, off_t *bin_size) +off_t get_file_size(const char *path) { struct stat sb; int ret; ret = stat(path, &sb); - if (ret) { - perror("stat"); - return false; - } - - if (!sb.st_size || sb.st_size & 0xfff) { - fprintf(stderr, "Invalid blob size %lu\n", sb.st_size); - return false; - } - - *bin_size = sb.st_size; - return true; + TEST_ASSERT(!ret, "stat() %s failed: %s\n", path, strerror(errno)); + + TEST_ASSERT(sb.st_size && !(sb.st_size & 0xfff), + "Invalid blob size: %llu", sb.st_size); + + return sb.st_size; } -bool encl_data_map(const char *path, void **bin, off_t *bin_size) +void *encl_data_map(const char *path, off_t *bin_size) { + void *bin; int fd; fd = open(path, O_RDONLY); - if (fd == -1) { - fprintf(stderr, "open() %s failed, errno=%d.\n", path, errno); - return false; - } + TEST_ASSERT(fd >= 0, "open() %s failed: %s\n", path, strerror(errno)); - if (!get_file_size(path, bin_size)) - goto err_out; + *bin_size = get_file_size(path); - *bin = mmap(NULL, *bin_size, PROT_READ, MAP_PRIVATE, fd, 0); - if (*bin == MAP_FAILED) { - fprintf(stderr, "mmap() %s failed, errno=%d.\n", path, errno); - goto err_out; - } + bin = mmap(NULL, *bin_size, PROT_READ, MAP_PRIVATE, fd, 0); + TEST_ASSERT(bin != MAP_FAILED, "mmap() %s failed: %s\n", + path, strerror(errno)); close(fd); - return true; - -err_out: - close(fd); - return false; + return bin; } -bool load_sigstruct(const char *path, void *sigstruct) +void load_sigstruct(const char *path, struct sgx_sigstruct *sigstruct) { + ssize_t nr_read; int fd; fd = open(path, O_RDONLY); - if (fd == -1) { - fprintf(stderr, "open() %s failed, errno=%d.\n", path, errno); - return false; - } - - if (read(fd, sigstruct, sizeof(struct sgx_sigstruct)) != - sizeof(struct sgx_sigstruct)) { - fprintf(stderr, "read() %s failed, errno=%d.\n", path, errno); - close(fd); - return false; - } + TEST_ASSERT(fd >= 0, "open() %s failed: %s\n", path, strerror(errno)); + + nr_read = read(fd, sigstruct, sizeof(struct sgx_sigstruct)); + TEST_ASSERT(nr_read == sizeof(struct sgx_sigstruct), + "read() %s failed: %s\n", path, strerror(errno)); close(fd); - return true; } int sgx_call(void *rdi, void *rsi, long rdx, void *rcx, void *r8, void *r9, @@ -365,28 +318,23 @@ int main(int argc, char *argv[], char *envp[]) void *bin; void *addr; - if (!encl_data_map("encl.bin", &bin, &bin_size)) - exit(1); + bin = encl_data_map("encl.bin", &bin_size); - if (!load_sigstruct("encl.ss", &sigstruct)) - exit(1); + load_sigstruct("encl.ss", &sigstruct); memset(&exception, 0, sizeof(exception)); addr = vdso_get_base_addr(); - if (!addr) - exit(1); + ASSERT_NE(addr, NULL); - if (!vdso_get_symtab(addr, &symtab)) - exit(1); + vdso_get_symtab(addr, &symtab); eenter_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave"); - if (!eenter_sym) - exit(1); + ASSERT_NE(eenter_sym, NULL); + eenter = addr + eenter_sym->st_value; - if (!encl_build(&secs, bin, bin_size, &sigstruct)) - exit(1); + encl_build(&secs, bin, bin_size, &sigstruct); sgx_call((void *)&MAGIC, &result, 0, NULL, NULL, NULL, (void *)secs.base, &exception, NULL); From patchwork Tue Oct 8 04:46:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178795 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8AE791709 for ; Tue, 8 Oct 2019 04:46:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 6973720679 for ; Tue, 8 Oct 2019 04:46:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729613AbfJHEqS (ORCPT ); Tue, 8 Oct 2019 00:46:18 -0400 Received: from mga11.intel.com ([192.55.52.93]:8175 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729585AbfJHEqS (ORCPT ); Tue, 8 Oct 2019 00:46:18 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566521" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:17 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 11/16] selftests/x86/sgx: Sanitize the types for sgx_call()'s input params Date: Mon, 7 Oct 2019 21:46:08 -0700 Message-Id: <20191008044613.12350-12-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Declare the unused registers for sgx_call() a 'long' instead of 'void *' and add a comment to explain that @rdi and @rsi are declared as 'void *' only because they're always used to pass pointers. Since the registers are pass-through values, 'long' is the more intuitive declaration. Signed-off-by: Sean Christopherson --- tools/testing/selftests/x86/sgx/main.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/x86/sgx/main.c b/tools/testing/selftests/x86/sgx/main.c index 5b7575a948ba..b7b32cf144f4 100644 --- a/tools/testing/selftests/x86/sgx/main.c +++ b/tools/testing/selftests/x86/sgx/main.c @@ -303,7 +303,8 @@ void load_sigstruct(const char *path, struct sgx_sigstruct *sigstruct) close(fd); } -int sgx_call(void *rdi, void *rsi, long rdx, void *rcx, void *r8, void *r9, +/* Declare RDI and RSI as 'void *', they're always used to pass pointers. */ +int sgx_call(void *rdi, void *rsi, long rdx, long rcx, long r8, long r9, void *tcs, struct sgx_enclave_exception *ei, void *cb); int main(int argc, char *argv[], char *envp[]) @@ -336,8 +337,8 @@ int main(int argc, char *argv[], char *envp[]) encl_build(&secs, bin, bin_size, &sigstruct); - sgx_call((void *)&MAGIC, &result, 0, NULL, NULL, NULL, - (void *)secs.base, &exception, NULL); + sgx_call((void *)&MAGIC, &result, 0, 0, 0, 0, (void *)secs.base, + &exception, NULL); ASSERT_EQ(result, MAGIC); From patchwork Tue Oct 8 04:46:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178793 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5F92917D4 for ; Tue, 8 Oct 2019 04:46:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3E4AB20679 for ; Tue, 8 Oct 2019 04:46:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729624AbfJHEqS (ORCPT ); Tue, 8 Oct 2019 00:46:18 -0400 Received: from mga11.intel.com ([192.55.52.93]:8176 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729613AbfJHEqR (ORCPT ); Tue, 8 Oct 2019 00:46:17 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566524" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:17 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 12/16] selftests/x86/sgx: Move existing sub-test to a separate helper Date: Mon, 7 Oct 2019 21:46:09 -0700 Message-Id: <20191008044613.12350-13-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Move the basic test of running the enclave using the vDSO to a separate helper in preparation for introducing new sub-tests and variations on the existing test. Signed-off-by: Sean Christopherson --- tools/testing/selftests/x86/sgx/main.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/x86/sgx/main.c b/tools/testing/selftests/x86/sgx/main.c index b7b32cf144f4..93b8d7781782 100644 --- a/tools/testing/selftests/x86/sgx/main.c +++ b/tools/testing/selftests/x86/sgx/main.c @@ -307,14 +307,28 @@ void load_sigstruct(const char *path, struct sgx_sigstruct *sigstruct) int sgx_call(void *rdi, void *rsi, long rdx, long rcx, long r8, long r9, void *tcs, struct sgx_enclave_exception *ei, void *cb); -int main(int argc, char *argv[], char *envp[]) +/* + * Test the vDSO API, __vdso_sgx_enter_enclave(), without an exit handler. + */ +static void test_vdso_no_exit_handler(struct sgx_secs *secs) { struct sgx_enclave_exception exception; + uint64_t result = 0; + + memset(&exception, 0, sizeof(exception)); + + /* Verify the enclave copies MAGIC to result. */ + sgx_call((void *)&MAGIC, &result, 0, 0, 0, 0, (void *)secs->base, + &exception, NULL); + ASSERT_EQ(result, MAGIC); +} + +int main(int argc, char *argv[], char *envp[]) +{ struct sgx_sigstruct sigstruct; struct vdso_symtab symtab; Elf64_Sym *eenter_sym; struct sgx_secs secs; - uint64_t result = 0; off_t bin_size; void *bin; void *addr; @@ -323,8 +337,6 @@ int main(int argc, char *argv[], char *envp[]) load_sigstruct("encl.ss", &sigstruct); - memset(&exception, 0, sizeof(exception)); - addr = vdso_get_base_addr(); ASSERT_NE(addr, NULL); @@ -337,10 +349,7 @@ int main(int argc, char *argv[], char *envp[]) encl_build(&secs, bin, bin_size, &sigstruct); - sgx_call((void *)&MAGIC, &result, 0, 0, 0, 0, (void *)secs.base, - &exception, NULL); - - ASSERT_EQ(result, MAGIC); + test_vdso_no_exit_handler(&secs); printf("All tests passed!\n"); exit(0); From patchwork Tue Oct 8 04:46:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178797 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B5D911668 for ; Tue, 8 Oct 2019 04:46:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 948E920679 for ; Tue, 8 Oct 2019 04:46:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729585AbfJHEqS (ORCPT ); Tue, 8 Oct 2019 00:46:18 -0400 Received: from mga11.intel.com ([192.55.52.93]:8176 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729285AbfJHEqS (ORCPT ); Tue, 8 Oct 2019 00:46:18 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566527" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:17 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 13/16] selftests/x86/sgx: Add a test of the vDSO exception reporting mechanism Date: Mon, 7 Oct 2019 21:46:10 -0700 Message-Id: <20191008044613.12350-14-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Add a sub-test to verify that an exception on EENTER is correctly reported. Although the type of exception doesn't truly matter, e.g. a page fault (#PF) is no more or less interesting than a general protection fault (#GP), use an unaligned TCS to trigger a #GP to avoid errors on platforms that report EPCM related #PFs as #GPs, e.g. SGX1 systems. Suggested-by: Cedric Xing Signed-off-by: Sean Christopherson --- tools/testing/selftests/x86/sgx/defines.h | 4 ++++ tools/testing/selftests/x86/sgx/main.c | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/tools/testing/selftests/x86/sgx/defines.h b/tools/testing/selftests/x86/sgx/defines.h index 3ff73a9d9b93..ab9671b8a993 100644 --- a/tools/testing/selftests/x86/sgx/defines.h +++ b/tools/testing/selftests/x86/sgx/defines.h @@ -36,4 +36,8 @@ typedef uint64_t u64; #include "../../../../../arch/x86/kernel/cpu/sgx/arch.h" #include "../../../../../arch/x86/include/uapi/asm/sgx.h" +#define ENCLU_EENTER 2 + +#define GP_VECTOR 13 + #endif /* TYPES_H */ diff --git a/tools/testing/selftests/x86/sgx/main.c b/tools/testing/selftests/x86/sgx/main.c index 93b8d7781782..2676570493f2 100644 --- a/tools/testing/selftests/x86/sgx/main.c +++ b/tools/testing/selftests/x86/sgx/main.c @@ -321,6 +321,12 @@ static void test_vdso_no_exit_handler(struct sgx_secs *secs) sgx_call((void *)&MAGIC, &result, 0, 0, 0, 0, (void *)secs->base, &exception, NULL); ASSERT_EQ(result, MAGIC); + + /* Verify a #GP is reported if the TCS isn't 4k aligned. */ + sgx_call((void *)&MAGIC, &result, 0, 0, 0, 0, + (void *)(secs->base | 0xfff), &exception, NULL); + ASSERT_EQ(exception.trapnr, GP_VECTOR); + ASSERT_EQ(exception.leaf, ENCLU_EENTER); } int main(int argc, char *argv[], char *envp[]) From patchwork Tue Oct 8 04:46:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178799 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 67DCF1709 for ; Tue, 8 Oct 2019 04:46:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4688A206C2 for ; Tue, 8 Oct 2019 04:46:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729647AbfJHEqT (ORCPT ); Tue, 8 Oct 2019 00:46:19 -0400 Received: from mga11.intel.com ([192.55.52.93]:8177 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729285AbfJHEqS (ORCPT ); Tue, 8 Oct 2019 00:46:18 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566530" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:18 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 14/16] selftests/x86/sgx: Add test of vDSO with basic exit handler Date: Mon, 7 Oct 2019 21:46:11 -0700 Message-Id: <20191008044613.12350-15-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Add a test to verify that nothing explodes when using an exit handler to control the flow of the vDSO. Suggested-by: Suggested-by: Cedric Xing Signed-off-by: Sean Christopherson --- tools/testing/selftests/x86/sgx/main.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tools/testing/selftests/x86/sgx/main.c b/tools/testing/selftests/x86/sgx/main.c index 2676570493f2..ae1822b10c6f 100644 --- a/tools/testing/selftests/x86/sgx/main.c +++ b/tools/testing/selftests/x86/sgx/main.c @@ -329,6 +329,31 @@ static void test_vdso_no_exit_handler(struct sgx_secs *secs) ASSERT_EQ(exception.leaf, ENCLU_EENTER); } +static int basic_exit_handler(long rdi, long rsi, long rdx, int ret, + long r8, long r9, void *tcs, long ursp, + struct sgx_enclave_exception *e) +{ + ASSERT_EQ(ret, 0); + return 0; +} + +/* + * Test the vDSO API, __vdso_sgx_enter_enclave(), with an exit handler. + */ +static void test_vdso_with_exit_handler(struct sgx_secs *secs) +{ + struct sgx_enclave_exception exception; + uint64_t result = 0; + long ret; + + memset(&exception, 0, sizeof(exception)); + + ret = sgx_call((void *)&MAGIC, &result, 0, 0, 0, 0, (void *)secs->base, + &exception, basic_exit_handler); + ASSERT_EQ(ret, 0); + ASSERT_EQ(result, MAGIC); +} + int main(int argc, char *argv[], char *envp[]) { struct sgx_sigstruct sigstruct; @@ -356,6 +381,7 @@ int main(int argc, char *argv[], char *envp[]) encl_build(&secs, bin, bin_size, &sigstruct); test_vdso_no_exit_handler(&secs); + test_vdso_with_exit_handler(&secs); printf("All tests passed!\n"); exit(0); From patchwork Tue Oct 8 04:46:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178801 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 894751668 for ; Tue, 8 Oct 2019 04:46:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 71D342084D for ; Tue, 8 Oct 2019 04:46:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729650AbfJHEqT (ORCPT ); Tue, 8 Oct 2019 00:46:19 -0400 Received: from mga11.intel.com ([192.55.52.93]:8177 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729638AbfJHEqT (ORCPT ); Tue, 8 Oct 2019 00:46:19 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566533" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:18 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 15/16] selftests/x86/sgx: Add sub-test for exception behavior with exit handler Date: Mon, 7 Oct 2019 21:46:12 -0700 Message-Id: <20191008044613.12350-16-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Add a test to verify the kernel and vDSO provide the correct exception info when using an exit handler, e.g. leaf, trapnr and error_code, and that the vDSO correctly interprets the return from the exit handler. To do so, change the enclave's protections to read-only and iteratively fix the faults encountered, with various assertions along the way, e.g. the first fault should always be a !writable fault on the TCS, at least three total faults should occur, etc... Suggested-by: Cedric Xing Signed-off-by: Sean Christopherson --- tools/testing/selftests/x86/sgx/defines.h | 2 + tools/testing/selftests/x86/sgx/main.c | 87 ++++++++++++++++++++++- 2 files changed, 87 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/x86/sgx/defines.h b/tools/testing/selftests/x86/sgx/defines.h index ab9671b8a993..199a830e198a 100644 --- a/tools/testing/selftests/x86/sgx/defines.h +++ b/tools/testing/selftests/x86/sgx/defines.h @@ -37,7 +37,9 @@ typedef uint64_t u64; #include "../../../../../arch/x86/include/uapi/asm/sgx.h" #define ENCLU_EENTER 2 +#define ENCLU_ERESUME 3 #define GP_VECTOR 13 +#define PF_VECTOR 14 #endif /* TYPES_H */ diff --git a/tools/testing/selftests/x86/sgx/main.c b/tools/testing/selftests/x86/sgx/main.c index ae1822b10c6f..8c3f0cd41098 100644 --- a/tools/testing/selftests/x86/sgx/main.c +++ b/tools/testing/selftests/x86/sgx/main.c @@ -337,14 +337,58 @@ static int basic_exit_handler(long rdi, long rsi, long rdx, int ret, return 0; } +static int nr_page_faults; + +static int mprotect_exit_handler(long rdi, long rsi, long rdx, int ret, + long r8, long r9, void *tcs, long ursp, + struct sgx_enclave_exception *e) +{ + int prot, rc; + + if (!ret) + return 0; + + ++nr_page_faults; + + ASSERT_EQ(ret, -EFAULT); + ASSERT_EQ(e->trapnr, PF_VECTOR); + TEST_ASSERT(e->leaf == ENCLU_EENTER || e->leaf == ENCLU_ERESUME, + "Expected #PF on EENTER or ERESUME, leaf = %d\n", e->leaf); + TEST_ASSERT(e->error_code & 1, "Unexpected !PRESENT #PF"); + + /* The first #PF should be on the TCS, passed in via R9. */ + if (nr_page_faults == 1) + ASSERT_EQ(r9, (e->address & ~0xfff)); + + prot = PROT_READ; + if (e->error_code & 0x2) + prot |= PROT_WRITE; + if (e->error_code & 0x10) + prot |= PROT_EXEC; + rc = mprotect((void *)(e->address & ~0xfff), PAGE_SIZE, prot); + ASSERT_EQ(rc, 0); + + /* + * If EENTER faulted, bounce all the way back to the test to verify + * the vDSO is handling the return value correctly. + */ + if (e->leaf == ENCLU_EENTER) + return -EAGAIN; + + /* Else ERESUME faulted, simply do ERESUME again. */ + return e->leaf; +} + /* * Test the vDSO API, __vdso_sgx_enter_enclave(), with an exit handler. */ -static void test_vdso_with_exit_handler(struct sgx_secs *secs) +static void test_vdso_with_exit_handler(struct sgx_secs *secs, + unsigned long encl_size) { struct sgx_enclave_exception exception; uint64_t result = 0; long ret; + int r; memset(&exception, 0, sizeof(exception)); @@ -352,6 +396,45 @@ static void test_vdso_with_exit_handler(struct sgx_secs *secs) &exception, basic_exit_handler); ASSERT_EQ(ret, 0); ASSERT_EQ(result, MAGIC); + + /* + * Map the enclave read-only, then re-enter the enclave. The exit + * handler will service the resulting page faults using mprotect() to + * restore the correct permissions. + */ + r = mprotect((void *)secs->base, encl_size, PROT_READ); + TEST_ASSERT(!r, "mprotect() on enclave failed: %s\n", strerror(errno)); + + + /* Loop on EENTER until it succeeds or it fails unexpectedly. */ + result = 0; + do { + /* + * Pass the address of the TCS to the exit handler via R9. + * The first page fault should be on the TCS and R9 should + * not be modified prior to entering the enclave (which + * requires an accessible TCS page). + */ + ret = sgx_call((void *)&MAGIC, &result, 0, 0, 0, secs->base, + (void *)secs->base, &exception, + mprotect_exit_handler); + } while (ret == -EAGAIN); + ASSERT_EQ(ret, 0); + ASSERT_EQ(result, MAGIC); + + /* Enclave should re-execute cleanly. */ + result = 0; + ret = sgx_call((void *)&MAGIC, &result, 0, 0, 0, 0, (void *)secs->base, + &exception, basic_exit_handler); + ASSERT_EQ(ret, 0); + ASSERT_EQ(result, MAGIC); + + /* + * At least three faults should occur: one for the TCS, one for the + * executable code, and one for the writable data (@result). + */ + TEST_ASSERT(nr_page_faults >= 3, "Expected 3+ page faults, only hit %d", + nr_page_faults); } int main(int argc, char *argv[], char *envp[]) @@ -381,7 +464,7 @@ int main(int argc, char *argv[], char *envp[]) encl_build(&secs, bin, bin_size, &sigstruct); test_vdso_no_exit_handler(&secs); - test_vdso_with_exit_handler(&secs); + test_vdso_with_exit_handler(&secs, bin_size); printf("All tests passed!\n"); exit(0); From patchwork Tue Oct 8 04:46:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11178803 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B752E18B7 for ; Tue, 8 Oct 2019 04:46:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 95E982084D for ; Tue, 8 Oct 2019 04:46:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729638AbfJHEqT (ORCPT ); Tue, 8 Oct 2019 00:46:19 -0400 Received: from mga11.intel.com ([192.55.52.93]:8177 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729285AbfJHEqT (ORCPT ); Tue, 8 Oct 2019 00:46:19 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 21:46:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,269,1566889200"; d="scan'208";a="206566537" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by fmsmga001.fm.intel.com with ESMTP; 07 Oct 2019 21:46:18 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org Subject: [PATCH for_v23 16/16] x86/vdso: sgx: Rework __vdso_sgx_enter_enclave() to prefer "no callback" Date: Mon, 7 Oct 2019 21:46:13 -0700 Message-Id: <20191008044613.12350-17-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20191008044613.12350-1-sean.j.christopherson@intel.com> References: <20191008044613.12350-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Rework __vdso_sgx_enter_enclave() to prioritize the flow where userspace is not providing a callback, which is the preferred method of operation. Using a callback requires a retpoline, and the only known motivation for employing a callback is to allow the enclave to muck with the stack of the untrusted runtime. Opportunistically replace the majority of the local labels with local symbol names to improve the readability of the code. Signed-off-by: Sean Christopherson --- arch/x86/entry/vdso/vsgx_enter_enclave.S | 120 ++++++++++++++--------- 1 file changed, 71 insertions(+), 49 deletions(-) diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S index de54e47c83f4..fc5622dcd2fa 100644 --- a/arch/x86/entry/vdso/vsgx_enter_enclave.S +++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S @@ -85,75 +85,97 @@ ENTRY(__vdso_sgx_enter_enclave) mov %rsp, %rbp .cfi_def_cfa_register %rbp -1: /* EENTER <= leaf <= ERESUME */ +.Lenter_enclave: + /* EENTER <= leaf <= ERESUME */ cmp $0x2, %eax - jb 6f + jb .Linvalid_leaf cmp $0x3, %eax - ja 6f + ja .Linvalid_leaf /* Load TCS and AEP */ mov 0x10(%rbp), %rbx - lea 2f(%rip), %rcx + lea .Lasync_exit_pointer(%rip), %rcx /* Single ENCLU serving as both EENTER and AEP (ERESUME) */ -2: enclu +.Lasync_exit_pointer: +.Lenclu_eenter_eresume: + enclu - /* EEXIT path */ + /* EEXIT jumps here unless the enclave is doing something fancy. */ xor %eax, %eax -3: mov %eax, %ecx - - /* Call the exit handler if supplied */ - mov 0x20(%rbp), %rax - test %rax, %rax - jz 7f - /* Align stack per x86_64 ABI. The original %rsp is saved in %rbx to be - * restored after the exit handler returns. */ + + /* Invoke userspace's exit handler if one was provided. */ +.Lhandle_exit: + cmp $0, 0x20(%rbp) + jne .Linvoke_userspace_handler + +.Lout: + leave + .cfi_def_cfa %rsp, 8 + ret + +.Linvalid_leaf: + mov $(-EINVAL), %eax + jmp .Lout + +.Lhandle_exception: + mov 0x18(%rbp), %rcx + test %rcx, %rcx + je .Lskip_exception_info + + /* Fill optional exception info. */ + mov %eax, EX_LEAF(%rcx) + mov %di, EX_TRAPNR(%rcx) + mov %si, EX_ERROR_CODE(%rcx) + mov %rdx, EX_ADDRESS(%rcx) +.Lskip_exception_info: + mov $(-EFAULT), %eax + jmp .Lhandle_exit + +.Linvoke_userspace_handler: + /* + * Align stack per x86_64 ABI. Save the original %rsp in %rbx to be + * restored after the callback returns. + */ mov %rsp, %rbx and $-0x10, %rsp - /* Clear RFLAGS.DF per x86_64 ABI */ - cld - /* Parameters for the exit handler */ + + /* Push @e, u_rsp and @tcs as parameters to the callback. */ push 0x18(%rbp) push %rbx push 0x10(%rbp) - /* Call *%rax via retpoline */ - call 40f - /* Restore %rsp to its original value left off by the enclave from last - * exit */ + + /* Pass the "return" value to the callback via %rcx. */ + mov %eax, %ecx + + /* Clear RFLAGS.DF per x86_64 ABI */ + cld + + /* Load the callback pointer to %rax and invoke it via retpoline. */ + mov 0x20(%rbp), %rax + call .Lretpoline + + /* Restore %rsp to its post-exit value. */ mov %rbx, %rsp - /* Positive return value from the exit handler will be interpreted as - * an ENCLU leaf, while a non-positive value will be interpreted as the - * return value to be passed back to the caller. */ - jmp 1b -40: /* retpoline */ - call 42f -41: pause - lfence - jmp 41b -42: mov %rax, (%rsp) - ret -5: /* Exception path */ - mov 0x18(%rbp), %rcx - jrcxz 52f - mov %eax, EX_LEAF(%rcx) - mov %di, EX_TRAPNR(%rcx) - mov %si, EX_ERROR_CODE(%rcx) - mov %rdx, EX_ADDRESS(%rcx) -52: mov $-EFAULT, %eax - jmp 3b - -6: /* Unsupported ENCLU leaf */ + /* + * If the return from callback is zero or negative, return immediately, + * else re-execute ENCLU with the postive return value interpreted as + * the requested ENCLU leaf. + */ cmp $0, %eax - jle 7f - mov $-EINVAL, %eax + jle .Lout + jmp .Lenter_enclave -7: /* Epilog */ - leave - .cfi_def_cfa %rsp, 8 +.Lretpoline: + call 2f +1: pause + lfence + jmp 1b +2: mov %rax, (%rsp) ret .cfi_endproc -_ASM_VDSO_EXTABLE_HANDLE(2b, 5b) +_ASM_VDSO_EXTABLE_HANDLE(.Lenclu_eenter_eresume, .Lhandle_exception) ENDPROC(__vdso_sgx_enter_enclave)