diff options
author | Jarkko Sakkinen | 2022-03-13 19:08:30 +0200 |
---|---|---|
committer | Jarkko Sakkinen | 2022-03-13 19:08:30 +0200 |
commit | 9b2edd347b4f5ce31365e5e64397c5ee9f2d1b62 (patch) | |
tree | 77dbf26660dc219fdc137633fda7f3c4003d9305 /0018-selftests-sgx-Add-test-for-TCS-page-permission-chang.patch | |
parent | c3aedcb42fdf3f2539141ee0fa0a3b12e247f7a6 (diff) | |
download | aur-9b2edd347b4f5ce31365e5e64397c5ee9f2d1b62.tar.gz |
Remove SGX2 selftests.
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
Diffstat (limited to '0018-selftests-sgx-Add-test-for-TCS-page-permission-chang.patch')
-rw-r--r-- | 0018-selftests-sgx-Add-test-for-TCS-page-permission-chang.patch | 108 |
1 files changed, 0 insertions, 108 deletions
diff --git a/0018-selftests-sgx-Add-test-for-TCS-page-permission-chang.patch b/0018-selftests-sgx-Add-test-for-TCS-page-permission-chang.patch deleted file mode 100644 index 0c23834714fc..000000000000 --- a/0018-selftests-sgx-Add-test-for-TCS-page-permission-chang.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 0b54ab006b8b54ffbeb8abf57ba07221c2eae035 Mon Sep 17 00:00:00 2001 -From: Reinette Chatre <reinette.chatre@intel.com> -Date: Mon, 7 Feb 2022 16:45:40 -0800 -Subject: [PATCH 18/34] selftests/sgx: Add test for TCS page permission changes - -Kernel should not allow permission changes on TCS pages. Add test to -confirm this behavior. - -Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> ---- - tools/testing/selftests/sgx/main.c | 74 ++++++++++++++++++++++++++++++ - 1 file changed, 74 insertions(+) - -diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c -index 4f348ed1dc29..1398cd1b0983 100644 ---- a/tools/testing/selftests/sgx/main.c -+++ b/tools/testing/selftests/sgx/main.c -@@ -121,6 +121,24 @@ static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name) - return NULL; - } - -+/* -+ * Return the offset in the enclave where the TCS segment can be found. -+ * The first RW segment loaded is the TCS. -+ */ -+static off_t encl_get_tcs_offset(struct encl *encl) -+{ -+ int i; -+ -+ for (i = 0; i < encl->nr_segments; i++) { -+ struct encl_segment *seg = &encl->segment_tbl[i]; -+ -+ if (i == 0 && seg->prot == (PROT_READ | PROT_WRITE)) -+ return seg->offset; -+ } -+ -+ return -1; -+} -+ - /* - * Return the offset in the enclave where the data segment can be found. - * The first RW segment loaded is the TCS, skip that to get info on the -@@ -567,6 +585,62 @@ TEST_F(enclave, pte_permissions) - EXPECT_EQ(self->run.exception_addr, 0); - } - -+/* -+ * Modifying permissions of TCS page should not be possible. -+ */ -+TEST_F(enclave, tcs_permissions) -+{ -+ struct sgx_enclave_restrict_perm ioc; -+ struct sgx_secinfo secinfo; -+ int ret, errno_save; -+ -+ ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); -+ -+ memset(&self->run, 0, sizeof(self->run)); -+ self->run.tcs = self->encl.encl_base; -+ -+ memset(&ioc, 0, sizeof(ioc)); -+ memset(&secinfo, 0, sizeof(secinfo)); -+ -+ /* -+ * Ensure kernel supports needed ioctl() and system supports needed -+ * commands. -+ */ -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS, &ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ /* -+ * Invalid parameters were provided during sanity check, -+ * expect command to fail. -+ */ -+ ASSERT_EQ(ret, -1); -+ -+ /* ret == -1 */ -+ if (errno_save == ENOTTY) -+ SKIP(return, -+ "Kernel does not support SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS ioctl()"); -+ else if (errno_save == ENODEV) -+ SKIP(return, "System does not support SGX2"); -+ -+ /* -+ * Attempt to make TCS page read-only. This is not allowed and -+ * should be prevented by the kernel. -+ */ -+ secinfo.flags = PROT_READ; -+ ioc.offset = encl_get_tcs_offset(&self->encl); -+ ioc.length = PAGE_SIZE; -+ ioc.secinfo = (unsigned long)&secinfo; -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS, &ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, -1); -+ EXPECT_EQ(errno_save, EINVAL); -+ EXPECT_EQ(ioc.result, 0); -+ EXPECT_EQ(ioc.count, 0); -+} -+ - /* - * Enclave page permission test. - * --- -2.35.1 - |