selftests/sgx: Test faulty enclave behavior
commit50b822e4b7upstream. Removing a page from an initialized enclave involves three steps: first the user requests changing the page type to SGX_PAGE_TYPE_TRIM via an ioctl(), on success the ENCLU[EACCEPT] instruction needs to be run from within the enclave to accept the page removal, finally the user requests page removal to be completed via an ioctl(). Only after acceptance (ENCLU[EACCEPT]) from within the enclave can the kernel remove the page from a running enclave. Test the behavior when the user's request to change the page type succeeds, but the ENCLU[EACCEPT] instruction is not run before the ioctl() requesting page removal is run. This should not be permitted. Intel-SIG: commit50b822e4b7selftests/sgx: Test faulty enclave behavior. Backport for SGX EDMM support. Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Acked-by: Jarkko Sakkinen <jarkko@kernel.org> Link: https://lkml.kernel.org/r/fa5da30ebac108b7517194c3038b52995602b996.1652137848.git.reinette.chatre@intel.com [ Zhiquan: amend commit log ] Signed-off-by: Zhiquan Li <zhiquan1.li@intel.com>
This commit is contained in:
Reinette Chatre
Jianping Liu
parent
171486360e
commit
f736c5c370
|
|
@ -1432,4 +1432,118 @@ TEST_F(enclave, tcs_create)
|
|||
munmap(addr, 3 * PAGE_SIZE);
|
||||
}
|
||||
|
||||
/*
|
||||
* Ensure sane behavior if user requests page removal, does not run
|
||||
* EACCEPT from within enclave but still attempts to finalize page removal
|
||||
* with the SGX_IOC_ENCLAVE_REMOVE_PAGES ioctl(). The latter should fail
|
||||
* because the removal was not EACCEPTed from within the enclave.
|
||||
*/
|
||||
TEST_F(enclave, remove_added_page_no_eaccept)
|
||||
{
|
||||
struct sgx_enclave_remove_pages remove_ioc;
|
||||
struct encl_op_get_from_addr get_addr_op;
|
||||
struct sgx_enclave_modify_types modt_ioc;
|
||||
struct encl_op_put_to_addr put_addr_op;
|
||||
unsigned long data_start;
|
||||
int ret, errno_save;
|
||||
|
||||
ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata));
|
||||
|
||||
memset(&self->run, 0, sizeof(self->run));
|
||||
self->run.tcs = self->encl.encl_base;
|
||||
|
||||
/*
|
||||
* Hardware (SGX2) and kernel support is needed for this test. Start
|
||||
* with check that test has a chance of succeeding.
|
||||
*/
|
||||
memset(&modt_ioc, 0, sizeof(modt_ioc));
|
||||
ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPES, &modt_ioc);
|
||||
|
||||
if (ret == -1) {
|
||||
if (errno == ENOTTY)
|
||||
SKIP(return,
|
||||
"Kernel does not support SGX_IOC_ENCLAVE_MODIFY_TYPES ioctl()");
|
||||
else if (errno == ENODEV)
|
||||
SKIP(return, "System does not support SGX2");
|
||||
}
|
||||
|
||||
/*
|
||||
* Invalid parameters were provided during sanity check,
|
||||
* expect command to fail.
|
||||
*/
|
||||
EXPECT_EQ(ret, -1);
|
||||
|
||||
/*
|
||||
* Page that will be removed is the second data page in the .data
|
||||
* segment. This forms part of the local encl_buffer within the
|
||||
* enclave.
|
||||
*/
|
||||
data_start = self->encl.encl_base +
|
||||
encl_get_data_offset(&self->encl) + PAGE_SIZE;
|
||||
|
||||
/*
|
||||
* Sanity check that page at @data_start is writable before
|
||||
* removing it.
|
||||
*
|
||||
* Start by writing MAGIC to test page.
|
||||
*/
|
||||
put_addr_op.value = MAGIC;
|
||||
put_addr_op.addr = data_start;
|
||||
put_addr_op.header.type = ENCL_OP_PUT_TO_ADDRESS;
|
||||
|
||||
EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0);
|
||||
|
||||
EXPECT_EEXIT(&self->run);
|
||||
EXPECT_EQ(self->run.exception_vector, 0);
|
||||
EXPECT_EQ(self->run.exception_error_code, 0);
|
||||
EXPECT_EQ(self->run.exception_addr, 0);
|
||||
|
||||
/*
|
||||
* Read memory that was just written to, confirming that data
|
||||
* previously written (MAGIC) is present.
|
||||
*/
|
||||
get_addr_op.value = 0;
|
||||
get_addr_op.addr = data_start;
|
||||
get_addr_op.header.type = ENCL_OP_GET_FROM_ADDRESS;
|
||||
|
||||
EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0);
|
||||
|
||||
EXPECT_EQ(get_addr_op.value, MAGIC);
|
||||
EXPECT_EEXIT(&self->run);
|
||||
EXPECT_EQ(self->run.exception_vector, 0);
|
||||
EXPECT_EQ(self->run.exception_error_code, 0);
|
||||
EXPECT_EQ(self->run.exception_addr, 0);
|
||||
|
||||
/* Start page removal by requesting change of page type to PT_TRIM */
|
||||
memset(&modt_ioc, 0, sizeof(modt_ioc));
|
||||
|
||||
modt_ioc.offset = encl_get_data_offset(&self->encl) + PAGE_SIZE;
|
||||
modt_ioc.length = PAGE_SIZE;
|
||||
modt_ioc.page_type = SGX_PAGE_TYPE_TRIM;
|
||||
|
||||
ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPES, &modt_ioc);
|
||||
errno_save = ret == -1 ? errno : 0;
|
||||
|
||||
EXPECT_EQ(ret, 0);
|
||||
EXPECT_EQ(errno_save, 0);
|
||||
EXPECT_EQ(modt_ioc.result, 0);
|
||||
EXPECT_EQ(modt_ioc.count, 4096);
|
||||
|
||||
/* Skip EACCEPT */
|
||||
|
||||
/* Send final ioctl() to complete page removal */
|
||||
memset(&remove_ioc, 0, sizeof(remove_ioc));
|
||||
|
||||
remove_ioc.offset = encl_get_data_offset(&self->encl) + PAGE_SIZE;
|
||||
remove_ioc.length = PAGE_SIZE;
|
||||
|
||||
ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_REMOVE_PAGES, &remove_ioc);
|
||||
errno_save = ret == -1 ? errno : 0;
|
||||
|
||||
/* Operation not permitted since EACCEPT was omitted. */
|
||||
EXPECT_EQ(ret, -1);
|
||||
EXPECT_EQ(errno_save, EPERM);
|
||||
EXPECT_EQ(remove_ioc.count, 0);
|
||||
}
|
||||
|
||||
TEST_HARNESS_MAIN
|
||||
|
|
|
|||
Loading…
Reference in New Issue