#include <sys/types.h>
#include <sys/auxv.h>
#include "defines.h"
+#include "../kselftest_harness.h"
#include "main.h"
-#include "../kselftest.h"
static const uint64_t MAGIC = 0x1122334455667788ULL;
-vdso_sgx_enter_enclave_t eenter;
+vdso_sgx_enter_enclave_t vdso_sgx_enter_enclave;
struct vdso_symtab {
Elf64_Sym *elf_symtab;
return NULL;
}
-bool report_results(struct sgx_enclave_run *run, int ret, uint64_t result,
- const char *test)
-{
- bool valid = true;
-
- if (ret) {
- printf("FAIL: %s() returned: %d\n", test, ret);
- valid = false;
- }
-
- if (run->function != EEXIT) {
- printf("FAIL: %s() function, expected: %u, got: %u\n", test, EEXIT,
- run->function);
- valid = false;
- }
-
- if (result != MAGIC) {
- printf("FAIL: %s(), expected: 0x%lx, got: 0x%lx\n", test, MAGIC,
- result);
- valid = false;
- }
-
- if (run->user_data) {
- printf("FAIL: %s() user data, expected: 0x0, got: 0x%llx\n",
- test, run->user_data);
- valid = false;
- }
-
- return valid;
-}
-
-static int user_handler(long rdi, long rsi, long rdx, long ursp, long r8, long r9,
- struct sgx_enclave_run *run)
-{
- run->user_data = 0;
- return 0;
-}
+FIXTURE(enclave) {
+ struct encl encl;
+ struct sgx_enclave_run run;
+};
-int main(int argc, char *argv[])
+FIXTURE_SETUP(enclave)
{
- struct sgx_enclave_run run;
+ Elf64_Sym *sgx_enter_enclave_sym = NULL;
struct vdso_symtab symtab;
- Elf64_Sym *eenter_sym;
- uint64_t result = 0;
- struct encl encl;
+ struct encl_segment *seg;
+ char maps_line[256];
+ FILE *maps_file;
unsigned int i;
void *addr;
- int ret;
- memset(&run, 0, sizeof(run));
-
- if (!encl_load("test_encl.elf", &encl)) {
- encl_delete(&encl);
+ if (!encl_load("test_encl.elf", &self->encl)) {
+ encl_delete(&self->encl);
ksft_exit_skip("cannot load enclaves\n");
}
- if (!encl_measure(&encl))
+ for (i = 0; i < self->encl.nr_segments; i++) {
+ seg = &self->encl.segment_tbl[i];
+
+ TH_LOG("0x%016lx 0x%016lx 0x%02x", seg->offset, seg->size, seg->prot);
+ }
+
+ if (!encl_measure(&self->encl))
goto err;
- if (!encl_build(&encl))
+ if (!encl_build(&self->encl))
goto err;
/*
* An enclave consumer only must do this.
*/
- for (i = 0; i < encl.nr_segments; i++) {
- struct encl_segment *seg = &encl.segment_tbl[i];
-
- addr = mmap((void *)encl.encl_base + seg->offset, seg->size,
- seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0);
- if (addr == MAP_FAILED) {
- perror("mmap() segment failed");
- exit(KSFT_FAIL);
- }
+ for (i = 0; i < self->encl.nr_segments; i++) {
+ struct encl_segment *seg = &self->encl.segment_tbl[i];
+
+ addr = mmap((void *)self->encl.encl_base + seg->offset, seg->size,
+ seg->prot, MAP_SHARED | MAP_FIXED, self->encl.fd, 0);
+ EXPECT_NE(addr, MAP_FAILED);
+ if (addr == MAP_FAILED)
+ goto err;
}
- memset(&run, 0, sizeof(run));
- run.tcs = encl.encl_base;
-
/* Get vDSO base address */
addr = (void *)getauxval(AT_SYSINFO_EHDR);
if (!addr)
if (!vdso_get_symtab(addr, &symtab))
goto err;
- eenter_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave");
- if (!eenter_sym)
+ sgx_enter_enclave_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave");
+ if (!sgx_enter_enclave_sym)
goto err;
- eenter = addr + eenter_sym->st_value;
-
- ret = sgx_call_vdso((void *)&MAGIC, &result, 0, EENTER, NULL, NULL, &run);
- if (!report_results(&run, ret, result, "sgx_call_vdso"))
- goto err;
+ vdso_sgx_enter_enclave = addr + sgx_enter_enclave_sym->st_value;
+ memset(&self->run, 0, sizeof(self->run));
+ self->run.tcs = self->encl.encl_base;
- /* Invoke the vDSO directly. */
- result = 0;
- ret = eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER,
- 0, 0, &run);
- if (!report_results(&run, ret, result, "eenter"))
- goto err;
+ maps_file = fopen("/proc/self/maps", "r");
+ if (maps_file != NULL) {
+ while (fgets(maps_line, sizeof(maps_line), maps_file) != NULL) {
+ maps_line[strlen(maps_line) - 1] = '\0';
- /* And with an exit handler. */
- run.user_handler = (__u64)user_handler;
- run.user_data = 0xdeadbeef;
- ret = eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER,
- 0, 0, &run);
- if (!report_results(&run, ret, result, "user_handler"))
- goto err;
+ if (strstr(maps_line, "/dev/sgx_enclave"))
+ TH_LOG("%s", maps_line);
+ }
- printf("SUCCESS\n");
- encl_delete(&encl);
- exit(KSFT_PASS);
+ fclose(maps_file);
+ }
err:
- encl_delete(&encl);
- exit(KSFT_FAIL);
+ if (!sgx_enter_enclave_sym)
+ encl_delete(&self->encl);
+
+ ASSERT_NE(sgx_enter_enclave_sym, NULL);
+}
+
+FIXTURE_TEARDOWN(enclave)
+{
+ encl_delete(&self->encl);
+}
+
+#define ENCL_CALL(op, run, clobbered) \
+ ({ \
+ int ret; \
+ if ((clobbered)) \
+ ret = vdso_sgx_enter_enclave((unsigned long)(op), 0, 0, \
+ EENTER, 0, 0, (run)); \
+ else \
+ ret = sgx_enter_enclave((void *)(op), NULL, 0, EENTER, NULL, NULL, \
+ (run)); \
+ ret; \
+ })
+
+#define EXPECT_EEXIT(run) \
+ do { \
+ EXPECT_EQ((run)->function, EEXIT); \
+ if ((run)->function != EEXIT) \
+ TH_LOG("0x%02x 0x%02x 0x%016llx", (run)->exception_vector, \
+ (run)->exception_error_code, (run)->exception_addr); \
+ } while (0)
+
+TEST_F(enclave, unclobbered_vdso)
+{
+ struct encl_op op;
+
+ op.type = ENCL_OP_PUT;
+ op.buffer = MAGIC;
+
+ EXPECT_EQ(ENCL_CALL(&op, &self->run, false), 0);
+
+ EXPECT_EEXIT(&self->run);
+ EXPECT_EQ(self->run.user_data, 0);
+
+ op.type = ENCL_OP_GET;
+ op.buffer = 0;
+
+ EXPECT_EQ(ENCL_CALL(&op, &self->run, false), 0);
+
+ EXPECT_EQ(op.buffer, MAGIC);
+ EXPECT_EEXIT(&self->run);
+ EXPECT_EQ(self->run.user_data, 0);
+}
+
+TEST_F(enclave, clobbered_vdso)
+{
+ struct encl_op op;
+
+ op.type = ENCL_OP_PUT;
+ op.buffer = MAGIC;
+
+ EXPECT_EQ(ENCL_CALL(&op, &self->run, true), 0);
+
+ EXPECT_EEXIT(&self->run);
+ EXPECT_EQ(self->run.user_data, 0);
+
+ op.type = ENCL_OP_GET;
+ op.buffer = 0;
+
+ EXPECT_EQ(ENCL_CALL(&op, &self->run, true), 0);
+
+ EXPECT_EQ(op.buffer, MAGIC);
+ EXPECT_EEXIT(&self->run);
+ EXPECT_EQ(self->run.user_data, 0);
}
+
+static int test_handler(long rdi, long rsi, long rdx, long ursp, long r8, long r9,
+ struct sgx_enclave_run *run)
+{
+ run->user_data = 0;
+
+ return 0;
+}
+
+TEST_F(enclave, clobbered_vdso_and_user_function)
+{
+ struct encl_op op;
+
+ self->run.user_handler = (__u64)test_handler;
+ self->run.user_data = 0xdeadbeef;
+
+ op.type = ENCL_OP_PUT;
+ op.buffer = MAGIC;
+
+ EXPECT_EQ(ENCL_CALL(&op, &self->run, true), 0);
+
+ EXPECT_EEXIT(&self->run);
+ EXPECT_EQ(self->run.user_data, 0);
+
+ op.type = ENCL_OP_GET;
+ op.buffer = 0;
+
+ EXPECT_EQ(ENCL_CALL(&op, &self->run, true), 0);
+
+ EXPECT_EQ(op.buffer, MAGIC);
+ EXPECT_EEXIT(&self->run);
+ EXPECT_EQ(self->run.user_data, 0);
+}
+
+TEST_HARNESS_MAIN
#!/bin/sh
# SPDX-License-Identifier: GPL-2.0
+#
+# Test for mishandling of splice() on pseudofilesystems, which should catch
+# bugs like 11990a5bd7e5 ("module: Correctly truncate sysfs sections output")
+#
+# Since splice fallback was removed as part of the set_fs() rework, many of these
+# tests expect to fail now. See https://lore.kernel.org/lkml/202009181443.C2179FB@keescook/
set -e
+DIR=$(dirname "$0")
+
ret=0
+expect_success()
+{
+ title="$1"
+ shift
+
+ echo "" >&2
+ echo "$title ..." >&2
+
+ set +e
+ "$@"
+ rc=$?
+ set -e
+
+ case "$rc" in
+ 0)
+ echo "ok: $title succeeded" >&2
+ ;;
+ 1)
+ echo "FAIL: $title should work" >&2
+ ret=$(( ret + 1 ))
+ ;;
+ *)
+ echo "FAIL: something else went wrong" >&2
+ ret=$(( ret + 1 ))
+ ;;
+ esac
+}
+
+expect_failure()
+{
+ title="$1"
+ shift
+
+ echo "" >&2
+ echo "$title ..." >&2
+
+ set +e
+ "$@"
+ rc=$?
+ set -e
+
+ case "$rc" in
+ 0)
+ echo "FAIL: $title unexpectedly worked" >&2
+ ret=$(( ret + 1 ))
+ ;;
+ 1)
+ echo "ok: $title correctly failed" >&2
+ ;;
+ *)
+ echo "FAIL: something else went wrong" >&2
+ ret=$(( ret + 1 ))
+ ;;
+ esac
+}
+
do_splice()
{
filename="$1"
bytes="$2"
expected="$3"
+ report="$4"
- out=$(./splice_read "$filename" "$bytes" | cat)
+ out=$("$DIR"/splice_read "$filename" "$bytes" | cat)
if [ "$out" = "$expected" ] ; then
- echo "ok: $filename $bytes"
+ echo " matched $report" >&2
+ return 0
else
- echo "FAIL: $filename $bytes"
- ret=1
+ echo " no match: '$out' vs $report" >&2
+ return 1
fi
}
{
filename="$1"
+ echo " checking $filename ..." >&2
+
full=$(cat "$filename")
+ rc=$?
+ if [ $rc -ne 0 ] ; then
+ return 2
+ fi
+
two=$(echo "$full" | grep -m1 . | cut -c-2)
# Make sure full splice has the same contents as a standard read.
- do_splice "$filename" 4096 "$full"
+ echo " splicing 4096 bytes ..." >&2
+ if ! do_splice "$filename" 4096 "$full" "full read" ; then
+ return 1
+ fi
# Make sure a partial splice see the first two characters.
- do_splice "$filename" 2 "$two"
+ echo " splicing 2 bytes ..." >&2
+ if ! do_splice "$filename" 2 "$two" "'$two'" ; then
+ return 1
+ fi
+
+ return 0
}
-# proc_single_open(), seq_read()
-test_splice /proc/$$/limits
-# special open, seq_read()
-test_splice /proc/$$/comm
+### /proc/$pid/ has no splice interface; these should all fail.
+expect_failure "proc_single_open(), seq_read() splice" test_splice /proc/$$/limits
+expect_failure "special open(), seq_read() splice" test_splice /proc/$$/comm
-# proc_handler, proc_dointvec_minmax
-test_splice /proc/sys/fs/nr_open
-# proc_handler, proc_dostring
-test_splice /proc/sys/kernel/modprobe
-# proc_handler, special read
-test_splice /proc/sys/kernel/version
+### /proc/sys/ has a splice interface; these should all succeed.
+expect_success "proc_handler: proc_dointvec_minmax() splice" test_splice /proc/sys/fs/nr_open
+expect_success "proc_handler: proc_dostring() splice" test_splice /proc/sys/kernel/modprobe
+expect_success "proc_handler: special read splice" test_splice /proc/sys/kernel/version
+### /sys/ has no splice interface; these should all fail.
if ! [ -d /sys/module/test_module/sections ] ; then
- modprobe test_module
+ expect_success "test_module kernel module load" modprobe test_module
fi
-# kernfs, attr
-test_splice /sys/module/test_module/coresize
-# kernfs, binattr
-test_splice /sys/module/test_module/sections/.init.text
+expect_failure "kernfs attr splice" test_splice /sys/module/test_module/coresize
+expect_failure "kernfs binattr splice" test_splice /sys/module/test_module/sections/.init.text
exit $ret