From nobody Sun Apr 19 02:15:20 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id ABF71C433EF for ; Thu, 7 Jul 2022 18:27:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236438AbiGGS1t (ORCPT ); Thu, 7 Jul 2022 14:27:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53622 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236363AbiGGS1f (ORCPT ); Thu, 7 Jul 2022 14:27:35 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AE1375A46F; Thu, 7 Jul 2022 11:27:34 -0700 (PDT) Date: Thu, 07 Jul 2022 18:27:31 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1657218453; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HiEiUgirlymIn5gNfGYVUzdpNneI73ZHfYarZXzesPI=; b=ADnRfuJXUPM1XONW+DlGH/dcSPi3ik0vKntXivwt7jDXLs6bLq3s4qwfOMDod2XwKh5lqC 01m9QfcDexQU2bP5e5FcIMsck5+VQbZ2/FgXdteRZbSGcUk0pSm5xYsWPGgFdQcH4WxoYo 9iE3J0XTGuyLytdl0uQH6F0obt/y5CKYuMCMS+926Z8kw463B5PpJ0K6VpJcC8ghiUdV47 6id/Ec3G0AYriLKUbB9VpN7ae5hDPl88qJ+Wre24PzyEoGKW4SZ+/pggBMY1LVlfUmZjfZ LPNW5prAkMa0wqb6S2NigDL44bDS2w6Jmh0nEM/0Yh+kOgqMAHu3L2E+pbeiiA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1657218453; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HiEiUgirlymIn5gNfGYVUzdpNneI73ZHfYarZXzesPI=; b=9umk0SzxamlSjp/Um85KcyYnv9M8M37KzUHrOOatZacupK0dTAO8xo6XRJQ7nRIX2E7/zg W5JxwF6kWCuy3rDw== From: "tip-bot2 for Reinette Chatre" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/sgx] selftests/sgx: Test faulty enclave behavior Cc: Reinette Chatre , Dave Hansen , Jarkko Sakkinen , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: =?utf-8?q?=3Cfa5da30ebac108b7517194c3038b52995602b996=2E16521?= =?utf-8?q?37848=2Egit=2Ereinette=2Echatre=40intel=2Ecom=3E?= References: =?utf-8?q?=3Cfa5da30ebac108b7517194c3038b52995602b996=2E165213?= =?utf-8?q?7848=2Egit=2Ereinette=2Echatre=40intel=2Ecom=3E?= MIME-Version: 1.0 Message-ID: <165721845198.15455.883100065501082855.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the x86/sgx branch of tip: Commit-ID: 50b822e4b785948ed663c89c84e124fc8c099c9b Gitweb: https://git.kernel.org/tip/50b822e4b785948ed663c89c84e124fc8= c099c9b Author: Reinette Chatre AuthorDate: Tue, 10 May 2022 11:09:04 -07:00 Committer: Dave Hansen CommitterDate: Thu, 07 Jul 2022 10:13:04 -07:00 selftests/sgx: Test faulty enclave behavior Removing a page from an initialized enclave involves three steps: first the user requests changing the page type to SGX_PAGE_TYPE_TRIM via an ioctl(), on success the ENCLU[EACCEPT] instruction needs to be run from within the enclave to accept the page removal, finally the user requests page removal to be completed via an ioctl(). Only after acceptance (ENCLU[EACCEPT]) from within the enclave can the kernel remove the page from a running enclave. Test the behavior when the user's request to change the page type succeeds, but the ENCLU[EACCEPT] instruction is not run before the ioctl() requesting page removal is run. This should not be permitted. Signed-off-by: Reinette Chatre Signed-off-by: Dave Hansen Acked-by: Jarkko Sakkinen Link: https://lkml.kernel.org/r/fa5da30ebac108b7517194c3038b52995602b996.16= 52137848.git.reinette.chatre@intel.com --- tools/testing/selftests/sgx/main.c | 114 ++++++++++++++++++++++++++++- 1 file changed, 114 insertions(+) diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/s= gx/main.c index 8bf4364..3a82bae 100644 --- a/tools/testing/selftests/sgx/main.c +++ b/tools/testing/selftests/sgx/main.c @@ -1433,4 +1433,118 @@ TEST_F(enclave, tcs_create) munmap(addr, 3 * PAGE_SIZE); } =20 +/* + * Ensure sane behavior if user requests page removal, does not run + * EACCEPT from within enclave but still attempts to finalize page removal + * with the SGX_IOC_ENCLAVE_REMOVE_PAGES ioctl(). The latter should fail + * because the removal was not EACCEPTed from within the enclave. + */ +TEST_F(enclave, remove_added_page_no_eaccept) +{ + struct sgx_enclave_remove_pages remove_ioc; + struct encl_op_get_from_addr get_addr_op; + struct sgx_enclave_modify_types modt_ioc; + struct encl_op_put_to_addr put_addr_op; + unsigned long data_start; + int ret, errno_save; + + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadat= a)); + + memset(&self->run, 0, sizeof(self->run)); + self->run.tcs =3D self->encl.encl_base; + + /* + * Hardware (SGX2) and kernel support is needed for this test. Start + * with check that test has a chance of succeeding. + */ + memset(&modt_ioc, 0, sizeof(modt_ioc)); + ret =3D ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPES, &modt_ioc); + + if (ret =3D=3D -1) { + if (errno =3D=3D ENOTTY) + SKIP(return, + "Kernel does not support SGX_IOC_ENCLAVE_MODIFY_TYPES ioctl()"); + else if (errno =3D=3D ENODEV) + SKIP(return, "System does not support SGX2"); + } + + /* + * Invalid parameters were provided during sanity check, + * expect command to fail. + */ + EXPECT_EQ(ret, -1); + + /* + * Page that will be removed is the second data page in the .data + * segment. This forms part of the local encl_buffer within the + * enclave. + */ + data_start =3D self->encl.encl_base + + encl_get_data_offset(&self->encl) + PAGE_SIZE; + + /* + * Sanity check that page at @data_start is writable before + * removing it. + * + * Start by writing MAGIC to test page. + */ + put_addr_op.value =3D MAGIC; + put_addr_op.addr =3D data_start; + put_addr_op.header.type =3D ENCL_OP_PUT_TO_ADDRESS; + + EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0); + + EXPECT_EEXIT(&self->run); + EXPECT_EQ(self->run.exception_vector, 0); + EXPECT_EQ(self->run.exception_error_code, 0); + EXPECT_EQ(self->run.exception_addr, 0); + + /* + * Read memory that was just written to, confirming that data + * previously written (MAGIC) is present. + */ + get_addr_op.value =3D 0; + get_addr_op.addr =3D data_start; + get_addr_op.header.type =3D ENCL_OP_GET_FROM_ADDRESS; + + EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0); + + EXPECT_EQ(get_addr_op.value, MAGIC); + EXPECT_EEXIT(&self->run); + EXPECT_EQ(self->run.exception_vector, 0); + EXPECT_EQ(self->run.exception_error_code, 0); + EXPECT_EQ(self->run.exception_addr, 0); + + /* Start page removal by requesting change of page type to PT_TRIM */ + memset(&modt_ioc, 0, sizeof(modt_ioc)); + + modt_ioc.offset =3D encl_get_data_offset(&self->encl) + PAGE_SIZE; + modt_ioc.length =3D PAGE_SIZE; + modt_ioc.page_type =3D SGX_PAGE_TYPE_TRIM; + + ret =3D ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPES, &modt_ioc); + errno_save =3D ret =3D=3D -1 ? errno : 0; + + EXPECT_EQ(ret, 0); + EXPECT_EQ(errno_save, 0); + EXPECT_EQ(modt_ioc.result, 0); + EXPECT_EQ(modt_ioc.count, 4096); + + /* Skip EACCEPT */ + + /* Send final ioctl() to complete page removal */ + memset(&remove_ioc, 0, sizeof(remove_ioc)); + + remove_ioc.offset =3D encl_get_data_offset(&self->encl) + PAGE_SIZE; + remove_ioc.length =3D PAGE_SIZE; + + ret =3D ioctl(self->encl.fd, SGX_IOC_ENCLAVE_REMOVE_PAGES, &remove_ioc); + errno_save =3D ret =3D=3D -1 ? errno : 0; + + /* Operation not permitted since EACCEPT was omitted. */ + EXPECT_EQ(ret, -1); + EXPECT_EQ(errno_save, EPERM); + EXPECT_EQ(remove_ioc.count, 0); +} + TEST_HARNESS_MAIN