[PATCH RESEND 3/3] x86/sgx: eextend ioctl selftest

From: Raoul Strackx
Date: Wed Mar 31 2021 - 08:52:32 EST


In order to test the new eextend ioctl, the SGX selftest is modified to only partially measure the last page of segments. Most segments are larger than 4k, so the MEASURE flag for SGX_IOC_ENCLAVE_ADD_PAGE is still being tested.

Signed-off-by: Raoul Strackx <raoul.strackx@xxxxxxxxxxxx>
---
tools/testing/selftests/sgx/defines.h | 1 +
tools/testing/selftests/sgx/load.c | 55 ++++++++++++++++++++++++++++-----
tools/testing/selftests/sgx/main.h | 1 +
tools/testing/selftests/sgx/sigstruct.c | 38 +++++++++++------------
4 files changed, 67 insertions(+), 28 deletions(-)

diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h
index 592c1cc..c09550d 100644
--- a/tools/testing/selftests/sgx/defines.h
+++ b/tools/testing/selftests/sgx/defines.h
@@ -10,6 +10,7 @@

#define PAGE_SIZE 4096
#define PAGE_MASK (~(PAGE_SIZE - 1))
+#define SGX_EEXTEND_BLOCK_SIZE 256

#define __aligned(x) __attribute__((__aligned__(x)))
#define __packed __attribute__((packed))
diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c
index 9d43b75..52f0569 100644
--- a/tools/testing/selftests/sgx/load.c
+++ b/tools/testing/selftests/sgx/load.c
@@ -102,28 +102,67 @@ static bool encl_ioc_create(struct encl *encl)
static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg)
{
struct sgx_enclave_add_pages ioc;
+ struct sgx_enclave_extend ioc_extend;
struct sgx_secinfo secinfo;
+ uint64_t size_full_pages;
+ uint64_t size;
+ uint64_t chunk_offset;
int rc;

+ size_full_pages = size_fit(seg->size, SGX_EEXTEND_BLOCK_SIZE) & PAGE_MASK;
+ size = size_fit(seg->size, SGX_EEXTEND_BLOCK_SIZE);
+
memset(&secinfo, 0, sizeof(secinfo));
secinfo.flags = seg->flags;

+ // Add and extend full pages
ioc.src = (uint64_t)encl->src + seg->offset;
ioc.offset = seg->offset;
- ioc.length = seg->size;
ioc.secinfo = (unsigned long)&secinfo;
+ ioc.length = size_full_pages;
ioc.flags = SGX_PAGE_MEASURE;

- rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc);
- if (rc < 0) {
- fprintf(stderr, "SGX_IOC_ENCLAVE_ADD_PAGES failed: errno=%d.\n",
- errno);
- return false;
+ if (0 < ioc.length) {
+ rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc);
+ if (rc < 0) {
+ fprintf(stderr, "SGX_IOC_ENCLAVE_ADD_PAGES failed: errno=%d.\n",
+ errno);
+ return false;
+ }
+ }
+
+ if (size_full_pages < size) {
+ // Add last, partly measured page
+ ioc.offset = seg->offset + size_full_pages;
+ ioc.length = 0x1000;
+ ioc.flags = 0;
+
+ rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc);
+ if (rc < 0) {
+ fprintf(stderr, "SGX_IOC_ENCLAVE_ADD_PAGES failed: errno=%d.\n",
+ errno);
+ return false;
+ }
+
+ // extend chunks
+ for (chunk_offset = 0; chunk_offset < size - size_full_pages; chunk_offset += SGX_EEXTEND_BLOCK_SIZE) {
+ ioc_extend.offset = seg->offset + size_full_pages + chunk_offset;
+ rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_EXTEND, &ioc_extend);
+ if (rc < 0) {
+ fprintf(stderr, "SGX_IOC_ENCLAVE_EXTEND failed: errno=%d.\n",
+ errno);
+ return false;
+ }
+ }
}

return true;
}

+uint64_t size_fit(uint64_t size_in_bytes, uint64_t block_size) {
+ return (size_in_bytes + block_size - 1) & (~(block_size - 1));
+}
+
bool encl_load(const char *path, struct encl *encl)
{
Elf64_Phdr *phdr_tbl;
@@ -197,7 +236,7 @@ bool encl_load(const char *path, struct encl *encl)
}

seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset;
- seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK;
+ seg->size = phdr->p_filesz;

printf("0x%016lx 0x%016lx 0x%02x\n", seg->offset, seg->size,
seg->prot);
@@ -209,7 +248,7 @@ bool encl_load(const char *path, struct encl *encl)

encl->src = encl->bin + src_offset;
encl->src_size = encl->segment_tbl[j - 1].offset +
- encl->segment_tbl[j - 1].size;
+ size_fit(encl->segment_tbl[j - 1].size, PAGE_SIZE);

for (encl->encl_size = 4096; encl->encl_size < encl->src_size; )
encl->encl_size <<= 1;
diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h
index 67211a7..9d63bda 100644
--- a/tools/testing/selftests/sgx/main.h
+++ b/tools/testing/selftests/sgx/main.h
@@ -34,6 +34,7 @@ void encl_delete(struct encl *ctx);
bool encl_load(const char *path, struct encl *encl);
bool encl_measure(struct encl *encl);
bool encl_build(struct encl *encl);
+uint64_t size_fit(uint64_t size_in_bytes, uint64_t block_size);

int sgx_call_vdso(void *rdi, void *rsi, long rdx, u32 function, void *r8, void *r9,
struct sgx_enclave_run *run);
diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c
index aac9cbc..eba7c86 100644
--- a/tools/testing/selftests/sgx/sigstruct.c
+++ b/tools/testing/selftests/sgx/sigstruct.c
@@ -260,28 +260,25 @@ static bool mrenclave_eextend(EVP_MD_CTX *ctx, uint64_t offset,
const uint8_t *data)
{
struct mreextend mreextend;
- int i;

- for (i = 0; i < 0x1000; i += 0x100) {
- memset(&mreextend, 0, sizeof(mreextend));
- mreextend.tag = MREEXTEND;
- mreextend.offset = offset + i;
+ memset(&mreextend, 0, sizeof(mreextend));
+ mreextend.tag = MREEXTEND;
+ mreextend.offset = offset;

- if (!mrenclave_update(ctx, &mreextend))
- return false;
+ if (!mrenclave_update(ctx, &mreextend))
+ return false;

- if (!mrenclave_update(ctx, &data[i + 0x00]))
- return false;
+ if (!mrenclave_update(ctx, &data[0x00]))
+ return false;

- if (!mrenclave_update(ctx, &data[i + 0x40]))
- return false;
+ if (!mrenclave_update(ctx, &data[0x40]))
+ return false;

- if (!mrenclave_update(ctx, &data[i + 0x80]))
- return false;
+ if (!mrenclave_update(ctx, &data[0x80]))
+ return false;

- if (!mrenclave_update(ctx, &data[i + 0xC0]))
- return false;
- }
+ if (!mrenclave_update(ctx, &data[0xC0]))
+ return false;

return true;
}
@@ -289,12 +286,13 @@ static bool mrenclave_eextend(EVP_MD_CTX *ctx, uint64_t offset,
static bool mrenclave_segment(EVP_MD_CTX *ctx, struct encl *encl,
struct encl_segment *seg)
{
- uint64_t end = seg->offset + seg->size;
+ uint64_t end = seg->offset + size_fit(seg->size, SGX_EEXTEND_BLOCK_SIZE);
uint64_t offset;

- for (offset = seg->offset; offset < end; offset += PAGE_SIZE) {
- if (!mrenclave_eadd(ctx, offset, seg->flags))
- return false;
+ for (offset = seg->offset; offset < end; offset += SGX_EEXTEND_BLOCK_SIZE) {
+ if (offset % PAGE_SIZE == 0)
+ if (!mrenclave_eadd(ctx, offset, seg->flags))
+ return false;

if (!mrenclave_eextend(ctx, offset, encl->src + offset))
return false;
--
2.7.4