From 7d3c3fdc1d57d555c726f1caa444e9dd5a02e142 Mon Sep 17 00:00:00 2001 From: Raoul Strackx Date: Fri, 25 Sep 2020 15:13:55 +0200 Subject: [PATCH] cleaning up code --- ...4-fortanix-unknown-sgx-lvi-generic-load.rs | 1 - ...64-fortanix-unknown-sgx-lvi-generic-ret.rs | 1 - ...x-unknown-sgx-lvi-module-level-assembly.rs | 12 -------- .../enclave/foo.c | 4 +-- .../enclave/foo_cxx.cpp | 3 +- .../enclave/libcmake_foo/src/foo.c | 3 +- .../enclave/libcmake_foo/src/foo_cxx.cpp | 3 +- .../enclave/src/main.rs | 29 ++++++++++--------- .../x86_64-fortanix-unknown-sgx-lvi/script.sh | 19 +++++++----- 9 files changed, 35 insertions(+), 40 deletions(-) delete mode 100644 src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs diff --git a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs index 87ebb71dce9a..79d82cf70d38 100644 --- a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs +++ b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs @@ -15,4 +15,3 @@ pub extern fn plus_one(r: &mut u64) { // CHECK: popq [[REGISTER:%[a-z]+]] // CHECK-NEXT: lfence // CHECK-NEXT: jmpq *[[REGISTER]] - diff --git a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-ret.rs b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-ret.rs index 5ca5dd6f2728..a21ef6b75894 100644 --- a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-ret.rs +++ b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-ret.rs @@ -10,4 +10,3 @@ pub extern fn myret() {} // CHECK: popq [[REGISTER:%[a-z]+]] // CHECK-NEXT: lfence // CHECK-NEXT: jmpq *[[REGISTER]] - diff --git a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs deleted file mode 100644 index b8dc747d3b4c..000000000000 --- a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs +++ /dev/null @@ -1,12 +0,0 @@ -// Test LVI load hardening on SGX module level assembly code - -// assembly-output: emit-asm -// compile-flags: --crate-type staticlib -// only-x86_64-fortanix-unknown-sgx - -#![feature(global_asm)] - -global_asm!(".start_module_asm: - movq (%rdi), %rax - retq - .end_module_asm:" ); diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c index 971dfa9d171d..dd76d4f303a9 100644 --- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c +++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c @@ -1,4 +1,3 @@ - int cc_plus_one_c(int *arg) { return *arg + 1; } @@ -9,7 +8,8 @@ int cc_plus_one_c_asm(int *arg) { asm volatile ( " movl (%1), %0\n" " inc %0\n" " jmp 1f\n" - " retq\n" // never executed, but a shortcut to determine how the assembler deals with `ret` instructions + " retq\n" // never executed, but a shortcut to determine how + // the assembler deals with `ret` instructions "1:\n" : "=r"(value) : "r"(arg) ); diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp index 1f22c85c4cdb..ac6f64ac413d 100644 --- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp +++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp @@ -11,7 +11,8 @@ int cc_plus_one_cxx_asm(int *arg) { asm volatile ( " movl (%1), %0\n" " inc %0\n" " jmp 1f\n" - " retq\n" // never executed, but a shortcut to determine how the assembler deals with `ret` instructions + " retq\n" // never executed, but a shortcut to determine how + // the assembler deals with `ret` instructions "1:\n" : "=r"(value) : "r"(arg) ); diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c index e3a8fcdf414a..c3b731a2d509 100644 --- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c +++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c @@ -8,7 +8,8 @@ int cmake_plus_one_c_asm(int *arg) { asm volatile ( " movl (%1), %0\n" " inc %0\n" " jmp 1f\n" - " retq\n" // never executed, but a shortcut to determine how the assembler deals with `ret` instructions + " retq\n" // never executed, but a shortcut to determine how + // the assembler deals with `ret` instructions "1:\n" : "=r"(value) : "r"(arg) ); diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp index a1a7b29d8c17..824e2afebcc7 100644 --- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp +++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp @@ -11,7 +11,8 @@ int cmake_plus_one_cxx_asm(int *arg) { asm volatile ( " movl (%1), %0\n" " inc %0\n" " jmp 1f\n" - " retq\n" // never executed, but a shortcut to determine how the assembler deals with `ret` instructions + " retq\n" // never executed, but a shortcut to determine how + // the assembler deals with `ret` instructions "1:\n" : "=r"(value) : "r"(arg) ); diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs index 697ab29a59c9..8e91a8d842c6 100644 --- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs +++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs @@ -28,20 +28,21 @@ extern { fn main() { let value : u32 = 41; - + let question = "Answer to the Ultimate Question of Life, the Universe, and Everything:"; + unsafe{ - println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", rust_plus_one_global_asm(&value)); - println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_c(&value)); - println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_c_asm(&value)); - println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_cxx(&value)); - println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_cxx_asm(&value)); - println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_asm(&value)); - println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_c(&value)); - println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_c_asm(&value)); - println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_cxx(&value)); - println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_cxx_asm(&value)); - println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_c_global_asm(&value)); - println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_cxx_global_asm(&value)); - println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_asm(&value)); + println!("{}: {}!", question,rust_plus_one_global_asm(&value)); + println!("{}: {}!", question,cc_plus_one_c(&value)); + println!("{}: {}!", question,cc_plus_one_c_asm(&value)); + println!("{}: {}!", question,cc_plus_one_cxx(&value)); + println!("{}: {}!", question,cc_plus_one_cxx_asm(&value)); + println!("{}: {}!", question,cc_plus_one_asm(&value)); + println!("{}: {}!", question,cmake_plus_one_c(&value)); + println!("{}: {}!", question,cmake_plus_one_c_asm(&value)); + println!("{}: {}!", question,cmake_plus_one_cxx(&value)); + println!("{}: {}!", question,cmake_plus_one_cxx_asm(&value)); + println!("{}: {}!", question,cmake_plus_one_c_global_asm(&value)); + println!("{}: {}!", question,cmake_plus_one_cxx_global_asm(&value)); + println!("{}: {}!", question,cmake_plus_one_asm(&value)); } } diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh index ee6dc33feae6..ec93c9801607 100644 --- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh +++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh @@ -24,8 +24,9 @@ function check { local asm=$(mktemp) local objdump="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/llvm-objdump" local filecheck="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/FileCheck" - - ${objdump} --disassemble-symbols=${func} --demangle ${WORK_DIR}/enclave/target/x86_64-fortanix-unknown-sgx/debug/enclave > ${asm} + + ${objdump} --disassemble-symbols=${func} --demangle \ + ${WORK_DIR}/enclave/target/x86_64-fortanix-unknown-sgx/debug/enclave > ${asm} ${filecheck} --input-file ${asm} ${checks} } @@ -34,19 +35,23 @@ build check unw_getcontext unw_getcontext.checks check "libunwind::Registers_x86_64::jumpto()" jumpto.checks check "std::io::stdio::_print::h87f0c238421c45bc" print.checks -check rust_plus_one_global_asm rust_plus_one_global_asm.checks || echo "warning: module level assembly currently not hardened" +check rust_plus_one_global_asm rust_plus_one_global_asm.checks \ + || echo "warning: module level assembly currently not hardened" check cc_plus_one_c cc_plus_one_c.checks check cc_plus_one_c_asm cc_plus_one_c_asm.checks check cc_plus_one_cxx cc_plus_one_cxx.checks check cc_plus_one_cxx_asm cc_plus_one_cxx_asm.checks -check cc_plus_one_asm cc_plus_one_asm.checks || echo "warning: the cc crate forwards assembly files to the CC compiler.\ - Clang uses its own intergrated assembler, which does not include the LVI passes." +check cc_plus_one_asm cc_plus_one_asm.checks \ + || echo "warning: the cc crate forwards assembly files to the CC compiler." \ + "Clang uses its own intergrated assembler, which does not include the LVI passes." check cmake_plus_one_c cmake_plus_one_c.checks check cmake_plus_one_c_asm cmake_plus_one_c_asm.checks -check cmake_plus_one_c_global_asm cmake_plus_one_c_global_asm.checks || echo "warning: module level assembly currently not hardened" +check cmake_plus_one_c_global_asm cmake_plus_one_c_global_asm.checks \ + || echo "warning: module level assembly currently not hardened" check cmake_plus_one_cxx cmake_plus_one_cxx.checks check cmake_plus_one_cxx_asm cmake_plus_one_cxx_asm.checks -check cmake_plus_one_cxx_global_asm cmake_plus_one_cxx_global_asm.checks || echo "warning: module level assembly currently not hardened" +check cmake_plus_one_cxx_global_asm cmake_plus_one_cxx_global_asm.checks \ + || echo "warning: module level assembly currently not hardened" check cmake_plus_one_asm cmake_plus_one_asm.checks