diff options
| author | Matthias Krüger <matthias.krueger@famsik.de> | 2023-03-24 01:22:05 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-24 01:22:05 +0100 |
| commit | cfd8105f3f8a213af195f7eb2ad67824a5a872a9 (patch) | |
| tree | 3f37434a45b5c9eaf2feec835ac50fa5019ea218 /tests | |
| parent | eb82a5a0c8a6cfc9a1665d70315335102f598263 (diff) | |
| parent | d69ebf7e6cd5e19b9d64a76f8ec31ab225cf13fe (diff) | |
| download | rust-cfd8105f3f8a213af195f7eb2ad67824a5a872a9.tar.gz rust-cfd8105f3f8a213af195f7eb2ad67824a5a872a9.zip | |
Rollup merge of #108986 - fortanix:raoul/sync_lvi_patches, r=cuviper
sync LVI tests The LVI tests for the `x86_64-fortanix-unknown-sgx` target have gotten out of sync. LVI is still mitigated correctly, but the LVI tests need minor modifications. Other (non LVI-related) tests fail when the target applies LVI mitigations as they assume the generated code contains forbidden instructions such as `retq`. These tests are ignored for the sgx environment. cc: `@jethrogb`
Diffstat (limited to 'tests')
11 files changed, 48 insertions, 39 deletions
diff --git a/tests/assembly/is_aligned.rs b/tests/assembly/is_aligned.rs index 620a3da9463..148d11ee4d6 100644 --- a/tests/assembly/is_aligned.rs +++ b/tests/assembly/is_aligned.rs @@ -1,6 +1,7 @@ // assembly-output: emit-asm // min-llvm-version: 15.0 // only-x86_64 +// ignore-sgx // revisions: opt-speed opt-size // [opt-speed] compile-flags: -Copt-level=1 // [opt-size] compile-flags: -Copt-level=s diff --git a/tests/assembly/strict_provenance.rs b/tests/assembly/strict_provenance.rs index 01f1957d5f6..24a7c6b5bf1 100644 --- a/tests/assembly/strict_provenance.rs +++ b/tests/assembly/strict_provenance.rs @@ -1,6 +1,7 @@ // assembly-output: emit-asm // compile-flags: -Copt-level=1 // only-x86_64 +// ignore-sgx // min-llvm-version: 15.0 #![crate_type = "rlib"] diff --git a/tests/assembly/x86_64-floating-point-clamp.rs b/tests/assembly/x86_64-floating-point-clamp.rs index 0f3b465d08d..0bc6baad479 100644 --- a/tests/assembly/x86_64-floating-point-clamp.rs +++ b/tests/assembly/x86_64-floating-point-clamp.rs @@ -4,6 +4,7 @@ // assembly-output: emit-asm // compile-flags: --crate-type=lib -O -C llvm-args=-x86-asm-syntax=intel // only-x86_64 +// ignore-sgx // CHECK-LABEL: clamp_demo: #[no_mangle] diff --git a/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs b/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs index 79d82cf70d3..7eb3c6948ac 100644 --- a/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs +++ b/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs @@ -11,7 +11,7 @@ pub extern fn plus_one(r: &mut u64) { // CHECK: plus_one // CHECK: lfence -// CHECK-NEXT: addq +// CHECK-NEXT: incq // CHECK: popq [[REGISTER:%[a-z]+]] // CHECK-NEXT: lfence // CHECK-NEXT: jmpq *[[REGISTER]] diff --git a/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-inline-assembly.rs b/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-inline-assembly.rs index c316379d5b1..4745ebc4fcd 100644 --- a/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-inline-assembly.rs +++ b/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-inline-assembly.rs @@ -10,9 +10,7 @@ use std::arch::asm; pub extern "C" fn get(ptr: *const u64) -> u64 { let value: u64; unsafe { - asm!(".start_inline_asm:", - "mov {}, [{}]", - ".end_inline_asm:", + asm!("mov {}, [{}]", out(reg) value, in(reg) ptr); } @@ -20,24 +18,17 @@ pub extern "C" fn get(ptr: *const u64) -> u64 { } // CHECK: get -// CHECK: .start_inline_asm -// CHECK-NEXT: movq +// CHECK: movq // CHECK-NEXT: lfence -// CHECK-NEXT: .end_inline_asm #[no_mangle] pub extern "C" fn myret() { unsafe { - asm!( - ".start_myret_inline_asm:", - "ret", - ".end_myret_inline_asm:", - ); + asm!("ret"); } } // CHECK: myret -// CHECK: .start_myret_inline_asm -// CHECK-NEXT: shlq $0, (%rsp) +// CHECK: shlq $0, (%rsp) // CHECK-NEXT: lfence // CHECK-NEXT: retq diff --git a/tests/assembly/x86_64-no-jump-tables.rs b/tests/assembly/x86_64-no-jump-tables.rs index 007c3591a4a..edf4adaad41 100644 --- a/tests/assembly/x86_64-no-jump-tables.rs +++ b/tests/assembly/x86_64-no-jump-tables.rs @@ -6,6 +6,7 @@ // compile-flags: -O // [set] compile-flags: -Zno-jump-tables // only-x86_64 +// ignore-sgx #![crate_type = "lib"] diff --git a/tests/run-make/issue-36710/Makefile b/tests/run-make/issue-36710/Makefile index d6145c07126..c6b71f5fbd4 100644 --- a/tests/run-make/issue-36710/Makefile +++ b/tests/run-make/issue-36710/Makefile @@ -4,6 +4,7 @@ # ignore-nvptx64-nvidia-cuda FIXME: can't find crate for `std` # ignore-musl FIXME: this makefile needs teaching how to use a musl toolchain # (see dist-i586-gnu-i586-i686-musl Dockerfile) +# ignore-sgx include ../../run-make-fulldeps/tools.mk diff --git a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks index e839c200bbb..af9bc8c1d62 100644 --- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks +++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks @@ -1,8 +1,7 @@ CHECK: cc_plus_one_asm CHECK-NEXT: movl CHECK-NEXT: lfence -CHECK-NEXT: inc -CHECK-NEXT: notq (%rsp) -CHECK-NEXT: notq (%rsp) +CHECK-NEXT: incl +CHECK-NEXT: shlq $0, (%rsp) CHECK-NEXT: lfence CHECK-NEXT: retq diff --git a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks index 15211e3ade7..885bf461bf3 100644 --- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks +++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks @@ -1,8 +1,24 @@ -CHECK: libunwind::Registers_x86_64::jumpto +CHECK: __libunwind_Registers_x86_64_jumpto CHECK: lfence CHECK: lfence CHECK: lfence CHECK: lfence -CHECK: shlq $0, (%rsp) +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK-NEXT: popq [[REGISTER:%[a-z]+]] +CHECK-NEXT: lfence +CHECK-NEXT: popq [[REGISTER:%[a-z]+]] CHECK-NEXT: lfence -CHECK-NEXT: retq +CHECK-NEXT: jmpq *[[REGISTER]] diff --git a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks index 0fe88141b24..8a5493650a7 100644 --- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks +++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks @@ -2,6 +2,5 @@ CHECK: print CHECK: lfence CHECK: lfence CHECK: lfence -CHECK: popq CHECK: callq 0x{{[[:xdigit:]]*}} <_Unwind_Resume> CHECK-NEXT: ud2 diff --git a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh index 944343df6e5..235bb603b84 100644 --- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh +++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh @@ -20,39 +20,38 @@ function build { } function check { - local func=$1 + local func_re="$1" local checks="${TEST_DIR}/$2" local asm=$(mktemp) - local objdump="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/llvm-objdump" - local filecheck="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/FileCheck" - - ${objdump} --disassemble-symbols=${func} --demangle \ - ${WORK_DIR}/enclave/target/x86_64-fortanix-unknown-sgx/debug/enclave > ${asm} + local objdump="${LLVM_BIN_DIR}/llvm-objdump" + local filecheck="${LLVM_BIN_DIR}/FileCheck" + local enclave=${WORK_DIR}/enclave/target/x86_64-fortanix-unknown-sgx/debug/enclave + + func="$(${objdump} --syms --demangle ${enclave} | \ + grep --only-matching -E "[[:blank:]]+${func_re}\$" | \ + sed -e 's/^[[:space:]]*//' )" + ${objdump} --disassemble-symbols="${func}" --demangle \ + ${enclave} > ${asm} ${filecheck} --input-file ${asm} ${checks} } build -check unw_getcontext unw_getcontext.checks -check "libunwind::Registers_x86_64::jumpto()" jumpto.checks -check "std::io::stdio::_print::h87f0c238421c45bc" print.checks -check rust_plus_one_global_asm rust_plus_one_global_asm.checks \ - || echo "warning: module level assembly currently not hardened" +check "unw_getcontext" unw_getcontext.checks +check "__libunwind_Registers_x86_64_jumpto" jumpto.checks +check 'std::io::stdio::_print::[[:alnum:]]+' print.checks +check rust_plus_one_global_asm rust_plus_one_global_asm.checks check cc_plus_one_c cc_plus_one_c.checks check cc_plus_one_c_asm cc_plus_one_c_asm.checks check cc_plus_one_cxx cc_plus_one_cxx.checks check cc_plus_one_cxx_asm cc_plus_one_cxx_asm.checks -check cc_plus_one_asm cc_plus_one_asm.checks \ - || echo "warning: the cc crate forwards assembly files to the CC compiler." \ - "Clang uses its own integrated assembler, which does not include the LVI passes." +check cc_plus_one_asm cc_plus_one_asm.checks check cmake_plus_one_c cmake_plus_one_c.checks check cmake_plus_one_c_asm cmake_plus_one_c_asm.checks -check cmake_plus_one_c_global_asm cmake_plus_one_c_global_asm.checks \ - || echo "warning: module level assembly currently not hardened" +check cmake_plus_one_c_global_asm cmake_plus_one_c_global_asm.checks check cmake_plus_one_cxx cmake_plus_one_cxx.checks check cmake_plus_one_cxx_asm cmake_plus_one_cxx_asm.checks -check cmake_plus_one_cxx_global_asm cmake_plus_one_cxx_global_asm.checks \ - || echo "warning: module level assembly currently not hardened" +check cmake_plus_one_cxx_global_asm cmake_plus_one_cxx_global_asm.checks check cmake_plus_one_asm cmake_plus_one_asm.checks |