From 8428090ee6bc8ff48718ce9481a71b1068913dff Mon Sep 17 00:00:00 2001 From: Raoul Strackx Date: Wed, 22 Feb 2023 13:29:12 +0100 Subject: [PATCH] Fix run-make LVI tests --- .../cc_plus_one_asm.checks | 5 ++- .../jumpto.checks | 22 +++++++++++-- .../print.checks | 1 - .../x86_64-fortanix-unknown-sgx-lvi/script.sh | 33 +++++++++---------- 4 files changed, 37 insertions(+), 24 deletions(-) diff --git a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks index e839c200bbb9..af9bc8c1d62e 100644 --- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks +++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks @@ -1,8 +1,7 @@ CHECK: cc_plus_one_asm CHECK-NEXT: movl CHECK-NEXT: lfence -CHECK-NEXT: inc -CHECK-NEXT: notq (%rsp) -CHECK-NEXT: notq (%rsp) +CHECK-NEXT: incl +CHECK-NEXT: shlq $0, (%rsp) CHECK-NEXT: lfence CHECK-NEXT: retq diff --git a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks index 15211e3ade79..885bf461bf3d 100644 --- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks +++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks @@ -1,8 +1,24 @@ -CHECK: libunwind::Registers_x86_64::jumpto +CHECK: __libunwind_Registers_x86_64_jumpto CHECK: lfence CHECK: lfence CHECK: lfence CHECK: lfence -CHECK: shlq $0, (%rsp) +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK: lfence +CHECK-NEXT: popq [[REGISTER:%[a-z]+]] CHECK-NEXT: lfence -CHECK-NEXT: retq +CHECK-NEXT: popq [[REGISTER:%[a-z]+]] +CHECK-NEXT: lfence +CHECK-NEXT: jmpq *[[REGISTER]] diff --git a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks index 0fe88141b247..8a5493650a72 100644 --- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks +++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks @@ -2,6 +2,5 @@ CHECK: print CHECK: lfence CHECK: lfence CHECK: lfence -CHECK: popq CHECK: callq 0x{{[[:xdigit:]]*}} <_Unwind_Resume> CHECK-NEXT: ud2 diff --git a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh index 944343df6e58..235bb603b842 100644 --- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh +++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh @@ -20,39 +20,38 @@ function build { } function check { - local func=$1 + local func_re="$1" local checks="${TEST_DIR}/$2" local asm=$(mktemp) - local objdump="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/llvm-objdump" - local filecheck="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/FileCheck" + local objdump="${LLVM_BIN_DIR}/llvm-objdump" + local filecheck="${LLVM_BIN_DIR}/FileCheck" + local enclave=${WORK_DIR}/enclave/target/x86_64-fortanix-unknown-sgx/debug/enclave - ${objdump} --disassemble-symbols=${func} --demangle \ - ${WORK_DIR}/enclave/target/x86_64-fortanix-unknown-sgx/debug/enclave > ${asm} + func="$(${objdump} --syms --demangle ${enclave} | \ + grep --only-matching -E "[[:blank:]]+${func_re}\$" | \ + sed -e 's/^[[:space:]]*//' )" + ${objdump} --disassemble-symbols="${func}" --demangle \ + ${enclave} > ${asm} ${filecheck} --input-file ${asm} ${checks} } build -check unw_getcontext unw_getcontext.checks -check "libunwind::Registers_x86_64::jumpto()" jumpto.checks -check "std::io::stdio::_print::h87f0c238421c45bc" print.checks -check rust_plus_one_global_asm rust_plus_one_global_asm.checks \ - || echo "warning: module level assembly currently not hardened" +check "unw_getcontext" unw_getcontext.checks +check "__libunwind_Registers_x86_64_jumpto" jumpto.checks +check 'std::io::stdio::_print::[[:alnum:]]+' print.checks +check rust_plus_one_global_asm rust_plus_one_global_asm.checks check cc_plus_one_c cc_plus_one_c.checks check cc_plus_one_c_asm cc_plus_one_c_asm.checks check cc_plus_one_cxx cc_plus_one_cxx.checks check cc_plus_one_cxx_asm cc_plus_one_cxx_asm.checks -check cc_plus_one_asm cc_plus_one_asm.checks \ - || echo "warning: the cc crate forwards assembly files to the CC compiler." \ - "Clang uses its own integrated assembler, which does not include the LVI passes." +check cc_plus_one_asm cc_plus_one_asm.checks check cmake_plus_one_c cmake_plus_one_c.checks check cmake_plus_one_c_asm cmake_plus_one_c_asm.checks -check cmake_plus_one_c_global_asm cmake_plus_one_c_global_asm.checks \ - || echo "warning: module level assembly currently not hardened" +check cmake_plus_one_c_global_asm cmake_plus_one_c_global_asm.checks check cmake_plus_one_cxx cmake_plus_one_cxx.checks check cmake_plus_one_cxx_asm cmake_plus_one_cxx_asm.checks -check cmake_plus_one_cxx_global_asm cmake_plus_one_cxx_global_asm.checks \ - || echo "warning: module level assembly currently not hardened" +check cmake_plus_one_cxx_global_asm cmake_plus_one_cxx_global_asm.checks check cmake_plus_one_asm cmake_plus_one_asm.checks