Skip to content

Commit

Permalink
Rollup merge of #121683 - fortanix:raoul/lvi_fixes, r=cuviper
Browse files Browse the repository at this point in the history
Fix LVI tests after frame pointers are enabled by default

#121203 enables frame pointers by default. This affects LVI mitigations for the `x86_64-fortanix-unknown-sgx` target. LVI remained mitigated correctly, but the tests were too strict.

``@nshyrei`` , ``@jethrogb``
  • Loading branch information
matthiaskrgr authored Mar 4, 2024
2 parents 706fe0b + ede25ad commit 8886c31
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 4 deletions.
Original file line number Diff line number Diff line change
@@ -1,2 +1,7 @@
CHECK: cmake_plus_one_cxx_global_asm
CHECK: lfence
CHECK-NEXT: movl
CHECK-NEXT: lfence
CHECK-NEXT: incl
CHECK-NEXT: shlq $0x0, (%rsp)
CHECK-NEXT: lfence
CHECK-NEXT: retq
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
CHECK: print
CHECK: lfence
CHECK: popq
CHECK: popq
CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
CHECK-NEXT: lfence
CHECK-NEXT: jmpq *[[REGISTER]]
8 changes: 5 additions & 3 deletions tests/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,9 @@ function check {
${enclave} > ${asm}
${filecheck} --input-file ${asm} ${checks}

if [ "${func_re}" != "rust_plus_one_global_asm" &&
"${func_re}" != "cmake_plus_one_c_global_asm" ]; then
if [ "${func_re}" != "rust_plus_one_global_asm" ] &&
[ "${func_re}" != "cmake_plus_one_c_global_asm" ] &&
[ "${func_re}" != "cmake_plus_one_cxx_global_asm" ]; then
# The assembler cannot avoid explicit `ret` instructions. Sequences
# of `shlq $0x0, (%rsp); lfence; retq` are used instead.
# https://www.intel.com/content/www/us/en/developer/articles/technical/
Expand All @@ -48,7 +49,8 @@ build

check "unw_getcontext" unw_getcontext.checks
check "__libunwind_Registers_x86_64_jumpto" jumpto.checks
check 'std::io::stdio::_print::[[:alnum:]]+' print.checks
check 'std::io::stdio::_print::[[:alnum:]]+' print.with_frame_pointers.checks ||
check 'std::io::stdio::_print::[[:alnum:]]+' print.without_frame_pointers.checks
check rust_plus_one_global_asm rust_plus_one_global_asm.checks

check cc_plus_one_c cc_plus_one_c.checks
Expand Down

0 comments on commit 8886c31

Please sign in to comment.