Rollup merge of #108986 - fortanix:raoul/sync_lvi_patches, r=cuviper

sync LVI tests The LVI tests for the `x86_64-fortanix-unknown-sgx` target have gotten out of sync. LVI is still mitigated correctly, but the LVI tests need minor modifications. Other (non LVI-related) tests fail when the target applies LVI mitigations as they assume the generated code contains forbidden instructions such as `retq`. These tests are ignored for the sgx environment. cc: `@jethrogb`
2023-03-24 01:22:05 +01:00 · 2023-03-24 01:22:05 +01:00 · cfd8105f3f
commit cfd8105f3f
parent eb82a5a0c8 d69ebf7e6c
11 changed files with 47 additions and 38 deletions
--- a/tests/assembly/is_aligned.rs
+++ b/tests/assembly/is_aligned.rs
@ -1,6 +1,7 @@
 // assembly-output: emit-asm
 // min-llvm-version: 15.0
 // only-x86_64
+// ignore-sgx
 // revisions: opt-speed opt-size
 // [opt-speed] compile-flags: -Copt-level=1
 // [opt-size] compile-flags: -Copt-level=s
--- a/tests/assembly/strict_provenance.rs
+++ b/tests/assembly/strict_provenance.rs
@ -1,6 +1,7 @@
 // assembly-output: emit-asm
 // compile-flags: -Copt-level=1
 // only-x86_64
+// ignore-sgx
 // min-llvm-version: 15.0
 #![crate_type = "rlib"]

--- a/tests/assembly/x86_64-floating-point-clamp.rs
+++ b/tests/assembly/x86_64-floating-point-clamp.rs
@ -4,6 +4,7 @@
 // assembly-output: emit-asm
 // compile-flags: --crate-type=lib -O -C llvm-args=-x86-asm-syntax=intel
 // only-x86_64
+// ignore-sgx

 // CHECK-LABEL: clamp_demo:
 #[no_mangle]
--- a/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs
+++ b/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs
@ -11,7 +11,7 @@

 // CHECK: plus_one
 // CHECK: lfence
-// CHECK-NEXT: addq
+// CHECK-NEXT: incq
 // CHECK: popq [[REGISTER:%[a-z]+]]
 // CHECK-NEXT: lfence
 // CHECK-NEXT: jmpq *[[REGISTER]]
--- a/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-inline-assembly.rs
+++ b/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-inline-assembly.rs
@ -10,9 +10,7 @@
 pub extern "C" fn get(ptr: *const u64) -> u64 {
    let value: u64;
    unsafe {
-        asm!(".start_inline_asm:",
-            "mov {}, [{}]",
-            ".end_inline_asm:",
+        asm!("mov {}, [{}]",
            out(reg) value,
            in(reg) ptr);
    }
@ -20,24 +18,17 @@ pub extern "C" fn get(ptr: *const u64) -> u64 {
 }

 // CHECK: get
-// CHECK: .start_inline_asm
-// CHECK-NEXT: movq
+// CHECK: movq
 // CHECK-NEXT: lfence
-// CHECK-NEXT: .end_inline_asm

 #[no_mangle]
 pub extern "C" fn myret() {
    unsafe {
-        asm!(
-            ".start_myret_inline_asm:",
-            "ret",
-            ".end_myret_inline_asm:",
-        );
+        asm!("ret");
    }
 }

 // CHECK: myret
-// CHECK: .start_myret_inline_asm
-// CHECK-NEXT: shlq $0, (%rsp)
+// CHECK: shlq $0, (%rsp)
 // CHECK-NEXT: lfence
 // CHECK-NEXT: retq
--- a/tests/assembly/x86_64-no-jump-tables.rs
+++ b/tests/assembly/x86_64-no-jump-tables.rs
@ -6,6 +6,7 @@
 // compile-flags: -O
 // [set] compile-flags: -Zno-jump-tables
 // only-x86_64
+// ignore-sgx

 #![crate_type = "lib"]

--- a/tests/run-make/issue-36710/Makefile
+++ b/tests/run-make/issue-36710/Makefile
@ -4,6 +4,7 @@
 # ignore-nvptx64-nvidia-cuda FIXME: can't find crate for `std`
 # ignore-musl FIXME: this makefile needs teaching how to use a musl toolchain
 #                    (see dist-i586-gnu-i586-i686-musl Dockerfile)
+# ignore-sgx

 include ../../run-make-fulldeps/tools.mk

--- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks
+++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks
@ -1,8 +1,7 @@
 CHECK: cc_plus_one_asm
 CHECK-NEXT: movl
 CHECK-NEXT: lfence
-CHECK-NEXT: inc
-CHECK-NEXT: notq (%rsp)
-CHECK-NEXT: notq (%rsp)
+CHECK-NEXT: incl
+CHECK-NEXT: shlq $0, (%rsp)
 CHECK-NEXT: lfence
 CHECK-NEXT: retq
--- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks
+++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks
@ -1,8 +1,24 @@
-CHECK: libunwind::Registers_x86_64::jumpto
+CHECK: __libunwind_Registers_x86_64_jumpto
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
-CHECK:      shlq    $0, (%rsp)
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
 CHECK-NEXT: lfence
-CHECK-NEXT: retq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
+CHECK-NEXT: lfence
+CHECK-NEXT: jmpq *[[REGISTER]]
--- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks
+++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks
@ -2,6 +2,5 @@ CHECK: print
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
-CHECK:      popq
 CHECK:      callq 0x{{[[:xdigit:]]*}} <_Unwind_Resume>
 CHECK-NEXT: ud2
--- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
+++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
@ -20,39 +20,38 @@ function build {
 }

 function check {
-    local func=$1
+    local func_re="$1"
    local checks="${TEST_DIR}/$2"
    local asm=$(mktemp)
-    local objdump="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/llvm-objdump"
-    local filecheck="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/FileCheck"
+    local objdump="${LLVM_BIN_DIR}/llvm-objdump"
+    local filecheck="${LLVM_BIN_DIR}/FileCheck"
+    local enclave=${WORK_DIR}/enclave/target/x86_64-fortanix-unknown-sgx/debug/enclave

-    ${objdump} --disassemble-symbols=${func} --demangle \
-      ${WORK_DIR}/enclave/target/x86_64-fortanix-unknown-sgx/debug/enclave > ${asm}
+    func="$(${objdump} --syms --demangle ${enclave} | \
+            grep --only-matching -E "[[:blank:]]+${func_re}\$" | \
+            sed -e 's/^[[:space:]]*//' )"
+    ${objdump} --disassemble-symbols="${func}" --demangle \
+      ${enclave} > ${asm}
    ${filecheck} --input-file ${asm} ${checks}
 }

 build

-check unw_getcontext unw_getcontext.checks
-check "libunwind::Registers_x86_64::jumpto()" jumpto.checks
-check "std::io::stdio::_print::h87f0c238421c45bc" print.checks
-check rust_plus_one_global_asm rust_plus_one_global_asm.checks \
-  || echo "warning: module level assembly currently not hardened"
+check "unw_getcontext" unw_getcontext.checks
+check "__libunwind_Registers_x86_64_jumpto" jumpto.checks
+check 'std::io::stdio::_print::[[:alnum:]]+' print.checks
+check rust_plus_one_global_asm rust_plus_one_global_asm.checks

 check cc_plus_one_c cc_plus_one_c.checks
 check cc_plus_one_c_asm cc_plus_one_c_asm.checks
 check cc_plus_one_cxx cc_plus_one_cxx.checks
 check cc_plus_one_cxx_asm cc_plus_one_cxx_asm.checks
-check cc_plus_one_asm cc_plus_one_asm.checks \
-  || echo "warning: the cc crate forwards assembly files to the CC compiler." \
-           "Clang uses its own integrated assembler, which does not include the LVI passes."
+check cc_plus_one_asm cc_plus_one_asm.checks

 check cmake_plus_one_c cmake_plus_one_c.checks
 check cmake_plus_one_c_asm cmake_plus_one_c_asm.checks
-check cmake_plus_one_c_global_asm cmake_plus_one_c_global_asm.checks \
-  || echo "warning: module level assembly currently not hardened"
+check cmake_plus_one_c_global_asm cmake_plus_one_c_global_asm.checks
 check cmake_plus_one_cxx cmake_plus_one_cxx.checks
 check cmake_plus_one_cxx_asm cmake_plus_one_cxx_asm.checks
-check cmake_plus_one_cxx_global_asm cmake_plus_one_cxx_global_asm.checks \
-  || echo "warning: module level assembly currently not hardened"
+check cmake_plus_one_cxx_global_asm cmake_plus_one_cxx_global_asm.checks
 check cmake_plus_one_asm cmake_plus_one_asm.checks