Rollup merge of #108986 - fortanix:raoul/sync_lvi_patches, r=cuviper

sync LVI tests The LVI tests for the `x86_64-fortanix-unknown-sgx` target have gotten out of sync. LVI is still mitigated correctly, but the LVI tests need minor modifications. Other (non LVI-related) tests fail when the target applies LVI mitigations as they assume the generated code contains forbidden instructions such as `retq`. These tests are ignored for the sgx environment. cc: `@jethrogb`
2023-03-24 01:22:05 +01:00 · 2023-03-24 01:22:05 +01:00 · cfd8105f3f
commit cfd8105f3f
parent eb82a5a0c8 d69ebf7e6c
11 changed files with 47 additions and 38 deletions
--- a/tests/assembly/is_aligned.rs
+++ b/tests/assembly/is_aligned.rs
@ -1,6 +1,7 @@
 // assembly-output: emit-asm
 // min-llvm-version: 15.0
 // only-x86_64
 // ignore-sgx
 // revisions: opt-speed opt-size
 // [opt-speed] compile-flags: -Copt-level=1
 // [opt-size] compile-flags: -Copt-level=s
--- a/tests/assembly/strict_provenance.rs
+++ b/tests/assembly/strict_provenance.rs
@ -1,6 +1,7 @@
 // assembly-output: emit-asm
 // compile-flags: -Copt-level=1
 // only-x86_64
 // ignore-sgx
 // min-llvm-version: 15.0
 #![crate_type = "rlib"]
--- a/tests/assembly/x86_64-floating-point-clamp.rs
+++ b/tests/assembly/x86_64-floating-point-clamp.rs
@ -4,6 +4,7 @@
 // assembly-output: emit-asm
 // compile-flags: --crate-type=lib -O -C llvm-args=-x86-asm-syntax=intel
 // only-x86_64
 // ignore-sgx
 // CHECK-LABEL: clamp_demo:
 #[no_mangle]
--- a/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs
+++ b/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs
@ -11,7 +11,7 @@
 // CHECK: plus_one
 // CHECK: lfence
-// CHECK-NEXT: addq
+// CHECK-NEXT: incq
 // CHECK: popq [[REGISTER:%[a-z]+]]
 // CHECK-NEXT: lfence
 // CHECK-NEXT: jmpq *[[REGISTER]]
--- a/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-inline-assembly.rs
+++ b/tests/assembly/x86_64-fortanix-unknown-sgx-lvi-inline-assembly.rs
@ -10,9 +10,7 @@
 pub extern "C" fn get(ptr: *const u64) -> u64 {
    let value: u64;
    unsafe {
-        asm!(".start_inline_asm:",
+        asm!("mov {}, [{}]",
            "mov {}, [{}]",
            ".end_inline_asm:",
            out(reg) value,
            in(reg) ptr);
    }
@ -20,24 +18,17 @@ pub extern "C" fn get(ptr: *const u64) -> u64 {
 }
 // CHECK: get
-// CHECK: .start_inline_asm
+// CHECK: movq
 // CHECK-NEXT: movq
 // CHECK-NEXT: lfence
 // CHECK-NEXT: .end_inline_asm
 #[no_mangle]
 pub extern "C" fn myret() {
    unsafe {
-        asm!(
+        asm!("ret");
            ".start_myret_inline_asm:",
            "ret",
            ".end_myret_inline_asm:",
        );
    }
 }
 // CHECK: myret
-// CHECK: .start_myret_inline_asm
+// CHECK: shlq $0, (%rsp)
 // CHECK-NEXT: shlq $0, (%rsp)
 // CHECK-NEXT: lfence
 // CHECK-NEXT: retq
--- a/tests/assembly/x86_64-no-jump-tables.rs
+++ b/tests/assembly/x86_64-no-jump-tables.rs
@ -6,6 +6,7 @@
 // compile-flags: -O
 // [set] compile-flags: -Zno-jump-tables
 // only-x86_64
 // ignore-sgx
 #![crate_type = "lib"]
--- a/tests/run-make/issue-36710/Makefile
+++ b/tests/run-make/issue-36710/Makefile
@ -4,6 +4,7 @@
 # ignore-nvptx64-nvidia-cuda FIXME: can't find crate for `std`
 # ignore-musl FIXME: this makefile needs teaching how to use a musl toolchain
 #                    (see dist-i586-gnu-i586-i686-musl Dockerfile)
 # ignore-sgx
 include ../../run-make-fulldeps/tools.mk
--- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks
+++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks
@ -1,8 +1,7 @@
 CHECK: cc_plus_one_asm
 CHECK-NEXT: movl
 CHECK-NEXT: lfence
-CHECK-NEXT: inc
+CHECK-NEXT: incl
-CHECK-NEXT: notq (%rsp)
+CHECK-NEXT: shlq $0, (%rsp)
 CHECK-NEXT: notq (%rsp)
 CHECK-NEXT: lfence
 CHECK-NEXT: retq
--- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks
+++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks
@ -1,8 +1,24 @@
-CHECK: libunwind::Registers_x86_64::jumpto
+CHECK: __libunwind_Registers_x86_64_jumpto
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
-CHECK:      shlq    $0, (%rsp)
+CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
 CHECK-NEXT: lfence
-CHECK-NEXT: retq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
 CHECK-NEXT: lfence
 CHECK-NEXT: jmpq *[[REGISTER]]
--- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks
+++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks
@ -2,6 +2,5 @@ CHECK: print
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      lfence
 CHECK:      popq
 CHECK:      callq 0x{{[[:xdigit:]]*}} <_Unwind_Resume>
 CHECK-NEXT: ud2
--- a/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
+++ b/tests/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
@ -20,39 +20,38 @@ function build {
 }
 function check {
-    local func=$1
+    local func_re="$1"
    local checks="${TEST_DIR}/$2"
    local asm=$(mktemp)
-    local objdump="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/llvm-objdump"
+    local objdump="${LLVM_BIN_DIR}/llvm-objdump"
-    local filecheck="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/FileCheck"
+    local filecheck="${LLVM_BIN_DIR}/FileCheck"
    local enclave=${WORK_DIR}/enclave/target/x86_64-fortanix-unknown-sgx/debug/enclave
-    ${objdump} --disassemble-symbols=${func} --demangle \
+    func="$(${objdump} --syms --demangle ${enclave} | \
-      ${WORK_DIR}/enclave/target/x86_64-fortanix-unknown-sgx/debug/enclave > ${asm}
+            grep --only-matching -E "[[:blank:]]+${func_re}\$" | \
            sed -e 's/^[[:space:]]*//' )"
    ${objdump} --disassemble-symbols="${func}" --demangle \
      ${enclave} > ${asm}
    ${filecheck} --input-file ${asm} ${checks}
 }
 build
-check unw_getcontext unw_getcontext.checks
+check "unw_getcontext" unw_getcontext.checks
-check "libunwind::Registers_x86_64::jumpto()" jumpto.checks
+check "__libunwind_Registers_x86_64_jumpto" jumpto.checks
-check "std::io::stdio::_print::h87f0c238421c45bc" print.checks
+check 'std::io::stdio::_print::[[:alnum:]]+' print.checks
-check rust_plus_one_global_asm rust_plus_one_global_asm.checks \
+check rust_plus_one_global_asm rust_plus_one_global_asm.checks
  || echo "warning: module level assembly currently not hardened"
 check cc_plus_one_c cc_plus_one_c.checks
 check cc_plus_one_c_asm cc_plus_one_c_asm.checks
 check cc_plus_one_cxx cc_plus_one_cxx.checks
 check cc_plus_one_cxx_asm cc_plus_one_cxx_asm.checks
-check cc_plus_one_asm cc_plus_one_asm.checks \
+check cc_plus_one_asm cc_plus_one_asm.checks
  || echo "warning: the cc crate forwards assembly files to the CC compiler." \
           "Clang uses its own integrated assembler, which does not include the LVI passes."
 check cmake_plus_one_c cmake_plus_one_c.checks
 check cmake_plus_one_c_asm cmake_plus_one_c_asm.checks
-check cmake_plus_one_c_global_asm cmake_plus_one_c_global_asm.checks \
+check cmake_plus_one_c_global_asm cmake_plus_one_c_global_asm.checks
  || echo "warning: module level assembly currently not hardened"
 check cmake_plus_one_cxx cmake_plus_one_cxx.checks
 check cmake_plus_one_cxx_asm cmake_plus_one_cxx_asm.checks
-check cmake_plus_one_cxx_global_asm cmake_plus_one_cxx_global_asm.checks \
+check cmake_plus_one_cxx_global_asm cmake_plus_one_cxx_global_asm.checks
  || echo "warning: module level assembly currently not hardened"
 check cmake_plus_one_asm cmake_plus_one_asm.checks