Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct fortanix LVI test print function #111058

Merged
merged 2 commits into from
Jun 6, 2023
Merged

Correct fortanix LVI test print function #111058

merged 2 commits into from
Jun 6, 2023

Conversation

raoulstrackx
Copy link
Contributor

A recent change resulted in a different machine code for the print function. This caused the LVI test for this function to fail. This PR:

  • Fixes the test for the print function
  • Simplified the test a bit so future modifications are more unlikely

cc: @jethrogb

@rustbot
Copy link
Collaborator

rustbot commented May 1, 2023

r? @Mark-Simulacrum

(rustbot has picked a reviewer for you, use r? to override)

@rustbot rustbot added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label May 1, 2023
@raoulstrackx
Copy link
Contributor Author

r? @cuviper since you reviewed some (all?) of these LVI tests. Could you take a look?

@rustbot rustbot assigned cuviper and unassigned Mark-Simulacrum May 1, 2023
@jyn514 jyn514 added the A-testsuite Area: The testsuite used to check the correctness of rustc label May 2, 2023
@jyn514 jyn514 changed the title Correct LVI test print function Correct fortanix LVI test print function May 2, 2023
@raoulstrackx
Copy link
Contributor Author

Can this (tiny) PR get a review please?

@cuviper
Copy link
Member

cuviper commented May 10, 2023

I honestly have no idea how to tell if this update is correct. What exactly is this testing, and what changed to make it need an update?

@raoulstrackx
Copy link
Contributor Author

LVI is a transient execution vulnerability. It's mostly an issue for Intel SGX enclaves as its attack model is so strong. Due to LVI even very simple assembly instructions such as ret may leak potentially sensitive enclave data. To mitigate this, the compiler needs to insert various lfence operations and potentially replace instructions. The ret instruction for example is replaced with popq %r10; lfence; jmp *%r10.
There are various tests related to LVI as there may be various ways machine code can end up inside the enclave. The print.checks test that relates to this PR is basically a way to verify that the standard library itself has been compiled with LVI mitigations in place. Any other function of the standard library could have been used just as well. More specifically it checks that the retq instruction has been replaced and there is at least one more lfence it its body (so it does more than merely replace retq instructions). Previously the function ended with callq _Unwind_Resume; ud2. I'm not sure how that change got introduced, but it's orthogonal to the idea behind the test.

@jethrogb
Copy link
Contributor

jethrogb commented May 11, 2023
edited
Loading

I'm not sure how that change got introduced

We should understand this

@cuviper
Copy link
Member

cuviper commented May 19, 2023

If the main point is to avoid ret, shouldn't there be CHECK-NOT somewhere?

@raoulstrackx raoulstrackx mentioned this pull request Jun 5, 2023
Open
@raoulstrackx raoulstrackx force-pushed the raoul/fix_lvi_mitigations branch from 3d76301 to 65bd11c Compare June 5, 2023 13:21
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@raoulstrackx raoulstrackx force-pushed the raoul/fix_lvi_mitigations branch from 65bd11c to 826b526 Compare June 5, 2023 13:50
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@raoulstrackx raoulstrackx force-pushed the raoul/fix_lvi_mitigations branch from 826b526 to b35f243 Compare June 5, 2023 15:33
@cuviper
Copy link
Member

cuviper commented Jun 5, 2023

@bors r+

@bors
Copy link
Contributor

bors commented Jun 5, 2023

📌 Commit b35f243 has been approved by cuviper

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 5, 2023
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request Jun 6, 2023
@matthiaskrgr
Rollup merge of rust-lang#111058 - fortanix:raoul/fix_lvi_mitigations…
c7e1edc 
…, r=cuviper

Correct fortanix LVI test print function

A recent change resulted in a different machine code for the `print` function. This caused the LVI test for this function to fail. This PR:

- Fixes the test for the `print` function
- Simplified the test a bit so future modifications are more unlikely

cc: `@jethrogb`
@matthiaskrgr matthiaskrgr mentioned this pull request Jun 6, 2023
Closed
@matthiaskrgr matthiaskrgr mentioned this pull request Jun 6, 2023
Merged
bors added a commit to rust-lang-ci/rust that referenced this pull request Jun 6, 2023
@bors
Auto merge of rust-lang#112344 - matthiaskrgr:rollup-tswr83e, r=matth…
b2b34bd 
…iaskrgr

Rollup of 7 pull requests

Successful merges:

 - rust-lang#111058 (Correct fortanix LVI test print function)
 - rust-lang#111369 (Added custom risc32-imac for esp-espidf target)
 - rust-lang#111962 (Make GDB Python Pretty Printers loadable after spawning GDB, avoiding required `rust-gdb`)
 - rust-lang#112019 (Don't suggest changing `&self` and `&mut self` in function signature to be mutable when taking `&mut self` in closure)
 - rust-lang#112199 (Fix suggestion for matching struct with `..` on both ends)
 - rust-lang#112220 (Cleanup some `EarlyBinder::skip_binder()` -> `EarlyBinder::subst_identity()`)
 - rust-lang#112325 (diagnostics: do not suggest type name tweaks on type-inferred closure args)

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors merged commit 92327c0 into rust-lang:master Jun 6, 2023
@rustbot rustbot added this to the 1.72.0 milestone Jun 6, 2023
@workingjubilee workingjubilee added the O-SGX Target: SGX label Jul 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@cuviper cuviper

Labels
A-testsuite Area: The testsuite used to check the correctness of rustc O-SGX Target: SGX S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
Projects
None yet
Milestone
1.72.0
Development

Successfully merging this pull request may close these issues.
9 participants
@raoulstrackx @rustbot @cuviper @jethrogb @rust-log-analyzer @bors @Mark-Simulacrum @jyn514 @workingjubilee