Re: [PATCH] selftests/x86: Fix malformed src_offset initialization

Jethro Beekman <jethro@xxxxxxxxxxxx> · Wed, 18 Nov 2020 12:18:00 +0100

On 2020-11-18 12:11, Borislav Petkov wrote:
> On Wed, Nov 18, 2020 at 12:36:30AM +0200, Jarkko Sakkinen wrote:
>> Assign src_offset just to the p_offset, when first initialized.
>> This has been probably copy-pasting accident (at least looks like
>> it).
>>
>> Cc: Borislav Petkov <bp@xxxxxxxxx>
>> Cc: Shuah Khan <shuah@xxxxxxxxxx>
>> Cc: linux-kselftest@xxxxxxxxxxxxxxx
>> Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
>> ---
>>  tools/testing/selftests/sgx/load.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c
>> index 07988de6b767..64976f266bae 100644
>> --- a/tools/testing/selftests/sgx/load.c
>> +++ b/tools/testing/selftests/sgx/load.c
>> @@ -185,7 +185,7 @@ bool encl_load(const char *path, struct encl *encl)
>>  		}
>>  
>>  		if (j == 0) {
>> -			src_offset = (phdr->p_offset & PAGE_MASK) - src_offset;
>> +			src_offset = (phdr->p_offset & PAGE_MASK);
>>  
>>  			seg->prot = PROT_READ | PROT_WRITE;
>>  			seg->flags = SGX_PAGE_TYPE_TCS << 8;
>> -- 
> 
> Still no joy:
> 
> 0x0000000000000000 0x0000000000002000 0x03
> 0x0000000000002000 0x0000000000001000 0x05
> 0x0000000000003000 0x0000000000003000 0x03
> encl_load: encl->nr_segments: 3
> encl_load: seg2 offset: 0x3000, seg2 size: 12288
> encl_load: encl_size: 32768, src_size: 24576
> encl_map_area: encl_size: 32768
> encl_map_area: area: 0x0x7f7ec8dd8000
> encl_map_area: encl_base: 0x7f7ec8dd8000
> mapping segment 0, seg->prot: (read write )
> base: 0x7f7ec8dd8000, offset 0x0, size: 8192
> mapping segment 1, seg->prot: (read  exec)
> base: 0x7f7ec8dd8000, offset 0x2000, size: 4096
> mmap() failed, errno=1.
> mmap: Operation not permitted
> 
> That second segment is PROT_EXEC and mmap(2) manpage says:
> 
>        EPERM  The prot argument asks for PROT_EXEC but the mapped  area  belongs  to  a
>               file on a filesystem that was mounted no-exec.
> 
>        EPERM  The operation was prevented by a file seal; see fcntl(2).
> 
> I don't see fcntl() calls in the test and the fs I'm running it from is
> not mapped "no-exec":
> 
> /dev/nvme0n1p2 on / type ext4 (rw,relatime,errors=remount-ro)
> 
> so something else is missing.

Just to double check, since you didn't show the /dev mount line: that is also not mounted noexec?

--
Jethro Beekman | Fortanix

Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature