diff mbox series

selftests/sgx: remove checks for file execute permissions

Message ID 20210621190556.4B5DCBB1@viggo.jf.intel.com (mailing list archive)
State New, archived
Headers show
Series selftests/sgx: remove checks for file execute permissions | expand

Commit Message

Dave Hansen June 21, 2021, 7:05 p.m. UTC
The SGX selftests can fail for a bunch of non-obvious reasons
like 'noexec' permissions on /dev (which is the default *EVERYWHERE*
it seems).

A new test mistakenly also looked for +x permission on the
/dev/sgx_enclave.  File execute permissions really only apply to
the ability of execve() to work on a file, *NOT* on the ability
for an application to map the file with PROT_EXEC.  SGX needs to
mmap(PROT_EXEC), but doesn't need to execve() the device file.

Remove the check.

Fixes: 4284f7acb78b ("selftests/sgx: Improve error detection and messages")
Reported-by: Tim Gardner <tim.gardner@canonical.com>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Reinette Chatre <reinette.chatre@intel.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: linux-sgx@vger.kernel.org
Cc: linux-kselftest@vger.kernel.org
Cc: linux-kernel@vger.kernel.org

---

 b/tools/testing/selftests/sgx/load.c |   16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

Comments

Reinette Chatre June 21, 2021, 9:08 p.m. UTC | #1
Hi Dave,

On 6/21/2021 12:05 PM, Dave Hansen wrote:
> 
> The SGX selftests can fail for a bunch of non-obvious reasons
> like 'noexec' permissions on /dev (which is the default *EVERYWHERE*
> it seems).
> 
> A new test mistakenly also looked for +x permission on the
> /dev/sgx_enclave.  File execute permissions really only apply to
> the ability of execve() to work on a file, *NOT* on the ability
> for an application to map the file with PROT_EXEC.  SGX needs to
> mmap(PROT_EXEC), but doesn't need to execve() the device file.
> 
> Remove the check.
> 
> Fixes: 4284f7acb78b ("selftests/sgx: Improve error detection and messages")
> Reported-by: Tim Gardner <tim.gardner@canonical.com>
> Cc: Jarkko Sakkinen <jarkko@kernel.org>
> Cc: Reinette Chatre <reinette.chatre@intel.com>
> Cc: Dave Hansen <dave.hansen@linux.intel.com>
> Cc: Shuah Khan <shuah@kernel.org>
> Cc: linux-sgx@vger.kernel.org
> Cc: linux-kselftest@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> 

Thank you very much for fixing this. With this applied the SGX tests are 
able to run again on my system.

Tested-by: Reinette Chatre <reinette.chatre@intel.com>

I think it is missing a "Signed-off-by".

Reinette
Dave Hansen June 21, 2021, 9:18 p.m. UTC | #2
On 6/21/21 2:08 PM, Reinette Chatre wrote:
> 
> Thank you very much for fixing this. With this applied the SGX tests are
> able to run again on my system.
> 
> Tested-by: Reinette Chatre <reinette.chatre@intel.com>
> 
> I think it is missing a "Signed-off-by".

Right you are.  I think I've done this twice in a row for one-off
patches.  Sheesh.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>

If anyone wants a resend with this included, please let me know.
Jarkko Sakkinen June 23, 2021, 1:41 p.m. UTC | #3
On Mon, Jun 21, 2021 at 12:05:56PM -0700, Dave Hansen wrote:
> 
> The SGX selftests can fail for a bunch of non-obvious reasons
> like 'noexec' permissions on /dev (which is the default *EVERYWHERE*
> it seems).
> 
> A new test mistakenly also looked for +x permission on the
> /dev/sgx_enclave.  File execute permissions really only apply to
> the ability of execve() to work on a file, *NOT* on the ability
> for an application to map the file with PROT_EXEC.  SGX needs to
> mmap(PROT_EXEC), but doesn't need to execve() the device file.
> 
> Remove the check.
> 
> Fixes: 4284f7acb78b ("selftests/sgx: Improve error detection and messages")
> Reported-by: Tim Gardner <tim.gardner@canonical.com>
> Cc: Jarkko Sakkinen <jarkko@kernel.org>
> Cc: Reinette Chatre <reinette.chatre@intel.com>
> Cc: Dave Hansen <dave.hansen@linux.intel.com>
> Cc: Shuah Khan <shuah@kernel.org>
> Cc: linux-sgx@vger.kernel.org
> Cc: linux-kselftest@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> 
> ---
> 
>  b/tools/testing/selftests/sgx/load.c |   16 +++-------------
>  1 file changed, 3 insertions(+), 13 deletions(-)
> 
> diff -puN tools/testing/selftests/sgx/load.c~sgx-no-file-exec tools/testing/selftests/sgx/load.c
> --- a/tools/testing/selftests/sgx/load.c~sgx-no-file-exec	2021-06-21 11:48:25.226294281 -0700
> +++ b/tools/testing/selftests/sgx/load.c	2021-06-21 12:03:28.023292029 -0700
> @@ -150,16 +150,6 @@ bool encl_load(const char *path, struct
>  		goto err;
>  	}
>  
> -	/*
> -	 * This just checks if the /dev file has these permission
> -	 * bits set.  It does not check that the current user is
> -	 * the owner or in the owning group.
> -	 */
> -	if (!(sb.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) {
> -		fprintf(stderr, "no execute permissions on device file %s\n", device_path);
> -		goto err;
> -	}
> -
>  	ptr = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_SHARED, fd, 0);
>  	if (ptr == (void *)-1) {
>  		perror("mmap for read");
> @@ -169,13 +159,13 @@ bool encl_load(const char *path, struct
>  
>  #define ERR_MSG \
>  "mmap() succeeded for PROT_READ, but failed for PROT_EXEC.\n" \
> -" Check that current user has execute permissions on %s and \n" \
> -" that /dev does not have noexec set: mount | grep \"/dev .*noexec\"\n" \
> +" Check that /dev does not have noexec set:\n" \
> +" \tmount | grep \"/dev .*noexec\"\n" \
>  " If so, remount it executable: mount -o remount,exec /dev\n\n"
>  
>  	ptr = mmap(NULL, PAGE_SIZE, PROT_EXEC, MAP_SHARED, fd, 0);
>  	if (ptr == (void *)-1) {
> -		fprintf(stderr, ERR_MSG, device_path);
> +		fprintf(stderr, ERR_MSG);
>  		goto err;
>  	}
>  	munmap(ptr, PAGE_SIZE);
> _
> 



Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

/Jarkko
Shuah Khan June 24, 2021, 12:40 a.m. UTC | #4
On 6/21/21 3:18 PM, Dave Hansen wrote:
> On 6/21/21 2:08 PM, Reinette Chatre wrote:
>>
>> Thank you very much for fixing this. With this applied the SGX tests are
>> able to run again on my system.
>>
>> Tested-by: Reinette Chatre <reinette.chatre@intel.com>
>>
>> I think it is missing a "Signed-off-by".
> 
> Right you are.  I think I've done this twice in a row for one-off
> patches.  Sheesh.
> 
> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
> 
> If anyone wants a resend with this included, please let me know.
> 

Thanks to b4/patchwork - no need to resend. I have the signed-off-by
in the downloaded patch.

Thank you all. Now applied to linux-kselftest next for 5.14-rc1

-- Shuah
diff mbox series

Patch

diff -puN tools/testing/selftests/sgx/load.c~sgx-no-file-exec tools/testing/selftests/sgx/load.c
--- a/tools/testing/selftests/sgx/load.c~sgx-no-file-exec	2021-06-21 11:48:25.226294281 -0700
+++ b/tools/testing/selftests/sgx/load.c	2021-06-21 12:03:28.023292029 -0700
@@ -150,16 +150,6 @@  bool encl_load(const char *path, struct
 		goto err;
 	}
 
-	/*
-	 * This just checks if the /dev file has these permission
-	 * bits set.  It does not check that the current user is
-	 * the owner or in the owning group.
-	 */
-	if (!(sb.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) {
-		fprintf(stderr, "no execute permissions on device file %s\n", device_path);
-		goto err;
-	}
-
 	ptr = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_SHARED, fd, 0);
 	if (ptr == (void *)-1) {
 		perror("mmap for read");
@@ -169,13 +159,13 @@  bool encl_load(const char *path, struct
 
 #define ERR_MSG \
 "mmap() succeeded for PROT_READ, but failed for PROT_EXEC.\n" \
-" Check that current user has execute permissions on %s and \n" \
-" that /dev does not have noexec set: mount | grep \"/dev .*noexec\"\n" \
+" Check that /dev does not have noexec set:\n" \
+" \tmount | grep \"/dev .*noexec\"\n" \
 " If so, remount it executable: mount -o remount,exec /dev\n\n"
 
 	ptr = mmap(NULL, PAGE_SIZE, PROT_EXEC, MAP_SHARED, fd, 0);
 	if (ptr == (void *)-1) {
-		fprintf(stderr, ERR_MSG, device_path);
+		fprintf(stderr, ERR_MSG);
 		goto err;
 	}
 	munmap(ptr, PAGE_SIZE);