LVI hardening tests for cmake

raoulstrackx · raoulstrackx · commit d8a7904e06e7 · 2020-09-25T15:08:32.000+02:00
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c.checks
@@ -0,0 +1,6 @@
+CHECK: cmake_plus_one_c
+CHECK:      lfence
+CHECK:      popq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
+CHECK-NEXT: lfence
+CHECK-NEXT: jmpq *[[REGISTER]]
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c_asm.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c_asm.checks
@@ -0,0 +1,16 @@
+CHECK: cmake_plus_one_c_asm
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      movl
+CHECK:      lfence
+CHECK-NEXT: incl
+CHECK-NEXT: jmp     0x{{[[:xdigit:]]+}} <cmake_plus_one_c_asm+0x{{[[:xdigit:]]+}}>
+CHECK-NEXT: shlq    $0, (%rsp)
+CHECK-NEXT: lfence
+CHECK-NEXT: retq
+CHECK:      popq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
+CHECK-NEXT: lfence
+CHECK-NEXT: jmpq *[[REGISTER]]
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx.checks
@@ -0,0 +1,6 @@
+CHECK: cmake_plus_one_cxx
+CHECK:      lfence
+CHECK:      popq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
+CHECK-NEXT: lfence
+CHECK-NEXT: jmpq *[[REGISTER]]
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx_asm.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx_asm.checks
@@ -0,0 +1,16 @@
+CHECK: cmake_plus_one_cxx_asm
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      movl
+CHECK:      lfence
+CHECK-NEXT: incl
+CHECK-NEXT: jmp     0x{{[[:xdigit:]]+}} <cmake_plus_one_cxx_asm+0x{{[[:xdigit:]]+}}>
+CHECK-NEXT: shlq    $0, (%rsp)
+CHECK-NEXT: lfence
+CHECK-NEXT: retq
+CHECK:      popq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
+CHECK-NEXT: lfence
+CHECK-NEXT: jmpq *[[REGISTER]]
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml
@@ -10,3 +10,4 @@ edition = "2018"
 
 [build-dependencies]
 cc = "1.0"
+cmake = "0.1"
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
@@ -8,4 +8,19 @@ fn main() {
         .cpp_set_stdlib(None)
         .file("foo_cxx.cpp")
         .compile("foo_cxx");
+
+    // When the cmake crate detects the clang compiler, it passes the
+    //  "--target" argument to the linker which subsequently fails. The
+    //  `CMAKE_C_COMPILER_FORCED` option makes sure that `cmake` does not
+    //  tries to test the compiler. From version 3.6 the option
+    //  `CMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY` can be used
+    //  https://cmake.org/cmake/help/v3.5/module/CMakeForceCompiler.html
+    let dst = cmake::Config::new("libcmake_foo")
+                .build_target("cmake_foo")
+                .define("CMAKE_C_COMPILER_FORCED", "1")
+                .define("CMAKE_CXX_COMPILER_FORCED", "1")
+                .define("CMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY", "1")
+                .build();
+    println!("cargo:rustc-link-search=native={}/build/", dst.display());
+    println!("cargo:rustc-link-lib=static=cmake_foo");
 }
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/CMakeLists.txt b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/CMakeLists.txt
@@ -0,0 +1,4 @@
+add_library(cmake_foo STATIC
+    src/foo.c
+    src/foo_cxx.cpp
+)
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c
@@ -0,0 +1,17 @@
+int cmake_plus_one_c(int *arg) {
+    return *arg + 1;
+}
+
+int cmake_plus_one_c_asm(int *arg) {
+    int value = 0;
+
+    asm volatile ( "    movl (%1), %0\n"
+                   "    inc %0\n"
+                   "    jmp 1f\n"
+                   "    retq\n"  // never executed, but a shortcut to determine how the assembler deals with `ret` instructions
+                   "1:\n"
+                   : "=r"(value)
+                   : "r"(arg) );
+
+    return value;
+}
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp
@@ -0,0 +1,20 @@
+extern "C" int cmake_plus_one_cxx(int *arg);
+extern "C" int cmake_plus_one_cxx_asm(int *arg);
+
+int cmake_plus_one_cxx(int *arg) {
+    return *arg + 1;
+}
+
+int cmake_plus_one_cxx_asm(int *arg) {
+    int value = 0;
+
+    asm volatile ( "    movl (%1), %0\n"
+                   "    inc %0\n"
+                   "    jmp 1f\n"
+                   "    retq\n"  // never executed, but a shortcut to determine how the assembler deals with `ret` instructions
+                   "1:\n"
+                   : "=r"(value)
+                   : "r"(arg) );
+
+    return value;
+}
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
@@ -3,6 +3,10 @@ extern {
     fn cc_plus_one_c_asm(arg : &u32) -> u32;
     fn cc_plus_one_cxx(arg : &u32) -> u32;
     fn cc_plus_one_cxx_asm(arg : &u32) -> u32;
+    fn cmake_plus_one_c(arg : &u32) -> u32;
+    fn cmake_plus_one_c_asm(arg : &u32) -> u32;
+    fn cmake_plus_one_cxx(arg : &u32) -> u32;
+    fn cmake_plus_one_cxx_asm(arg : &u32) -> u32;
 }
 
 fn main() {
@@ -13,5 +17,10 @@ fn main() {
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_c_asm(&value));
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_cxx(&value));
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_cxx_asm(&value));
+        
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_c(&value));
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_c_asm(&value));
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_cxx(&value));
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_cxx_asm(&value));
     }
 }
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
@@ -39,7 +39,17 @@ build
 #check "libunwind::Registers_x86_64::jumpto()" jumpto.checks
 
 check "std::io::stdio::_print::h87f0c238421c45bc" print.checks
+#TODO: the current passes cannot handle module level assembly!
+#  No checks are implemented
 check cc_plus_one_c cc_plus_one_c.checks
 check cc_plus_one_c_asm cc_plus_one_c_asm.checks
 check cc_plus_one_cxx cc_plus_one_cxx.checks
 check cc_plus_one_cxx_asm cc_plus_one_cxx_asm.checks
+
+check cmake_plus_one_c cmake_plus_one_c.checks
+check cmake_plus_one_c_asm cmake_plus_one_c_asm.checks
+check cmake_plus_one_cxx cmake_plus_one_cxx.checks
+check cmake_plus_one_cxx_asm cmake_plus_one_cxx_asm.checks
+
+#WARNING clang/clang++ use an integrated assembler when given an assembly file.
+#  LVI patches are *not* applied

Original file line number	Diff line number	Diff line change
`@@ -10,3 +10,4 @@ edition = "2018"`
`10`	`10`
`11`	`11`	`[build-dependencies]`
`12`	`12`	`cc = "1.0"`
	`13`	`+cmake = "0.1"`