selftests/sgx: Add page permission and exception test
mainline inclusion from mainline-5.17-rc1 commit abc5cec4 category: feature bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I5USAM CVE: NA Intel-SIG: commit abc5cec4 selftests/sgx: Add page permission and exception test. Backport for SGX EDMM support. -------------------------------- The Enclave Page Cache Map (EPCM) is a secure structure used by the processor to track the contents of the enclave page cache. The EPCM contains permissions with which enclave pages can be accessed. SGX support allows EPCM and PTE page permissions to differ - as long as the PTE permissions do not exceed the EPCM permissions. Add a test that: (1) Creates an SGX enclave page with writable EPCM permission. (2) Changes the PTE permission on the page to read-only. This should be permitted because the permission does not exceed the EPCM permission. (3) Attempts a write to the page. This should generate a page fault (#PF) because of the read-only PTE even though the EPCM permissions allow the page to be written to. This introduces the first test of SGX exception handling. In this test the issue that caused the exception (PTE page permissions) can be fixed from outside the enclave and after doing so it is possible to re-enter enclave at original entrypoint with ERESUME. Signed-off-by:Reinette Chatre <reinette.chatre@intel.com> Signed-off-by:
Loading
Please sign in to comment