| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 03 May 2024 04:44:57 +0300 From: "Jarkko Sakkinen" <jarkko@...nel.org> To: "Haitao Huang" <haitao.huang@...ux.intel.com>, <dave.hansen@...ux.intel.com>, <kai.huang@...el.com>, <tj@...nel.org>, <mkoutny@...e.com>, <linux-kernel@...r.kernel.org>, <linux-sgx@...r.kernel.org>, <x86@...nel.org>, <cgroups@...r.kernel.org>, <tglx@...utronix.de>, <mingo@...hat.com>, <bp@...en8.de>, <hpa@...or.com>, <sohil.mehta@...el.com>, <tim.c.chen@...ux.intel.com> Cc: <zhiquan1.li@...el.com>, <kristen@...ux.intel.com>, <seanjc@...gle.com>, <zhanb@...rosoft.com>, <anakrish@...rosoft.com>, <mikko.ylinen@...ux.intel.com>, <yangjie@...rosoft.com>, <chrisyan@...rosoft.com> Subject: Re: [PATCH v13 14/14] selftests/sgx: Add scripts for EPC cgroup testing On Tue Apr 30, 2024 at 10:51 PM EEST, Haitao Huang wrote: > With different cgroups, the script starts one or multiple concurrent SGX > selftests (test_sgx), each to run the unclobbered_vdso_oversubscribed > test case, which loads an enclave of EPC size equal to the EPC capacity > available on the platform. The script checks results against the > expectation set for each cgroup and reports success or failure. > > The script creates 3 different cgroups at the beginning with following > expectations: > > 1) small - intentionally small enough to fail the test loading an > enclave of size equal to the capacity. > 2) large - large enough to run up to 4 concurrent tests but fail some if > more than 4 concurrent tests are run. The script starts 4 expecting at > least one test to pass, and then starts 5 expecting at least one test > to fail. > 3) larger - limit is the same as the capacity, large enough to run lots of > concurrent tests. The script starts 8 of them and expects all pass. > Then it reruns the same test with one process randomly killed and > usage checked to be zero after all processes exit. > > The script also includes a test with low mem_cg limit and large sgx_epc > limit to verify that the RAM used for per-cgroup reclamation is charged > to a proper mem_cg. For this test, it turns off swapping before start, > and turns swapping back on afterwards. > > Add README to document how to run the tests. > > Signed-off-by: Haitao Huang <haitao.huang@...ux.intel.com> Here's the transcript: make: Entering directory '/home/jarkko/linux-tpmdd/tools/testing/selftests/sgx' gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/.././../tools/include -fPIC -c main.c -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/main.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/.././../tools/include -fPIC -c load.c -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/load.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/.././../tools/include -fPIC -c sigstruct.c -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sigstruct.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/.././../tools/include -fPIC -c call.S -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/call.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/.././../tools/include -fPIC -c sign_key.S -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sign_key.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/.././../tools/include -fPIC -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/test_sgx /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/main.o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/load.o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sigstruct.o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/call.o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sign_key.o -z noexecstack -lcrypto gcc -Wall -Werror -static-pie -nostdlib -ffreestanding -fPIE -fno-stack-protector -mrdrnd -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include test_encl.c test_encl_bootstrap.S -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/test_encl.elf -Wl,-T,test_encl.lds,--build-id=none /usr/lib64/gcc/x86_64-suse-linux/13/../../../../x86_64-suse-linux/bin/ld: warning: /tmp/ccToNCLw.o: missing .note.GNU-stack section implies executable stack /usr/lib64/gcc/x86_64-suse-linux/13/../../../../x86_64-suse-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker TAP version 13 1..2 # timeout set to 120 # selftests: sgx: test_sgx # TAP version 13 # 1..16 # # Starting 16 tests from 1 test cases. # # RUN enclave.unclobbered_vdso ... # # OK enclave.unclobbered_vdso # ok 1 enclave.unclobbered_vdso # # RUN enclave.unclobbered_vdso_oversubscribed ... # # OK enclave.unclobbered_vdso_oversubscribed # ok 2 enclave.unclobbered_vdso_oversubscribed # # RUN enclave.unclobbered_vdso_oversubscribed_remove ... # # main.c:402:unclobbered_vdso_oversubscribed_remove:Creating an enclave with 98566144 bytes heap may take a while ... # # main.c:457:unclobbered_vdso_oversubscribed_remove:Changing type of 98566144 bytes to trimmed may take a while ... # # main.c:473:unclobbered_vdso_oversubscribed_remove:Entering enclave to run EACCEPT for each page of 98566144 bytes may take a while ... # # main.c:494:unclobbered_vdso_oversubscribed_remove:Removing 98566144 bytes from enclave may take a while ... # # OK enclave.unclobbered_vdso_oversubscribed_remove # ok 3 enclave.unclobbered_vdso_oversubscribed_remove # # RUN enclave.clobbered_vdso ... # # OK enclave.clobbered_vdso # ok 4 enclave.clobbered_vdso # # RUN enclave.clobbered_vdso_and_user_function ... # # OK enclave.clobbered_vdso_and_user_function # ok 5 enclave.clobbered_vdso_and_user_function # # RUN enclave.tcs_entry ... # # OK enclave.tcs_entry # ok 6 enclave.tcs_entry # # RUN enclave.pte_permissions ... # # OK enclave.pte_permissions # ok 7 enclave.pte_permissions # # RUN enclave.tcs_permissions ... # # OK enclave.tcs_permissions # ok 8 enclave.tcs_permissions # # RUN enclave.epcm_permissions ... # # OK enclave.epcm_permissions # ok 9 enclave.epcm_permissions # # RUN enclave.augment ... # # OK enclave.augment # ok 10 enclave.augment # # RUN enclave.augment_via_eaccept ... # # OK enclave.augment_via_eaccept # ok 11 enclave.augment_via_eaccept # # RUN enclave.tcs_create ... # # OK enclave.tcs_create # ok 12 enclave.tcs_create # # RUN enclave.remove_added_page_no_eaccept ... # # OK enclave.remove_added_page_no_eaccept # ok 13 enclave.remove_added_page_no_eaccept # # RUN enclave.remove_added_page_invalid_access ... # # OK enclave.remove_added_page_invalid_access # ok 14 enclave.remove_added_page_invalid_access # # RUN enclave.remove_added_page_invalid_access_after_eaccept .. # # OK enclave.remove_added_page_invalid_access_after_eaccept # ok 15 enclave.remove_added_page_invalid_access_after_eaccept # # RUN enclave.remove_untouched_page ... # # OK enclave.remove_untouched_page # ok 16 enclave.remove_untouched_page # # PASSED: 16 / 16 tests passed. # # Totals: pass:16 fail:0 xfail:0 xpass:0 skip:0 error:0 ok 1 selftests: sgx: test_sgx # timeout set to 120 # selftests: sgx: run_epc_cg_selftests.sh # # Setting up SGX cgroup limits. # ./run_epc_cg_selftests.sh: line 129: echo: write error: Invalid argument # # Failed setting up misc limits for sgx_epc. # SKIP: Kernel does not support SGX cgroup. ok 2 selftests: sgx: run_epc_cg_selftests.sh # SKIP make: Leaving directory '/home/jarkko/linux-tpmdd/tools/testing/selftests/sgx' jarkko@...tatorvisieni:~/linux-tpmdd> zcat /proc/config.gz | grep GROUP_MISC CONFIG_CGROUP_MISC=y BR, Jarkko
Powered by blists - more mailing lists