From 3f1680340f22f639803e894094242a6b291fae83 Mon Sep 17 00:00:00 2001 From: Pengfei Xu Date: Tue, 2 Jan 2024 19:43:20 +0800 Subject: [PATCH 1/4] common.sh: fix "Double quote to prevent globbing and word splitting." issue Signed-off-by: Pengfei Xu --- common/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/common.sh b/common/common.sh index 8c986ca7..cbd2a951 100755 --- a/common/common.sh +++ b/common/common.sh @@ -218,7 +218,7 @@ get_kconfig() { [[ -n "$value" ]] || value="n" - echo $value + echo "$value" } # Test if specified kconfig options and value matche on current system. From 8bba60dbf4e4646f9a9be8e973a7f87638588320 Mon Sep 17 00:00:00 2001 From: Pengfei Xu Date: Tue, 2 Jan 2024 19:35:17 +0800 Subject: [PATCH 2/4] common.sh: correct scope of LAST_DMESG_TIMESTAMP since it is a global variable When function A calls last_dmesg_timestamp() and then A calls dmesg_check(), dmesg_check function calls the extract_case_dmesg() and then extract_case_dmesg function will get an empty LAST_DMESG_TIMESTAMP and return, it's not as expected, LAST_DMESG_TIMESTAMP should be exported at the head of common.sh to fix this problem. And remove unset step, because there is common dmesg check and some different dmesg check for ifs scan, should not unset to avoid fake failure. Signed-off-by: Pengfei Xu --- common/common.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/common/common.sh b/common/common.sh index cbd2a951..e0b0e191 100755 --- a/common/common.sh +++ b/common/common.sh @@ -9,6 +9,7 @@ BIN_OUTPUT="" BIN_DMESG="" BIN_RET="" +export LAST_DMESG_TIMESTAMP="" # Check whether current user is root, if not, exit directly root_check() { @@ -361,7 +362,6 @@ dmesg_pattern_check() { last_dmesg_timestamp() { LAST_DMESG_TIMESTAMP=$(dmesg | tail -n1 | awk -F "]" '{print $1}' | tr -d "[]") test_print_trc "recorded dmesg timestamp: $LAST_DMESG_TIMESTAMP" - export LAST_DMESG_TIMESTAMP } # Extract dmesg generated since the recorded dmesg timestamp @@ -394,8 +394,6 @@ extract_case_dmesg() { else grep -v "$LAST_DMESG_TIMESTAMP" <<< "$dmesg" fi - - unset LAST_DMESG_TIMESTAMP } # Check specified pattern in dmesg From f5a6da2bc5799fe3ff915a5769b3466571d7b4cd Mon Sep 17 00:00:00 2001 From: Pengfei Xu Date: Tue, 2 Jan 2024 20:17:35 +0800 Subject: [PATCH 3/4] ifs: add 5 ifs array BIST(Board Integrated System Test) cases Signed-off-by: Pengfei Xu --- ifs/README.md | 19 +++++++++++++++++++ ifs/ifs_common.sh | 2 ++ ifs/ifs_tests.sh | 3 +++ ifs/tests | 9 ++++++++- 4 files changed, 32 insertions(+), 1 deletion(-) diff --git a/ifs/README.md b/ifs/README.md index 2c99739e..4abd6abe 100644 --- a/ifs/README.md +++ b/ifs/README.md @@ -10,6 +10,7 @@ in non-array portions of the Core. ## Usage make +### ifs_0 scan test cases, it works on SPR(Sapphire Rapids) platform and future server ``` ./ifs_tests.sh -m 0 -p all -n load_ifs It loads ifs driver with ifs mode 0 without any exceptions. @@ -38,3 +39,21 @@ It will check image version output is same as MSR output. ./ifs_tests.sh -m 0 -p all -b 1 -n reload_ifs It tests reloading the ifs module without issue. ``` + +### ifs_1 array BIST(Board Integrated System Test), it works on EMR(Emerald Rapids) and future server +``` +./ifs_tests.sh -m 1 -p all -n ifs_array_scan +It tests all cpu ifs_1 array BIST scan test. + +./ifs_tests.sh -m 1 -p ran -n ifs_array_off_sib -t 10 +It tests random cpu offline, and then ifs_1 scan the sibling cpu should fail as expected. + +./ifs_tests.sh -m 1 -p ran -n ifs_array_offran -t 5 +It tests the random cpu off line, and then ifs_1 scan this cpu should fail as expected. + +./ifs_tests.sh -m 1 -p ran -n ifs_array_cpuran_fullload -t 10 +It tests the random cpu with full load, and ifs_1 scan should pass. + +./ifs_tests.sh -m 1 -p ran -b 1 -n ifs_loop -t 500 +It tests the random cpu with ifs_1 scan 500 times, all the scan should pass. +``` \ No newline at end of file diff --git a/ifs/ifs_common.sh b/ifs/ifs_common.sh index 5e06f42a..16c8500e 100755 --- a/ifs/ifs_common.sh +++ b/ifs/ifs_common.sh @@ -1,6 +1,7 @@ #!/bin/bash # SPDX-License-Identifier: GPL-2.0-only # Copyright (c) 2023 Intel Corporation +# Author: Pengfei Xu # Description: Test script for Intel IFS(In Field SCAN) common function cd "$(dirname "$0")" 2>/dev/null || exit 1 @@ -887,6 +888,7 @@ ifs_array_off_cpu_scan() { local key_word="cannot test on the offline cpu" local ret="" + last_dmesg_timestamp [[ -z "$off_cpus" ]] && skip_test "No off_cpus:$off_cpus" for off_cpu in $off_cpus; do do_cmd "echo 0 | sudo tee /sys/devices/system/cpu/cpu${off_cpu}/online" diff --git a/ifs/ifs_tests.sh b/ifs/ifs_tests.sh index 3b2fb938..c96ac97c 100755 --- a/ifs/ifs_tests.sh +++ b/ifs/ifs_tests.sh @@ -1,6 +1,7 @@ #!/bin/bash # SPDX-License-Identifier: GPL-2.0-only # Copyright (c) 2023 Intel Corporation +# Author: Pengfei Xu # Description: Test script to verify Intel IFS(In Field SCAN) functionality cd "$(dirname "$0")" 2>/dev/null || exit 1 @@ -97,6 +98,8 @@ run_ifs_tests() { do_cmd "echo $BATCH_NUM > ${IFS_PATH}/${BATCH}" # Need to wait after boot up 1800s, then could test ifs wait_up_time + # At least sleep 2 for common situation + do_cmd "sleep 2" # Execute normal scan test in first round and need to wait cooling time test_print_trc "***** Will run 1st round normal scan: *****" init_log "${CASE_NORM}_${BATCH_NUM}" diff --git a/ifs/tests b/ifs/tests index fcb298a2..c86db81e 100755 --- a/ifs/tests +++ b/ifs/tests @@ -1,7 +1,7 @@ # This file collects Intel IFS(In Field SCAN) tests on # IntelĀ® Architecture-based platforms. -# ifs_0 scan test cases +# ifs_0 scan test cases, it works on SPR(Sapphire Rapids) platform and future server ifs_tests.sh -m 0 -p all -n load_ifs ifs_tests.sh -m 0 -p all -b 1 -n ifs_batch ifs_tests.sh -m 0 -p all -b 1 -n legacy_twice_run @@ -9,3 +9,10 @@ ifs_tests.sh -m 0 -p all -b 2 -n legacy_twice_run ifs_tests.sh -m 0 -p all -b 3 -n legacy_twice_run ifs_tests.sh -m 0 -p all -b 1 -n img_version ifs_tests.sh -m 0 -p all -b 1 -n reload_ifs + +# ifs_1 array BIST(Board Integrated System Test), it works on EMR(Emerald Rapids) and future server +ifs_tests.sh -m 1 -p all -n ifs_array_scan +ifs_tests.sh -m 1 -p ran -n ifs_array_off_sib -t 10 +ifs_tests.sh -m 1 -p ran -n ifs_array_offran -t 5 +ifs_tests.sh -m 1 -p ran -n ifs_array_cpuran_fullload -t 10 +ifs_tests.sh -m 1 -p ran -b 1 -n ifs_loop -t 500 From 7e5e721cefc9abc7073a6e04fb46d0d74f3ceeec Mon Sep 17 00:00:00 2001 From: Pengfei Xu Date: Wed, 3 Jan 2024 10:56:52 +0800 Subject: [PATCH 4/4] xsave/cet: add author at the head of code file Signed-off-by: Pengfei Xu --- cet/.gitignore | 1 + cet/cet_driver/cet_app.c | 2 ++ cet/cet_driver/cet_ioctl.c | 2 ++ cet/cet_tests.sh | 1 + cet/glibc_shstk_test.c | 3 +++ cet/shstk_alloc.c | 2 ++ cet/shstk_cp.c | 3 +++ cet/shstk_huge_page.c | 7 ++++++- cet/shstk_unlock_test.c | 3 +++ cet/wrss.c | 2 ++ tools/cpuid_check/.gitignore | 1 + tools/cpuid_check/cpuid_check.c | 6 ++++++ xsave/xstate.c | 2 ++ xsave/xstate_helpers.c | 2 ++ 14 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 tools/cpuid_check/.gitignore diff --git a/cet/.gitignore b/cet/.gitignore index e9aeb735..2d44e090 100644 --- a/cet/.gitignore +++ b/cet/.gitignore @@ -1,4 +1,5 @@ cet_app +glibc_shstk_test glibc_supported_shstk_test quick_test shstk_alloc diff --git a/cet/cet_driver/cet_app.c b/cet/cet_driver/cet_app.c index ab18174a..1be0ee7d 100644 --- a/cet/cet_driver/cet_app.c +++ b/cet/cet_driver/cet_app.c @@ -4,6 +4,8 @@ /* * cet_app.c * + * Author: Pengfei Xu + * * This file will test cet driver with parameters * - Test CET driver app */ diff --git a/cet/cet_driver/cet_ioctl.c b/cet/cet_driver/cet_ioctl.c index fb8badba..a6fa3721 100644 --- a/cet/cet_driver/cet_ioctl.c +++ b/cet/cet_driver/cet_ioctl.c @@ -4,6 +4,8 @@ /* * cet_ioctl.c * + * Author: Pengfei Xu + * * This file simulated stack changed by hack, CET should block hack func * - For cet hack simulation driver */ diff --git a/cet/cet_tests.sh b/cet/cet_tests.sh index fe747570..b5533efe 100755 --- a/cet/cet_tests.sh +++ b/cet/cet_tests.sh @@ -1,6 +1,7 @@ #!/bin/bash # SPDX-License-Identifier: GPL-2.0-only # Copyright (c) 2022 Intel Corporation +# Author: Pengfei Xu # @Desc Test script to verify Intel CET functionality cd "$(dirname "$0")" 2>/dev/null && source ../.env diff --git a/cet/glibc_shstk_test.c b/cet/glibc_shstk_test.c index 0d2495d1..75760561 100644 --- a/cet/glibc_shstk_test.c +++ b/cet/glibc_shstk_test.c @@ -2,6 +2,9 @@ // Copyright (c) 2022 Intel Corporation. /* * glibc_shstk_test.c: + * + * Author: Pengfei Xu + * * - Test CET shadow stack function, should trigger #CP protection. * - Some stack changes that don't affect sp should not trigger #CP. * - Add more print to show stack address and content before and after diff --git a/cet/shstk_alloc.c b/cet/shstk_alloc.c index 510bdd20..8ccb335d 100644 --- a/cet/shstk_alloc.c +++ b/cet/shstk_alloc.c @@ -2,6 +2,8 @@ /* * shstk_alloc.c - allocate a new shadow stack buffer aligenment by instructions * + * Author: Pengfei Xu + * * 1. Test shstk buffer allocation for one new shstk buffer * 2. Test rstorssp, saveprevssp, rdsspq to load new shstk buffer * 3. Test rstorssp, saveprevssp to restore the previous shstk buffer diff --git a/cet/shstk_cp.c b/cet/shstk_cp.c index 02b8d39b..a9f00ea3 100644 --- a/cet/shstk_cp.c +++ b/cet/shstk_cp.c @@ -4,6 +4,9 @@ /* * shstk_cp.c: enable shstk and then do shstk violation * expected #CP should be triggered + * + * Author: Pengfei Xu + * */ #include diff --git a/cet/shstk_huge_page.c b/cet/shstk_huge_page.c index 8c2822bd..1a5bb3bd 100644 --- a/cet/shstk_huge_page.c +++ b/cet/shstk_huge_page.c @@ -1,7 +1,12 @@ // SPDX-License-Identifier: GPL-2.0-only // Copyright (c) 2022 Intel Corporation. -/* shstk_huge_page.c - allocate a 4M shadow stack buffer and works well. */ +/* + * shstk_huge_page.c - allocate a 4M shadow stack buffer and works well. + * + * Author: Pengfei Xu + * + */ #include #include diff --git a/cet/shstk_unlock_test.c b/cet/shstk_unlock_test.c index 9c035606..8b74388e 100644 --- a/cet/shstk_unlock_test.c +++ b/cet/shstk_unlock_test.c @@ -2,6 +2,9 @@ // Copyright (c) 2022 Intel Corporation. /* + * + * Author: Pengfei Xu + * * shstk_unlock_test.c: unlock child process shstk by ptrace and then tests * get/set shstk regsets and shstk status syscalls */ diff --git a/cet/wrss.c b/cet/wrss.c index 71e91192..906ce037 100644 --- a/cet/wrss.c +++ b/cet/wrss.c @@ -4,6 +4,8 @@ /* * wrss.c: enable writable shadow stack and write value into shadow stack. * + * Author: Pengfei Xu + * * 1. Enable writable shadow stack via syscall "ARCH_CET_ENABLE and ARCH_SHSTK_WRSS" * 2. Write one incorrect value into shadow stack * 3. The expected SISEGV should be received after ret instruction diff --git a/tools/cpuid_check/.gitignore b/tools/cpuid_check/.gitignore new file mode 100644 index 00000000..bb33efbb --- /dev/null +++ b/tools/cpuid_check/.gitignore @@ -0,0 +1 @@ +cpuid_check diff --git a/tools/cpuid_check/cpuid_check.c b/tools/cpuid_check/cpuid_check.c index 2af06a2b..e87f8226 100644 --- a/tools/cpuid_check/cpuid_check.c +++ b/tools/cpuid_check/cpuid_check.c @@ -1,5 +1,11 @@ // SPDX-License-Identifier: GPL-2.0-only // Copyright (c) 2022 Intel Corporation. +/* + * cpuid_check.c: one CPU ID check tool for script usage + * + * Author: Pengfei Xu + * + */ #include #include diff --git a/xsave/xstate.c b/xsave/xstate.c index 8da301cc..ef304e09 100644 --- a/xsave/xstate.c +++ b/xsave/xstate.c @@ -4,6 +4,8 @@ /* * xstate.c - tests XSAVE feature with fork and signal handling. * + * Author: Pengfei Xu + * * The XSAVE feature set supports the saving and restoring of state components. * It tests "FP, SSE(XMM), AVX2(YMM), AVX512_OPMASK/AVX512_ZMM_Hi256/ * AVX512_Hi16_ZMM and PKRU parts" xstates with the following cases: diff --git a/xsave/xstate_helpers.c b/xsave/xstate_helpers.c index 36862a25..2a0b6007 100644 --- a/xsave/xstate_helpers.c +++ b/xsave/xstate_helpers.c @@ -4,6 +4,8 @@ /* * xstate_helpers.c - xstate helpers to prevent GCC from generating any FP code. * + * Author: Pengfei Xu + * * Because xstate like XMM will not be preserved across function calls, it uses * assembly instruction to call a system call of fork or raise signal, and uses * the "inline" keyword in test functions in this file.