update fortanix tests #144395
update fortanix tests #144395
Conversation
|
|
rustbot
added
A-run-make
|
This PR modifies cc @jieyouxu |
tests/assembly-llvm/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs
Outdated
Show resolved
Hide resolved
| // - C/C++ code compiled as part of Rust crates | ||
| // For those different kinds, we do have very small code examples that should be | ||
| // mitigated in some way. Mostly we check that ret instructions should no longer be present. | ||
| cargo().arg("-v").arg("run").arg("--target").arg(target()).current_dir("enclave").run(); |
There was a problem hiding this comment.
Can this instead be cargo build? That means to run the test one would not need the whole fortanix toolchain setup.
Also, when I do make that change, this test actually fails. So, that again suggests this test does not actually run on CI. When this test was introduced in #77008, nothing is changed to CI to make it run, so unless that was added before I don't think this ever actually worked.
There was a problem hiding this comment.
Yes cargo build should work just as good.
There was a problem hiding this comment.
In order to mitigate LVI, all binary code needs to be mitigated. This test includes code generation for Rust code, inline assembly, global assembly and C/C++ code compiled as part of Rust crates. For the latter there need to be environment variables set:
CC_x86_64_fortanix_unknown_sgx=clang-11 \
CFLAGS_x86_64_fortanix_unknown_sgx="-D__ELF__ -isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening" \
CXX_x86_64_fortanix_unknown_sgx=clang++-11 \
CXXFLAGS_x86_64_fortanix_unknown_sgx="-D__ELF__ -isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening" \
we do that in src/ci/docker/host-x86_64/dist-various-2/Dockerfile. When testing this locally, you may not have this set.
There was a problem hiding this comment.
So, it is my understanding that the dist- jobs do not actually run any tests. From https://rustc-dev-guide.rust-lang.org/tests/ci.html?highlight=try#ci-workflow:
Dist jobs build a full release of the compiler for a specific platform, including all the tools we ship through rustup; Those builds are then uploaded to the rust-lang-ci2 S3 bucket and are available to be locally installed with the rustup-toolchain-install-master tool. The same builds are also used for actual releases: our release process basically consists of copying those artifacts from rust-lang-ci2 to the production endpoint and signing them.
and
Non-dist jobs run our full test suite on the platform
Hence, I don't think the fortanix tests ever ran on CI
In order to mitigate LVI, all binary code needs to be mitigated. This test includes code generation for Rust code, inline assembly, global assembly and C/C++ code compiled as part of Rust crates
This is just up to the programmer though right? In the sense that you'd need to set a bunch of rather non-obvious flags for this to work at all. So I think testing the interaction with C and especially C++ is quite low.
There was a problem hiding this comment.
Also, clang-11 is ancient, why is that still used? It looks like modern clang has -mlvi-hardening, but since llvm 11 the output of llvm IR has changed quite a bit so just using a more recent LLVM makes some of the tests fail.
There was a problem hiding this comment.
I'm afraid that description about dist jobs not running any tests isn't quite accurate nowadays, because opt-dist do run tests (cc @Kobzol)
There was a problem hiding this comment.
Well, yeah, but only on x64 Linux and MSVC, nowhere else.
|
triagebot edited your pings out, I'll reping manually: |
|
I'll have to wait to hear back from the SGX target maintainers regarding the tests, as I don't have the context either. @rustbot blocked (waiting to hear back) |
rustbot
added
S-blocked
tests/assembly-llvm/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs
Outdated
Show resolved
Hide resolved
| // - C/C++ code compiled as part of Rust crates | ||
| // For those different kinds, we do have very small code examples that should be | ||
| // mitigated in some way. Mostly we check that ret instructions should no longer be present. | ||
| cargo().arg("-v").arg("run").arg("--target").arg(target()).current_dir("enclave").run(); |
There was a problem hiding this comment.
Yes cargo build should work just as good.
| // - C/C++ code compiled as part of Rust crates | ||
| // For those different kinds, we do have very small code examples that should be | ||
| // mitigated in some way. Mostly we check that ret instructions should no longer be present. | ||
| cargo().arg("-v").arg("run").arg("--target").arg(target()).current_dir("enclave").run(); |
There was a problem hiding this comment.
In order to mitigate LVI, all binary code needs to be mitigated. This test includes code generation for Rust code, inline assembly, global assembly and C/C++ code compiled as part of Rust crates. For the latter there need to be environment variables set:
CC_x86_64_fortanix_unknown_sgx=clang-11 \
CFLAGS_x86_64_fortanix_unknown_sgx="-D__ELF__ -isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening" \
CXX_x86_64_fortanix_unknown_sgx=clang++-11 \
CXXFLAGS_x86_64_fortanix_unknown_sgx="-D__ELF__ -isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening" \
we do that in src/ci/docker/host-x86_64/dist-various-2/Dockerfile. When testing this locally, you may not have this set.
|
@rustbot author |
rustbot
added
S-waiting-on-author
|
Reminder, once the PR becomes ready for a review, use |
We're a tier 2 target. So the Rust project doesn't run any tests. Fortanix has internal CI that watches the Rust repo. |
folkertdev
force-pushed
the
fortanix-run-make-test
branch
from
e240476 to
afe48b4
Compare
Right, that makes some sense historically then. Though there is a lot of variance in what tests do get run for tier-2 targets. e.g. s390x-unknown-linux-gnu gets exercised quite a bit despite being tier 2. For For the |
|
If the Rust project's policy has changed is this regard we would very much like the test suite to be run for this target as well. |
|
I don't think it's changed for But run-make requires more setup, and is usually more fragile, so I do think those are limited to tier 1 targets. And then I'm still not sure why the fortanix test is in-tree. |
|
As a general answer, I doubt there is a clear reason for this. The way we run tests is quite arbitrary in many ways, and there's a lot of historical cruft. So the answer can very possibly be "it's by accident". |
Why wouldn't the test be in-tree? Citing from the target tier policy:
I realize this doesn't require it to be in tree, but that does seem like a logical place for it. In addition, having it in-tree makes the most sense for future promotion to tier 1. |
|
The test changes look good to me, but since the run-make test is not exercised in CI, can one of the target maintainers @jethrogb @raoulstrackx @aditijannu confirm it works locally on the target as expected and that the test changes look good to you as well? |
jieyouxu
added
S-waiting-on-review
|
ftr even with (the llvm/clang is from https://www.kernel.org/pub/tools/llvm/) |
folkertdev
force-pushed
the
fortanix-run-make-test
branch
from
afe48b4 to
659ca90
Compare
|
Over in #144454 there is an uefi test (that PR makes it a run-make test) that is run in the |
folkertdev
force-pushed
the
fortanix-run-make-test
branch
from
659ca90 to
f99e14a
Compare
Make it more idiomatic with the new run-make infra
folkertdev
force-pushed
the
fortanix-run-make-test
branch
from
f99e14a to
8b90847
Compare
|
I've update the commands to use generic Do you have any idea what I might be missing locally that causes the failures above? This is what I run Ideally the run-make test would itself configure anything that is needed beyond that. |
|
Thanks for the update @folkertdev !
Probably the libunwind crate wasn't rebuild with the updated environment variables. I've ran your test command as well (after building the compiler with the right environment variables) and it just works. |
|
hmm I had some hope that |
jieyouxu
added
S-waiting-on-author
|
@rustbot ready At least, as far as I'm concerned. I'd like it if these tests were easier to run for outsiders, but I'll leave that with the target maintainers. |
rustbot
added
S-waiting-on-review
|
@bors r+ rollup |
bors
added
S-waiting-on-bors
… r=jieyouxu update fortanix tests Firstly, as far as I can tell, no CI job actually runs any of the fortanix tests? Maybe I'm missing the job that runs these tests though? In any case, the `assembly` tests now use `minicore`, meaning that they will run regardless of the host architecture (specifically, they will run during a standard PR CI build). The run-make test is actually broken, and I'd propose to make it just `cargo build` rather than `cargo run`. We can have a separate test for actually running the program, if desired. Also this test is subject to rust-lang#128733, so I'd like to re-evaluate what parts of the C/C++ compilation are actually required or useful. cc [`@jethrogb](https://github.com/jethrogb)` [`@raoulstrackx](https://github.com/raoulstrackx)` [`@aditijannu](https://github.com/aditijannu)` r? `@jieyouxu`
Rollup of 18 pull requests Successful merges: - #132748 (get rid of some false negatives in rustdoc::broken_intra_doc_links) - #135771 ([rustdoc] Add support for associated items in "jump to def" feature) - #143360 (loop match: error on `#[const_continue]` outside `#[loop_match]`) - #143662 ([rustdoc] Display unsafe attrs with edition 2024 `unsafe()` wrappers.) - #143771 (Constify some more `Result` functions) - #143900 ([rustdoc] Correctly handle `should_panic` doctest attribute and fix `--no-run` test flag on the 2024 edition) - #144185 (Document guarantees of poisoning) - #144395 (update fortanix tests) - #144478 (Improve formatting of doc code blocks) - #144614 (Fortify RemoveUnneededDrops test.) - #144703 ([test][AIX] ignore extern_weak linkage test) - #144747 (compiletest: Improve diagnostics for line annotation mismatches 2) - #144756 (detect infinite recursion with tail calls in ctfe) - #144766 (Add human readable name "Cygwin") - #144782 (Properly pass path to staged `rustc` to `compiletest` self-tests) - #144786 (Cleanup the definition of `group_type`) - #144796 (Add my previous commit name to .mailmap) - #144797 (Update safety comment for new_unchecked in niche_types) Failed merges: - #144805 (compiletest: Preliminary cleanup of `ProcRes` printing/unwinding) r? `@ghost` `@rustbot` modify labels: rollup
Rollup of 17 pull requests Successful merges: - #132748 (get rid of some false negatives in rustdoc::broken_intra_doc_links) - #143360 (loop match: error on `#[const_continue]` outside `#[loop_match]`) - #143662 ([rustdoc] Display unsafe attrs with edition 2024 `unsafe()` wrappers.) - #143771 (Constify some more `Result` functions) - #144185 (Document guarantees of poisoning) - #144395 (update fortanix tests) - #144478 (Improve formatting of doc code blocks) - #144614 (Fortify RemoveUnneededDrops test.) - #144703 ([test][AIX] ignore extern_weak linkage test) - #144747 (compiletest: Improve diagnostics for line annotation mismatches 2) - #144756 (detect infinite recursion with tail calls in ctfe) - #144766 (Add human readable name "Cygwin") - #144782 (Properly pass path to staged `rustc` to `compiletest` self-tests) - #144786 (Cleanup the definition of `group_type`) - #144796 (Add my previous commit name to .mailmap) - #144797 (Update safety comment for new_unchecked in niche_types) - #144803 (rustc-dev-guide subtree update) r? `@ghost` `@rustbot` modify labels: rollup
Rollup merge of #144395 - folkertdev:fortanix-run-make-test, r=jieyouxu update fortanix tests Firstly, as far as I can tell, no CI job actually runs any of the fortanix tests? Maybe I'm missing the job that runs these tests though? In any case, the `assembly` tests now use `minicore`, meaning that they will run regardless of the host architecture (specifically, they will run during a standard PR CI build). The run-make test is actually broken, and I'd propose to make it just `cargo build` rather than `cargo run`. We can have a separate test for actually running the program, if desired. Also this test is subject to #128733, so I'd like to re-evaluate what parts of the C/C++ compilation are actually required or useful. cc [``@jethrogb](https://github.com/jethrogb)`` [``@raoulstrackx](https://github.com/raoulstrackx)`` [``@aditijannu](https://github.com/aditijannu)`` r? ``@jieyouxu``
Rollup of 17 pull requests Successful merges: - rust-lang/rust#132748 (get rid of some false negatives in rustdoc::broken_intra_doc_links) - rust-lang/rust#143360 (loop match: error on `#[const_continue]` outside `#[loop_match]`) - rust-lang/rust#143662 ([rustdoc] Display unsafe attrs with edition 2024 `unsafe()` wrappers.) - rust-lang/rust#143771 (Constify some more `Result` functions) - rust-lang/rust#144185 (Document guarantees of poisoning) - rust-lang/rust#144395 (update fortanix tests) - rust-lang/rust#144478 (Improve formatting of doc code blocks) - rust-lang/rust#144614 (Fortify RemoveUnneededDrops test.) - rust-lang/rust#144703 ([test][AIX] ignore extern_weak linkage test) - rust-lang/rust#144747 (compiletest: Improve diagnostics for line annotation mismatches 2) - rust-lang/rust#144756 (detect infinite recursion with tail calls in ctfe) - rust-lang/rust#144766 (Add human readable name "Cygwin") - rust-lang/rust#144782 (Properly pass path to staged `rustc` to `compiletest` self-tests) - rust-lang/rust#144786 (Cleanup the definition of `group_type`) - rust-lang/rust#144796 (Add my previous commit name to .mailmap) - rust-lang/rust#144797 (Update safety comment for new_unchecked in niche_types) - rust-lang/rust#144803 (rustc-dev-guide subtree update) r? `@ghost` `@rustbot` modify labels: rollup
Firstly, as far as I can tell, no CI job actually runs any of the fortanix tests? Maybe I'm missing the job that runs these tests though?
In any case, the
assemblytests now useminicore, meaning that they will run regardless of the host architecture (specifically, they will run during a standard PR CI build).The run-make test is actually broken, and I'd propose to make it just
cargo buildrather thancargo run. We can have a separate test for actually running the program, if desired.Also this test is subject to #128733, so I'd like to re-evaluate what parts of the C/C++ compilation are actually required or useful.
cc @jethrogb @raoulstrackx @aditijannu
r? @jieyouxu