From a13239dac2b4b50e389a3e12c638d164e620ea2f Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Thu, 19 Mar 2020 15:47:22 +0100
Subject: [PATCH 01/14] generic ret hardening test

---
 .../x86_64-fortanix-unknown-sgx-lvi-generic-ret.rs  | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-ret.rs

diff --git a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-ret.rs b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-ret.rs
new file mode 100644
index 00000000000..5ca5dd6f272
--- /dev/null
+++ b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-ret.rs
@@ -0,0 +1,13 @@
+// Test LVI ret hardening on generic rust code
+
+// assembly-output: emit-asm
+// compile-flags: --crate-type staticlib
+// only-x86_64-fortanix-unknown-sgx
+
+#[no_mangle]
+pub extern fn myret() {}
+// CHECK: myret:
+// CHECK: popq [[REGISTER:%[a-z]+]]
+// CHECK-NEXT: lfence
+// CHECK-NEXT: jmpq *[[REGISTER]]
+

From cd31f40b6f59c8966a09e7f1e2d6c3c5ed1570f1 Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Thu, 19 Mar 2020 15:47:50 +0100
Subject: [PATCH 02/14] generic load hardening test

---
 ...64-fortanix-unknown-sgx-lvi-generic-load.rs | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs

diff --git a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs
new file mode 100644
index 00000000000..87ebb71dce9
--- /dev/null
+++ b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs
@@ -0,0 +1,18 @@
+// Test LVI load hardening on SGX enclave code
+
+// assembly-output: emit-asm
+// compile-flags: --crate-type staticlib
+// only-x86_64-fortanix-unknown-sgx
+
+#[no_mangle]
+pub extern fn plus_one(r: &mut u64) {
+    *r = *r + 1;
+}
+
+// CHECK: plus_one
+// CHECK: lfence
+// CHECK-NEXT: addq
+// CHECK: popq [[REGISTER:%[a-z]+]]
+// CHECK-NEXT: lfence
+// CHECK-NEXT: jmpq *[[REGISTER]]
+

From bca8e07ef4048a7ca912d157156268f958369ef2 Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Thu, 19 Mar 2020 16:40:33 +0100
Subject: [PATCH 03/14] rust inline assembly lvi hardening test

---
 ...ortanix-unknown-sgx-lvi-inline-assembly.rs | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-inline-assembly.rs

diff --git a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-inline-assembly.rs b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-inline-assembly.rs
new file mode 100644
index 00000000000..7e440169edb
--- /dev/null
+++ b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-inline-assembly.rs
@@ -0,0 +1,41 @@
+// Test LVI load hardening on SGX inline assembly code
+
+// assembly-output: emit-asm
+// compile-flags: --crate-type staticlib
+// only-x86_64-fortanix-unknown-sgx
+
+#![feature(asm)]
+
+#[no_mangle]
+pub extern fn get(ptr: *const u64) -> u64 {
+    let value : u64;
+    unsafe {
+        asm!(".start_inline_asm:",
+            "mov {}, [{}]",
+            ".end_inline_asm:",
+            out(reg) value,
+            in(reg) ptr);
+    }
+    value
+}
+
+// CHECK: get
+// CHECK: .start_inline_asm
+// CHECK-NEXT: movq
+// CHECK-NEXT: lfence
+// CHECK-NEXT: .end_inline_asm
+
+#[no_mangle]
+pub extern fn myret() {
+    unsafe {
+        asm!(".start_myret_inline_asm:
+            ret
+            .end_myret_inline_asm:");
+    }
+}
+
+// CHECK: myret
+// CHECK: .start_myret_inline_asm
+// CHECK-NEXT: shlq $0, (%rsp)
+// CHECK-NEXT: lfence
+// CHECK-NEXT: retq

From 4d1d0c6bd7e9b5dda47691729fe15a49091d2e4d Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Fri, 20 Mar 2020 10:51:18 +0100
Subject: [PATCH 04/14] skeleton check module level assembly

---
 ...anix-unknown-sgx-lvi-module-level-assembly.rs | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs

diff --git a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs
new file mode 100644
index 00000000000..6b7e7b7767c
--- /dev/null
+++ b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs
@@ -0,0 +1,16 @@
+// Test LVI load hardening on SGX module level assembly code
+
+// assembly-output: emit-asm
+// compile-flags: --crate-type staticlib
+// only-x86_64-fortanix-unknown-sgx
+
+#![feature(global_asm)]
+
+global_asm!(".start_module_asm:
+            movq (%rdi), %rax
+            retq
+            .end_module_asm:" );
+
+// CHECK: .start_module_asm
+// TODO add check, when module-level pass is corrected
+// CHECK: .end_module_asm

From 947d7238e0db03146d33d6b3354231d7e3384735 Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Wed, 25 Mar 2020 15:28:34 +0100
Subject: [PATCH 05/14] Adding checks for assembly files in libunwind

---
 .../x86_64-fortanix-unknown-sgx-lvi/Makefile    | 17 +++++++++++++++++
 .../x86_64-fortanix-unknown-sgx-lvi/enclave.rs  |  5 +++++
 .../jumpto.checks                               |  8 ++++++++
 .../unw_getcontext.checks                       |  7 +++++++
 4 files changed, 37 insertions(+)
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/Makefile
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave.rs
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/unw_getcontext.checks

diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/Makefile b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/Makefile
new file mode 100644
index 00000000000..b17f9a12a29
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/Makefile
@@ -0,0 +1,17 @@
+-include ../../run-make-fulldeps/tools.mk
+
+#only-x86_64-fortanix-unknown-sgx
+
+OBJDUMP="${S}/build/x86_64-unknown-linux-gnu/llvm/build/bin/llvm-objdump"
+FILECHECK="${S}/build/x86_64-unknown-linux-gnu/llvm/build/bin/FileCheck"
+
+all:
+	$(RUSTC) --target ${TARGET} enclave.rs
+
+	#TODO: re-enable check when newly compiled libunwind is used
+	#${OBJDUMP} --disassemble-symbols=unw_getcontext --demangle $(TMPDIR)/enclave > $(TMPDIR)/unw_getcontext.asm
+	#${FILECHECK} --input-file $(TMPDIR)/unw_getcontext.asm unw_getcontext.checks
+
+	#TODO: re-enable check when newly compiled libunwind is used
+	${OBJDUMP} --disassemble-symbols="libunwind::Registers_x86_64::jumpto()" --demangle $(TMPDIR)/enclave > $(TMPDIR)/jumpto.asm
+	${FILECHECK} --input-file $(TMPDIR)/jumpto.asm jumpto.checks
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave.rs
new file mode 100644
index 00000000000..66c8ead3e0f
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave.rs
@@ -0,0 +1,5 @@
+
+pub fn main() {
+    println!("Hello, World!");
+}
+
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks
new file mode 100644
index 00000000000..15211e3ade7
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/jumpto.checks
@@ -0,0 +1,8 @@
+CHECK: libunwind::Registers_x86_64::jumpto
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      shlq    $0, (%rsp)
+CHECK-NEXT: lfence
+CHECK-NEXT: retq
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/unw_getcontext.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/unw_getcontext.checks
new file mode 100644
index 00000000000..50b828662e3
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/unw_getcontext.checks
@@ -0,0 +1,7 @@
+CHECK: unw_getcontext
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      notq (%rsp)
+CHECK-NEXT: notq (%rsp)
+CHECK-NEXT: lfence
+CHECK-NEXT: retq

From 6db05904f6e64714537b37a6ca82010aa6cb46d0 Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Thu, 26 Mar 2020 10:51:14 +0100
Subject: [PATCH 06/14] LVI test std lib

---
 .../x86_64-fortanix-unknown-sgx-lvi/Makefile  | 28 ++++++++-----
 .../enclave.rs                                |  5 ---
 .../enclave/Cargo.toml                        |  9 ++++
 .../enclave/src/main.rs                       |  3 ++
 .../print.checks                              |  7 ++++
 .../x86_64-fortanix-unknown-sgx-lvi/script.sh | 42 +++++++++++++++++++
 6 files changed, 78 insertions(+), 16 deletions(-)
 delete mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave.rs
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh

diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/Makefile b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/Makefile
index b17f9a12a29..6a04d343910 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/Makefile
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/Makefile
@@ -2,16 +2,22 @@
 
 #only-x86_64-fortanix-unknown-sgx
 
-OBJDUMP="${S}/build/x86_64-unknown-linux-gnu/llvm/build/bin/llvm-objdump"
-FILECHECK="${S}/build/x86_64-unknown-linux-gnu/llvm/build/bin/FileCheck"
+# For cargo setting
+export RUSTC := $(RUSTC_ORIGINAL)
+export LD_LIBRARY_PATH := $(HOST_RPATH_DIR)
+# We need to be outside of 'src' dir in order to run cargo
+export WORK_DIR := $(TMPDIR)
+export TEST_DIR := $(shell pwd)
+
+## clean up unused env variables which might cause harm.
+unexport RUSTC_LINKER
+unexport RUSTC_BOOTSTRAP
+unexport RUST_BUILD_STAGE
+unexport RUST_TEST_THREADS
+unexport RUST_TEST_TMPDIR
+unexport AR
+unexport CC
+unexport CXX
 
 all:
-	$(RUSTC) --target ${TARGET} enclave.rs
-
-	#TODO: re-enable check when newly compiled libunwind is used
-	#${OBJDUMP} --disassemble-symbols=unw_getcontext --demangle $(TMPDIR)/enclave > $(TMPDIR)/unw_getcontext.asm
-	#${FILECHECK} --input-file $(TMPDIR)/unw_getcontext.asm unw_getcontext.checks
-
-	#TODO: re-enable check when newly compiled libunwind is used
-	${OBJDUMP} --disassemble-symbols="libunwind::Registers_x86_64::jumpto()" --demangle $(TMPDIR)/enclave > $(TMPDIR)/jumpto.asm
-	${FILECHECK} --input-file $(TMPDIR)/jumpto.asm jumpto.checks
+	bash script.sh
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave.rs
deleted file mode 100644
index 66c8ead3e0f..00000000000
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave.rs
+++ /dev/null
@@ -1,5 +0,0 @@
-
-pub fn main() {
-    println!("Hello, World!");
-}
-
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml
new file mode 100644
index 00000000000..723cd7c3cc2
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml
@@ -0,0 +1,9 @@
+[package]
+name = "enclave"
+version = "0.1.0"
+authors = ["Raoul Strackx <raoul.strackx@fortanix.com>"]
+edition = "2018"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
new file mode 100644
index 00000000000..e7a11a969c0
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
@@ -0,0 +1,3 @@
+fn main() {
+    println!("Hello, world!");
+}
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks
new file mode 100644
index 00000000000..0fe88141b24
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/print.checks
@@ -0,0 +1,7 @@
+CHECK: print
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      popq
+CHECK:      callq 0x{{[[:xdigit:]]*}} <_Unwind_Resume>
+CHECK-NEXT: ud2
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
new file mode 100644
index 00000000000..98e5284aadc
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
@@ -0,0 +1,42 @@
+set -exuo pipefail
+
+function build {
+    CRATE=enclave
+
+    mkdir -p $WORK_DIR
+    pushd $WORK_DIR
+        rm -rf $CRATE
+        cp -a $TEST_DIR/enclave .
+        pushd $CRATE
+            echo ${WORK_DIR}
+            # HACK(eddyb) sets `RUSTC_BOOTSTRAP=1` so Cargo can accept nightly features.
+            # These come from the top-level Rust workspace, that this crate is not a
+            # member of, but Cargo tries to load the workspace `Cargo.toml` anyway.
+            env RUSTC_BOOTSTRAP=1  \
+                cargo -v run --target $TARGET
+            env RUSTC_BOOTSTRAP=1  \
+                cargo -v run --target $TARGET --release 
+        popd
+    popd
+}
+
+function check {
+    local func=$1
+    local checks="${TEST_DIR}/$2"
+    local asm=$(mktemp)
+    local objdump="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/llvm-objdump"
+    local filecheck="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/FileCheck"
+    
+    ${objdump} --disassemble-symbols=${func} --demangle ${WORK_DIR}/enclave/target/x86_64-fortanix-unknown-sgx/debug/enclave > ${asm}
+    ${filecheck} --input-file ${asm} ${checks}
+}
+
+build
+
+#TODO: re-enable check when newly compiled libunwind is used
+#check unw_getcontext unw_getcontext.checks
+
+#TODO: re-enable check when newly compiled libunwind is used
+#check "libunwind::Registers_x86_64::jumpto()" jumpto.checks
+
+check "std::io::stdio::_print::h87f0c238421c45bc" print.checks

From 0526e750cd4e88fbb24ea92e809dfb6eefbf8fa0 Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Thu, 26 Mar 2020 13:57:37 +0100
Subject: [PATCH 07/14] started using cc crate

---
 .../cc_plus_one_c.checks                             |  6 ++++++
 .../enclave/Cargo.toml                               |  3 +++
 .../x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs |  5 +++++
 .../x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c    |  4 ++++
 .../enclave/src/main.rs                              | 12 ++++++++++--
 .../x86_64-fortanix-unknown-sgx-lvi/script.sh        |  5 ++---
 6 files changed, 30 insertions(+), 5 deletions(-)
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_c.checks
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c

diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_c.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_c.checks
new file mode 100644
index 00000000000..b93b33afb3f
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_c.checks
@@ -0,0 +1,6 @@
+CHECK: cc_plus_one_c
+CHECK:      lfence
+CHECK:      popq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
+CHECK-NEXT: lfence
+CHECK-NEXT: jmpq *[[REGISTER]]
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml
index 723cd7c3cc2..da1b1e7f06c 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml
@@ -7,3 +7,6 @@ edition = "2018"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+
+[build-dependencies]
+cc = "1.0"
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
new file mode 100644
index 00000000000..3ccb4100ceb
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
@@ -0,0 +1,5 @@
+fn main() {
+    cc::Build::new()
+        .file("foo.c")
+        .compile("foo");
+}
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c
new file mode 100644
index 00000000000..bfe7757e4c1
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c
@@ -0,0 +1,4 @@
+
+int cc_plus_one_c(int *arg) {
+    return *arg + 1;
+}
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
index e7a11a969c0..25adef5f917 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
@@ -1,3 +1,11 @@
-fn main() {
-    println!("Hello, world!");
+extern {
+    fn cc_plus_one_c(arg : &u32) -> u32;
+}
+
+fn main() {
+    let value : u32 = 41;
+    
+    unsafe{
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_c(&value));
+    }
 }
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
index 98e5284aadc..ae95dd9dac0 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
@@ -12,10 +12,8 @@ function build {
             # HACK(eddyb) sets `RUSTC_BOOTSTRAP=1` so Cargo can accept nightly features.
             # These come from the top-level Rust workspace, that this crate is not a
             # member of, but Cargo tries to load the workspace `Cargo.toml` anyway.
-            env RUSTC_BOOTSTRAP=1  \
+            env RUSTC_BOOTSTRAP=1
                 cargo -v run --target $TARGET
-            env RUSTC_BOOTSTRAP=1  \
-                cargo -v run --target $TARGET --release 
         popd
     popd
 }
@@ -40,3 +38,4 @@ build
 #check "libunwind::Registers_x86_64::jumpto()" jumpto.checks
 
 check "std::io::stdio::_print::h87f0c238421c45bc" print.checks
+check cc_plus_one_c cc_plus_one_c.checks

From bdf81f508d0b79751063b93f4d151ec6a90d2a09 Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Thu, 26 Mar 2020 15:05:43 +0100
Subject: [PATCH 08/14] test hardening C inline assembly code (cc crate)

---
 .../cc_plus_one_c_asm.checks                      | 15 +++++++++++++++
 .../enclave/build.rs                              |  2 +-
 .../x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c | 14 ++++++++++++++
 .../enclave/src/main.rs                           |  2 ++
 .../x86_64-fortanix-unknown-sgx-lvi/script.sh     |  1 +
 5 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_c_asm.checks

diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_c_asm.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_c_asm.checks
new file mode 100644
index 00000000000..d1fae3d495f
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_c_asm.checks
@@ -0,0 +1,15 @@
+CHECK: cc_plus_one_c_asm
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK-NEXT: incl
+CHECK-NEXT: jmp
+CHECK-NEXT: shlq    $0, (%rsp)
+CHECK-NEXT: lfence
+CHECK-NEXT: retq
+CHECK:      popq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
+CHECK-NEXT: lfence
+CHECK-NEXT: jmpq *[[REGISTER]]
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
index 3ccb4100ceb..b0d0b42a30d 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
@@ -1,5 +1,5 @@
 fn main() {
     cc::Build::new()
         .file("foo.c")
-        .compile("foo");
+        .compile("foo_c");
 }
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c
index bfe7757e4c1..971dfa9d171 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c
@@ -2,3 +2,17 @@
 int cc_plus_one_c(int *arg) {
     return *arg + 1;
 }
+
+int cc_plus_one_c_asm(int *arg) {
+    int value = 0;
+
+    asm volatile ( "    movl (%1), %0\n"
+                   "    inc %0\n"
+                   "    jmp 1f\n"
+                   "    retq\n"  // never executed, but a shortcut to determine how the assembler deals with `ret` instructions
+                   "1:\n"
+                   : "=r"(value)
+                   : "r"(arg) );
+
+    return value;
+}
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
index 25adef5f917..f8a27255ed0 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
@@ -1,5 +1,6 @@
 extern {
     fn cc_plus_one_c(arg : &u32) -> u32;
+    fn cc_plus_one_c_asm(arg : &u32) -> u32;
 }
 
 fn main() {
@@ -7,5 +8,6 @@ fn main() {
     
     unsafe{
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_c(&value));
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_c_asm(&value));
     }
 }
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
index ae95dd9dac0..91f7ee45b54 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
@@ -39,3 +39,4 @@ build
 
 check "std::io::stdio::_print::h87f0c238421c45bc" print.checks
 check cc_plus_one_c cc_plus_one_c.checks
+check cc_plus_one_c_asm cc_plus_one_c_asm.checks

From 64811ed5a590ef4c89c09f4d04d3cea11251da52 Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Fri, 27 Mar 2020 11:24:17 +0100
Subject: [PATCH 09/14] testing c++ code (cc crate)

---
 .../cc_plus_one_cxx.checks                    |  6 ++++++
 .../cc_plus_one_cxx_asm.checks                | 16 +++++++++++++++
 .../enclave/build.rs                          |  6 ++++++
 .../enclave/foo_cxx.cpp                       | 20 +++++++++++++++++++
 .../enclave/src/main.rs                       |  4 ++++
 .../x86_64-fortanix-unknown-sgx-lvi/script.sh |  3 +++
 6 files changed, 55 insertions(+)
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_cxx.checks
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_cxx_asm.checks
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp

diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_cxx.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_cxx.checks
new file mode 100644
index 00000000000..f96f152c02f
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_cxx.checks
@@ -0,0 +1,6 @@
+CHECK: cc_plus_one_cxx
+CHECK:      lfence
+CHECK:      popq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
+CHECK-NEXT: lfence
+CHECK-NEXT: jmpq *[[REGISTER]]
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_cxx_asm.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_cxx_asm.checks
new file mode 100644
index 00000000000..e704bf41724
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_cxx_asm.checks
@@ -0,0 +1,16 @@
+CHECK: cc_plus_one_cxx_asm
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      movl
+CHECK:      lfence
+CHECK:      lfence
+CHECK-NEXT: incl
+CHECK-NEXT: jmp     0x{{[[:xdigit:]]+}} <cc_plus_one_cxx_asm+0x{{[[:xdigit:]]+}}>
+CHECK-NEXT: shlq    $0, (%rsp)
+CHECK-NEXT: lfence
+CHECK-NEXT: retq
+CHECK:      popq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
+CHECK-NEXT: lfence
+CHECK-NEXT: jmpq *[[REGISTER]]
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
index b0d0b42a30d..66ddea3793a 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
@@ -2,4 +2,10 @@ fn main() {
     cc::Build::new()
         .file("foo.c")
         .compile("foo_c");
+
+    cc::Build::new()
+        .cpp(true)
+        .cpp_set_stdlib(None)
+        .file("foo_cxx.cpp")
+        .compile("foo_cxx");
 }
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp
new file mode 100644
index 00000000000..1f22c85c4cd
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp
@@ -0,0 +1,20 @@
+extern "C" int cc_plus_one_cxx(int *arg);
+extern "C" int cc_plus_one_cxx_asm(int *arg);
+
+int cc_plus_one_cxx(int *arg) {
+    return *arg + 1;
+}
+
+int cc_plus_one_cxx_asm(int *arg) {
+    int value = 0;
+
+    asm volatile ( "    movl (%1), %0\n"
+                   "    inc %0\n"
+                   "    jmp 1f\n"
+                   "    retq\n"  // never executed, but a shortcut to determine how the assembler deals with `ret` instructions
+                   "1:\n"
+                   : "=r"(value)
+                   : "r"(arg) );
+
+    return value;
+}
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
index f8a27255ed0..afbee78e345 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
@@ -1,6 +1,8 @@
 extern {
     fn cc_plus_one_c(arg : &u32) -> u32;
     fn cc_plus_one_c_asm(arg : &u32) -> u32;
+    fn cc_plus_one_cxx(arg : &u32) -> u32;
+    fn cc_plus_one_cxx_asm(arg : &u32) -> u32;
 }
 
 fn main() {
@@ -9,5 +11,7 @@ fn main() {
     unsafe{
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_c(&value));
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_c_asm(&value));
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_cxx(&value));
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_cxx_asm(&value));
     }
 }
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
index 91f7ee45b54..be2d247de0b 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
@@ -9,6 +9,7 @@ function build {
         cp -a $TEST_DIR/enclave .
         pushd $CRATE
             echo ${WORK_DIR}
+            hardening_flags="-mlvi-hardening -mllvm -x86-lvi-load-inline-asm"
             # HACK(eddyb) sets `RUSTC_BOOTSTRAP=1` so Cargo can accept nightly features.
             # These come from the top-level Rust workspace, that this crate is not a
             # member of, but Cargo tries to load the workspace `Cargo.toml` anyway.
@@ -40,3 +41,5 @@ build
 check "std::io::stdio::_print::h87f0c238421c45bc" print.checks
 check cc_plus_one_c cc_plus_one_c.checks
 check cc_plus_one_c_asm cc_plus_one_c_asm.checks
+check cc_plus_one_cxx cc_plus_one_cxx.checks
+check cc_plus_one_cxx_asm cc_plus_one_cxx_asm.checks

From d8a7904e06e77baf137b6713f9bf79f74ae6edfe Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Fri, 27 Mar 2020 14:19:07 +0100
Subject: [PATCH 10/14] LVI hardening tests for cmake

---
 .../cmake_plus_one_c.checks                   |  6 ++++++
 .../cmake_plus_one_c_asm.checks               | 16 +++++++++++++++
 .../cmake_plus_one_cxx.checks                 |  6 ++++++
 .../cmake_plus_one_cxx_asm.checks             | 16 +++++++++++++++
 .../enclave/Cargo.toml                        |  1 +
 .../enclave/build.rs                          | 15 ++++++++++++++
 .../enclave/libcmake_foo/CMakeLists.txt       |  4 ++++
 .../enclave/libcmake_foo/src/foo.c            | 17 ++++++++++++++++
 .../enclave/libcmake_foo/src/foo_cxx.cpp      | 20 +++++++++++++++++++
 .../enclave/src/main.rs                       |  9 +++++++++
 .../x86_64-fortanix-unknown-sgx-lvi/script.sh | 10 ++++++++++
 11 files changed, 120 insertions(+)
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c.checks
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c_asm.checks
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx.checks
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx_asm.checks
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/CMakeLists.txt
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp

diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c.checks
new file mode 100644
index 00000000000..f551356b2ff
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c.checks
@@ -0,0 +1,6 @@
+CHECK: cmake_plus_one_c
+CHECK:      lfence
+CHECK:      popq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
+CHECK-NEXT: lfence
+CHECK-NEXT: jmpq *[[REGISTER]]
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c_asm.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c_asm.checks
new file mode 100644
index 00000000000..87c806f137a
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c_asm.checks
@@ -0,0 +1,16 @@
+CHECK: cmake_plus_one_c_asm
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      movl
+CHECK:      lfence
+CHECK-NEXT: incl
+CHECK-NEXT: jmp     0x{{[[:xdigit:]]+}} <cmake_plus_one_c_asm+0x{{[[:xdigit:]]+}}>
+CHECK-NEXT: shlq    $0, (%rsp)
+CHECK-NEXT: lfence
+CHECK-NEXT: retq
+CHECK:      popq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
+CHECK-NEXT: lfence
+CHECK-NEXT: jmpq *[[REGISTER]]
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx.checks
new file mode 100644
index 00000000000..0f403e0203c
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx.checks
@@ -0,0 +1,6 @@
+CHECK: cmake_plus_one_cxx
+CHECK:      lfence
+CHECK:      popq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
+CHECK-NEXT: lfence
+CHECK-NEXT: jmpq *[[REGISTER]]
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx_asm.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx_asm.checks
new file mode 100644
index 00000000000..9cac8711ea8
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx_asm.checks
@@ -0,0 +1,16 @@
+CHECK: cmake_plus_one_cxx_asm
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      lfence
+CHECK:      movl
+CHECK:      lfence
+CHECK-NEXT: incl
+CHECK-NEXT: jmp     0x{{[[:xdigit:]]+}} <cmake_plus_one_cxx_asm+0x{{[[:xdigit:]]+}}>
+CHECK-NEXT: shlq    $0, (%rsp)
+CHECK-NEXT: lfence
+CHECK-NEXT: retq
+CHECK:      popq
+CHECK-NEXT: popq [[REGISTER:%[a-z]+]]
+CHECK-NEXT: lfence
+CHECK-NEXT: jmpq *[[REGISTER]]
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml
index da1b1e7f06c..89490686584 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/Cargo.toml
@@ -10,3 +10,4 @@ edition = "2018"
 
 [build-dependencies]
 cc = "1.0"
+cmake = "0.1"
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
index 66ddea3793a..eff25e8641b 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
@@ -8,4 +8,19 @@ fn main() {
         .cpp_set_stdlib(None)
         .file("foo_cxx.cpp")
         .compile("foo_cxx");
+
+    // When the cmake crate detects the clang compiler, it passes the
+    //  "--target" argument to the linker which subsequently fails. The
+    //  `CMAKE_C_COMPILER_FORCED` option makes sure that `cmake` does not
+    //  tries to test the compiler. From version 3.6 the option
+    //  `CMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY` can be used
+    //  https://cmake.org/cmake/help/v3.5/module/CMakeForceCompiler.html
+    let dst = cmake::Config::new("libcmake_foo")
+                .build_target("cmake_foo")
+                .define("CMAKE_C_COMPILER_FORCED", "1")
+                .define("CMAKE_CXX_COMPILER_FORCED", "1")
+                .define("CMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY", "1")
+                .build();
+    println!("cargo:rustc-link-search=native={}/build/", dst.display());
+    println!("cargo:rustc-link-lib=static=cmake_foo");
 }
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/CMakeLists.txt b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/CMakeLists.txt
new file mode 100644
index 00000000000..f501fe6f7dd
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/CMakeLists.txt
@@ -0,0 +1,4 @@
+add_library(cmake_foo STATIC
+    src/foo.c
+    src/foo_cxx.cpp
+)
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c
new file mode 100644
index 00000000000..cbfde6ce929
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c
@@ -0,0 +1,17 @@
+int cmake_plus_one_c(int *arg) {
+    return *arg + 1;
+}
+
+int cmake_plus_one_c_asm(int *arg) {
+    int value = 0;
+
+    asm volatile ( "    movl (%1), %0\n"
+                   "    inc %0\n"
+                   "    jmp 1f\n"
+                   "    retq\n"  // never executed, but a shortcut to determine how the assembler deals with `ret` instructions
+                   "1:\n"
+                   : "=r"(value)
+                   : "r"(arg) );
+
+    return value;
+}
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp
new file mode 100644
index 00000000000..63a89111c11
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp
@@ -0,0 +1,20 @@
+extern "C" int cmake_plus_one_cxx(int *arg);
+extern "C" int cmake_plus_one_cxx_asm(int *arg);
+
+int cmake_plus_one_cxx(int *arg) {
+    return *arg + 1;
+}
+
+int cmake_plus_one_cxx_asm(int *arg) {
+    int value = 0;
+
+    asm volatile ( "    movl (%1), %0\n"
+                   "    inc %0\n"
+                   "    jmp 1f\n"
+                   "    retq\n"  // never executed, but a shortcut to determine how the assembler deals with `ret` instructions
+                   "1:\n"
+                   : "=r"(value)
+                   : "r"(arg) );
+
+    return value;
+}
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
index afbee78e345..358547c1362 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
@@ -3,6 +3,10 @@ extern {
     fn cc_plus_one_c_asm(arg : &u32) -> u32;
     fn cc_plus_one_cxx(arg : &u32) -> u32;
     fn cc_plus_one_cxx_asm(arg : &u32) -> u32;
+    fn cmake_plus_one_c(arg : &u32) -> u32;
+    fn cmake_plus_one_c_asm(arg : &u32) -> u32;
+    fn cmake_plus_one_cxx(arg : &u32) -> u32;
+    fn cmake_plus_one_cxx_asm(arg : &u32) -> u32;
 }
 
 fn main() {
@@ -13,5 +17,10 @@ fn main() {
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_c_asm(&value));
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_cxx(&value));
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_cxx_asm(&value));
+        
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_c(&value));
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_c_asm(&value));
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_cxx(&value));
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_cxx_asm(&value));
     }
 }
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
index be2d247de0b..1595dbbbb9f 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
@@ -39,7 +39,17 @@ build
 #check "libunwind::Registers_x86_64::jumpto()" jumpto.checks
 
 check "std::io::stdio::_print::h87f0c238421c45bc" print.checks
+#TODO: the current passes cannot handle module level assembly!
+#  No checks are implemented
 check cc_plus_one_c cc_plus_one_c.checks
 check cc_plus_one_c_asm cc_plus_one_c_asm.checks
 check cc_plus_one_cxx cc_plus_one_cxx.checks
 check cc_plus_one_cxx_asm cc_plus_one_cxx_asm.checks
+
+check cmake_plus_one_c cmake_plus_one_c.checks
+check cmake_plus_one_c_asm cmake_plus_one_c_asm.checks
+check cmake_plus_one_cxx cmake_plus_one_cxx.checks
+check cmake_plus_one_cxx_asm cmake_plus_one_cxx_asm.checks
+
+#WARNING clang/clang++ use an integrated assembler when given an assembly file.
+#  LVI patches are *not* applied

From 72a8e6b1931cac7e1c716688501c324cb77c9d09 Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Fri, 27 Mar 2020 15:48:10 +0100
Subject: [PATCH 11/14] Adding checks for module level assembly

---
 .../cc_plus_one_asm.checks                    |  8 +++++
 .../cmake_plus_one_asm.checks                 |  7 ++++
 .../cmake_plus_one_c_global_asm.checks        |  2 ++
 .../cmake_plus_one_cxx_global_asm.checks      |  2 ++
 .../enclave/build.rs                          |  4 +++
 .../enclave/foo_asm.s                         |  7 ++++
 .../enclave/libcmake_foo/CMakeLists.txt       | 33 +++++++++++++++++--
 .../enclave/libcmake_foo/src/foo.c            |  8 +++++
 .../enclave/libcmake_foo/src/foo_asm.s        |  7 ++++
 .../enclave/libcmake_foo/src/foo_cxx.cpp      |  8 +++++
 .../enclave/src/main.rs                       | 23 ++++++++++++-
 .../rust_plus_one_global_asm.checks           |  2 ++
 .../x86_64-fortanix-unknown-sgx-lvi/script.sh | 13 ++++----
 13 files changed, 115 insertions(+), 9 deletions(-)
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_asm.checks
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c_global_asm.checks
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx_global_asm.checks
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_asm.s
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_asm.s
 create mode 100644 src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/rust_plus_one_global_asm.checks

diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks
new file mode 100644
index 00000000000..e839c200bbb
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cc_plus_one_asm.checks
@@ -0,0 +1,8 @@
+CHECK: cc_plus_one_asm
+CHECK-NEXT: movl
+CHECK-NEXT: lfence
+CHECK-NEXT: inc
+CHECK-NEXT: notq (%rsp)
+CHECK-NEXT: notq (%rsp)
+CHECK-NEXT: lfence
+CHECK-NEXT: retq
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_asm.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_asm.checks
new file mode 100644
index 00000000000..78b18ccbfcb
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_asm.checks
@@ -0,0 +1,7 @@
+CHECK: cmake_plus_one_asm
+CHECK-NEXT: movl
+CHECK-NEXT: lfence
+CHECK-NEXT: incl
+CHECK-NEXT: shlq    $0, (%rsp)
+CHECK-NEXT: lfence
+CHECK-NEXT: retq
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c_global_asm.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c_global_asm.checks
new file mode 100644
index 00000000000..4b66cc5bc83
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_c_global_asm.checks
@@ -0,0 +1,2 @@
+CHECK: cmake_plus_one_c_global_asm
+CHECK: lfence
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx_global_asm.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx_global_asm.checks
new file mode 100644
index 00000000000..d4a3d447901
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/cmake_plus_one_cxx_global_asm.checks
@@ -0,0 +1,2 @@
+CHECK: cmake_plus_one_cxx_global_asm
+CHECK: lfence
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
index eff25e8641b..3a7aa1be868 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/build.rs
@@ -3,6 +3,10 @@ fn main() {
         .file("foo.c")
         .compile("foo_c");
 
+    cc::Build::new()
+        .file("foo_asm.s")
+        .compile("foo_asm");
+
     cc::Build::new()
         .cpp(true)
         .cpp_set_stdlib(None)
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_asm.s b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_asm.s
new file mode 100644
index 00000000000..6d56214e87e
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_asm.s
@@ -0,0 +1,7 @@
+    .text
+    .global cc_plus_one_asm
+    .type cc_plus_one_asm, @function
+cc_plus_one_asm:
+    movl (%rdi), %eax
+    inc %eax
+    retq
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/CMakeLists.txt b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/CMakeLists.txt
index f501fe6f7dd..27cdf2ecf82 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/CMakeLists.txt
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/CMakeLists.txt
@@ -1,4 +1,33 @@
-add_library(cmake_foo STATIC
+enable_language(C CXX ASM)
+
+set(C_SOURCES
     src/foo.c
+    )
+
+set_source_files_properties(${C_SOURCES}
+                            PROPERTIES
+                            LANGUAGE C)
+
+set(CXX_SOURCES
     src/foo_cxx.cpp
-)
+    )
+
+set_source_files_properties(${CXX_SOURCES}
+                            PROPERTIES
+                            LANGUAGE CXX)
+
+set(ASM_SOURCES
+    src/foo_asm.s
+    )
+
+set_source_files_properties(${ASM_SOURCES}
+                            PROPERTIES
+                            LANGUAGE ASM)
+
+set(SOURCES
+    ${C_SOURCES}
+    ${CXX_SOURCES}
+    ${ASM_SOURCES})
+        
+add_library(cmake_foo STATIC
+    ${SOURCES})
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c
index cbfde6ce929..e3a8fcdf414 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c
@@ -15,3 +15,11 @@ int cmake_plus_one_c_asm(int *arg) {
 
     return value;
 }
+
+asm(".text\n"
+"    .global cmake_plus_one_c_global_asm\n"
+"    .type cmake_plus_one_c_global_asm, @function\n"
+"cmake_plus_one_c_global_asm:\n"
+"    movl (%rdi), %eax\n"
+"    inc %eax\n"
+"    retq\n" );
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_asm.s b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_asm.s
new file mode 100644
index 00000000000..64b6b430eea
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_asm.s
@@ -0,0 +1,7 @@
+    .text
+    .global cmake_plus_one_asm
+    .type cmake_plus_one_asm, @function
+cmake_plus_one_asm:
+    movl (%rdi), %eax
+    inc %eax
+    retq
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp
index 63a89111c11..a1a7b29d8c1 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp
@@ -18,3 +18,11 @@ int cmake_plus_one_cxx_asm(int *arg) {
 
     return value;
 }
+
+asm(".text\n"
+"    .global cmake_plus_one_cxx_global_asm\n"
+"    .type cmake_plus_one_cxx_global_asm, @function\n"
+"cmake_plus_one_cxx_global_asm:\n"
+"    movl (%rdi), %eax\n"
+"    inc %eax\n"
+"    retq\n" );
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
index 358547c1362..697ab29a59c 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
@@ -1,26 +1,47 @@
+#![feature(global_asm)]
+
+global_asm!( r#"
+    .text
+    .global rust_plus_one_global_asm
+    .type rust_plus_one_global_asm, @function
+rust_plus_one_global_asm:
+    movl (%rdi), %eax
+    inc %eax
+    retq
+"# );
+
 extern {
     fn cc_plus_one_c(arg : &u32) -> u32;
     fn cc_plus_one_c_asm(arg : &u32) -> u32;
     fn cc_plus_one_cxx(arg : &u32) -> u32;
     fn cc_plus_one_cxx_asm(arg : &u32) -> u32;
+    fn cc_plus_one_asm(arg : &u32) -> u32;
     fn cmake_plus_one_c(arg : &u32) -> u32;
     fn cmake_plus_one_c_asm(arg : &u32) -> u32;
     fn cmake_plus_one_cxx(arg : &u32) -> u32;
     fn cmake_plus_one_cxx_asm(arg : &u32) -> u32;
+    fn cmake_plus_one_c_global_asm(arg : &u32) -> u32;
+    fn cmake_plus_one_cxx_global_asm(arg : &u32) -> u32;
+    fn cmake_plus_one_asm(arg : &u32) -> u32;
+    fn rust_plus_one_global_asm(arg : &u32) -> u32;
 }
 
 fn main() {
     let value : u32 = 41;
     
     unsafe{
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", rust_plus_one_global_asm(&value));
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_c(&value));
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_c_asm(&value));
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_cxx(&value));
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_cxx_asm(&value));
-        
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_asm(&value));
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_c(&value));
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_c_asm(&value));
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_cxx(&value));
         println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_cxx_asm(&value));
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_c_global_asm(&value));
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_cxx_global_asm(&value));
+        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_asm(&value));
     }
 }
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/rust_plus_one_global_asm.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/rust_plus_one_global_asm.checks
new file mode 100644
index 00000000000..fe6777537fb
--- /dev/null
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/rust_plus_one_global_asm.checks
@@ -0,0 +1,2 @@
+CHECK: rust_plus_one_global_asm
+CHECK: lfence
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
index 1595dbbbb9f..9f151b34c91 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
@@ -9,7 +9,6 @@ function build {
         cp -a $TEST_DIR/enclave .
         pushd $CRATE
             echo ${WORK_DIR}
-            hardening_flags="-mlvi-hardening -mllvm -x86-lvi-load-inline-asm"
             # HACK(eddyb) sets `RUSTC_BOOTSTRAP=1` so Cargo can accept nightly features.
             # These come from the top-level Rust workspace, that this crate is not a
             # member of, but Cargo tries to load the workspace `Cargo.toml` anyway.
@@ -39,17 +38,19 @@ build
 #check "libunwind::Registers_x86_64::jumpto()" jumpto.checks
 
 check "std::io::stdio::_print::h87f0c238421c45bc" print.checks
-#TODO: the current passes cannot handle module level assembly!
-#  No checks are implemented
+check rust_plus_one_global_asm rust_plus_one_global_asm.checks || echo "warning: module level assembly currently not hardened"
+
 check cc_plus_one_c cc_plus_one_c.checks
 check cc_plus_one_c_asm cc_plus_one_c_asm.checks
 check cc_plus_one_cxx cc_plus_one_cxx.checks
 check cc_plus_one_cxx_asm cc_plus_one_cxx_asm.checks
+check cc_plus_one_asm cc_plus_one_asm.checks || echo "warning: the cc crate forwards assembly files to the CC compiler.\
+ Clang uses its own intergrated assembler, which does not include the LVI passes."
 
 check cmake_plus_one_c cmake_plus_one_c.checks
 check cmake_plus_one_c_asm cmake_plus_one_c_asm.checks
+check cmake_plus_one_c_global_asm cmake_plus_one_c_global_asm.checks || echo "warning: module level assembly currently not hardened"
 check cmake_plus_one_cxx cmake_plus_one_cxx.checks
 check cmake_plus_one_cxx_asm cmake_plus_one_cxx_asm.checks
-
-#WARNING clang/clang++ use an integrated assembler when given an assembly file.
-#  LVI patches are *not* applied
+check cmake_plus_one_cxx_global_asm cmake_plus_one_cxx_global_asm.checks || echo "warning: module level assembly currently not hardened"
+check cmake_plus_one_asm cmake_plus_one_asm.checks

From 8ca26cca2919977cba79e7436c4f72fb6661ea9b Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Fri, 27 Mar 2020 16:46:52 +0100
Subject: [PATCH 12/14] Building libunwind with new CMakeLists.

The old CMakeLists file of libunwind used the C compiler to compile assembly files. This caused such code not to be hardened.
---
 ...6_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs | 4 ----
 .../run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh    | 8 ++------
 .../x86_64-fortanix-unknown-sgx-lvi/unw_getcontext.checks | 3 +--
 3 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs
index 6b7e7b7767c..b8dc747d3b4 100644
--- a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs
+++ b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs
@@ -10,7 +10,3 @@ global_asm!(".start_module_asm:
             movq (%rdi), %rax
             retq
             .end_module_asm:" );
-
-// CHECK: .start_module_asm
-// TODO add check, when module-level pass is corrected
-// CHECK: .end_module_asm
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
index 9f151b34c91..ee6dc33feae 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
@@ -31,12 +31,8 @@ function check {
 
 build
 
-#TODO: re-enable check when newly compiled libunwind is used
-#check unw_getcontext unw_getcontext.checks
-
-#TODO: re-enable check when newly compiled libunwind is used
-#check "libunwind::Registers_x86_64::jumpto()" jumpto.checks
-
+check unw_getcontext unw_getcontext.checks
+check "libunwind::Registers_x86_64::jumpto()" jumpto.checks
 check "std::io::stdio::_print::h87f0c238421c45bc" print.checks
 check rust_plus_one_global_asm rust_plus_one_global_asm.checks || echo "warning: module level assembly currently not hardened"
 
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/unw_getcontext.checks b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/unw_getcontext.checks
index 50b828662e3..4b7615b115d 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/unw_getcontext.checks
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/unw_getcontext.checks
@@ -1,7 +1,6 @@
 CHECK: unw_getcontext
 CHECK:      lfence
 CHECK:      lfence
-CHECK:      notq (%rsp)
-CHECK-NEXT: notq (%rsp)
+CHECK:      shlq    $0, (%rsp)
 CHECK-NEXT: lfence
 CHECK-NEXT: retq

From 7d3c3fdc1d57d555c726f1caa444e9dd5a02e142 Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Fri, 25 Sep 2020 15:13:55 +0200
Subject: [PATCH 13/14] cleaning up code

---
 ...4-fortanix-unknown-sgx-lvi-generic-load.rs |  1 -
 ...64-fortanix-unknown-sgx-lvi-generic-ret.rs |  1 -
 ...x-unknown-sgx-lvi-module-level-assembly.rs | 12 --------
 .../enclave/foo.c                             |  4 +--
 .../enclave/foo_cxx.cpp                       |  3 +-
 .../enclave/libcmake_foo/src/foo.c            |  3 +-
 .../enclave/libcmake_foo/src/foo_cxx.cpp      |  3 +-
 .../enclave/src/main.rs                       | 29 ++++++++++---------
 .../x86_64-fortanix-unknown-sgx-lvi/script.sh | 19 +++++++-----
 9 files changed, 35 insertions(+), 40 deletions(-)
 delete mode 100644 src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs

diff --git a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs
index 87ebb71dce9..79d82cf70d3 100644
--- a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs
+++ b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-load.rs
@@ -15,4 +15,3 @@ pub extern fn plus_one(r: &mut u64) {
 // CHECK: popq [[REGISTER:%[a-z]+]]
 // CHECK-NEXT: lfence
 // CHECK-NEXT: jmpq *[[REGISTER]]
-
diff --git a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-ret.rs b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-ret.rs
index 5ca5dd6f272..a21ef6b7589 100644
--- a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-ret.rs
+++ b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-generic-ret.rs
@@ -10,4 +10,3 @@ pub extern fn myret() {}
 // CHECK: popq [[REGISTER:%[a-z]+]]
 // CHECK-NEXT: lfence
 // CHECK-NEXT: jmpq *[[REGISTER]]
-
diff --git a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs b/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs
deleted file mode 100644
index b8dc747d3b4..00000000000
--- a/src/test/assembly/x86_64-fortanix-unknown-sgx-lvi-module-level-assembly.rs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Test LVI load hardening on SGX module level assembly code
-
-// assembly-output: emit-asm
-// compile-flags: --crate-type staticlib
-// only-x86_64-fortanix-unknown-sgx
-
-#![feature(global_asm)]
-
-global_asm!(".start_module_asm:
-            movq (%rdi), %rax
-            retq
-            .end_module_asm:" );
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c
index 971dfa9d171..dd76d4f303a 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c
@@ -1,4 +1,3 @@
-
 int cc_plus_one_c(int *arg) {
     return *arg + 1;
 }
@@ -9,7 +8,8 @@ int cc_plus_one_c_asm(int *arg) {
     asm volatile ( "    movl (%1), %0\n"
                    "    inc %0\n"
                    "    jmp 1f\n"
-                   "    retq\n"  // never executed, but a shortcut to determine how the assembler deals with `ret` instructions
+                   "    retq\n"  // never executed, but a shortcut to determine how
+                                 // the assembler deals with `ret` instructions
                    "1:\n"
                    : "=r"(value)
                    : "r"(arg) );
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp
index 1f22c85c4cd..ac6f64ac413 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp
@@ -11,7 +11,8 @@ int cc_plus_one_cxx_asm(int *arg) {
     asm volatile ( "    movl (%1), %0\n"
                    "    inc %0\n"
                    "    jmp 1f\n"
-                   "    retq\n"  // never executed, but a shortcut to determine how the assembler deals with `ret` instructions
+                   "    retq\n"  // never executed, but a shortcut to determine how
+                                 // the assembler deals with `ret` instructions
                    "1:\n"
                    : "=r"(value)
                    : "r"(arg) );
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c
index e3a8fcdf414..c3b731a2d50 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c
@@ -8,7 +8,8 @@ int cmake_plus_one_c_asm(int *arg) {
     asm volatile ( "    movl (%1), %0\n"
                    "    inc %0\n"
                    "    jmp 1f\n"
-                   "    retq\n"  // never executed, but a shortcut to determine how the assembler deals with `ret` instructions
+                   "    retq\n"  // never executed, but a shortcut to determine how
+                                 // the assembler deals with `ret` instructions
                    "1:\n"
                    : "=r"(value)
                    : "r"(arg) );
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp
index a1a7b29d8c1..824e2afebcc 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp
@@ -11,7 +11,8 @@ int cmake_plus_one_cxx_asm(int *arg) {
     asm volatile ( "    movl (%1), %0\n"
                    "    inc %0\n"
                    "    jmp 1f\n"
-                   "    retq\n"  // never executed, but a shortcut to determine how the assembler deals with `ret` instructions
+                   "    retq\n"  // never executed, but a shortcut to determine how
+                                 // the assembler deals with `ret` instructions
                    "1:\n"
                    : "=r"(value)
                    : "r"(arg) );
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
index 697ab29a59c..8e91a8d842c 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/src/main.rs
@@ -28,20 +28,21 @@ extern {
 
 fn main() {
     let value : u32 = 41;
-    
+    let question = "Answer to the Ultimate Question of Life, the Universe, and Everything:";
+
     unsafe{
-        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", rust_plus_one_global_asm(&value));
-        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_c(&value));
-        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_c_asm(&value));
-        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_cxx(&value));
-        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_cxx_asm(&value));
-        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cc_plus_one_asm(&value));
-        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_c(&value));
-        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_c_asm(&value));
-        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_cxx(&value));
-        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_cxx_asm(&value));
-        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_c_global_asm(&value));
-        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_cxx_global_asm(&value));
-        println!("Answer to the Ultimate Question of Life, the Universe, and Everything: {}!", cmake_plus_one_asm(&value));
+        println!("{}: {}!", question,rust_plus_one_global_asm(&value));
+        println!("{}: {}!", question,cc_plus_one_c(&value));
+        println!("{}: {}!", question,cc_plus_one_c_asm(&value));
+        println!("{}: {}!", question,cc_plus_one_cxx(&value));
+        println!("{}: {}!", question,cc_plus_one_cxx_asm(&value));
+        println!("{}: {}!", question,cc_plus_one_asm(&value));
+        println!("{}: {}!", question,cmake_plus_one_c(&value));
+        println!("{}: {}!", question,cmake_plus_one_c_asm(&value));
+        println!("{}: {}!", question,cmake_plus_one_cxx(&value));
+        println!("{}: {}!", question,cmake_plus_one_cxx_asm(&value));
+        println!("{}: {}!", question,cmake_plus_one_c_global_asm(&value));
+        println!("{}: {}!", question,cmake_plus_one_cxx_global_asm(&value));
+        println!("{}: {}!", question,cmake_plus_one_asm(&value));
     }
 }
diff --git a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
index ee6dc33feae..ec93c980160 100644
--- a/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
+++ b/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/script.sh
@@ -24,8 +24,9 @@ function check {
     local asm=$(mktemp)
     local objdump="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/llvm-objdump"
     local filecheck="${BUILD_DIR}/x86_64-unknown-linux-gnu/llvm/build/bin/FileCheck"
-    
-    ${objdump} --disassemble-symbols=${func} --demangle ${WORK_DIR}/enclave/target/x86_64-fortanix-unknown-sgx/debug/enclave > ${asm}
+
+    ${objdump} --disassemble-symbols=${func} --demangle \
+      ${WORK_DIR}/enclave/target/x86_64-fortanix-unknown-sgx/debug/enclave > ${asm}
     ${filecheck} --input-file ${asm} ${checks}
 }
 
@@ -34,19 +35,23 @@ build
 check unw_getcontext unw_getcontext.checks
 check "libunwind::Registers_x86_64::jumpto()" jumpto.checks
 check "std::io::stdio::_print::h87f0c238421c45bc" print.checks
-check rust_plus_one_global_asm rust_plus_one_global_asm.checks || echo "warning: module level assembly currently not hardened"
+check rust_plus_one_global_asm rust_plus_one_global_asm.checks \
+  || echo "warning: module level assembly currently not hardened"
 
 check cc_plus_one_c cc_plus_one_c.checks
 check cc_plus_one_c_asm cc_plus_one_c_asm.checks
 check cc_plus_one_cxx cc_plus_one_cxx.checks
 check cc_plus_one_cxx_asm cc_plus_one_cxx_asm.checks
-check cc_plus_one_asm cc_plus_one_asm.checks || echo "warning: the cc crate forwards assembly files to the CC compiler.\
- Clang uses its own intergrated assembler, which does not include the LVI passes."
+check cc_plus_one_asm cc_plus_one_asm.checks \
+  || echo "warning: the cc crate forwards assembly files to the CC compiler." \
+           "Clang uses its own intergrated assembler, which does not include the LVI passes."
 
 check cmake_plus_one_c cmake_plus_one_c.checks
 check cmake_plus_one_c_asm cmake_plus_one_c_asm.checks
-check cmake_plus_one_c_global_asm cmake_plus_one_c_global_asm.checks || echo "warning: module level assembly currently not hardened"
+check cmake_plus_one_c_global_asm cmake_plus_one_c_global_asm.checks \
+  || echo "warning: module level assembly currently not hardened"
 check cmake_plus_one_cxx cmake_plus_one_cxx.checks
 check cmake_plus_one_cxx_asm cmake_plus_one_cxx_asm.checks
-check cmake_plus_one_cxx_global_asm cmake_plus_one_cxx_global_asm.checks || echo "warning: module level assembly currently not hardened"
+check cmake_plus_one_cxx_global_asm cmake_plus_one_cxx_global_asm.checks \
+  || echo "warning: module level assembly currently not hardened"
 check cmake_plus_one_asm cmake_plus_one_asm.checks

From 159d11fb069fca88056bc1b8194d520489e3e921 Mon Sep 17 00:00:00 2001
From: Raoul Strackx <raoul.strackx@fortanix.com>
Date: Tue, 31 Mar 2020 11:28:01 +0200
Subject: [PATCH 14/14] Patch compilation test helpers for sgx platform

---
 src/bootstrap/native.rs | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/bootstrap/native.rs b/src/bootstrap/native.rs
index 9e4d6d0023d..1e233cb3891 100644
--- a/src/bootstrap/native.rs
+++ b/src/bootstrap/native.rs
@@ -625,7 +625,14 @@ impl Step for TestHelpers {
         if builder.config.dry_run {
             return;
         }
-        let target = self.target;
+        // The x86_64-fortanix-unknown-sgx target doesn't have a working C
+        // toolchain. However, some x86_64 ELF objects can be linked
+        // without issues. Use this hack to compile the test helpers.
+        let target = if self.target == "x86_64-fortanix-unknown-sgx" {
+            TargetSelection::from_user("x86_64-unknown-linux-gnu")
+        } else {
+            self.target
+        };
         let dst = builder.test_helpers_out(target);
         let src = builder.src.join("src/test/auxiliary/rust_test_helpers.c");
         if up_to_date(&src, &dst.join("librust_test_helpers.a")) {
@@ -649,7 +656,6 @@ impl Step for TestHelpers {
             }
             cfg.compiler(builder.cc(target));
         }
-
         cfg.cargo_metadata(false)
             .out_dir(&dst)
             .target(&target.triple)