ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-01-01 02:36:44 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

update enclave_creator to align with driver API change

Browse Source
This commit is contained in:
Yu Yuan 2016-10-24 12:27:44 +08:00
parent 57cb162f12
commit 5cd3c5a7bf
10 changed files with 125 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/inc/internal/enclave_creator.h
View File

@ -65,7 +65,7 @@ public:
*/
virtual int add_enclave_page(sgx_enclave_id_t enclave_id, void *source, uint64_t offset, const sec_info_t &sinfo, uint32_t attr) = 0;
virtual int init_enclave(sgx_enclave_id_t enclave_id, enclave_css_t *enclave_css, SGXLaunchToken *lc, le_prd_css_file_t *prd_css_file = NULL) = 0;
virtual int destroy_enclave(sgx_enclave_id_t enclave_id) = 0;
virtual int destroy_enclave(sgx_enclave_id_t enclave_id, uint64_t enclave_size = 0) = 0;
virtual int initialize(sgx_enclave_id_t enclave_id) = 0;
virtual bool use_se_hw() const = 0;

2
psw/urts/enclave.cpp
View File

@ -240,7 +240,7 @@ void CEnclave::destroy()
debug_enclave_info_t *debug_info = const_cast<debug_enclave_info_t *>(get_debug_info());
generate_enclave_debug_event(URTS_EXCEPTION_PREREMOVEENCLAVE, debug_info);
get_enclave_creator()->destroy_enclave(ENCLAVE_ID_IOCTL);
get_enclave_creator()->destroy_enclave(ENCLAVE_ID_IOCTL, m_size);
m_destroyed = true;
//We are going to destory m_rwlock. At this point, maybe an ecall is in progress, and try to get m_rwlock.

2
psw/urts/enclave_creator_hw.h
View File

@ -52,7 +52,7 @@ public:
int create_enclave(secs_t *secs, sgx_enclave_id_t *enclave_id, void **start_addr, bool ae);
int add_enclave_page(sgx_enclave_id_t enclave_id, void *source, uint64_t offset, const sec_info_t &sinfo, uint32_t attr);
int init_enclave(sgx_enclave_id_t enclave_id, enclave_css_t *enclave_css, SGXLaunchToken *lc, le_prd_css_file_t *prd_css_file);
int destroy_enclave(sgx_enclave_id_t enclave_id);
int destroy_enclave(sgx_enclave_id_t enclave_id, uint64_t enclave_size);
int initialize(sgx_enclave_id_t enclave_id);
bool use_se_hw() const;
int get_misc_attr(sgx_misc_attribute_t *sgx_misc_attr, metadata_t *metadata, SGXLaunchToken * const lc, uint32_t flag);

85
psw/urts/linux/enclave_creator_hw.cpp
View File

@ -72,39 +72,38 @@ int EnclaveCreatorHW::error_driver2urts(int driver_error)
switch(driver_error)
{
case ISGX_ERROR:
#if 0
case SGX_ERROR:
if(ENOMEM == errno)
ret = SGX_ERROR_OUT_OF_MEMORY;
else
ret = SGX_ERROR_NO_DEVICE;
break;
case ISGX_INVALID_ATTRIBUTE:
#endif
case SGX_INVALID_ATTRIBUTE:
ret = SGX_ERROR_INVALID_ATTRIBUTE;
break;
case ISGX_INVALID_MEASUREMENT:
case SGX_INVALID_MEASUREMENT:
ret = SE_ERROR_INVALID_MEASUREMENT;
break;
case ISGX_INVALID_SIG_STRUCT:
case ISGX_INVALID_SIGNATIRE:
case SGX_INVALID_SIG_STRUCT:
case SGX_INVALID_SIGNATURE:
ret = SGX_ERROR_INVALID_SIGNATURE;
break;
case ISGX_INVALID_LAUNCH_TOKEN:
ret = SE_ERROR_INVALID_LAUNCH_TOKEN;
break;
case ISGX_INVALID_CPUSVN:
case SGX_INVALID_CPUSVN:
ret = SGX_ERROR_INVALID_CPUSVN;
break;
case ISGX_INVALID_ISVSVN:
case SGX_INVALID_ISVSVN:
ret = SGX_ERROR_INVALID_ISVSVN;
break;
case ISGX_UNMASKED_EVENT:
case SGX_UNMASKED_EVENT:
ret = SGX_ERROR_DEVICE_BUSY;
break;
case (int)ISGX_POWER_LOST_ENCLAVE: // [-Wc++11-narrowing]
case (int)SGX_POWER_LOST_ENCLAVE: // [-Wc++11-narrowing]
ret = SGX_ERROR_ENCLAVE_LOST;
break;
default:
SE_TRACE(SE_TRACE_WARNING, "unexpected error %#x from driver, should be uRTS/driver bug\n", ret);
SE_TRACE(SE_TRACE_WARNING, "unexpected error %#X from driver, should be uRTS/driver bug\n", driver_error);
ret = SGX_ERROR_UNEXPECTED;
break;
}
@ -116,15 +115,35 @@ int EnclaveCreatorHW::create_enclave(secs_t *secs, sgx_enclave_id_t *enclave_id,
{
assert(secs != NULL && enclave_id != NULL && start_addr != NULL);
UNUSED(ae);
int ret = 0;
if (false == open_se_device())
return SGX_ERROR_NO_DEVICE;
SE_TRACE(SE_TRACE_DEBUG, "\n secs.attibutes.flags = %llx, secs.attributes.xfrm = %llx \n"
, secs->attributes.flags, secs->attributes.xfrm);
//SECS:BASEADDR must be naturally aligned on an SECS.SIZE boundary
void* enclave_base = mmap(NULL, (size_t)secs->size *2, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED, m_hdevice, 0);
struct isgx_create_param param = { secs, 0 };
int ret = ioctl(m_hdevice, ISGX_IOCTL_ENCLAVE_CREATE, &param);
if(enclave_base == NULL)
{
SE_TRACE(SE_TRACE_WARNING, "\nISGX_IOCTL_ENCLAVE_CREATE fails: mmap fail\n");
return SGX_ERROR_OUT_OF_MEMORY;
}
//find a suitable base for enclave
uint64_t base = (uint64_t)enclave_base + (secs->size - ((uint64_t)enclave_base % secs->size)) ;
secs->base = (void*)base;
//remove unneed page
munmap(enclave_base, (size_t)(secs->base) - (size_t)(enclave_base));
if(((uint64_t)(enclave_base) + secs->size *2) != ((uint64_t)secs->base + secs->size))
{
munmap((void*)((size_t)secs->base + secs->size), (size_t)(enclave_base) + (size_t)secs->size - (size_t)(secs->base));
}
struct sgx_enclave_create param = {0};
param.src = (__u64)(secs);
ret = ioctl(m_hdevice, SGX_IOC_ENCLAVE_CREATE, &param);
if(ret) {
SE_TRACE(SE_TRACE_WARNING, "\nISGX_IOCTL_ENCLAVE_CREATE fails: errno = %x\n", errno);
return error_driver2urts(ret);
@ -134,11 +153,12 @@ int EnclaveCreatorHW::create_enclave(secs_t *secs, sgx_enclave_id_t *enclave_id,
if(0 == tmp)
g_eid_high++;
*enclave_id = ((uint64_t)g_eid_high << 32) | g_eid_low;
*start_addr = secs->base = (void *)param.addr;
*start_addr = secs->base;
return SGX_SUCCESS;
}
int EnclaveCreatorHW::add_enclave_page(sgx_enclave_id_t enclave_id, void *src, uint64_t rva, const sec_info_t &sinfo, uint32_t attr)
{
assert((rva & ((1<<SE_PAGE_SHIFT)-1)) == 0);
@ -151,14 +171,15 @@ int EnclaveCreatorHW::add_enclave_page(sgx_enclave_id_t enclave_id, void *src, u
}
int ret = 0;
struct isgx_add_param addp = { 0, 0, 0, 0 };
struct sgx_enclave_add_page addp = { 0, 0, 0, 0 };
addp.addr = (unsigned long)enclave_id + (unsigned long)rva;
addp.user_addr = reinterpret_cast<unsigned long>(source);
addp.secinfo = (void *)const_cast<sec_info_t *>(&sinfo);
if(!((1<<DoEEXTEND) & attr))
addp.flags |= ISGX_ADD_SKIP_EEXTEND;
ret = ioctl(m_hdevice, ISGX_IOCTL_ENCLAVE_ADD_PAGE, &addp);
addp.addr = (__u64)enclave_id + (__u64)rva;
addp.src = reinterpret_cast<__u64>(source);
addp.secinfo = reinterpret_cast<__u64>(const_cast<sec_info_t *>(&sinfo));
if(((1<<DoEEXTEND) & attr))
addp.mrmask |= 0xFFFF;
ret = ioctl(m_hdevice, SGX_IOC_ENCLAVE_ADD_PAGE, &addp);
if(ret) {
SE_TRACE(SE_TRACE_WARNING, "\nAdd Page - %p to %p... FAIL\n", source, rva);
return error_driver2urts(ret);
@ -170,14 +191,14 @@ int EnclaveCreatorHW::add_enclave_page(sgx_enclave_id_t enclave_id, void *src, u
int EnclaveCreatorHW::try_init_enclave(sgx_enclave_id_t enclave_id, enclave_css_t *enclave_css, token_t *launch)
{
int ret = 0;
struct isgx_init_param initp = { 0, NULL, NULL };
initp.addr = (unsigned long)enclave_id;
initp.sigstruct = reinterpret_cast<char*>(enclave_css);
struct sgx_enclave_init initp = { 0, 0, 0 };
initp.addr = (__u64)enclave_id;
initp.sigstruct = reinterpret_cast<__u64>(enclave_css);
//launch should NOT be NULL, because it has been checked in urts_com.h::_create_enclave(...)
assert(launch != NULL);
initp.einittoken = reinterpret_cast<void *>(launch);
ret = ioctl(m_hdevice, ISGX_IOCTL_ENCLAVE_INIT, &initp);
initp.einittoken = reinterpret_cast<__u64>(launch);
ret = ioctl(m_hdevice, SGX_IOC_ENCLAVE_INIT, &initp);
if (ret) {
SE_TRACE(SE_TRACE_WARNING, "\nISGX_IOCTL_ENCLAVE_INIT fails error = %x\n", ret);
return error_driver2urts(ret);
@ -195,14 +216,14 @@ int EnclaveCreatorHW::try_init_enclave(sgx_enclave_id_t enclave_id, enclave_css_
return SGX_SUCCESS;
}
int EnclaveCreatorHW::destroy_enclave(sgx_enclave_id_t enclave_id)
//for linux hw mode, enclave_id is actually start address here
int EnclaveCreatorHW::destroy_enclave(sgx_enclave_id_t enclave_id, uint64_t enclave_size)
{
int ret = 0;
isgx_destroy_param param = { (unsigned long)enclave_id };
ret = ioctl(m_hdevice, ISGX_IOCTL_ENCLAVE_DESTROY, &param);
ret = munmap((void*)enclave_id, (size_t)enclave_size);
if (-1 == ret) {
if (0 != ret) {
SE_TRACE(SE_TRACE_WARNING, "destroy SGX enclave failed, error = %d\n", errno);
ret = SGX_ERROR_UNEXPECTED;
}

131
psw/urts/linux/isgx_user.h
View File

@ -28,75 +28,66 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _X86_ISGX_USER_H
#define _X86_ISGX_USER_H
#include <linux/ioctl.h>
#include <linux/stddef.h>
#ifndef _UAPI_ASM_X86_SGX_H
#define _UAPI_ASM_X86_SGX_H
#include <linux/types.h>
#include <linux/ioctl.h>
#define SGX_MAGIC 0xA4
#define SGX_IOC_ENCLAVE_CREATE \
_IOW(SGX_MAGIC, 0x00, struct sgx_enclave_create)
#define SGX_IOC_ENCLAVE_ADD_PAGE \
_IOW(SGX_MAGIC, 0x01, struct sgx_enclave_add_page)
#define SGX_IOC_ENCLAVE_INIT \
_IOW(SGX_MAGIC, 0x02, struct sgx_enclave_init)
/* SGX leaf instruction return values */
#define SGX_SUCCESS 0
#define SGX_INVALID_SIG_STRUCT 1
#define SGX_INVALID_ATTRIBUTE 2
#define SGX_BLKSTATE 3
#define SGX_INVALID_MEASUREMENT 4
#define SGX_NOTBLOCKABLE 5
#define SGX_PG_INVLD 6
#define SGX_LOCKFAIL 7
#define SGX_INVALID_SIGNATURE 8
#define SGX_MAC_COMPARE_FAIL 9
#define SGX_PAGE_NOT_BLOCKED 10
#define SGX_NOT_TRACKED 11
#define SGX_VA_SLOT_OCCUPIED 12
#define SGX_CHILD_PRESENT 13
#define SGX_ENCLAVE_ACT 14
#define SGX_ENTRYEPOCH_LOCKED 15
#define SGX_INVALID_LICENSE 16
#define SGX_PREV_TRK_INCMPL 17
#define SGX_PG_IS_SECS 18
#define SGX_INVALID_CPUSVN 32
#define SGX_INVALID_ISVSVN 64
#define SGX_UNMASKED_EVENT 128
#define SGX_INVALID_KEYNAME 256
/* IOCTL return values */
#define SGX_POWER_LOST_ENCLAVE 0x40000000
#define SGX_LE_ROLLBACK 0x40000001
struct sgx_enclave_create {
__u64 src;
} __attribute__((packed));
struct sgx_enclave_add_page {
__u64 addr;
__u64 src;
__u64 secinfo;
__u16 mrmask;
} __attribute__((packed));
struct sgx_enclave_init {
__u64 addr;
__u64 sigstruct;
__u64 einittoken;
} __attribute__((packed));
#endif /* _UAPI_ASM_X86_SGX_H */
#define ISGX_IOCTL_ENCLAVE_CREATE _IOWR('p', 0x02, struct isgx_create_param)
#define ISGX_IOCTL_ENCLAVE_ADD_PAGE _IOW('p', 0x03, struct isgx_add_param)
#define ISGX_IOCTL_ENCLAVE_INIT _IOW('p', 0x04, struct isgx_init_param)
#define ISGX_IOCTL_ENCLAVE_DESTROY _IOW('p', 0x06, struct isgx_destroy_param)
#define SECS_SIZE_OFFSET 0
#define SECS_BASE_OFFSET (SECS_SIZE_OFFSET + 8)
#define SECS_FLAGS_OFFSET (SECS_BASE_OFFSET + 8)
#define SECS_SSAFRAMESIZE_OFFSET (SECS_SIZE_OFFSET + 164)
/* SGX leaf instruction return values */
#define ISGX_SUCCESS 0
#define ISGX_ERROR -1
#define ISGX_INVALID_SIG_STRUCT 0x1
#define ISGX_INVALID_ATTRIBUTE 0x2
#define ISGX_INVALID_MEASUREMENT 0x4
#define ISGX_INVALID_SIGNATIRE 0x8
#define ISGX_INVALID_LAUNCH_TOKEN 0x10
#define ISGX_INVALID_CPUSVN 0x20
#define ISGX_INVALID_ISVSVN 0x40
#define ISGX_UNMASKED_EVENT 0x80
#define ISGX_INVALID_KEYNAME 0x100
/* IOCTL return values */
#define ISGX_OUT_OF_EPC_PAGES 0xc0000001
#define ISGX_POWER_LOST_ENCLAVE 0xc0000002
/* SECINFO flags */
#define ISGX_SECINFO_R 0x1 /* Read Access */
#define ISGX_SECINFO_W 0x2 /* Write Access */
#define ISGX_SECINFO_X 0x4 /* Execute Access */
#define ISGX_SECINFO_SECS 0x000 /* SECS */
#define ISGX_SECINFO_TCS 0x100 /* TCS */
#define ISGX_SECINFO_REG 0x200 /* Regular Page */
struct isgx_secinfo {
__u64 flags;
__u64 reserved[7];
};
struct isgx_create_param {
void *secs;
unsigned long addr;
};
#define ISGX_ADD_SKIP_EEXTEND 0x1
struct isgx_add_param {
unsigned long addr;
unsigned long user_addr;
void *secinfo;
unsigned int flags;
};
struct isgx_init_param {
unsigned long addr;
void *sigstruct;
void *einittoken;
};
struct isgx_destroy_param {
unsigned long addr;
};
#endif /* _X86_ISGX_USER_H */

4
psw/urts/loader.cpp
View File

@ -438,7 +438,7 @@ int CLoader::build_image(SGXLaunchToken * const lc, sgx_attributes_t * const sec
return SGX_SUCCESS;
fail:
get_enclave_creator()->destroy_enclave(ENCLAVE_ID_IOCTL);
get_enclave_creator()->destroy_enclave(ENCLAVE_ID_IOCTL, m_secs.size);
return ret;
}
@ -689,7 +689,7 @@ int CLoader::load_enclave_ex(SGXLaunchToken *lc, bool debug, const metadata_t *m
int CLoader::destroy_enclave()
{
return get_enclave_creator()->destroy_enclave(ENCLAVE_ID_IOCTL);
return get_enclave_creator()->destroy_enclave(ENCLAVE_ID_IOCTL, m_secs.size);
}
int CLoader::set_memory_protection()

3
sdk/sign_tool/SignTool/enclave_creator_sign.cpp
View File

@ -236,9 +236,10 @@ int EnclaveCreatorST::get_misc_attr(sgx_misc_attribute_t *sgx_misc_attr, metadat
return SGX_SUCCESS;
}
int EnclaveCreatorST::destroy_enclave(sgx_enclave_id_t enclave_id)
int EnclaveCreatorST::destroy_enclave(sgx_enclave_id_t enclave_id, uint64_t enclave_size)
{
UNUSED(enclave_id);
UNUSED(enclave_size);
SAFE_FREE_MM(m_ctx);
return SGX_SUCCESS;
}

2
sdk/sign_tool/SignTool/enclave_creator_sign.h
View File

@ -49,7 +49,7 @@ public:
int init_enclave(sgx_enclave_id_t enclave_id, enclave_css_t *enclave_css, SGXLaunchToken *lc, le_prd_css_file_t *prd_css_file);
int get_misc_attr(sgx_misc_attribute_t *sgx_misc_attr, metadata_t *metadata, SGXLaunchToken * const lc, uint32_t flag);
bool get_plat_cap(sgx_misc_attribute_t *se_attr);
int destroy_enclave(sgx_enclave_id_t enclave_id);
int destroy_enclave(sgx_enclave_id_t enclave_id, uint64_t enclave_size);
int initialize(sgx_enclave_id_t enclave_id);
bool use_se_hw() const;

3
sdk/simulation/urtssim/enclave_creator_sim.cpp
View File

@ -167,8 +167,9 @@ int EnclaveCreatorSim::get_misc_attr(sgx_misc_attribute_t *sgx_misc_attr, metada
return SGX_SUCCESS;
}
int EnclaveCreatorSim::destroy_enclave(sgx_enclave_id_t enclave_id)
int EnclaveCreatorSim::destroy_enclave(sgx_enclave_id_t enclave_id, uint64_t enclave_size)
{
UNUSED(enclave_size);
CEnclave *enclave = CEnclavePool::instance()->get_enclave(enclave_id);
if(enclave == NULL)

2
sdk/simulation/urtssim/enclave_creator_sim.h
View File

@ -43,7 +43,7 @@ public:
int create_enclave(secs_t *secs, sgx_enclave_id_t *enclave_id, void **start_addr, bool ae);
int add_enclave_page(sgx_enclave_id_t enclave_id, void *source, uint64_t offset, const sec_info_t &sinfo, uint32_t attr);
int init_enclave(sgx_enclave_id_t enclave_id, enclave_css_t *enclave_css, SGXLaunchToken *launch, le_prd_css_file_t *prd_css_file);
virtual int destroy_enclave(sgx_enclave_id_t enclave_id);
virtual int destroy_enclave(sgx_enclave_id_t enclave_id, uint64_t enclave_size);
int get_misc_attr(sgx_misc_attribute_t *sgx_misc_attr, metadata_t *metadata, SGXLaunchToken * const lc, uint32_t flag);
bool get_plat_cap(sgx_misc_attribute_t *se_attr);
int initialize(sgx_enclave_id_t enclave_id);