mirror of
https://github.com/corda/corda.git
synced 2025-01-22 12:28:11 +00:00
9441de4c38
This release is used in conjunction with the linux-sgx-driver Intial release: https://github.com/01org/linux-sgx-driver commit-id: 0e865ce5e6b297a787bcdc12d98bada8174be6d7 Intel-id: 33399 Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
504 lines
15 KiB
C++
504 lines
15 KiB
C++
/*
|
|
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* * Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in
|
|
* the documentation and/or other materials provided with the
|
|
* distribution.
|
|
* * Neither the name of Intel Corporation nor the names of its
|
|
* contributors may be used to endorse or promote products derived
|
|
* from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
*/
|
|
|
|
|
|
#include "enclave.h"
|
|
#include "util.h"
|
|
#include "se_detect.h"
|
|
#include "enclave_creator.h"
|
|
#include "sgx_error.h"
|
|
#include "se_error_internal.h"
|
|
#include "debugger_support.h"
|
|
#include "se_memory.h"
|
|
#include <assert.h>
|
|
|
|
using namespace std;
|
|
|
|
int do_ecall(const int fn, const void *ocall_table, const void *ms, CTrustThread *trust_thread);
|
|
int do_ocall(const bridge_fn_t bridge, void *ms);
|
|
|
|
CEnclave::CEnclave(CLoader &ldr)
|
|
: m_loader(ldr)
|
|
, m_enclave_id(0)
|
|
, m_start_addr(NULL)
|
|
, m_size(0)
|
|
, m_power_event_flag(0)
|
|
, m_ref(0)
|
|
, m_zombie(false)
|
|
, m_thread_pool(NULL)
|
|
, m_dbg_flag(false)
|
|
, m_destroyed(false)
|
|
{
|
|
memset(&m_enclave_info, 0, sizeof(debug_enclave_info_t));
|
|
se_init_rwlock(&m_rwlock);
|
|
}
|
|
|
|
|
|
sgx_status_t CEnclave::initialize(const se_file_t& file, const sgx_enclave_id_t enclave_id, void * const start_addr, const uint64_t enclave_size, const uint32_t tcs_policy)
|
|
{
|
|
uint32_t name_len = file.name_len;
|
|
if (file.unicode)
|
|
name_len *= (uint32_t)sizeof(wchar_t);
|
|
|
|
const int buf_len = name_len + 4; //+4, because we need copy the charactor of string end ('\0').;
|
|
|
|
m_enclave_info.lpFileName = calloc(1, buf_len);
|
|
if (m_enclave_info.lpFileName == NULL)
|
|
return SGX_ERROR_OUT_OF_MEMORY;
|
|
|
|
memcpy_s(m_enclave_info.lpFileName, name_len, file.name, name_len);
|
|
m_enclave_info.unicode = file.unicode?0:1;
|
|
m_enclave_info.file_name_size = name_len;
|
|
|
|
m_enclave_info.struct_version = DEBUG_INFO_STRUCT_VERSION;
|
|
|
|
|
|
m_enclave_id = enclave_id;
|
|
m_start_addr = start_addr;
|
|
m_size = enclave_size;
|
|
|
|
if(TCS_POLICY_BIND == tcs_policy)
|
|
{
|
|
m_thread_pool = new CThreadPoolBindMode();
|
|
}
|
|
else if(TCS_POLICY_UNBIND == tcs_policy)
|
|
{
|
|
//we also set it as bind mode.
|
|
m_thread_pool = new CThreadPoolUnBindMode();
|
|
}
|
|
else
|
|
{
|
|
SE_TRACE(SE_TRACE_WARNING, "BUG: unknown tcs policy\n");
|
|
//Should NOT run here, because we have validate the metadata before.
|
|
free(m_enclave_info.lpFileName);
|
|
m_enclave_info.lpFileName = NULL;
|
|
return SGX_ERROR_INVALID_PARAMETER;
|
|
}
|
|
return SGX_SUCCESS;
|
|
}
|
|
|
|
CEnclave::~CEnclave()
|
|
{
|
|
if (m_thread_pool)
|
|
{
|
|
delete m_thread_pool;
|
|
m_thread_pool = NULL;
|
|
}
|
|
|
|
destory_debug_info(&m_enclave_info);
|
|
se_fini_rwlock(&m_rwlock);
|
|
}
|
|
|
|
void * CEnclave::get_symbol_address(const char * const symbol)
|
|
{
|
|
return m_loader.get_symbol_address(symbol);
|
|
}
|
|
|
|
sgx_enclave_id_t CEnclave::get_enclave_id()
|
|
{
|
|
return m_enclave_id;
|
|
}
|
|
|
|
|
|
sgx_status_t CEnclave::error_trts2urts(unsigned int trts_error)
|
|
{
|
|
if(trts_error == (unsigned int)SE_ERROR_READ_LOCK_FAIL)
|
|
{
|
|
return SGX_ERROR_ENCLAVE_LOST;
|
|
}
|
|
|
|
//tRTS may directly return the external error code, so we don't need transfer it.
|
|
if(EXTERNAL_ERROR != (trts_error >> MAIN_MOD_SHIFT))
|
|
{
|
|
SE_TRACE(SE_TRACE_WARNING, "trts return error %x, it should be urts/trts bug\n", trts_error);
|
|
return SGX_ERROR_UNEXPECTED;
|
|
}
|
|
|
|
return (sgx_status_t)trts_error;
|
|
}
|
|
|
|
sgx_status_t CEnclave::ecall(const int proc, const void *ocall_table, void *ms)
|
|
{
|
|
if(se_try_rdlock(&m_rwlock))
|
|
{
|
|
//Maybe the enclave has been destroyed after acquire/release m_rwlock. See CEnclave::destroy()
|
|
if(m_destroyed)
|
|
{
|
|
se_rdunlock(&m_rwlock);
|
|
return SGX_ERROR_ENCLAVE_LOST;
|
|
}
|
|
|
|
//do sgx_ecall
|
|
CTrustThread *trust_thread = get_tcs();
|
|
unsigned ret = SGX_ERROR_OUT_OF_TCS;
|
|
|
|
{
|
|
if(NULL != trust_thread) {
|
|
ret = do_ecall(proc, ocall_table, ms, trust_thread);
|
|
}
|
|
}
|
|
{
|
|
put_tcs(trust_thread);
|
|
|
|
//release the read/write lock, the only exception is enclave already be removed in ocall
|
|
if(AbnormalTermination() || ret != SE_ERROR_READ_LOCK_FAIL)
|
|
{
|
|
se_rdunlock(&m_rwlock);
|
|
}
|
|
}
|
|
return error_trts2urts(ret);
|
|
} else {
|
|
return SGX_ERROR_ENCLAVE_LOST;
|
|
}
|
|
}
|
|
|
|
int CEnclave::ocall(const unsigned int proc, const sgx_ocall_table_t *ocall_table, void *ms)
|
|
{
|
|
int error = SGX_ERROR_UNEXPECTED;
|
|
|
|
//validate the proc is within ocall_table;
|
|
if(NULL == ocall_table
|
|
|| proc >= ocall_table->count)
|
|
{
|
|
return SGX_ERROR_INVALID_FUNCTION;
|
|
}
|
|
|
|
se_rdunlock(&m_rwlock);
|
|
bridge_fn_t bridge = reinterpret_cast<bridge_fn_t>(ocall_table->ocall[proc]);
|
|
error = do_ocall(bridge, ms);
|
|
|
|
if (!se_try_rdlock(&m_rwlock))
|
|
{
|
|
//Probablly the enclave has been destroyed, so we can't get the read lock.
|
|
error = SE_ERROR_READ_LOCK_FAIL;
|
|
}
|
|
//We have m_destroyed to determinate if the enclave has been destroyed.
|
|
else if(m_destroyed)
|
|
{
|
|
//Enclave has been destroyed, emulate that we fail to get read lock.
|
|
se_rdunlock(&m_rwlock);
|
|
error = SE_ERROR_READ_LOCK_FAIL;
|
|
}
|
|
return error;
|
|
}
|
|
|
|
const debug_enclave_info_t* CEnclave::get_debug_info()
|
|
{
|
|
return &m_enclave_info;
|
|
}
|
|
|
|
|
|
CTrustThread * CEnclave::get_tcs()
|
|
{
|
|
CTrustThread *trust_thread = m_thread_pool->acquire_thread();
|
|
|
|
return trust_thread;
|
|
}
|
|
|
|
void CEnclave::put_tcs(CTrustThread *trust_thread)
|
|
{
|
|
if(NULL == trust_thread)
|
|
{
|
|
return;
|
|
}
|
|
|
|
m_thread_pool->release_thread(trust_thread);
|
|
}
|
|
|
|
void CEnclave::destroy()
|
|
{
|
|
se_wtlock(&m_rwlock);
|
|
//send debug event to debugger when enclave is debug mode or release mode
|
|
debug_enclave_info_t *debug_info = const_cast<debug_enclave_info_t *>(get_debug_info());
|
|
generate_enclave_debug_event(URTS_EXCEPTION_PREREMOVEENCLAVE, debug_info);
|
|
|
|
get_enclave_creator()->destroy_enclave(ENCLAVE_ID_IOCTL);
|
|
|
|
m_destroyed = true;
|
|
//We are going to destory m_rwlock. At this point, maybe an ecall is in progress, and try to get m_rwlock.
|
|
//To prevent such ecall, we use m_destroyed to identify that the no ecall should going on. See CEnclave::ecall(...).
|
|
//For new ecall to the enclave, it will return with SGX_ERROR_INVALID_ENCLAVE_ID immediately.
|
|
se_wtunlock(&m_rwlock);
|
|
// We should not use loader to destroy encalve because loader has been removed after successful enclave loading
|
|
//m_loader.destroy_enclave();
|
|
}
|
|
|
|
void CEnclave::add_thread(tcs_t * const tcs)
|
|
{
|
|
CTrustThread *trust_thread = m_thread_pool->add_thread(tcs, this);
|
|
insert_debug_tcs_info_head(&m_enclave_info, trust_thread->get_debug_info());
|
|
}
|
|
|
|
int CEnclave::set_extra_debug_info(secs_t& secs)
|
|
{
|
|
void *g_peak_heap_used_addr = get_symbol_address("g_peak_heap_used");
|
|
m_enclave_info.g_peak_heap_used_addr = g_peak_heap_used_addr;
|
|
m_enclave_info.start_addr = secs.base;
|
|
m_enclave_info.misc_select = secs.misc_select;
|
|
|
|
if(g_peak_heap_used_addr == NULL)
|
|
{
|
|
SE_TRACE(SE_TRACE_DEBUG, "Symbol 'g_peak_heap_used' is not found\n");
|
|
//This error should not break loader and debugger, so the upper layer function will ignore it.
|
|
return SGX_ERROR_INVALID_ENCLAVE;
|
|
}
|
|
return SGX_SUCCESS;
|
|
}
|
|
|
|
void CEnclave::push_ocall_frame(ocall_frame_t* frame_point, CTrustThread *trust_thread)
|
|
{
|
|
if(NULL == trust_thread)
|
|
{
|
|
return;
|
|
}
|
|
|
|
trust_thread->push_ocall_frame(frame_point);
|
|
}
|
|
|
|
void CEnclave::pop_ocall_frame(CTrustThread *trust_thread)
|
|
{
|
|
if(NULL == trust_thread)
|
|
{
|
|
return;
|
|
}
|
|
|
|
trust_thread->pop_ocall_frame();
|
|
}
|
|
|
|
CEnclavePool CEnclavePool::m_instance;
|
|
CEnclavePool::CEnclavePool()
|
|
{
|
|
m_enclave_list = NULL;
|
|
se_mutex_init(&m_enclave_mutex);
|
|
SE_TRACE(SE_TRACE_NOTICE, "enter CEnclavePool constructor\n");
|
|
}
|
|
|
|
CEnclavePool *CEnclavePool::instance()
|
|
{
|
|
return &m_instance;
|
|
}
|
|
|
|
int CEnclavePool::add_enclave(CEnclave *enclave)
|
|
{
|
|
int result = TRUE;
|
|
|
|
se_mutex_lock(&m_enclave_mutex);
|
|
|
|
if (m_enclave_list == NULL) {
|
|
m_enclave_list = new Node<sgx_enclave_id_t, CEnclave*>(enclave->get_enclave_id(), enclave);
|
|
} else {
|
|
Node<sgx_enclave_id_t, CEnclave*>* node = new Node<sgx_enclave_id_t, CEnclave*>(enclave->get_enclave_id(), enclave);
|
|
if (m_enclave_list->InsertNext(node) == false) {
|
|
delete node;
|
|
SE_TRACE(SE_TRACE_WARNING, "the encalve %llx has already been added\n", enclave->get_enclave_id());
|
|
result = FALSE;
|
|
}
|
|
}
|
|
se_mutex_unlock(&m_enclave_mutex);
|
|
return result;
|
|
}
|
|
|
|
CEnclave * CEnclavePool::get_enclave(const sgx_enclave_id_t enclave_id)
|
|
{
|
|
se_mutex_lock(&m_enclave_mutex);
|
|
Node<sgx_enclave_id_t, CEnclave*>* it = m_enclave_list->Find(enclave_id);
|
|
if(it != NULL)
|
|
{
|
|
se_mutex_unlock(&m_enclave_mutex);
|
|
return it->value;
|
|
}
|
|
else
|
|
{
|
|
se_mutex_unlock(&m_enclave_mutex);
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
CEnclave * CEnclavePool::ref_enclave(const sgx_enclave_id_t enclave_id)
|
|
{
|
|
se_mutex_lock(&m_enclave_mutex);
|
|
Node<sgx_enclave_id_t, CEnclave*>* it = m_enclave_list->Find(enclave_id);
|
|
if(it != NULL)
|
|
{
|
|
it->value->atomic_inc_ref();
|
|
se_mutex_unlock(&m_enclave_mutex);
|
|
return it->value;
|
|
}
|
|
else
|
|
{
|
|
se_mutex_unlock(&m_enclave_mutex);
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
void CEnclavePool::unref_enclave(CEnclave *enclave)
|
|
{
|
|
//We use enclave pool lock to protect data, the lock is big, but is more secure.
|
|
se_mutex_lock(&m_enclave_mutex);
|
|
//The ref is increased in ref_enclave;
|
|
uint32_t ref = enclave->atomic_dec_ref();
|
|
|
|
//If the enclave is in zombie state, the HW enclave must have been destroyed.
|
|
//And if the enclave is not referenced, the enclave instance will not be referenced any more,
|
|
//so we delete the instance.
|
|
//Another code path that delete enclave instance is in function "CEnclavePool::remove_enclave"
|
|
if(enclave->is_zombie() && !ref)
|
|
delete enclave;
|
|
|
|
se_mutex_unlock(&m_enclave_mutex);
|
|
}
|
|
|
|
se_handle_t CEnclavePool::get_event(const void * const tcs)
|
|
{
|
|
se_handle_t hevent = NULL;
|
|
CEnclave *enclave = NULL;
|
|
|
|
assert(tcs != NULL);
|
|
se_mutex_lock(&m_enclave_mutex);
|
|
|
|
Node<sgx_enclave_id_t, CEnclave*>* it = m_enclave_list;
|
|
for(; it != NULL; it = it->next)
|
|
{
|
|
void *start = it->value->get_start_address();
|
|
void *end = GET_PTR(void, start, it->value->get_size());
|
|
|
|
/* check start & end */
|
|
if (tcs >= start && tcs < end) {
|
|
enclave = it->value;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (NULL != enclave)
|
|
{
|
|
CTrustThreadPool *pool = enclave->get_thread_pool();
|
|
if (pool != NULL)
|
|
{
|
|
CTrustThread *thread = pool->get_bound_thread((const tcs_t *)tcs);
|
|
if (thread != NULL)
|
|
hevent = thread->get_event();
|
|
}
|
|
}
|
|
|
|
se_mutex_unlock(&m_enclave_mutex);
|
|
return hevent;
|
|
}
|
|
|
|
CEnclave* CEnclavePool::remove_enclave(const sgx_enclave_id_t enclave_id, sgx_status_t &status)
|
|
{
|
|
status = SGX_SUCCESS;
|
|
se_mutex_lock(&m_enclave_mutex);
|
|
|
|
CEnclave *enclave = get_enclave(enclave_id);
|
|
if(NULL == enclave)
|
|
{
|
|
status = SGX_ERROR_INVALID_ENCLAVE_ID;
|
|
SE_TRACE(SE_TRACE_WARNING, "remove an unkonwn enclave\n");
|
|
se_mutex_unlock(&m_enclave_mutex);
|
|
return enclave;
|
|
}
|
|
|
|
enclave->destroy();
|
|
//the ref is not 0, maybe some thread is in sgx_ocall, so we can NOT delete enclave instance.
|
|
if(enclave->get_ref())
|
|
{
|
|
enclave->mark_zombie();
|
|
|
|
/* When destroy the enclave, all threads that are waiting/about to wait
|
|
* on untrusted event need to be waked. Otherwise, they will be always
|
|
* pending on the untrusted events, and app need to manually kill the threads.
|
|
*/
|
|
CTrustThreadPool *pool = enclave->get_thread_pool();
|
|
pool->wake_threads();
|
|
|
|
enclave = NULL;
|
|
}
|
|
Node<sgx_enclave_id_t, CEnclave*>* it = m_enclave_list->Remove(enclave_id);
|
|
if (it == m_enclave_list)
|
|
m_enclave_list = it->next;
|
|
delete it;
|
|
se_mutex_unlock(&m_enclave_mutex);
|
|
|
|
return enclave;
|
|
}
|
|
|
|
void CEnclavePool::notify_debugger()
|
|
{
|
|
se_mutex_lock(&m_enclave_mutex);
|
|
if(m_enclave_list!= NULL)
|
|
{
|
|
Node<sgx_enclave_id_t, CEnclave*>* it = m_enclave_list;
|
|
for(; it != NULL; it = it->next)
|
|
{
|
|
//send debug event to debugger when enclave is debug mode or release mode
|
|
debug_enclave_info_t * debug_info = const_cast<debug_enclave_info_t*>((it->value)->get_debug_info());
|
|
generate_enclave_debug_event(URTS_EXCEPTION_PREREMOVEENCLAVE, debug_info);
|
|
}
|
|
}
|
|
se_mutex_unlock(&m_enclave_mutex);
|
|
|
|
}
|
|
|
|
bool CEnclave::update_trust_thread_debug_flag(void* tcs_address, uint8_t debug_flag)
|
|
{
|
|
uint64_t debug_flag2 = (uint64_t)debug_flag;
|
|
debug_enclave_info_t *debug_info = NULL;
|
|
|
|
debug_info = const_cast<debug_enclave_info_t *>(get_debug_info());
|
|
|
|
pid_t pid = getpid();
|
|
|
|
if(debug_info->enclave_type == ET_DEBUG)
|
|
{
|
|
|
|
if(!se_write_process_mem(pid, reinterpret_cast<unsigned char *>(tcs_address) + sizeof(uint64_t), &debug_flag2, sizeof(uint64_t), NULL))
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
bool CEnclave::update_debug_flag(uint8_t debug_flag)
|
|
{
|
|
debug_tcs_info_t* tcs_list_entry = m_enclave_info.tcs_list;
|
|
|
|
while(tcs_list_entry)
|
|
{
|
|
if(!update_trust_thread_debug_flag(tcs_list_entry->TCS_address, debug_flag))
|
|
return FALSE;
|
|
|
|
tcs_list_entry = tcs_list_entry->next_tcs_info;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|