[Pal/Linux-SGX] Fix ocall_{read,write,recv,send} to return ssize_t

Also, all users of these OCALLs are modified to operate on ssize_t
return values, including LIB_SSL_CONTEXT/mbedTLS callbacks.

Pal/include/lib/pal_crypto.h

@@ -27,6 +27,7 @@
 #include <stddef.h>
 #include <stdint.h>
 #include <stdbool.h>
+#include <unistd.h>
 
 #define SHA256_DIGEST_LEN 32
 
@@ -61,8 +62,8 @@ typedef struct {
     mbedtls_ssl_config conf;
     mbedtls_ssl_context ssl;
     int ciphersuites[2];  /* [0] is actual ciphersuite, [1] must be 0 to indicate end of array */
-    int (*pal_recv_cb)(int fd, void* buf, uint32_t len);
-    int (*pal_send_cb)(int fd, const void* buf, uint32_t len);
+    ssize_t (*pal_recv_cb)(int fd, void* buf, size_t len);
+    ssize_t (*pal_send_cb)(int fd, const void* buf, size_t len);
     int stream_fd;
 } LIB_SSL_CONTEXT;
 
@@ -160,8 +161,8 @@ int lib_ASN1GetLargeNumberLength(uint8_t** ptr, const uint8_t* end, size_t* len)
 /* SSL/TLS */
 int lib_SSLInit(LIB_SSL_CONTEXT* ssl_ctx, int stream_fd, bool is_server,
                 const uint8_t* psk, size_t psk_size,
-                int (*pal_recv_cb)(int fd, void* buf, uint32_t len),
-                int (*pal_send_cb)(int fd, const void* buf, uint32_t len));
+                ssize_t (*pal_recv_cb)(int fd, void* buf, size_t len),
+                ssize_t (*pal_send_cb)(int fd, const void* buf, size_t len));
 int lib_SSLFree(LIB_SSL_CONTEXT* ssl_ctx);
 int lib_SSLRead(LIB_SSL_CONTEXT* ssl_ctx, uint8_t* buf, size_t len);
 int lib_SSLWrite(LIB_SSL_CONTEXT* ssl_ctx, const uint8_t* buf, size_t len);

Pal/lib/crypto/adapters/mbedtls_adapter.c

@@ -340,12 +340,11 @@ static int recv_cb(void* ctx, uint8_t* buf, size_t len) {
     if (fd < 0)
         return MBEDTLS_ERR_NET_INVALID_CONTEXT;
 
-    if (len != (uint32_t)len) {
+    if (len > INT_MAX) {
         /* pal_recv_cb cannot receive more than 32-bit limit, trim len to fit in 32-bit */
-        len = UINT32_MAX;
+        len = INT_MAX;
     }
-
-    int ret = ssl_ctx->pal_recv_cb(fd, buf, (uint32_t)len);
+    ssize_t ret = ssl_ctx->pal_recv_cb(fd, buf, len);
 
     if (ret < 0) {
         if (ret == -EINTR)
@@ -362,12 +361,11 @@ static int send_cb(void* ctx, uint8_t const* buf, size_t len) {
     if (fd < 0)
         return MBEDTLS_ERR_NET_INVALID_CONTEXT;
 
-    if (len != (uint32_t)len) {
+    if (len > INT_MAX) {
         /* pal_send_cb cannot send more than 32-bit limit, trim len to fit in 32-bit */
-        len = UINT32_MAX;
+        len = INT_MAX;
     }
-
-    int ret = ssl_ctx->pal_send_cb(fd, buf, (uint32_t)len);
+    ssize_t ret = ssl_ctx->pal_send_cb(fd, buf, len);
     if (ret < 0) {
         if (ret == -EINTR)
             return MBEDTLS_ERR_SSL_WANT_WRITE;
@@ -379,8 +377,8 @@ static int send_cb(void* ctx, uint8_t const* buf, size_t len) {
 
 int lib_SSLInit(LIB_SSL_CONTEXT* ssl_ctx, int stream_fd, bool is_server,
                 const uint8_t* psk, size_t psk_size,
-                int (*pal_recv_cb)(int fd, void* buf, uint32_t len),
-                int (*pal_send_cb)(int fd, const void* buf, uint32_t len)) {
+                ssize_t (*pal_recv_cb)(int fd, void* buf, size_t len),
+                ssize_t (*pal_send_cb)(int fd, const void* buf, size_t len)) {
     int ret;
 
     memset(ssl_ctx, 0, sizeof(*ssl_ctx));

Pal/src/host/Linux-SGX/db_devices.c

@@ -194,7 +194,7 @@ static int64_t char_read(PAL_HANDLE handle, uint64_t offset, uint64_t size, void
     if (size != (uint32_t)size)
         return -PAL_ERROR_INVAL;
 
-    int bytes = ocall_read(fd, buffer, size);
+    ssize_t bytes = ocall_read(fd, buffer, size);
     return IS_ERR(bytes) ? unix_to_pal_error(ERRNO(bytes)) : bytes;
 }
 
@@ -211,7 +211,7 @@ static int64_t char_write(PAL_HANDLE handle, uint64_t offset, uint64_t size, con
     if (size != (uint32_t)size)
         return -PAL_ERROR_INVAL;
 
-    int bytes = ocall_write(fd, buffer, size);
+    ssize_t bytes = ocall_write(fd, buffer, size);
     return IS_ERR(bytes) ? unix_to_pal_error(ERRNO(bytes)) : bytes;
 }
 

Pal/src/host/Linux-SGX/db_eventfd.c

@@ -94,7 +94,7 @@ static int64_t eventfd_pal_read(PAL_HANDLE handle, uint64_t offset, uint64_t len
 
     /* TODO: verify that the value returned in buffer is somehow meaningful (to prevent Iago
      * attacks) */
-    int bytes = ocall_read(handle->eventfd.fd, buffer, len);
+    ssize_t bytes = ocall_read(handle->eventfd.fd, buffer, len);
 
     if (IS_ERR(bytes))
         return unix_to_pal_error(ERRNO(bytes));
@@ -116,7 +116,7 @@ static int64_t eventfd_pal_write(PAL_HANDLE handle, uint64_t offset, uint64_t le
     if (len < sizeof(uint64_t))
         return -PAL_ERROR_INVAL;
 
-    int bytes = ocall_write(handle->eventfd.fd, buffer, len);
+    ssize_t bytes = ocall_write(handle->eventfd.fd, buffer, len);
     if (IS_ERR(bytes))
         return unix_to_pal_error(ERRNO(bytes));
 

Pal/src/host/Linux-SGX/db_pipes.c

@@ -188,7 +188,7 @@ static int64_t pipe_read(PAL_HANDLE handle, uint64_t offset, uint64_t len, void*
         return -PAL_ERROR_INVAL;
 
     int fd    = IS_HANDLE_TYPE(handle, pipeprv) ? handle->pipeprv.fds[0] : handle->pipe.fd;
-    int bytes = ocall_recv(fd, buffer, len, NULL, NULL, NULL, NULL);
+    ssize_t bytes = ocall_recv(fd, buffer, len, NULL, NULL, NULL, NULL);
 
     if (IS_ERR(bytes))
         return unix_to_pal_error(ERRNO(bytes));
@@ -213,7 +213,7 @@ static int64_t pipe_write(PAL_HANDLE handle, uint64_t offset, uint64_t len, cons
 
     int fd = IS_HANDLE_TYPE(handle, pipeprv) ? handle->pipeprv.fds[1] : handle->pipe.fd;
 
-    int bytes = ocall_send(fd, buffer, len, NULL, 0, NULL, 0);
+    ssize_t bytes = ocall_send(fd, buffer, len, NULL, 0, NULL, 0);
     if (IS_ERR(bytes))
         return unix_to_pal_error(ERRNO(bytes));
 

Pal/src/host/Linux-SGX/db_process.c

@@ -376,7 +376,7 @@ static int64_t proc_read (PAL_HANDLE handle, uint64_t offset, uint64_t count,
     if (count != (uint32_t)count)
         return -PAL_ERROR_INVAL;
 
-    int bytes;
+    ssize_t bytes;
     if (handle->process.ssl_ctx) {
         bytes = _DkStreamSecureRead(handle->process.ssl_ctx, buffer, count);
     } else {
@@ -396,7 +396,7 @@ static int64_t proc_write (PAL_HANDLE handle, uint64_t offset, uint64_t count,
     if (count != (uint32_t)count)
         return -PAL_ERROR_INVAL;
 
-    int bytes;
+    ssize_t bytes;
     if (handle->process.ssl_ctx) {
         bytes = _DkStreamSecureWrite(handle->process.ssl_ctx, buffer, count);
     } else {

Pal/src/host/Linux-SGX/db_sockets.c

@@ -471,7 +471,7 @@ static int64_t tcp_read(PAL_HANDLE handle, uint64_t offset, uint64_t len, void*
     if (len != (uint32_t)len)
         return -PAL_ERROR_INVAL;
 
-    int bytes = ocall_recv(handle->sock.fd, buf, len, NULL, NULL, NULL, NULL);
+    ssize_t bytes = ocall_recv(handle->sock.fd, buf, len, NULL, NULL, NULL, NULL);
 
     if (IS_ERR(bytes))
         return unix_to_pal_error(ERRNO(bytes));
@@ -496,7 +496,7 @@ static int64_t tcp_write(PAL_HANDLE handle, uint64_t offset, uint64_t len, const
     if (len != (uint32_t)len)
         return -PAL_ERROR_INVAL;
 
-    int bytes = ocall_send(handle->sock.fd, buf, len, NULL, 0, NULL, 0);
+    ssize_t bytes = ocall_send(handle->sock.fd, buf, len, NULL, 0, NULL, 0);
     if (IS_ERR(bytes))
         return unix_to_pal_error(ERRNO(bytes));
 
@@ -623,7 +623,7 @@ static int64_t udp_receive(PAL_HANDLE handle, uint64_t offset, uint64_t len, voi
     if (len != (uint32_t)len)
         return -PAL_ERROR_INVAL;
 
-    int ret = ocall_recv(handle->sock.fd, buf, len, NULL, NULL, NULL, NULL);
+    ssize_t ret = ocall_recv(handle->sock.fd, buf, len, NULL, NULL, NULL, NULL);
     return IS_ERR(ret) ? unix_to_pal_error(ERRNO(ret)) : ret;
 }
 
@@ -644,7 +644,7 @@ static int64_t udp_receivebyaddr(PAL_HANDLE handle, uint64_t offset, uint64_t le
     struct sockaddr conn_addr;
     socklen_t conn_addrlen = sizeof(struct sockaddr);
 
-    int bytes = ocall_recv(handle->sock.fd, buf, len, &conn_addr, &conn_addrlen, NULL, NULL);
+    ssize_t bytes = ocall_recv(handle->sock.fd, buf, len, &conn_addr, &conn_addrlen, NULL, NULL);
 
     if (IS_ERR(bytes))
         return unix_to_pal_error(ERRNO(bytes));
@@ -673,7 +673,7 @@ static int64_t udp_send(PAL_HANDLE handle, uint64_t offset, uint64_t len, const
     if (len != (uint32_t)len)
         return -PAL_ERROR_INVAL;
 
-    int bytes = ocall_send(handle->sock.fd, buf, len, NULL, 0, NULL, 0);
+    ssize_t bytes = ocall_send(handle->sock.fd, buf, len, NULL, 0, NULL, 0);
     if (IS_ERR(bytes))
         return unix_to_pal_error(ERRNO(bytes));
 
@@ -710,7 +710,7 @@ static int64_t udp_sendbyaddr(PAL_HANDLE handle, uint64_t offset, uint64_t len,
     if (ret < 0)
         return ret;
 
-    int bytes = ocall_send(handle->sock.fd, buf, len, &conn_addr, conn_addrlen, NULL, 0);
+    ssize_t bytes = ocall_send(handle->sock.fd, buf, len, &conn_addr, conn_addrlen, NULL, 0);
     if (IS_ERR(bytes))
         return unix_to_pal_error(ERRNO(bytes));
 

Pal/src/host/Linux-SGX/db_streams.c

@@ -269,12 +269,12 @@ struct hdl_header {
 int _DkSendHandle(PAL_HANDLE hdl, PAL_HANDLE cargo) {
     struct hdl_header hdl_hdr;
     void* hdl_data;
-    int ret = handle_serialize(cargo, &hdl_data);
-    if (ret < 0)
-        return ret;
+    int data_size = handle_serialize(cargo, &hdl_data);
+    if (data_size < 0)
+        return data_size;
 
     hdl_hdr.fds       = 0;
-    hdl_hdr.data_size = ret;
+    hdl_hdr.data_size = data_size;
     unsigned int fds[MAX_FDS];
     unsigned int nfds = 0;
     for (int i = 0; i < MAX_FDS; i++)
@@ -284,6 +284,7 @@ int _DkSendHandle(PAL_HANDLE hdl, PAL_HANDLE cargo) {
         }
 
     int ch = hdl->process.cargo;
+    ssize_t ret;
     ret    = ocall_send(ch, &hdl_hdr, sizeof(struct hdl_header), NULL, 0, NULL, 0);
 
     if (IS_ERR(ret)) {
@@ -316,7 +317,7 @@ int _DkReceiveHandle(PAL_HANDLE hdl, PAL_HANDLE* cargo) {
 
     int ch = hdl->process.cargo;
 
-    int ret = ocall_recv(ch, &hdl_hdr, sizeof(struct hdl_header), NULL, NULL, NULL, NULL);
+    ssize_t ret = ocall_recv(ch, &hdl_hdr, sizeof(struct hdl_header), NULL, NULL, NULL, NULL);
 
     if (IS_ERR(ret))
         return unix_to_pal_error(ERRNO(ret));

Pal/src/host/Linux-SGX/enclave_ocalls.c

@@ -11,8 +11,6 @@
 #include <api.h>
 #include <asm/errno.h>
 
-/* TODO: revise return value as long sgx_ocall(void*) */
-
 /* Check against this limit if the buffer to be allocated fits on the untrusted stack; if not,
  * buffer will be allocated on untrusted heap. Conservatively set this limit to 1/4 of the
  * actual stack size. Currently THREAD_STACK_SIZE = 2MB, so this limit is 512KB.
@@ -230,8 +228,8 @@ int ocall_close (int fd)
     return retval;
 }
 
-int ocall_read(int fd, void* buf, unsigned int count) {
-    int retval = 0;
+ssize_t ocall_read(int fd, void* buf, size_t count) {
+    ssize_t retval = 0;
     void* obuf = NULL;
     ms_ocall_read_t* ms;
     void* ms_buf;
@@ -276,8 +274,8 @@ out:
     return retval;
 }
 
-int ocall_write(int fd, const void* buf, unsigned int count) {
-    int retval = 0;
+ssize_t ocall_write(int fd, const void* buf, size_t count) {
+    ssize_t retval = 0;
     void* obuf = NULL;
     ms_ocall_write_t* ms;
     const void* ms_buf;
@@ -850,11 +848,11 @@ int ocall_connect(int domain, int type, int protocol, int ipv6_v6only,
     return retval;
 }
 
-int ocall_recv (int sockfd, void * buf, unsigned int count,
-                struct sockaddr * addr, unsigned int * addrlenptr,
-                void * control, uint64_t * controllenptr)
+ssize_t ocall_recv(int sockfd, void* buf, size_t count,
+                   struct sockaddr* addr, unsigned int* addrlenptr,
+                   void* control, uint64_t* controllenptr)
 {
-    int retval = 0;
+    ssize_t retval = 0;
     void * obuf = NULL;
     unsigned int copied;
     unsigned int addrlen = addrlenptr ? *addrlenptr : 0;
@@ -924,11 +922,11 @@ out:
     return retval;
 }
 
-int ocall_send (int sockfd, const void * buf, unsigned int count,
-                const struct sockaddr * addr, unsigned int addrlen,
-                void * control, uint64_t controllen)
+ssize_t ocall_send (int sockfd, const void* buf, size_t count,
+                    const struct sockaddr* addr, unsigned int addrlen,
+                    void* control, uint64_t controllen)
 {
-    int retval = 0;
+    ssize_t retval = 0;
     void * obuf = NULL;
     ms_ocall_send_t * ms;
     bool need_munmap;

Pal/src/host/Linux-SGX/enclave_ocalls.h

@@ -24,9 +24,9 @@ int ocall_open (const char * pathname, int flags, unsigned short mode);
 
 int ocall_close (int fd);
 
-int ocall_read (int fd, void * buf, unsigned int count);
+ssize_t ocall_read(int fd, void* buf, size_t count);
 
-int ocall_write (int fd, const void * buf, unsigned int count);
+ssize_t ocall_write(int fd, const void* buf, size_t count);
 
 ssize_t ocall_pread(int fd, void* buf, size_t count, off_t offset);
 
@@ -59,13 +59,13 @@ int ocall_connect(int domain, int type, int protocol, int ipv6_v6only,
                   struct sockaddr* bind_addr, unsigned int* bind_addrlen,
                   struct sockopt* sockopt);
 
-int ocall_recv (int sockfd, void * buf, unsigned int count,
-                struct sockaddr * addr, unsigned int * addrlenptr,
-                void * control, uint64_t * controllenptr);
+ssize_t ocall_recv(int sockfd, void* buf, size_t count,
+                   struct sockaddr* addr, unsigned int* addrlenptr,
+                   void* control, uint64_t* controllenptr);
 
-int ocall_send (int sockfd, const void * buf, unsigned int count,
-                const struct sockaddr * addr, unsigned int addrlen,
-                void * control, uint64_t controllen);
+ssize_t ocall_send(int sockfd, const void* buf, size_t count,
+                   const struct sockaddr* addr, unsigned int addrlen,
+                   void* control, uint64_t controllen);
 
 int ocall_setsockopt (int sockfd, int level, int optname,
                       const void * optval, unsigned int optlen);