Parcourir la source

[Pal/Linux-SGX] Clean up initialize_enclave() and create_enclave()

This commits clears up the responsibilities between create_enclave() and its
caller initialize_enclave(). create_enclave() now assumes its caller picks a
suitable base address and size according to SGX's requirements.
Thomas Knauth il y a 4 ans
Parent
commit
5fb01c07a5

+ 4 - 13
Pal/src/host/Linux-SGX/sgx_framework.c

@@ -136,10 +136,11 @@ bool is_wrfsbase_supported (void)
 }
 
 int create_enclave(sgx_arch_secs_t * secs,
-                   unsigned long baseaddr,
-                   unsigned long size,
                    sgx_arch_token_t * token)
 {
+    assert(secs->size && IS_POWER_OF_2(secs->size));
+    assert(IS_ALIGNED(secs->base, secs->size));
+
     int flags = MAP_SHARED;
 
     if (!zero_page) {
@@ -151,10 +152,6 @@ int create_enclave(sgx_arch_secs_t * secs,
             return -ENOMEM;
     }
 
-    memset(secs, 0, sizeof(sgx_arch_secs_t));
-    secs->size = pagesize;
-    while (secs->size < size)
-        secs->size <<= 1;
     secs->ssa_frame_size = get_ssaframesize(token->body.attributes.xfrm) / pagesize;
     secs->misc_select = token->masked_misc_select_le;
     memcpy(&secs->attributes, &token->body.attributes, sizeof(sgx_attributes_t));
@@ -165,12 +162,6 @@ int create_enclave(sgx_arch_secs_t * secs,
      * SIGSTRUCT during EINIT (see pp21 for ECREATE and pp34 for
      * EINIT in https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf). */
 
-    if (baseaddr) {
-        secs->base = ALIGN_DOWN_POW2(baseaddr, secs->size);
-    } else {
-        secs->base = ENCLAVE_HIGH_ADDRESS;
-    }
-
     uint64_t addr = INLINE_SYSCALL(mmap, 6, secs->base, secs->size,
                                    PROT_READ|PROT_WRITE|PROT_EXEC,
                                    flags|MAP_FIXED, isgx_device, 0);
@@ -185,7 +176,7 @@ int create_enclave(sgx_arch_secs_t * secs,
         return -ENOMEM;
     }
 
-    secs->base = addr;
+    assert(secs->base == addr);
 
 #if SDK_DRIVER_VERSION >= KERNEL_VERSION(1, 8, 0)
     struct sgx_enclave_create param = {

+ 0 - 2
Pal/src/host/Linux-SGX/sgx_internal.h

@@ -86,8 +86,6 @@ int read_enclave_token (int token_file, sgx_arch_token_t * token);
 int read_enclave_sigstruct (int sigfile, sgx_arch_enclave_css_t * sig);
 
 int create_enclave(sgx_arch_secs_t * secs,
-                   unsigned long base,
-                   unsigned long size,
                    sgx_arch_token_t * token);
 
 enum sgx_page_type { SGX_PAGE_SECS, SGX_PAGE_TCS, SGX_PAGE_REG };

+ 10 - 8
Pal/src/host/Linux-SGX/sgx_main.c

@@ -276,11 +276,12 @@ int initialize_enclave (struct pal_enclave * enclave)
         enclave->thread_num = 1;
     }
 
-    /* Reading sgx.static_address from manifest */
-    if (get_config(enclave->config, "sgx.static_address", cfgbuf, sizeof(cfgbuf)) > 0 && cfgbuf[0] == '1')
-        enclave->baseaddr = heap_min;
-    else
-        enclave->baseaddr = heap_min = 0;
+    if (get_config(enclave->config, "sgx.static_address", cfgbuf, sizeof(cfgbuf)) > 0 && cfgbuf[0] == '1') {
+        enclave->baseaddr = ALIGN_DOWN_POW2(heap_min, enclave->size);
+    } else {
+        enclave->baseaddr = ENCLAVE_HIGH_ADDRESS;
+        heap_min = 0;
+    }
 
     ret = read_enclave_token(enclave->token, &enclave_token);
     if (ret < 0) {
@@ -294,14 +295,15 @@ int initialize_enclave (struct pal_enclave * enclave)
         goto out;
     }
 
-    ret = create_enclave(&enclave_secs, enclave->baseaddr, enclave->size, &enclave_token);
+    memset(&enclave_secs, 0, sizeof(enclave_secs));
+    enclave_secs.base = enclave->baseaddr;
+    enclave_secs.size = enclave->size;
+    ret = create_enclave(&enclave_secs, &enclave_token);
     if (ret < 0) {
         SGX_DBG(DBG_E, "Creating enclave failed: %d\n", -ret);
         goto out;
     }
 
-    enclave->baseaddr = enclave_secs.base;
-    enclave->size = enclave_secs.size;
     enclave->ssaframesize = enclave_secs.ssa_frame_size * pagesize;
 
     struct stat stat;