[Pal/Linux-SGX] Don't get manifest addr/size from urts

Instead we use the fact that the manifest is always placed at the top of
the enclave address range. The manifest size is stored inside the TLS
like we have already done for the enclave size.

Part of issue #509.

Pal/src/host/Linux-SGX/db_main.c

@@ -195,6 +195,7 @@ free_and_err:
 }
 
 extern void * enclave_base;
+extern void * enclave_top;
 
 void pal_linux_main(char * uptr_args, uint64_t args_size,
                     char * uptr_env, uint64_t env_size,
@@ -294,10 +295,6 @@ void pal_linux_main(char * uptr_args, uint64_t args_size,
     pal_sec.exec_addr = sec_info.exec_addr;
     pal_sec.exec_size = sec_info.exec_size;
 
-    /* TODO: remove with PR #580 */
-    pal_sec.manifest_addr = sec_info.manifest_addr;
-    pal_sec.manifest_size = sec_info.manifest_size;
-
     /* set up page allocator and slab manager */
     init_slab_mgr(pagesz);
     init_untrusted_slab_mgr();
@@ -361,11 +358,14 @@ void pal_linux_main(char * uptr_args, uint64_t args_size,
         SGX_DBG(DBG_I, "Run without executable\n");
     }
 
+    uint64_t manifest_size = GET_ENCLAVE_TLS(manifest_size);
+    void* manifest_addr = enclave_top - ALIGN_UP_PTR(manifest_size, pagesz);
+
     /* parse manifest data into config storage */
     struct config_store * root_config =
             malloc(sizeof(struct config_store));
-    root_config->raw_data = pal_sec.manifest_addr;
-    root_config->raw_size = pal_sec.manifest_size;
+    root_config->raw_data = manifest_addr;
+    root_config->raw_size = manifest_size;
     root_config->malloc = malloc;
     root_config->free = free;
 
@@ -376,9 +376,8 @@ void pal_linux_main(char * uptr_args, uint64_t args_size,
     }
 
     pal_state.root_config = root_config;
-    __pal_control.manifest_preload.start = (PAL_PTR) pal_sec.manifest_addr;
-    __pal_control.manifest_preload.end = (PAL_PTR) pal_sec.manifest_addr +
-                                         pal_sec.manifest_size;
+    __pal_control.manifest_preload.start = (PAL_PTR) manifest_addr;
+    __pal_control.manifest_preload.end = (PAL_PTR) manifest_addr + manifest_size;
 
     init_trusted_files();
     init_trusted_children();

Pal/src/host/Linux-SGX/generated-offsets.c

@@ -69,6 +69,7 @@ void dummy(void)
     OFFSET(SGX_OCALL_PREPARED, enclave_tls, ocall_prepared);
     OFFSET(SGX_ECALL_CALLED, enclave_tls, ecall_called);
     OFFSET(SGX_READY_FOR_EXCEPTIONS, enclave_tls, ready_for_exceptions);
+    OFFSET(SGX_MANIFEST_SIZE, enclave_tls, manifest_size);
 
     /* sgx_arch_tcs_t */
     OFFSET_T(TCS_OSSA, sgx_arch_tcs_t, ossa);

Pal/src/host/Linux-SGX/pal_security.h

@@ -43,10 +43,7 @@ struct pal_sec {
     PAL_PTR         exec_addr;
     PAL_NUM         exec_size;
 
-    /* manifest name, addr and size */
     PAL_SEC_STR     manifest_name;
-    PAL_PTR         manifest_addr;
-    PAL_NUM         manifest_size;
 
     /* need three proc fds if it has a parent */
     PAL_IDX         proc_fds[3];

Pal/src/host/Linux-SGX/sgx_main.c

@@ -327,10 +327,12 @@ int initialize_enclave (struct pal_enclave * enclave)
         _a->prot = _prot; _a->type = _type; _a;                         \
     })
 
-    struct mem_area * manifest_area =
-        set_area("manifest", false, false, enclave->manifest,
-                 0, ALLOC_ALIGNUP(manifest_size),
-                 PROT_READ, SGX_PAGE_REG);
+    /* The manifest needs to be allocated at the upper end of the enclave
+     * memory. That's used by pal_linux_main to find the manifest area. So add
+     * it first to the list with memory areas. */
+    set_area("manifest", false, false, enclave->manifest,
+             0, ALLOC_ALIGNUP(manifest_size),
+             PROT_READ, SGX_PAGE_REG);
     struct mem_area * ssa_area =
         set_area("ssa", false, false, -1, 0,
                  enclave->thread_num * enclave->ssaframesize * SSAFRAMENUM,
@@ -420,6 +422,7 @@ int initialize_enclave (struct pal_enclave * enclave)
                     enclave_secs.baseaddr;
                 gs->gpr = gs->ssa +
                     enclave->ssaframesize - sizeof(sgx_arch_gpr_t);
+                gs->manifest_size = manifest_size;
             }
         } else if (strcmp_static(areas[i].desc, "tcs")) {
             data = (void *) INLINE_SYSCALL(mmap, 6, NULL, areas[i].size,
@@ -470,9 +473,6 @@ int initialize_enclave (struct pal_enclave * enclave)
         pal_sec->exec_size = exec_area->size;
     }
 
-    pal_sec->manifest_addr = (void *) enclave_secs.baseaddr + manifest_area->addr;
-    pal_sec->manifest_size = manifest_size;
-
     struct enclave_dbginfo * dbg = (void *)
             INLINE_SYSCALL(mmap, 6, DBGINFO_ADDR,
                            sizeof(struct enclave_dbginfo),

Pal/src/host/Linux-SGX/sgx_tls.h

@@ -20,6 +20,7 @@ struct enclave_tls {
     uint64_t ocall_prepared;
     uint64_t ecall_called;
     uint64_t ready_for_exceptions;
+    uint64_t manifest_size;
 };
 
 #ifndef DEBUG

Pal/src/host/Linux-SGX/signer/pal-sgx-sign

@@ -386,6 +386,7 @@ def baseaddr():
         return 0
 
 def gen_area_content(attr, areas):
+    manifest_area = find_area(areas, 'manifest')
     exec_area = find_area(areas, 'exec', True)
     pal_area = find_area(areas, 'pal')
     ssa_area = find_area(areas, 'ssa')
@@ -427,6 +428,7 @@ def gen_area_content(attr, areas):
         set_tls_field(t, SGX_INITIAL_STACK_OFFSET, stacks[t].addr + stacks[t].size)
         set_tls_field(t, SGX_SSA, ssa)
         set_tls_field(t, SGX_GPR, ssa + SSAFRAMESIZE - SGX_GPR_SIZE)
+        set_tls_field(t, SGX_MANIFEST_SIZE, os.stat(manifest_area.file).st_size)
 
     tcs_area.content = tcs_data
     tls_area.content = tls_data