sgx_process.c 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192
  1. /* -*- mode:c; c-file-style:"k&r"; c-basic-offset: 4; tab-width:4; indent-tabs-mode:nil; mode:auto-fill; fill-column:78; -*- */
  2. /* vim: set ts=4 sw=4 et tw=78 fo=cqt wm=0: */
  3. /* Copyright (C) 2014 Stony Brook University
  4. This file is part of Graphene Library OS.
  5. Graphene Library OS is free software: you can redistribute it and/or
  6. modify it under the terms of the GNU Lesser General Public License
  7. as published by the Free Software Foundation, either version 3 of the
  8. License, or (at your option) any later version.
  9. Graphene Library OS is distributed in the hope that it will be useful,
  10. but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. GNU Lesser General Public License for more details.
  13. You should have received a copy of the GNU Lesser General Public License
  14. along with this program. If not, see <http://www.gnu.org/licenses/>. */
  15. /*
  16. * db_process.c
  17. *
  18. * This source file contains functions to create a child process and terminate
  19. * the running process. Child does not inherit any objects or memory from its
  20. * parent pricess. A Parent process may not modify the execution of its
  21. * children. It can wait for a child to exit using its handle. Also, parent and
  22. * child may communicate through I/O streams provided by the parent to the child
  23. * at creation.
  24. */
  25. #include <pal_linux.h>
  26. #include <pal_rtld.h>
  27. #include "sgx_internal.h"
  28. #include "sgx_tls.h"
  29. #include "sgx_enclave.h"
  30. #include <asm/fcntl.h>
  31. #include <asm/errno.h>
  32. #include <linux/fs.h>
  33. #define PAL_LOADER RUNTIME_FILE("pal-Linux-SGX")
  34. struct proc_args {
  35. PAL_SEC_STR exec_name;
  36. unsigned int instance_id;
  37. unsigned int parent_process_id;
  38. unsigned int proc_fds[3];
  39. PAL_SEC_STR pipe_prefix;
  40. unsigned int mcast_port;
  41. };
  42. int sgx_create_process (const char * uri, int nargs, const char ** args,
  43. int * retfds)
  44. {
  45. int ret, rete, child;
  46. int fds[6] = { -1, -1, -1, -1, -1, -1 };
  47. if (!uri || !strpartcmp_static(uri, "file:"))
  48. return -PAL_ERROR_INVAL;
  49. if (IS_ERR((ret = INLINE_SYSCALL(pipe, 1, &fds[0]))) ||
  50. IS_ERR((ret = INLINE_SYSCALL(pipe, 1, &fds[2]))) ||
  51. IS_ERR((ret = INLINE_SYSCALL(socketpair, 4, AF_UNIX, SOCK_STREAM,
  52. 0, &fds[4])))) {
  53. ret = -PAL_ERROR_DENIED;
  54. goto out;
  55. }
  56. int proc_fds[2][3] = {
  57. { fds[0], fds[3], fds[4] },
  58. { fds[2], fds[1], fds[5] },
  59. };
  60. const char ** argv = __alloca(sizeof(const char *) * (nargs + 2));
  61. argv[0] = PAL_LOADER;
  62. memcpy(argv + 1, args, sizeof(const char *) * nargs);
  63. argv[nargs + 1] = NULL;
  64. ret = ARCH_VFORK();
  65. if (IS_ERR(ret)) {
  66. ret = -PAL_ERROR_DENIED;
  67. goto out;
  68. }
  69. if (!ret) {
  70. for (int i = 0 ; i < 3 ; i++)
  71. INLINE_SYSCALL(close, 1, proc_fds[1][i]);
  72. INLINE_SYSCALL(close, 1, PROC_INIT_FD);
  73. rete = INLINE_SYSCALL(dup2, 2, proc_fds[0][0], PROC_INIT_FD);
  74. if (IS_ERR(rete))
  75. goto out_child;
  76. rete = INLINE_SYSCALL(execve, 3, PAL_LOADER, argv, NULL);
  77. /* shouldn't get to here */
  78. SGX_DBG(DBG_E, "unexpected failure of new process\n");
  79. out_child:
  80. asm("hlt");
  81. return 0;
  82. }
  83. if (IS_ERR(rete)) {
  84. ret = -PAL_ERROR_DENIED;
  85. goto out;
  86. }
  87. child = ret;
  88. for (int i = 0 ; i < 3 ; i++)
  89. INLINE_SYSCALL(close, 1, proc_fds[0][i]);
  90. int pipe_in = proc_fds[1][0], pipe_out = proc_fds[1][1];
  91. struct pal_sec * pal_sec = &current_enclave->pal_sec;
  92. struct proc_args proc_args;
  93. memcpy(proc_args.exec_name, uri, sizeof(PAL_SEC_STR));
  94. proc_args.instance_id = pal_sec->instance_id;
  95. proc_args.parent_process_id = pal_sec->pid;
  96. proc_args.proc_fds[0] = proc_fds[0][0];
  97. proc_args.proc_fds[1] = proc_fds[0][1];
  98. proc_args.proc_fds[2] = proc_fds[0][2];
  99. memcpy(proc_args.pipe_prefix, pal_sec->pipe_prefix, sizeof(PAL_SEC_STR));
  100. proc_args.mcast_port = pal_sec->mcast_port;
  101. ret = INLINE_SYSCALL(write, 3, pipe_out, &proc_args,
  102. sizeof(struct proc_args));
  103. if (IS_ERR(ret) || ret < sizeof(struct proc_args)) {
  104. ret = -PAL_ERROR_DENIED;
  105. goto out;
  106. }
  107. ret = INLINE_SYSCALL(read, 3, pipe_in, &rete, sizeof(int));
  108. if (IS_ERR(ret) || ret < sizeof(int)) {
  109. ret = -PAL_ERROR_DENIED;
  110. goto out;
  111. }
  112. if (rete < 0) {
  113. ret = rete;
  114. goto out;
  115. }
  116. for (int i = 0 ; i < 3 ; i++) {
  117. INLINE_SYSCALL(fcntl, 3, proc_fds[1][i], F_SETFD, FD_CLOEXEC);
  118. retfds[i] = proc_fds[1][i];
  119. }
  120. ret = child;
  121. out:
  122. if (ret < 0) {
  123. for (int i = 0 ; i < 6 ; i++)
  124. if (fds[i] >= 0)
  125. INLINE_SYSCALL(close, 1, fds[i]);
  126. }
  127. return ret;
  128. }
  129. int sgx_init_child_process (struct pal_sec * pal_sec)
  130. {
  131. struct proc_args proc_args;
  132. int ret = INLINE_SYSCALL(read, 3, PROC_INIT_FD, &proc_args,
  133. sizeof(struct proc_args));
  134. if (IS_ERR(ret) && ERRNO(ret) == EBADF)
  135. return 0;
  136. if (IS_ERR(ret))
  137. return -PAL_ERROR_DENIED;
  138. int child_status = 0;
  139. ret = INLINE_SYSCALL(write, 3, proc_args.proc_fds[1], &child_status,
  140. sizeof(int));
  141. if (IS_ERR(ret))
  142. return -PAL_ERROR_DENIED;
  143. memcpy(pal_sec->exec_name, proc_args.exec_name, sizeof(PAL_SEC_STR));
  144. pal_sec->instance_id = proc_args.instance_id;
  145. pal_sec->ppid = proc_args.parent_process_id;
  146. pal_sec->proc_fds[0] = proc_args.proc_fds[0];
  147. pal_sec->proc_fds[1] = proc_args.proc_fds[1];
  148. pal_sec->proc_fds[2] = proc_args.proc_fds[2];
  149. memcpy(pal_sec->pipe_prefix, proc_args.pipe_prefix, sizeof(PAL_SEC_STR));
  150. pal_sec->mcast_port = proc_args.mcast_port;
  151. return 1;
  152. }