Deep-copy sgxlkl_enclave_config->enc_dev_config.

Signed-off-by: Christoph M. Wintersteiger <[email protected]>

src/enclave/enclave_event_channel.c

@@ -143,9 +143,8 @@ void initialize_enclave_event_channel(
     uint8_t* dev_id = NULL;
     _evt_channel_num = evt_channel_num;
 
-    if (!oe_is_outside_enclave(
-            enc_dev_config, sizeof(enc_dev_config_t) * _evt_channel_num))
-        oe_abort();
+    sgxlkl_ensure_inside(
+        enc_dev_config, sizeof(enc_dev_config_t) * _evt_channel_num);
 
     evt_chn_lock = (struct ticketlock**)oe_calloc_or_die(
         evt_channel_num,
@@ -160,16 +159,10 @@ void initialize_enclave_event_channel(
     _enc_dev_config = enc_dev_config;
     for (int i = 0; i < evt_channel_num; i++)
     {
-        if (!oe_is_outside_enclave(
-                &enc_dev_config[i], sizeof(enc_dev_config_t)) ||
-            !oe_is_outside_enclave(
-                &enc_dev_config[i].enc_evt_chn, sizeof(enc_evt_channel_t)) ||
-            !oe_is_outside_enclave(
-                &enc_dev_config[i].enc_evt_chn->host_evt_channel,
-                sizeof(evt_t)) ||
-            !oe_is_outside_enclave(
-                &enc_dev_config[i].enc_evt_chn->qidx_p, sizeof(uint32_t)))
-            oe_abort();
+        const enc_dev_config_t* ed_conf_i = &enc_dev_config[i];
+        // const enc_evt_channel_t* ee_chan_i = ed_conf_i->enc_evt_chn;
+        // sgxlkl_ensure_outside(ee_chan_i->host_evt_channel, sizeof(evt_t));
+        // sgxlkl_ensure_outside(ee_chan_i->qidx_p, sizeof(uint32_t));
 
         evt_chn_lock[i] = (struct ticketlock*)oe_calloc_or_die(
             1,
@@ -180,7 +173,7 @@ void initialize_enclave_event_channel(
         dev_id = (uint8_t*)oe_calloc_or_die(
             1, sizeof(uint8_t), "Could not allocate memory for dev_id\n");
 
-        *dev_id = enc_dev_config[i].dev_id;
+        *dev_id = ed_conf_i->dev_id;
 
         if (lthread_create(
                 &vio_tasks[i],

src/enclave/enclave_oe.c

@@ -305,25 +305,25 @@ static void _read_eeid_config()
     sgxlkl_enclave_state.config = cfg;
 }
 
-#define CHECK_INSIDE(X, S)                                  \
-    {                                                       \
-        if ((X) != NULL && !oe_is_within_enclave((X), (S))) \
-            oe_abort();                                     \
-    }
+void sgxlkl_ensure_inside(const void* ptr, size_t sz)
+{
+    if (ptr != NULL && !oe_is_within_enclave(ptr, sz))
+        sgxlkl_fail("Unexpected: buffer is not in enclave memory.\n");
+}
 
-#define CHECK_OUTSIDE(X, S)                                  \
-    {                                                        \
-        if ((X) != NULL && !oe_is_outside_enclave((X), (S))) \
-            oe_abort();                                      \
-    }
+void sgxlkl_ensure_outside(const void* ptr, size_t sz)
+{
+    if (ptr != NULL && !oe_is_outside_enclave(ptr, sz))
+        sgxlkl_fail("Unexpected: buffer is in enclave memory.\n");
+}
 
 static void _copy_shared_memory(const sgxlkl_shared_memory_t* host)
 {
     const sgxlkl_enclave_config_t* cfg = sgxlkl_enclave_state.config;
 
     /* The host shared memory struct has been copied by OE (but not its
      * contents). */
-    CHECK_INSIDE(host, sizeof(sgxlkl_shared_memory_t));
+    sgxlkl_ensure_inside(host, sizeof(sgxlkl_shared_memory_t));
 
     /* Temporary, volatile copy to make sure checks aren't reordered */
     volatile sgxlkl_shared_memory_t* enc = oe_calloc_or_die(
@@ -334,26 +334,80 @@ static void _copy_shared_memory(const sgxlkl_shared_memory_t* host)
     if (cfg->io.network)
     {
         enc->virtio_net_dev_mem = host->virtio_net_dev_mem;
-        CHECK_OUTSIDE(enc->virtio_net_dev_mem, sizeof(struct virtio_dev));
+        sgxlkl_ensure_outside(
+            enc->virtio_net_dev_mem, sizeof(struct virtio_dev));
     }
 
     if (cfg->io.console)
     {
         enc->virtio_console_mem = host->virtio_console_mem;
-        CHECK_OUTSIDE(enc->virtio_console_mem, sizeof(struct virtio_dev));
+        sgxlkl_ensure_outside(
+            enc->virtio_console_mem, sizeof(struct virtio_dev));
     }
 
     enc->evt_channel_num = host->evt_channel_num;
-    enc->enc_dev_config = host->enc_dev_config;
-    CHECK_OUTSIDE(
-        enc->enc_dev_config, sizeof(enc_dev_config_t) * enc->evt_channel_num);
+
+    if (enc->evt_channel_num > 0)
+    {
+        _Static_assert(
+            sizeof(enc_dev_config_t) == 24UL,
+            "enc_dev_config_t size has changed");
+
+        enc->enc_dev_config = oe_calloc_or_die(
+            enc->evt_channel_num,
+            sizeof(enc_dev_config_t),
+            "Could not allocate memory for event channel device config\n");
+
+        for (size_t i = 0; i < enc->evt_channel_num; i++)
+        {
+            const enc_dev_config_t* host_conf_i = &host->enc_dev_config[i];
+            enc_dev_config_t* enc_conf_i = &enc->enc_dev_config[i];
+
+            enc_conf_i->dev_id = host_conf_i->dev_id;
+
+            enc_evt_channel_t* host_chn = host_conf_i->enc_evt_chn;
+            if (host_chn)
+            {
+                enc_conf_i->enc_evt_chn = host_chn;
+
+                // enc_conf_i->enc_evt_chn = oe_calloc_or_die(
+                //     1,
+                //     sizeof(enc_evt_channel_t),
+                //     "Could not allocate memory for event channel config\n ");
+
+                // enc_conf_i->enc_evt_chn->host_evt_channel = oe_calloc_or_die(
+                //     1,
+                //     sizeof(evt_t),
+                //     "Could not allocate memory for host event channel
+                //     evt_t\n");
+
+                // enc_conf_i->enc_evt_chn->qidx_p = oe_calloc_or_die(
+                //     1,
+                //     sizeof(uint32_t),
+                //     "Could not allocate memory for event channel qidx_p\n ");
+
+                // enc_evt_channel_t* enc_chn = enc_conf_i->enc_evt_chn;
+
+                // enc_chn->enclave_evt_channel = host_chn->enclave_evt_channel;
+
+                // evt_t* hechan = host_chn->host_evt_channel;
+                // sgxlkl_ensure_outside(hechan, sizeof(evt_t));
+                //*enc_chn->host_evt_channel = *hechan;
+
+                // uint32_t* qidx_p = host_chn->qidx_p;
+                // sgxlkl_ensure_outside(qidx_p, sizeof(uint32_t));
+                //*enc_chn->qidx_p = *qidx_p;
+            }
+            enc_conf_i->evt_processed = host_conf_i->evt_processed;
+        }
+    }
 
     enc->virtio_swiotlb = host->virtio_swiotlb;
     enc->virtio_swiotlb_size = host->virtio_swiotlb_size;
-    CHECK_OUTSIDE(enc->virtio_swiotlb, enc->virtio_swiotlb_size);
+    sgxlkl_ensure_outside(enc->virtio_swiotlb, enc->virtio_swiotlb_size);
 
     enc->timer_dev_mem = host->timer_dev_mem;
-    CHECK_OUTSIDE(enc->timer_dev_mem, sizeof(struct timer_dev));
+    sgxlkl_ensure_outside(enc->timer_dev_mem, sizeof(struct timer_dev));
 
     if (cfg->io.block)
     {
@@ -370,12 +424,12 @@ static void _copy_shared_memory(const sgxlkl_shared_memory_t* host)
         for (size_t i = 0; i < enc->num_virtio_blk_dev; i++)
         {
             enc->virtio_blk_dev_mem[i] = host->virtio_blk_dev_mem[i];
-            CHECK_OUTSIDE(
+            sgxlkl_ensure_outside(
                 enc->virtio_blk_dev_mem[i], sizeof(struct virtio_dev));
 
             const char* name = host->virtio_blk_dev_names[i];
             size_t name_len = oe_strlen(name) + 1;
-            CHECK_OUTSIDE(name, name_len);
+            sgxlkl_ensure_outside(name, name_len);
             enc->virtio_blk_dev_names[i] = oe_calloc_or_die(
                 name_len,
                 sizeof(char),
@@ -389,7 +443,7 @@ static void _copy_shared_memory(const sgxlkl_shared_memory_t* host)
     size_t henvc = host->envc;
     if (henv && henvc)
     {
-        CHECK_OUTSIDE(henv, sizeof(char*) * henvc);
+        sgxlkl_ensure_outside(henv, sizeof(char*) * henvc);
         char** tmp = oe_calloc_or_die(
             henvc,
             sizeof(char*),
@@ -398,13 +452,13 @@ static void _copy_shared_memory(const sgxlkl_shared_memory_t* host)
         {
             const char* env_i = henv[i];
             size_t n = strlen(env_i) + 1;
-            CHECK_OUTSIDE(env_i, n);
+            sgxlkl_ensure_outside(env_i, n);
             tmp[i] = oe_malloc(n);
             memcpy(tmp[i], env_i, n);
         }
         enc->env = tmp;
         enc->envc = henvc;
-        CHECK_INSIDE(enc->env, sizeof(char*) * enc->envc);
+        sgxlkl_ensure_inside(enc->env, sizeof(char*) * enc->envc);
     }
 
     /* Commit to the temporary copy */
@@ -416,6 +470,17 @@ static void _free_shared_memory()
 {
     sgxlkl_shared_memory_t* shm = &sgxlkl_enclave_state.shared_memory;
 
+    for (size_t i = 0; i < shm->evt_channel_num; i++)
+    {
+        if (shm->enc_dev_config[i].enc_evt_chn)
+        {
+            oe_free(shm->enc_dev_config[i].enc_evt_chn->host_evt_channel);
+            oe_free(shm->enc_dev_config[i].enc_evt_chn->qidx_p);
+            oe_free(shm->enc_dev_config[i].enc_evt_chn);
+        }
+    }
+    oe_free(shm->enc_dev_config);
+
     for (size_t i = 0; i < shm->num_virtio_blk_dev; i++)
         oe_free(shm->virtio_blk_dev_names[i]);
 

src/enclave/enclave_timer.c

@@ -30,8 +30,7 @@ uint64_t enclave_nanos()
 {
     struct timer_dev* t = sgxlkl_enclave_state.shared_memory.timer_dev_mem;
 
-    if (!oe_is_outside_enclave(t, sizeof(struct timer_dev)))
-        oe_abort();
+    sgxlkl_ensure_outside(t, sizeof(struct timer_dev));
 
     uint64_t e = t->nanos;
     uint64_t i = internal_counter;

src/include/enclave/enclave_util.h

@@ -91,6 +91,12 @@ void* oe_malloc_or_die(size_t size, const char* fail_msg, ...);
  */
 void* oe_calloc_or_die(size_t nmemb, size_t size, const char* fail_msg, ...);
 
+/**
+ * Ensure buffers are held entirely inside or outside the enclave memory.
+ */
+void sgxlkl_ensure_inside(const void* ptr, size_t sz);
+void sgxlkl_ensure_outside(const void* ptr, size_t sz);
+
 /**
  *
  * Note that generating a stack trace by unwinding stack frames could be exploited