From 2502597c269947edcd2bc38d9d4277f558a4a25e Mon Sep 17 00:00:00 2001 From: gaoyusong Date: Tue, 28 Feb 2023 19:57:46 +0800 Subject: [PATCH] Fix sgx_create_enclave retry mechanism Reference: https://github.com/intel/linux-sgx/commit/111a916b5d19554d2c86f3d881bf00ac91de1b34 Conflict: NA --- .../templates/sgx/SGXEnclave/untrusted/sample.cpp | 5 +++++ SampleCode/Cxx11SGXDemo/App/App.cpp | 5 +++++ SampleCode/Cxx14SGXDemo/App/App.cpp | 5 +++++ SampleCode/PowerTransition/App/ErrorSupport.cpp | 1 + SampleCode/ProtobufSGXDemo/App/App.cpp | 5 +++++ SampleCode/SampleDNNL/App/App.cpp | 5 +++++ SampleCode/SampleEnclave/App/App.cpp | 5 +++++ SampleCode/SampleEnclaveGMIPP/App/App.cpp | 5 +++++ SampleCode/SampleEnclavePCL/App/App.cpp | 5 +++++ SampleCode/SealUnseal/App/ErrorSupport.cpp | 1 + SampleCode/Switchless/App/App.cpp | 5 +++++ common/inc/sgx_error.h | 2 +- psw/ae/aesm_service/source/oal/linux/internal_log.cpp | 1 + psw/urts/loader.cpp | 9 +++++---- 14 files changed, 54 insertions(+), 5 deletions(-) diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/untrusted/sample.cpp b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/untrusted/sample.cpp index 2885ebd..c8bcf48 100644 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/untrusted/sample.cpp +++ b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/untrusted/sample.cpp @@ -102,6 +102,11 @@ static sgx_errlist_t sgx_errlist[] = { "Can't open enclave file.", NULL }, + { + SGX_ERROR_MEMORY_MAP_FAILURE, + "Failed to reserve memory for the enclave.", + NULL + }, }; /* Check error conditions for loading enclave */ diff --git a/SampleCode/Cxx11SGXDemo/App/App.cpp b/SampleCode/Cxx11SGXDemo/App/App.cpp index cc92865..f44b435 100644 --- a/SampleCode/Cxx11SGXDemo/App/App.cpp +++ b/SampleCode/Cxx11SGXDemo/App/App.cpp @@ -132,6 +132,11 @@ static sgx_errlist_t sgx_errlist[] = { "The enclave is signed as product enclave, and can not be created as debuggable enclave.", NULL }, + { + SGX_ERROR_MEMORY_MAP_FAILURE, + "Failed to reserve memory for the enclave.", + NULL + }, }; /* Check error conditions for loading enclave */ diff --git a/SampleCode/Cxx14SGXDemo/App/App.cpp b/SampleCode/Cxx14SGXDemo/App/App.cpp index 62a8dde..59cdfbe 100644 --- a/SampleCode/Cxx14SGXDemo/App/App.cpp +++ b/SampleCode/Cxx14SGXDemo/App/App.cpp @@ -132,6 +132,11 @@ static sgx_errlist_t sgx_errlist[] = { "The enclave is signed as product enclave, and can not be created as debuggable enclave.", NULL }, + { + SGX_ERROR_MEMORY_MAP_FAILURE, + "Failed to reserve memory for the enclave.", + NULL + }, }; /* Check error conditions for loading enclave */ diff --git a/SampleCode/PowerTransition/App/ErrorSupport.cpp b/SampleCode/PowerTransition/App/ErrorSupport.cpp index 4142ab0..9fdf0ce 100644 --- a/SampleCode/PowerTransition/App/ErrorSupport.cpp +++ b/SampleCode/PowerTransition/App/ErrorSupport.cpp @@ -51,6 +51,7 @@ static sgx_errlist_t sgx_errlist[] = { {SGX_ERROR_OUT_OF_EPC, "Out of EPC memory."}, {SGX_ERROR_NO_DEVICE, "Invalid SGX device."}, {SGX_ERROR_MEMORY_MAP_CONFLICT, "Memory map conflicted."}, + {SGX_ERROR_MEMORY_MAP_FAILURE, "Failed to reserve memory for the enclave."}, {SGX_ERROR_INVALID_METADATA, "Invalid encalve metadata."}, {SGX_ERROR_DEVICE_BUSY, "SGX device is busy."}, {SGX_ERROR_INVALID_VERSION, "Enclave metadata version is invalid."}, diff --git a/SampleCode/ProtobufSGXDemo/App/App.cpp b/SampleCode/ProtobufSGXDemo/App/App.cpp index 58b74b4..ae7f2f3 100644 --- a/SampleCode/ProtobufSGXDemo/App/App.cpp +++ b/SampleCode/ProtobufSGXDemo/App/App.cpp @@ -132,6 +132,11 @@ static sgx_errlist_t sgx_errlist[] = { "The enclave is signed as product enclave, and can not be created as debuggable enclave.", NULL }, + { + SGX_ERROR_MEMORY_MAP_FAILURE, + "Failed to reserve memory for the enclave.", + NULL + }, }; /* Check error conditions for loading enclave */ diff --git a/SampleCode/SampleDNNL/App/App.cpp b/SampleCode/SampleDNNL/App/App.cpp index 41c6752..cfb4f15 100644 --- a/SampleCode/SampleDNNL/App/App.cpp +++ b/SampleCode/SampleDNNL/App/App.cpp @@ -134,6 +134,11 @@ static sgx_errlist_t sgx_errlist[] = { "Can't open enclave file.", NULL }, + { + SGX_ERROR_MEMORY_MAP_FAILURE, + "Failed to reserve memory for the enclave.", + NULL + }, }; /* Check error conditions for loading enclave */ diff --git a/SampleCode/SampleEnclave/App/App.cpp b/SampleCode/SampleEnclave/App/App.cpp index 6ac49c8..8aa10da 100644 --- a/SampleCode/SampleEnclave/App/App.cpp +++ b/SampleCode/SampleEnclave/App/App.cpp @@ -128,6 +128,11 @@ static sgx_errlist_t sgx_errlist[] = { "Can't open enclave file.", NULL }, + { + SGX_ERROR_MEMORY_MAP_FAILURE, + "Failed to reserve memory for the enclave.", + NULL + }, }; /* Check error conditions for loading enclave */ diff --git a/SampleCode/SampleEnclaveGMIPP/App/App.cpp b/SampleCode/SampleEnclaveGMIPP/App/App.cpp index 9e951ae..8b2123c 100644 --- a/SampleCode/SampleEnclaveGMIPP/App/App.cpp +++ b/SampleCode/SampleEnclaveGMIPP/App/App.cpp @@ -129,6 +129,11 @@ static sgx_errlist_t sgx_errlist[] = { "Can't open enclave file.", NULL }, + { + SGX_ERROR_MEMORY_MAP_FAILURE, + "Failed to reserve memory for the enclave.", + NULL + }, }; /* Check error conditions for loading enclave */ diff --git a/SampleCode/SampleEnclavePCL/App/App.cpp b/SampleCode/SampleEnclavePCL/App/App.cpp index 092c68f..42d3c64 100644 --- a/SampleCode/SampleEnclavePCL/App/App.cpp +++ b/SampleCode/SampleEnclavePCL/App/App.cpp @@ -158,6 +158,11 @@ static sgx_errlist_t sgx_errlist[] = { "PCL sealed key GUID mismatch.", NULL }, + { + SGX_ERROR_MEMORY_MAP_FAILURE, + "Failed to reserve memory for the enclave.", + NULL + }, }; /* Check error conditions for loading enclave */ diff --git a/SampleCode/SealUnseal/App/ErrorSupport.cpp b/SampleCode/SealUnseal/App/ErrorSupport.cpp index d890442..8b456a8 100644 --- a/SampleCode/SealUnseal/App/ErrorSupport.cpp +++ b/SampleCode/SealUnseal/App/ErrorSupport.cpp @@ -50,6 +50,7 @@ static sgx_errlist_t sgx_errlist[] = { {SGX_ERROR_OUT_OF_EPC, "Out of EPC memory."}, {SGX_ERROR_NO_DEVICE, "Invalid SGX device."}, {SGX_ERROR_MEMORY_MAP_CONFLICT, "Memory map conflicted."}, + {SGX_ERROR_MEMORY_MAP_FAILURE, "Failed to reserve memory for the enclave."}, {SGX_ERROR_INVALID_METADATA, "Invalid encalve metadata."}, {SGX_ERROR_DEVICE_BUSY, "SGX device is busy."}, {SGX_ERROR_INVALID_VERSION, "Enclave metadata version is invalid."}, diff --git a/SampleCode/Switchless/App/App.cpp b/SampleCode/Switchless/App/App.cpp index e86b49b..4f05c19 100644 --- a/SampleCode/Switchless/App/App.cpp +++ b/SampleCode/Switchless/App/App.cpp @@ -132,6 +132,11 @@ static sgx_errlist_t sgx_errlist[] = { "Can't open enclave file.", NULL }, + { + SGX_ERROR_MEMORY_MAP_FAILURE, + "Failed to reserve memory for the enclave.", + NULL + }, }; /* Check error conditions for loading enclave */ diff --git a/common/inc/sgx_error.h b/common/inc/sgx_error.h index 1a410ca..d38ec05 100644 --- a/common/inc/sgx_error.h +++ b/common/inc/sgx_error.h @@ -61,7 +61,7 @@ typedef enum _status_t SGX_ERROR_NDEBUG_ENCLAVE = SGX_MK_ERROR(0x2004), /* The enclave is signed as product enclave, and can not be created as debuggable enclave. */ SGX_ERROR_OUT_OF_EPC = SGX_MK_ERROR(0x2005), /* Not enough EPC is available to load the enclave */ SGX_ERROR_NO_DEVICE = SGX_MK_ERROR(0x2006), /* Can't open SGX device */ - SGX_ERROR_MEMORY_MAP_CONFLICT= SGX_MK_ERROR(0x2007), /* Page mapping failed in driver */ + SGX_ERROR_MEMORY_MAP_CONFLICT= SGX_MK_ERROR(0x2007), /* Page mapping failed in driver. Deprecated*/ SGX_ERROR_INVALID_METADATA = SGX_MK_ERROR(0x2009), /* The metadata is incorrect. */ SGX_ERROR_DEVICE_BUSY = SGX_MK_ERROR(0x200c), /* Device is busy, mostly EINIT failed. */ SGX_ERROR_INVALID_VERSION = SGX_MK_ERROR(0x200d), /* Metadata version is inconsistent between uRTS and sgx_sign or uRTS is incompatible with current platform. */ diff --git a/psw/ae/aesm_service/source/oal/linux/internal_log.cpp b/psw/ae/aesm_service/source/oal/linux/internal_log.cpp index f10c3de..c2be8fb 100644 --- a/psw/ae/aesm_service/source/oal/linux/internal_log.cpp +++ b/psw/ae/aesm_service/source/oal/linux/internal_log.cpp @@ -468,6 +468,7 @@ static const char *get_sgx_status_t_string(sgx_status_t status) CASE_ENUM_RET_STRING(SGX_ERROR_OUT_OF_EPC) CASE_ENUM_RET_STRING(SGX_ERROR_NO_DEVICE) CASE_ENUM_RET_STRING(SGX_ERROR_MEMORY_MAP_CONFLICT) + CASE_ENUM_RET_STRING(SGX_ERROR_MEMORY_MAP_FAILURE) CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_METADATA) CASE_ENUM_RET_STRING(SGX_ERROR_DEVICE_BUSY) CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_VERSION) diff --git a/psw/urts/loader.cpp b/psw/urts/loader.cpp index bd98a3c..7ad8a69 100644 --- a/psw/urts/loader.cpp +++ b/psw/urts/loader.cpp @@ -907,7 +907,7 @@ int CLoader::load_enclave(SGXLaunchToken *lc, int debug, const metadata_t *metad int CLoader::load_enclave_ex(SGXLaunchToken *lc, bool debug, const metadata_t *metadata, sgx_config_id_t *config_id, sgx_config_svn_t config_svn, le_prd_css_file_t *prd_css_file, sgx_misc_attribute_t *misc_attr) { - unsigned int ret = SGX_SUCCESS, map_conflict_count = 3; + unsigned int ret = SGX_SUCCESS, map_retry_count = 3; bool retry = true; while (retry) @@ -919,12 +919,13 @@ int CLoader::load_enclave_ex(SGXLaunchToken *lc, bool debug, const metadata_t *m case SGX_ERROR_ENCLAVE_LOST: //caused by loading enclave while power transition occurs break; - //If memroy map conflict occurs, we only retry 3 times. + //If memroy map fail or conflict occurs, we only retry 3 times. + case SGX_ERROR_MEMORY_MAP_FAILURE: case SGX_ERROR_MEMORY_MAP_CONFLICT: - if(0 == map_conflict_count) + if(0 == map_retry_count) retry = false; else - map_conflict_count--; + map_retry_count--; break; //We don't re-load enclave due to other error code. -- 2.33.0