packages/linux-sgx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux-sgx/backport-Fix-sgx_create_enclave-retry-mechanism.patch
houmingyong 74b9cc6ebf backport patch and cve 
(cherry picked from commit d67bb7107596055be373f5f62da97b55f8cec2c3)
2023-10-28 12:06:49 +08:00

252 lines
11 KiB
Diff
Raw Blame History

From 2502597c269947edcd2bc38d9d4277f558a4a25e Mon Sep 17 00:00:00 2001
From: gaoyusong <a869920004@163.com>
Date: Tue, 28 Feb 2023 19:57:46 +0800
Subject: [PATCH] Fix sgx_create_enclave retry mechanism
Reference: https://github.com/intel/linux-sgx/commit/111a916b5d19554d2c86f3d881bf00ac91de1b34
Conflict: NA
---
.../templates/sgx/SGXEnclave/untrusted/sample.cpp | 5 +++++
SampleCode/Cxx11SGXDemo/App/App.cpp | 5 +++++
SampleCode/Cxx14SGXDemo/App/App.cpp | 5 +++++
SampleCode/PowerTransition/App/ErrorSupport.cpp | 1 +
SampleCode/ProtobufSGXDemo/App/App.cpp | 5 +++++
SampleCode/SampleDNNL/App/App.cpp | 5 +++++
SampleCode/SampleEnclave/App/App.cpp | 5 +++++
SampleCode/SampleEnclaveGMIPP/App/App.cpp | 5 +++++
SampleCode/SampleEnclavePCL/App/App.cpp | 5 +++++
SampleCode/SealUnseal/App/ErrorSupport.cpp | 1 +
SampleCode/Switchless/App/App.cpp | 5 +++++
common/inc/sgx_error.h | 2 +-
psw/ae/aesm_service/source/oal/linux/internal_log.cpp | 1 +
psw/urts/loader.cpp | 9 +++++----
14 files changed, 54 insertions(+), 5 deletions(-)
diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/untrusted/sample.cpp b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/untrusted/sample.cpp
index 2885ebd..c8bcf48 100644
--- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/untrusted/sample.cpp
+++ b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/untrusted/sample.cpp
@@ -102,6 +102,11 @@ static sgx_errlist_t sgx_errlist[] = {
"Can't open enclave file.",
NULL
},
+ {
+ SGX_ERROR_MEMORY_MAP_FAILURE,
+ "Failed to reserve memory for the enclave.",
+ NULL
+ },
};
/* Check error conditions for loading enclave */
diff --git a/SampleCode/Cxx11SGXDemo/App/App.cpp b/SampleCode/Cxx11SGXDemo/App/App.cpp
index cc92865..f44b435 100644
--- a/SampleCode/Cxx11SGXDemo/App/App.cpp
+++ b/SampleCode/Cxx11SGXDemo/App/App.cpp
@@ -132,6 +132,11 @@ static sgx_errlist_t sgx_errlist[] = {
"The enclave is signed as product enclave, and can not be created as debuggable enclave.",
NULL
},
+ {
+ SGX_ERROR_MEMORY_MAP_FAILURE,
+ "Failed to reserve memory for the enclave.",
+ NULL
+ },
};
/* Check error conditions for loading enclave */
diff --git a/SampleCode/Cxx14SGXDemo/App/App.cpp b/SampleCode/Cxx14SGXDemo/App/App.cpp
index 62a8dde..59cdfbe 100644
--- a/SampleCode/Cxx14SGXDemo/App/App.cpp
+++ b/SampleCode/Cxx14SGXDemo/App/App.cpp
@@ -132,6 +132,11 @@ static sgx_errlist_t sgx_errlist[] = {
"The enclave is signed as product enclave, and can not be created as debuggable enclave.",
NULL
},
+ {
+ SGX_ERROR_MEMORY_MAP_FAILURE,
+ "Failed to reserve memory for the enclave.",
+ NULL
+ },
};
/* Check error conditions for loading enclave */
diff --git a/SampleCode/PowerTransition/App/ErrorSupport.cpp b/SampleCode/PowerTransition/App/ErrorSupport.cpp
index 4142ab0..9fdf0ce 100644
--- a/SampleCode/PowerTransition/App/ErrorSupport.cpp
+++ b/SampleCode/PowerTransition/App/ErrorSupport.cpp
@@ -51,6 +51,7 @@ static sgx_errlist_t sgx_errlist[] = {
{SGX_ERROR_OUT_OF_EPC, "Out of EPC memory."},
{SGX_ERROR_NO_DEVICE, "Invalid SGX device."},
{SGX_ERROR_MEMORY_MAP_CONFLICT, "Memory map conflicted."},
+ {SGX_ERROR_MEMORY_MAP_FAILURE, "Failed to reserve memory for the enclave."},
{SGX_ERROR_INVALID_METADATA, "Invalid encalve metadata."},
{SGX_ERROR_DEVICE_BUSY, "SGX device is busy."},
{SGX_ERROR_INVALID_VERSION, "Enclave metadata version is invalid."},
diff --git a/SampleCode/ProtobufSGXDemo/App/App.cpp b/SampleCode/ProtobufSGXDemo/App/App.cpp
index 58b74b4..ae7f2f3 100644
--- a/SampleCode/ProtobufSGXDemo/App/App.cpp
+++ b/SampleCode/ProtobufSGXDemo/App/App.cpp
@@ -132,6 +132,11 @@ static sgx_errlist_t sgx_errlist[] = {
"The enclave is signed as product enclave, and can not be created as debuggable enclave.",
NULL
},
+ {
+ SGX_ERROR_MEMORY_MAP_FAILURE,
+ "Failed to reserve memory for the enclave.",
+ NULL
+ },
};
/* Check error conditions for loading enclave */
diff --git a/SampleCode/SampleDNNL/App/App.cpp b/SampleCode/SampleDNNL/App/App.cpp
index 41c6752..cfb4f15 100644
--- a/SampleCode/SampleDNNL/App/App.cpp
+++ b/SampleCode/SampleDNNL/App/App.cpp
@@ -134,6 +134,11 @@ static sgx_errlist_t sgx_errlist[] = {
"Can't open enclave file.",
NULL
},
+ {
+ SGX_ERROR_MEMORY_MAP_FAILURE,
+ "Failed to reserve memory for the enclave.",
+ NULL
+ },
};
/* Check error conditions for loading enclave */
diff --git a/SampleCode/SampleEnclave/App/App.cpp b/SampleCode/SampleEnclave/App/App.cpp
index 6ac49c8..8aa10da 100644
--- a/SampleCode/SampleEnclave/App/App.cpp
+++ b/SampleCode/SampleEnclave/App/App.cpp
@@ -128,6 +128,11 @@ static sgx_errlist_t sgx_errlist[] = {
"Can't open enclave file.",
NULL
},
+ {
+ SGX_ERROR_MEMORY_MAP_FAILURE,
+ "Failed to reserve memory for the enclave.",
+ NULL
+ },
};
/* Check error conditions for loading enclave */
diff --git a/SampleCode/SampleEnclaveGMIPP/App/App.cpp b/SampleCode/SampleEnclaveGMIPP/App/App.cpp
index 9e951ae..8b2123c 100644
--- a/SampleCode/SampleEnclaveGMIPP/App/App.cpp
+++ b/SampleCode/SampleEnclaveGMIPP/App/App.cpp
@@ -129,6 +129,11 @@ static sgx_errlist_t sgx_errlist[] = {
"Can't open enclave file.",
NULL
},
+ {
+ SGX_ERROR_MEMORY_MAP_FAILURE,
+ "Failed to reserve memory for the enclave.",
+ NULL
+ },
};
/* Check error conditions for loading enclave */
diff --git a/SampleCode/SampleEnclavePCL/App/App.cpp b/SampleCode/SampleEnclavePCL/App/App.cpp
index 092c68f..42d3c64 100644
--- a/SampleCode/SampleEnclavePCL/App/App.cpp
+++ b/SampleCode/SampleEnclavePCL/App/App.cpp
@@ -158,6 +158,11 @@ static sgx_errlist_t sgx_errlist[] = {
"PCL sealed key GUID mismatch.",
NULL
},
+ {
+ SGX_ERROR_MEMORY_MAP_FAILURE,
+ "Failed to reserve memory for the enclave.",
+ NULL
+ },
};
/* Check error conditions for loading enclave */
diff --git a/SampleCode/SealUnseal/App/ErrorSupport.cpp b/SampleCode/SealUnseal/App/ErrorSupport.cpp
index d890442..8b456a8 100644
--- a/SampleCode/SealUnseal/App/ErrorSupport.cpp
+++ b/SampleCode/SealUnseal/App/ErrorSupport.cpp
@@ -50,6 +50,7 @@ static sgx_errlist_t sgx_errlist[] = {
{SGX_ERROR_OUT_OF_EPC, "Out of EPC memory."},
{SGX_ERROR_NO_DEVICE, "Invalid SGX device."},
{SGX_ERROR_MEMORY_MAP_CONFLICT, "Memory map conflicted."},
+ {SGX_ERROR_MEMORY_MAP_FAILURE, "Failed to reserve memory for the enclave."},
{SGX_ERROR_INVALID_METADATA, "Invalid encalve metadata."},
{SGX_ERROR_DEVICE_BUSY, "SGX device is busy."},
{SGX_ERROR_INVALID_VERSION, "Enclave metadata version is invalid."},
diff --git a/SampleCode/Switchless/App/App.cpp b/SampleCode/Switchless/App/App.cpp
index e86b49b..4f05c19 100644
--- a/SampleCode/Switchless/App/App.cpp
+++ b/SampleCode/Switchless/App/App.cpp
@@ -132,6 +132,11 @@ static sgx_errlist_t sgx_errlist[] = {
"Can't open enclave file.",
NULL
},
+ {
+ SGX_ERROR_MEMORY_MAP_FAILURE,
+ "Failed to reserve memory for the enclave.",
+ NULL
+ },
};
/* Check error conditions for loading enclave */
diff --git a/common/inc/sgx_error.h b/common/inc/sgx_error.h
index 1a410ca..d38ec05 100644
--- a/common/inc/sgx_error.h
+++ b/common/inc/sgx_error.h
@@ -61,7 +61,7 @@ typedef enum _status_t
SGX_ERROR_NDEBUG_ENCLAVE = SGX_MK_ERROR(0x2004), /* The enclave is signed as product enclave, and can not be created as debuggable enclave. */
SGX_ERROR_OUT_OF_EPC = SGX_MK_ERROR(0x2005), /* Not enough EPC is available to load the enclave */
SGX_ERROR_NO_DEVICE = SGX_MK_ERROR(0x2006), /* Can't open SGX device */
- SGX_ERROR_MEMORY_MAP_CONFLICT= SGX_MK_ERROR(0x2007), /* Page mapping failed in driver */
+ SGX_ERROR_MEMORY_MAP_CONFLICT= SGX_MK_ERROR(0x2007), /* Page mapping failed in driver. Deprecated*/
SGX_ERROR_INVALID_METADATA = SGX_MK_ERROR(0x2009), /* The metadata is incorrect. */
SGX_ERROR_DEVICE_BUSY = SGX_MK_ERROR(0x200c), /* Device is busy, mostly EINIT failed. */
SGX_ERROR_INVALID_VERSION = SGX_MK_ERROR(0x200d), /* Metadata version is inconsistent between uRTS and sgx_sign or uRTS is incompatible with current platform. */
diff --git a/psw/ae/aesm_service/source/oal/linux/internal_log.cpp b/psw/ae/aesm_service/source/oal/linux/internal_log.cpp
index f10c3de..c2be8fb 100644
--- a/psw/ae/aesm_service/source/oal/linux/internal_log.cpp
+++ b/psw/ae/aesm_service/source/oal/linux/internal_log.cpp
@@ -468,6 +468,7 @@ static const char *get_sgx_status_t_string(sgx_status_t status)
CASE_ENUM_RET_STRING(SGX_ERROR_OUT_OF_EPC)
CASE_ENUM_RET_STRING(SGX_ERROR_NO_DEVICE)
CASE_ENUM_RET_STRING(SGX_ERROR_MEMORY_MAP_CONFLICT)
+ CASE_ENUM_RET_STRING(SGX_ERROR_MEMORY_MAP_FAILURE)
CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_METADATA)
CASE_ENUM_RET_STRING(SGX_ERROR_DEVICE_BUSY)
CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_VERSION)
diff --git a/psw/urts/loader.cpp b/psw/urts/loader.cpp
index bd98a3c..7ad8a69 100644
--- a/psw/urts/loader.cpp
+++ b/psw/urts/loader.cpp
@@ -907,7 +907,7 @@ int CLoader::load_enclave(SGXLaunchToken *lc, int debug, const metadata_t *metad
int CLoader::load_enclave_ex(SGXLaunchToken *lc, bool debug, const metadata_t *metadata, sgx_config_id_t *config_id, sgx_config_svn_t config_svn, le_prd_css_file_t *prd_css_file, sgx_misc_attribute_t *misc_attr)
{
- unsigned int ret = SGX_SUCCESS, map_conflict_count = 3;
+ unsigned int ret = SGX_SUCCESS, map_retry_count = 3;
bool retry = true;
while (retry)
@@ -919,12 +919,13 @@ int CLoader::load_enclave_ex(SGXLaunchToken *lc, bool debug, const metadata_t *m
case SGX_ERROR_ENCLAVE_LOST: //caused by loading enclave while power transition occurs
break;
- //If memroy map conflict occurs, we only retry 3 times.
+ //If memroy map fail or conflict occurs, we only retry 3 times.
+ case SGX_ERROR_MEMORY_MAP_FAILURE:
case SGX_ERROR_MEMORY_MAP_CONFLICT:
- if(0 == map_conflict_count)
+ if(0 == map_retry_count)
retry = false;
else
- map_conflict_count--;
+ map_retry_count--;
break;
//We don't re-load enclave due to other error code.
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink