Linux/tools/testing/selftests/sgx/load.c

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright(c) 2016-20 Intel Corporation. */ 3 4 #include <assert.h> 5 #include <elf.h> 6 #include <errno.h> 7 #include <fcntl.h> 8 #include <stdbool.h> 9 #include <stdio.h> 10 #include <stdint.h> 11 #include <stdlib.h> 12 #include <string.h> 13 #include <unistd.h> 14 #include <sys/ioctl.h> 15 #include <sys/mman.h> 16 #include <sys/stat.h> 17 #include <sys/time.h> 18 #include <sys/types.h> 19 #include "defines.h" 20 #include "main.h" 21 22 void encl_delete(struct encl *encl) 23 { 24 struct encl_segment *heap_seg; 25 26 if (encl->encl_base) 27 munmap((void *)encl->encl_base, encl->encl_size); 28 29 if (encl->bin) 30 munmap(encl->bin, encl->bin_size); 31 32 if (encl->fd) 33 close(encl->fd); 34 35 if (encl->segment_tbl) { 36 heap_seg = &encl->segment_tbl[encl->nr_segments - 1]; 37 munmap(heap_seg->src, heap_seg->size); 38 free(encl->segment_tbl); 39 } 40 41 memset(encl, 0, sizeof(*encl)); 42 } 43 44 static bool encl_map_bin(const char *path, struct encl *encl) 45 { 46 struct stat sb; 47 void *bin; 48 int ret; 49 int fd; 50 51 fd = open(path, O_RDONLY); 52 if (fd == -1) { 53 perror("enclave executable open()"); 54 return false; 55 } 56 57 ret = stat(path, &sb); 58 if (ret) { 59 perror("enclave executable stat()"); 60 goto err; 61 } 62 63 bin = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); 64 if (bin == MAP_FAILED) { 65 perror("enclave executable mmap()"); 66 goto err; 67 } 68 69 encl->bin = bin; 70 encl->bin_size = sb.st_size; 71 72 close(fd); 73 return true; 74 75 err: 76 close(fd); 77 return false; 78 } 79 80 static bool encl_ioc_create(struct encl *encl) 81 { 82 struct sgx_secs *secs = &encl->secs; 83 struct sgx_enclave_create ioc; 84 int rc; 85 86 assert(encl->encl_base != 0); 87 88 memset(secs, 0, sizeof(*secs)); 89 secs->ssa_frame_size = 1; 90 secs->attributes = SGX_ATTR_MODE64BIT; 91 secs->xfrm = 3; 92 secs->base = encl->encl_base; 93 secs->size = encl->encl_size; 94 95 ioc.src = (unsigned long)secs; 96 rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_CREATE, &ioc); 97 if (rc) { 98 perror("SGX_IOC_ENCLAVE_CREATE failed"); 99 munmap((void *)secs->base, encl->encl_size); 100 return false; 101 } 102 103 return true; 104 } 105 106 static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg) 107 { 108 struct sgx_enclave_add_pages ioc; 109 struct sgx_secinfo secinfo; 110 int rc; 111 112 memset(&secinfo, 0, sizeof(secinfo)); 113 secinfo.flags = seg->flags; 114 115 ioc.src = (uint64_t)seg->src; 116 ioc.offset = seg->offset; 117 ioc.length = seg->size; 118 ioc.secinfo = (unsigned long)&secinfo; 119 if (seg->measure) 120 ioc.flags = SGX_PAGE_MEASURE; 121 else 122 ioc.flags = 0; 123 124 rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc); 125 if (rc < 0) { 126 perror("SGX_IOC_ENCLAVE_ADD_PAGES failed"); 127 return false; 128 } 129 130 return true; 131 } 132 133 /* 134 * Parse the enclave code's symbol table to locate and return address of 135 * the provided symbol 136 */ 137 uint64_t encl_get_entry(struct encl *encl, const char *symbol) 138 { 139 Elf64_Sym *symtab = NULL; 140 char *sym_names = NULL; 141 Elf64_Shdr *sections; 142 Elf64_Ehdr *ehdr; 143 int num_sym = 0; 144 int i; 145 146 ehdr = encl->bin; 147 sections = encl->bin + ehdr->e_shoff; 148 149 for (i = 0; i < ehdr->e_shnum; i++) { 150 if (sections[i].sh_type == SHT_SYMTAB) { 151 symtab = (Elf64_Sym *)((char *)encl->bin + sections[i].sh_offset); 152 num_sym = sections[i].sh_size / sections[i].sh_entsize; 153 break; 154 } 155 } 156 157 for (i = 0; i < ehdr->e_shnum; i++) { 158 if (sections[i].sh_type == SHT_STRTAB) { 159 sym_names = (char *)encl->bin + sections[i].sh_offset; 160 break; 161 } 162 } 163 164 if (!symtab || !sym_names) 165 return 0; 166 167 for (i = 0; i < num_sym; i++) { 168 Elf64_Sym *sym = &symtab[i]; 169 170 if (!strcmp(symbol, sym_names + sym->st_name)) 171 return (uint64_t)sym->st_value; 172 } 173 174 return 0; 175 } 176 177 bool encl_load(const char *path, struct encl *encl, unsigned long heap_size) 178 { 179 const char device_path[] = "/dev/sgx_enclave"; 180 struct encl_segment *seg; 181 Elf64_Phdr *phdr_tbl; 182 off_t src_offset; 183 Elf64_Ehdr *ehdr; 184 struct stat sb; 185 void *ptr; 186 int i, j; 187 int ret; 188 int fd = -1; 189 190 memset(encl, 0, sizeof(*encl)); 191 192 fd = open(device_path, O_RDWR); 193 if (fd < 0) { 194 perror("Unable to open /dev/sgx_enclave"); 195 goto err; 196 } 197 198 ret = stat(device_path, &sb); 199 if (ret) { 200 perror("device file stat()"); 201 goto err; 202 } 203 204 ptr = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_SHARED, fd, 0); 205 if (ptr == (void *)-1) { 206 perror("mmap for read"); 207 goto err; 208 } 209 munmap(ptr, PAGE_SIZE); 210 211 #define ERR_MSG \ 212 "mmap() succeeded for PROT_READ, but failed for PROT_EXEC.\n" \ 213 " Check that /dev does not have noexec set:\n" \ 214 " \tmount | grep \"/dev .*noexec\"\n" \ 215 " If so, remount it executable: mount -o remount,exec /dev\n\n" 216 217 ptr = mmap(NULL, PAGE_SIZE, PROT_EXEC, MAP_SHARED, fd, 0); 218 if (ptr == (void *)-1) { 219 fprintf(stderr, ERR_MSG); 220 goto err; 221 } 222 munmap(ptr, PAGE_SIZE); 223 224 encl->fd = fd; 225 226 if (!encl_map_bin(path, encl)) 227 goto err; 228 229 ehdr = encl->bin; 230 phdr_tbl = encl->bin + ehdr->e_phoff; 231 232 encl->nr_segments = 1; /* one for the heap */ 233 234 for (i = 0; i < ehdr->e_phnum; i++) { 235 Elf64_Phdr *phdr = &phdr_tbl[i]; 236 237 if (phdr->p_type == PT_LOAD) 238 encl->nr_segments++; 239 } 240 241 encl->segment_tbl = calloc(encl->nr_segments, 242 sizeof(struct encl_segment)); 243 if (!encl->segment_tbl) 244 goto err; 245 246 for (i = 0, j = 0; i < ehdr->e_phnum; i++) { 247 Elf64_Phdr *phdr = &phdr_tbl[i]; 248 unsigned int flags = phdr->p_flags; 249 250 if (phdr->p_type != PT_LOAD) 251 continue; 252 253 seg = &encl->segment_tbl[j]; 254 255 if (!!(flags & ~(PF_R | PF_W | PF_X))) { 256 fprintf(stderr, 257 "%d has invalid segment flags 0x%02x.\n", i, 258 phdr->p_flags); 259 goto err; 260 } 261 262 if (j == 0 && flags != (PF_R | PF_W)) { 263 fprintf(stderr, 264 "TCS has invalid segment flags 0x%02x.\n", 265 phdr->p_flags); 266 goto err; 267 } 268 269 if (j == 0) { 270 src_offset = phdr->p_offset & PAGE_MASK; 271 encl->src = encl->bin + src_offset; 272 273 seg->prot = PROT_READ | PROT_WRITE; 274 seg->flags = SGX_PAGE_TYPE_TCS << 8; 275 } else { 276 seg->prot = (phdr->p_flags & PF_R) ? PROT_READ : 0; 277 seg->prot |= (phdr->p_flags & PF_W) ? PROT_WRITE : 0; 278 seg->prot |= (phdr->p_flags & PF_X) ? PROT_EXEC : 0; 279 seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot; 280 } 281 282 seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset; 283 seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK; 284 seg->src = encl->src + seg->offset; 285 seg->measure = true; 286 287 j++; 288 } 289 290 assert(j == encl->nr_segments - 1); 291 292 seg = &encl->segment_tbl[j]; 293 seg->offset = encl->segment_tbl[j - 1].offset + encl->segment_tbl[j - 1].size; 294 seg->size = heap_size; 295 seg->src = mmap(NULL, heap_size, PROT_READ | PROT_WRITE, 296 MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); 297 seg->prot = PROT_READ | PROT_WRITE; 298 seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot; 299 seg->measure = false; 300 301 if (seg->src == MAP_FAILED) 302 goto err; 303 304 encl->src_size = encl->segment_tbl[j].offset + encl->segment_tbl[j].size; 305 306 for (encl->encl_size = 4096; encl->encl_size < encl->src_size; ) 307 encl->encl_size <<= 1; 308 309 return true; 310 311 err: 312 if (fd != -1) 313 close(fd); 314 encl_delete(encl); 315 return false; 316 } 317 318 static bool encl_map_area(struct encl *encl) 319 { 320 size_t encl_size = encl->encl_size; 321 void *area; 322 323 area = mmap(NULL, encl_size * 2, PROT_NONE, 324 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 325 if (area == MAP_FAILED) { 326 perror("reservation mmap()"); 327 return false; 328 } 329 330 encl->encl_base = ((uint64_t)area + encl_size - 1) & ~(encl_size - 1); 331 332 munmap(area, encl->encl_base - (uint64_t)area); 333 munmap((void *)(encl->encl_base + encl_size), 334 (uint64_t)area + encl_size - encl->encl_base); 335 336 return true; 337 } 338 339 bool encl_build(struct encl *encl) 340 { 341 struct sgx_enclave_init ioc; 342 int ret; 343 int i; 344 345 if (!encl_map_area(encl)) 346 return false; 347 348 if (!encl_ioc_create(encl)) 349 return false; 350 351 /* 352 * Pages must be added before mapping VMAs because their permissions 353 * cap the VMA permissions. 354 */ 355 for (i = 0; i < encl->nr_segments; i++) { 356 struct encl_segment *seg = &encl->segment_tbl[i]; 357 358 if (!encl_ioc_add_pages(encl, seg)) 359 return false; 360 } 361 362 ioc.sigstruct = (uint64_t)&encl->sigstruct; 363 ret = ioctl(encl->fd, SGX_IOC_ENCLAVE_INIT, &ioc); 364 if (ret) { 365 perror("SGX_IOC_ENCLAVE_INIT failed"); 366 return false; 367 } 368 369 return true; 370 } 371

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/tools/testing/selftests/sgx/load.c

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/sgx/load.c