Merge #399

399: Fix sgx_enclave_common loader & cleanup r=raoulstrackx a=jethrogb



Co-authored-by: Jethro Beekman <[email protected]>

intel-sgx/sgxs-loaders/Cargo.toml

@@ -31,7 +31,6 @@ no_sgx_enclave_common = []
 # External dependencies
 bitflags = "1"           # MIT/Apache-2.0
 nix = "0.15"             # MIT
-libc = "0.2"             # MIT/Apache-2.0
 failure = "0.1.1"        # MIT/Apache-2.0
 failure_derive = "0.1.1" # MIT/Apache-2.0
 libloading = "0.5"       # ISC

intel-sgx/sgxs-loaders/src/isgx/mod.rs

@@ -6,7 +6,6 @@
 
 mod ioctl;
 
-use libc;
 use std::convert::TryFrom;
 use std::fs::{File, OpenOptions};
 use std::io::{self, Error as IoError, Result as IoResult};
@@ -17,6 +16,7 @@ use std::ptr;
 use std::sync::Arc;
 
 use nix::sys::mman::{mmap, munmap, ProtFlags as Prot, MapFlags as Map};
+use nix::errno::Errno;
 
 use sgx_isa::{Attributes, Einittoken, ErrorCode, Miscselect, Secinfo, Secs, Sigstruct, PageType, SecinfoFlags};
 use sgxs::einittoken::EinittokenProvider;
@@ -309,7 +309,7 @@ impl EnclaveLoad for InnerDevice {
         fn is_enotty(result: &Result<(), Error>) -> bool {
             match result {
                 Err(Error::Init(SgxIoctlError::Io(ref err))) => {
-                    err.raw_os_error() == Some(libc::ENOTTY)
+                    err.raw_os_error() == Some(Errno::ENOTTY as _)
                 }
                 _ => false,
             }
@@ -351,7 +351,7 @@ impl EnclaveLoad for InnerDevice {
                     )
                 },
                 Augusta => {
-                    Err(Error::Init(SgxIoctlError::Io(IoError::from_raw_os_error(libc::ENOTTY))))
+                    Err(Error::Init(SgxIoctlError::Io(Errno::ENOTTY.into())))
                 }
             }
         }
@@ -382,7 +382,7 @@ impl EnclaveLoad for InnerDevice {
     }
 
     fn destroy(mapping: &mut Mapping<Self>) {
-        unsafe { libc::munmap(mapping.base as usize as *mut _, mapping.size as usize) };
+        unsafe { let _ = munmap(mapping.base as usize as *mut _, mapping.size as usize); }
     }
 }
 
@@ -450,7 +450,7 @@ impl Device {
         for &(path, family) in DEFAULT_DEVICE_PATHS {
             match Self::open(path, family) {
                 Err(ref e) if e.kind() == io::ErrorKind::NotFound => continue,
-                Err(ref e) if e.raw_os_error() == Some(libc::ENOTDIR as _) => continue,
+                Err(ref e) if e.raw_os_error() == Some(Errno::ENOTDIR as _) => continue,
                 result => return result,
             }
         }

intel-sgx/sgxs-loaders/src/sgx_enclave_common/defs.rs

@@ -56,6 +56,9 @@ pub const LIBRARY: &str = "libsgx_enclave_common.so.1";
 #[cfg(windows)]
 pub const LIBRARY: &str = "sgx_enclave_common.dll";
 
+#[repr(align(4096))]
+pub struct Align4096<T>(pub T);
+
 pub const SYM_ENCLAVE_CREATE: &[u8] = b"enclave_create\0";
 pub type EnclaveCreateFn = unsafe extern "C" fn(
     base_address: *mut c_void,
@@ -71,7 +74,7 @@ pub const SYM_ENCLAVE_LOAD_DATA: &[u8] = b"enclave_load_data\0";
 pub type EnclaveLoadDataFn = unsafe extern "C" fn(
     target_address: *mut c_void,
     target_size: usize,
-    source_buffer: *const u8,
+    source_buffer: *const Align4096<[u8; 4096]>,
     data_properties: PageProperties,
     enclave_error: Option<&mut u32>,
 ) -> usize;

intel-sgx/sgxs-loaders/src/sgx_enclave_common/mod.rs

@@ -11,8 +11,6 @@ use std::io::{Result as IoResult, Error as IoError};
 use std::os::raw::c_void;
 use std::sync::Arc;
 use std::{fmt, mem, ptr};
-#[cfg(unix)]
-use libc;
 
 use sgx_isa::{Attributes, Einittoken, Miscselect, PageType, SecinfoFlags, Secs, Sigstruct};
 use sgxs::einittoken::EinittokenProvider;
@@ -175,6 +173,7 @@ impl EnclaveLoad for InnerLibrary {
         page: (MeasEAdd, PageChunks, [u8; 4096]),
     ) -> Result<(), Self::Error> {
         let (eadd, chunks, data) = page;
+        let data = Align4096(data);
 
         let mut flags = PageProperties::empty();
         if eadd
@@ -209,7 +208,7 @@ impl EnclaveLoad for InnerLibrary {
             if (mapping.device.enclave_load_data)(
                 (mapping.base + eadd.offset) as _,
                 0x1000,
-                data.as_ptr(),
+                &data,
                 flags,
                 Some(&mut error),
             ) != 0x1000
@@ -254,17 +253,6 @@ impl EnclaveLoad for InnerLibrary {
                 return Err(Error::Init(error.into()));
             }
 
-            #[cfg(unix)]
-            {
-                if libc::mprotect(
-                    mapping.base as _,
-                    mapping.size as _,
-                    libc::PROT_READ | libc::PROT_WRITE | libc::PROT_EXEC,
-                ) == -1 {
-                    return Err(Error::Init(LibraryError::PageTableFailure(IoError::last_os_error())));
-                }
-            }
-
             Ok(())
         }
     }