libsgxstep: Improve TCS and SSA parsing.

See also #47 and #55
jovanbulck · Oct 18, 2022 · f36e29a · f36e29a
1 parent e6a8a95
commit f36e29a
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 26 deletions.
diff --git a/libsgxstep/aep_trampoline.S b/libsgxstep/aep_trampoline.S
@@ -47,7 +47,13 @@
     .global sgx_step_aep_trampoline
     .type sgx_step_aep_trampoline, @function
 sgx_step_aep_trampoline:
-    mov %xbx, sgx_step_tcs(%rip)
+    /*
+     * Save TCS address thread-local on the stack
+     * NOTE: maintain 16-byte stack alignment (ABI calling convention)
+     */
+    push %xbx
+    mov %rsp, %rbp
+    and $~0xf, %rsp
 
     /* optional C function callback */
     lea sgx_step_aep_cb(%rip), %xax
@@ -58,7 +64,11 @@ sgx_step_aep_trampoline:
 
 .Leresume:
     incl sgx_step_eresume_cnt(%rip)
-    mov sgx_step_tcs(%rip), %xbx              /* TCS address */
+
+    /* restore stack and TCS address */
+    mov %rbp, %rsp
+    pop %xbx
+
     lea sgx_step_aep_trampoline(%rip), %xcx   /* AEP address */
 
     prefetch nemesis_tsc_eresume(%rip)
@@ -68,4 +78,7 @@ sgx_step_aep_trampoline:
     mov %eax, nemesis_tsc_eresume(%rip)
 
     mov $3, %xax                        /* ERESUME leaf */
+
+.global sgx_step_aep_eresume
+sgx_step_aep_eresume:
     .byte 0x0f, 0x01, 0xd7              /* ENCLU */
diff --git a/libsgxstep/config.h b/libsgxstep/config.h
@@ -21,7 +21,8 @@
 #ifndef SGX_STEP_CONFIG
 #define SGX_STEP_CONFIG
 
-#define DEBUG                       0
+// TODO add coarser-grained logging levels
+#define LIBSGXSTEP_DEBUG            1
 
 #define PSTATE_PCT                  100
 #define SINGLE_STEP_ENABLE          1

diff --git a/libsgxstep/debug.h b/libsgxstep/debug.h
@@ -52,7 +52,7 @@ extern int sgx_step_rv;
         fflush(stdout);                                                 \
     } while(0)
 
-#if DEBUG
+#if LIBSGXSTEP_DEBUG
     #define debug(msg, ...)     info("DEBUG: " msg, ##__VA_ARGS__)
 #else
     #define debug(msg, ...)

diff --git a/libsgxstep/enclave.c b/libsgxstep/enclave.c
@@ -36,7 +36,6 @@ void* sgx_get_tcs(void);
 /* See aep_trampoline.S to see how these are used. */
 extern void sgx_step_aep_trampoline(void);
 aep_cb_t sgx_step_aep_cb = NULL;
-uint64_t sgx_step_tcs    = 0x0;
 uint32_t nemesis_tsc_eresume = 0x0;
 int sgx_step_eresume_cnt = 0;
 
@@ -70,7 +69,7 @@ void register_enclave_info(void)
      *        - only supports a single enclave that is expected to be
      *          contiguously mapped in the address space
      */
-    #if DEBUG
+    #if LIBSGXSTEP_DEBUG
         debug("cat /proc/self/maps");
         char command[256];
         sprintf(command, "cat /proc/%d/maps", getpid());
@@ -166,38 +165,34 @@ int edbgrdwr(void *adrs, void* res, int len, int write)
     else
         rv = pwrite(fd_self_mem, res, len, (off_t) adrs);
 
+    debug("edbg%s at %p; len=%d; rv=%d", write ? "wr" : "rd", adrs, len, rv);
+    #if LIBSGXSTEP_DEBUG
+        printf("\tbuf = ");
+        dump_hex(res, rv);
+    #endif
+
+    //ASSERT(rv >= 0);
     return rv;
 }
 
-uint64_t edbgrd_ssa(int ssa_field_offset)
+uint64_t edbgrd_ssa_gprsgx(int gprsgx_field_offset)
 {
-    /* NOTE: we cache ossa here to avoid 2 EDBGRD IOCTL calls every time.. */
-    static uint64_t ossa = 0x0;
     uint64_t ret;
-    void *ssa_field_addr, *tcs_addr = sgx_get_tcs();
-
-    //if (!ossa)
-    {
-        edbgrd(tcs_addr + SGX_TCS_OSSA_OFFSET, &ossa, 8);
-    }
-    ssa_field_addr = get_enclave_base() + ossa + SGX_SSAFRAMESIZE
-                     - SGX_GPRSGX_SIZE + ssa_field_offset;
+    void *ssa_field_addr = get_enclave_ssa_gprsgx_adrs() + gprsgx_field_offset;
     edbgrd(ssa_field_addr, &ret, 8);
 
     return ret;
 }
 
 void* get_enclave_ssa_gprsgx_adrs(void)
 {
-    /* NOTE: we cache ossa here to avoid 2 EDBGRD IOCTL calls every time.. */
-    static uint64_t ossa = 0x0;
+    uint64_t ossa = 0x0;
+    uint32_t cssa = 0x0;
     void *tcs_addr = sgx_get_tcs();
-    if (!ossa)
-    {
-        edbgrd(tcs_addr + SGX_TCS_OSSA_OFFSET, &ossa, 8);
-    }
+    edbgrd(tcs_addr + SGX_TCS_OSSA_OFFSET, &ossa, sizeof(ossa));
+    edbgrd(tcs_addr + SGX_TCS_CSSA_OFFSET, &cssa, sizeof(cssa));
 
-    return get_enclave_base() + ossa + SGX_SSAFRAMESIZE - SGX_GPRSGX_SIZE;
+    return get_enclave_base() + ossa + (cssa * SGX_SSAFRAMESIZE) - SGX_GPRSGX_SIZE;
 }
 
 void print_enclave_info(void)

diff --git a/libsgxstep/enclave.h b/libsgxstep/enclave.h
@@ -52,12 +52,16 @@ int edbgrdwr(void *adrs, void* res, int len, int write);
 
 /* NOTE: incorrect GPRSGX size in Intel manual vol. 3D June 2016 p.38-7 */
 #define SGX_TCS_OSSA_OFFSET         16
+#define SGX_TCS_CSSA_OFFSET         24
 #define SGX_GPRSGX_SIZE             184
 #define SGX_GPRSGX_RIP_OFFSET       136
 
 /* HACK: to avoid having to retrieve the SSA framesize from the untrusted
    runtime (driver), we assume a standard/hard-coded SSA framesize of 1 page */
 #define SGX_SSAFRAMESIZE            4096
+//TODO determine this at runtime..
+// SSA framesize for Gramine seems to be as follows
+// #define SGX_SSAFRAMESIZE            16384
 
 struct gprsgx_region {
     uint64_t rax;
@@ -99,8 +103,8 @@ typedef union {
 void* get_enclave_ssa_gprsgx_adrs(void);
 void dump_gprsgx_region(gprsgx_region_t *gprsgx_region);
 
-uint64_t edbgrd_ssa(int ssa_field_offset);
-#define edbgrd_erip() edbgrd_ssa(SGX_GPRSGX_RIP_OFFSET)
+uint64_t edbgrd_ssa_gprsgx(int gprsgx_field_offset);
+#define edbgrd_erip() edbgrd_ssa_gprsgx(SGX_GPRSGX_RIP_OFFSET)
 
 #endif
 #endif