Linux 2.1.2 Open Source Gold Release

Signed-off-by: Li, Xun <xun.li@intel.com>
intel · Mar 16, 2018 · ce032b0 · ce032b0
1 parent 7ce7e24
commit ce032b0
Show file tree

Hide file tree

Showing 45 changed files with 741 additions and 381 deletions.
diff --git a/SampleCode/SampleEnclave/App/Edger8rSyntax/Pointers.cpp b/SampleCode/SampleEnclave/App/Edger8rSyntax/Pointers.cpp
@@ -104,14 +104,6 @@ void edger8r_pointer_attributes(void)
     for (int i = 0; i < 10; i++)
         assert(arr[i] == (9 - i));
 
-    memset(arr, 0x0, sizeof(arr));
-    ret = ecall_pointer_sizefunc(global_eid, (char *)arr);
-    if (ret != SGX_SUCCESS)
-        abort();
-
-    for (int i = 0; i < 10; i++)
-        assert(arr[i] == i);
-
     return;
 }
 

diff --git a/SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Pointers.cpp b/SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Pointers.cpp
@@ -36,6 +36,7 @@
 #include <string.h>
 
 #include "sgx_trts.h"
+#include "sgx_lfence.h"
 #include "../Enclave.h"
 #include "Enclave_t.h"
 
@@ -70,7 +71,7 @@ size_t ecall_pointer_user_check(void *val, size_t sz)
         abort();
 
     /*fence after sgx_is_outside_enclave check*/
-    __builtin_ia32_lfence();
+    sgx_lfence();
 
     char tmp[100] = {0};
     size_t len = sz>100?100:sz;
@@ -198,23 +199,3 @@ void ecall_pointer_isptr_readonly(buffer_t buf, size_t len)
     strncpy((char*)buf, "0987654321", len);
 }
 
-/* get_buffer_len:
- *   get the length of input buffer 'buf'.
- */
-size_t get_buffer_len(const char* buf)
-{
-    (void)buf;
-    return 10*sizeof(int);
-}
-
-/* ecall_pointer_sizefunc:
- *   call get_buffer_len to determin the length of 'buf'.
- */
-void ecall_pointer_sizefunc(char *buf)
-{
-    int *tmp = (int*)buf;
-    for (int i = 0; i < 10; i++) {
-        assert(tmp[i] == 0);
-        tmp[i] = i;
-    }
-}
diff --git a/SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Pointers.edl b/SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Pointers.edl
@@ -38,7 +38,7 @@ enclave {
      * Following keywords/attributes are supported for pointers in Edger8r: 
      *      in, out, user_check, 
      *      string, wstring,
-     *      const, size, count, sizefunc, isptr, readonly
+     *      const, size, count, isptr, readonly
      */
 
     trusted {
@@ -122,16 +122,6 @@ enclave {
 
         public void ecall_pointer_isptr_readonly([in, isptr, readonly, size=len] buffer_t buf, size_t len);
 
-        /*
-         * [sizefunc]:
-         *      call a function to decide the size/length of the parameter; 
-         * Note:
-         *      User need to define and implement `get_buf_len' as:
-         *      size_t get_buf_len(const char* buf); 
-         */
-
-        public void ecall_pointer_sizefunc([sizefunc = get_buffer_len, in, out] char *buf);
-
     };
 
     /*

diff --git a/common/inc/internal/se_atomic.h b/common/inc/internal/se_atomic.h
@@ -34,6 +34,7 @@
 
 #include <stdint.h>
 
+
 inline uint32_t se_atomic_inc(volatile uint32_t *mem)
 {
     return __sync_add_and_fetch(mem, 1);

diff --git a/common/inc/internal/se_version.h b/common/inc/internal/se_version.h
@@ -28,6 +28,6 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
-#define STRFILEVER      "2.1.101.42529"
+#define STRFILEVER      "2.1.102.43402"
 #define COPYRIGHT      "Copyright (C) 2018 Intel Corporation"
 
diff --git a/common/inc/sgx_lfence.h b/common/inc/sgx_lfence.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef _SGX_LFENCE_H_
+#define _SGX_LFENCE_H_
+
+#define sgx_lfence  __builtin_ia32_lfence
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern void __builtin_ia32_lfence(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !_SGX_LFENCE_H_ */
+
diff --git a/common/inc/sgx_trts.h b/common/inc/sgx_trts.h
@@ -63,6 +63,14 @@ int SGXAPI sgx_is_within_enclave(const void *addr, size_t size);
 int SGXAPI sgx_is_outside_enclave(const void *addr, size_t size);
 
 
+/* sgx_is_enclave_crashed()
+ * Return Value:
+ *      1 - the enclave state is crashed.
+ *      0 - the enclave state is not crashed.
+ */
+int SGXAPI sgx_is_enclave_crashed(void);
+
+
 /* sgx_read_rand()
  * Parameters:
  *      rand - the buffer to receive the random number
@@ -74,13 +82,6 @@ int SGXAPI sgx_is_outside_enclave(const void *addr, size_t size);
 */
 sgx_status_t SGXAPI sgx_read_rand(unsigned char *rand, size_t length_in_bytes);
 
-/* sgx_is_enclave_crashed()
- * Return Value:
- *      1 - The global enclave state is crashed.
- *      0 - The global enclave state is not crashed.
- */
-int SGXAPI sgx_is_enclave_crashed(void);
-
 #ifdef __cplusplus
 }
 #endif

diff --git a/download_prebuilt.sh b/download_prebuilt.sh
@@ -33,13 +33,13 @@
 
 top_dir=`dirname $0`
 out_dir=$top_dir
-optlib_name=optimized_libs-2.1.1.tar
-ae_file_name=prebuilt-ae-2.1.1.tar
-server_url_path=https://download.01.org/intel-sgx/linux-2.1.1/
+optlib_name=optimized_libs-2.1.2.tar
+ae_file_name=prebuilt-ae-2.1.2.tar
+server_url_path=https://download.01.org/intel-sgx/linux-2.1.2/
 server_optlib_url=$server_url_path/$optlib_name
 server_ae_url=$server_url_path/$ae_file_name
 optlib_sha256=239cae39f87934d56c4eb919a4702c6ac82c19957b9a8d56c02b10eb4e27f573
-ae_sha256=f95589a69a8a8767815fe3bccf32bac5c9709022f9f32ae1a726b1da7955200b
+ae_sha256=55ebe53b724d66f045c4c05020610d0fc7771d5dc58aaff270ccaee82b5d0d65
 rm -rf $out_dir/$optlib_name
 wget $server_optlib_url -P $out_dir 
 if [ $? -ne 0 ]; then

diff --git a/linux/installer/common/sdk/BOMs/sdk_base.txt b/linux/installer/common/sdk/BOMs/sdk_base.txt
@@ -7,6 +7,7 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
 <deliverydir>/common/inc/sgx_dh.h	<installdir>/package/include/./sgx_dh.h	0	main	STP
 <deliverydir>/common/inc/sgx_ecp_types.h	<installdir>/package/include/./sgx_ecp_types.h	0	main	STP
 <deliverydir>/common/inc/sgx_edger8r.h	<installdir>/package/include/./sgx_edger8r.h	0	main	STP
+<deliverydir>/common/inc/sgx_lfence.h	<installdir>/package/include/./sgx_lfence.h	0	main	STP
 <deliverydir>/common/inc/sgx_eid.h	<installdir>/package/include/./sgx_eid.h	0	main	STP
 <deliverydir>/common/inc/sgx_error.h	<installdir>/package/include/./sgx_error.h	0	main	STP
 <deliverydir>/common/inc/sgx.h	<installdir>/package/include/./sgx.h	0	main	STP

diff --git a/psw/ae/aesm_service/source/aesm_wrapper/src/AESMQueueManager.cpp b/psw/ae/aesm_service/source/aesm_wrapper/src/AESMQueueManager.cpp
@@ -79,6 +79,9 @@ void AESMQueueManager::enqueue(RequestData* requestData)
                 AESM_LOG_ERROR("Malformed request received (May be forged for attack)");
         }
 
+    }else {
+        delete requestData;
+        AESM_LOG_ERROR("Malformed request received (May be forged for attack)");
     }
 }
 

diff --git a/psw/ae/aesm_service/source/aesm_wrapper/src/CAESMServer.cpp b/psw/ae/aesm_service/source/aesm_wrapper/src/CAESMServer.cpp
@@ -116,15 +116,9 @@ void CAESMServer::doWork()
         std::list<ICommunicationSocket*>::const_iterator it = socketsWithData.begin();
 
         for (;it != socketsWithData.end(); ++it) {
-            try {
-                IAERequest  *request = m_transporter->receiveRequest(*it);  
-                RequestData *requestData = new RequestData(*it, request);   //deleted by the AESMWorkerThread after response is sent
-
-                m_queueManager->enqueue(requestData);
-
-            } catch (SockDisconnectedException& e) {
-                m_selector->removeSocket(*it);
-            }
+            IAERequest  *request = m_transporter->receiveRequest(*it);  
+            RequestData *requestData = new RequestData(*it, request);   //deleted by the AESMWorkerThread after response is sent
+            m_queueManager->enqueue(requestData);
         }
     }
 

diff --git a/psw/ae/aesm_service/source/upse/uecall_bridge.cpp b/psw/ae/aesm_service/source/upse/uecall_bridge.cpp
@@ -295,7 +295,7 @@ ae_error_t tGenM7
         AESM_DBG_INFO("start gen M7 ...");
         // Call to get size required of output buffers
         seStatus = ecall_tGenM7(_enclaveID, &retval, pS1, 
-            (const EPID11_SIG_RL*)pSigRL, pOcspResp, nOcspResp, 
+            (const EPID11_SIG_RL*)pSigRL, sigRL.getSize(), pOcspResp, nOcspResp,
             pVCert, nVCert, (pairing_blob_t*)pPairingBlob,
             nS2, pS2, &nS2);
         BREAK_IF_TRUE( (SGX_ERROR_ENCLAVE_LOST == seStatus), retval, PSE_PR_ENCLAVE_LOST_ERROR);
@@ -346,7 +346,7 @@ ae_error_t tVerifyM8
 
         // Call to get size required of output buffers
         seStatus = ecall_tVerifyM8(_enclaveID, &retval, pS3, nS3,
-            (EPID11_PRIV_RL*)pPrivRL, pPairingBlob, &uNewPairing);
+       (const EPID11_PRIV_RL*)pPrivRL, privRL.getSize(), pPairingBlob, &uNewPairing);
         BREAK_IF_TRUE( (SGX_ERROR_ENCLAVE_LOST == seStatus), retval, PSE_PR_ENCLAVE_LOST_ERROR);
         BREAK_IF_TRUE( (SGX_SUCCESS != seStatus), retval, PSE_PR_ENCLAVE_BRIDGE_ERROR);
 

diff --git a/psw/ae/common/inc/ICommunicationSocket.h b/psw/ae/common/inc/ICommunicationSocket.h
@@ -35,16 +35,13 @@
 #include <stdlib.h>
 #include <stdint.h>
 
-class SockDisconnectedException : public std::exception {
-};
-
 class ICommunicationSocket{
     public:
         virtual ~ICommunicationSocket() {}
 
         //init returns true on successful connection
         virtual bool  init() =0;
-        virtual char* readRaw(ssize_t length) = 0; //throw(SockDisconnectedException) = 0;
+        virtual char* readRaw(ssize_t length) = 0;
         virtual ssize_t  writeRaw(const char* data, ssize_t length) = 0;
         virtual int   getSockDescriptor() = 0;
         virtual bool wasTimeoutDetected() = 0;

diff --git a/psw/ae/common/inc/ITransporter.h b/psw/ae/common/inc/ITransporter.h
@@ -42,8 +42,8 @@ class ITransporter{
         virtual ~ITransporter() {};
 
         virtual uae_oal_status_t transact(IAERequest* request, IAEResponse* response, uint32_t timeout) = 0;
-        virtual IAERequest* receiveRequest(ICommunicationSocket* sock) = 0; //throw(SockDisconnectedException) = 0;
-        virtual uae_oal_status_t sendResponse(IAEResponse* response, ICommunicationSocket* sock) = 0;
+        virtual IAERequest* receiveRequest(ICommunicationSocket* sock) = 0;
+        virtual void sendResponse(IAEResponse* response, ICommunicationSocket* sock) = 0;
 
     protected:
 };

diff --git a/psw/ae/common/inc/NonBlockingUnixCommunicationSocket.h b/psw/ae/common/inc/NonBlockingUnixCommunicationSocket.h
@@ -44,7 +44,7 @@ class NonBlockingUnixCommunicationSocket : public UnixCommunicationSocket
     ~NonBlockingUnixCommunicationSocket();
 
     bool  init();
-    char* readRaw(ssize_t length); //throw(SockDisconnectedException) = 0;
+    char* readRaw(ssize_t length);
     ssize_t  writeRaw(const char* data, ssize_t length);
     int   getSockDescriptor();
     bool wasTimeoutDetected();

diff --git a/psw/ae/common/inc/SocketTransporter.h b/psw/ae/common/inc/SocketTransporter.h
@@ -49,16 +49,16 @@ class SocketTransporter : public ITransporter{
 
         uae_oal_status_t transact(IAERequest* request, IAEResponse* response, uint32_t timeout = 0);
 
-        IAERequest* receiveRequest(ICommunicationSocket* sock);// throw(SockDisconnectedException);
-        uae_oal_status_t sendResponse(IAEResponse* response, ICommunicationSocket* sock);
+        IAERequest* receiveRequest(ICommunicationSocket* sock);
+        void sendResponse(IAEResponse* response, ICommunicationSocket* sock);
 
     protected:
         ISocketFactory*         mSocketFactory;
         ISerializer*            mSerializer;
 
     private:
         uae_oal_status_t sendMessage(AEMessage *message, ICommunicationSocket* sock);
-        AEMessage* receiveMessage(ICommunicationSocket* sock);// throw(SockDisconnectedException);
+        AEMessage* receiveMessage(ICommunicationSocket* sock);
         SocketTransporter& operator=(const SocketTransporter&);
         SocketTransporter(const SocketTransporter&);
 };

diff --git a/psw/ae/common/inc/UnixCommunicationSocket.h b/psw/ae/common/inc/UnixCommunicationSocket.h
@@ -43,7 +43,7 @@ class UnixCommunicationSocket : public ICommunicationSocket{
 
         virtual bool init();
         virtual ssize_t writeRaw(const char* data, ssize_t length);
-        virtual char* readRaw(ssize_t length);// throw(SockDisconnectedException);
+        virtual char* readRaw(ssize_t length);
 
         void disconnect();
         virtual int getSockDescriptor();

diff --git a/psw/ae/common/src/NonBlockingUnixCommunicationSocket.cpp b/psw/ae/common/src/NonBlockingUnixCommunicationSocket.cpp
@@ -229,17 +229,22 @@ char* NonBlockingUnixCommunicationSocket::readRaw(ssize_t length)
         memset((char*)mEvents, 0, MAX_EVENTS * sizeof(struct epoll_event));
 
     }while (total_read < length);
-
-    event.data.fd = mSocket;
-    event.events = EPOLLET;
-    registerSocket = epoll_ctl (mEpoll, EPOLL_CTL_MOD, mSocket, &event);
-    if (registerSocket != 0)
+    if(mSocket!=-1)
     {
-        disconnect();
+        event.data.fd = mSocket;
+        event.events = EPOLLET;
+        registerSocket = epoll_ctl (mEpoll, EPOLL_CTL_MOD, mSocket, &event);
+        if (registerSocket != 0)
+        {
+            disconnect();
 
-        if (NULL != recBuf)
-            delete [] recBuf;
-        return NULL;
+            if (NULL != recBuf)
+                delete [] recBuf;
+            return NULL;
+        }
+    }else
+    {
+    // disconnected, recBuf is set NULL when disconnect() is called.
     }
 
     return recBuf;
@@ -407,11 +412,16 @@ ssize_t  NonBlockingUnixCommunicationSocket::writeRaw(const char* data, ssize_t
     }
     while(total_write < length);
 
-    event.data.fd = mSocket;
-    event.events = EPOLLET;
-    registerSocket = epoll_ctl (mEpoll, EPOLL_CTL_MOD, mSocket, &event);
-    if (registerSocket != 0)
-    {
+    if(mSocket!=-1){
+        event.data.fd = mSocket;
+        event.events = EPOLLET;
+        registerSocket = epoll_ctl (mEpoll, EPOLL_CTL_MOD, mSocket, &event);
+        if (registerSocket != 0)
+        {
+            return -1;
+        }
+    }else
+    {//disconneded due to error.
         return -1;
     }
 

diff --git a/psw/ae/common/src/SocketTransporter.cpp b/psw/ae/common/src/SocketTransporter.cpp
@@ -137,9 +137,14 @@ IAERequest* SocketTransporter::receiveRequest(ICommunicationSocket* sock) {
     return request;
 }
 
-uae_oal_status_t SocketTransporter::sendResponse(IAEResponse* response, ICommunicationSocket* sock) {
+void SocketTransporter::sendResponse(IAEResponse* response, ICommunicationSocket* sock) {
+    if (response == NULL)
+        return;
     AEMessage * message = response->serialize();
-    uae_oal_status_t retVal = sendMessage(message, sock);
+    if (sendMessage(message, sock) != UAE_OAL_SUCCESS)
+    {
+        //server can't do anything, ignore status
+    }
     delete message;
-    return retVal;
+    return;
 }
diff --git a/psw/ae/data/prebuilt/le_prod_css.bin b/psw/ae/data/prebuilt/le_prod_css.bin