#GP issue

[jovanbulck]

[  126.282402] general protection fault: 0031 [#1] SMP PTI
[  126.282433] Modules linked in: sgx_step(OE) msr ccm pci_stub vboxpci(OE) vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) bnep snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic joydev hid_multitouch dell_rbtn dell_laptop dell_smm_hwmon intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul arc4 nls_iso8859_1 crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd intel_cstate intel_rapl_perf iwlmvm mac80211 iwlwifi cfg80211 snd_soc_skl snd_soc_skl_ipc snd_soc_sst_ipc snd_soc_sst_dsp snd_hda_ext_core snd_soc_sst_match rtsx_pci_ms snd_soc_core memstick snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep input_leds serio_raw snd_pcm dell_wmi dell_smbios dcdbas snd_seq_midi snd_seq_midi_event
[  126.282755]  wmi_bmof snd_rawmidi snd_seq snd_seq_device snd_timer snd soundcore uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core videodev media btusb btrtl idma64 virt_dma shpchp mei_me mei intel_pch_thermal intel_lpss_pci ucsi_acpi processor_thermal_device intel_soc_dts_iosf typec_ucsi typec hci_uart btbcm serdev btqca btintel bluetooth ecdh_generic intel_lpss_acpi intel_lpss int3403_thermal intel_hid int3400_thermal acpi_thermal_rel int340x_thermal_zone sparse_keymap acpi_pad tpm_crb mac_hid acpi_als kfifo_buf industrialio isgx(OE) parport_pc ppdev lp parport autofs4 i915 rtsx_pci_sdmmc e1000e i2c_algo_bit drm_kms_helper ptp pps_core syscopyarea sysfillrect sysimgblt fb_sys_fops rtsx_pci ahci drm libahci wmi i2c_hid hid video pinctrl_sunrisepoint pinctrl_intel
[  126.283050] CPU: 1 PID: 3287 Comm: app Tainted: G           OE   4.13.0-45-generic #50~16.04.1-Ubuntu
[  126.283086] Hardware name: Dell Inc. Latitude 7490/0KP0FT, BIOS 1.1.6 11/10/2017
[  126.283115] task: ffff9615a8f0c740 task.stack: ffffb2d143f5c000
[  126.283144] RIP: 0010:do_general_protection+0x71/0x150
[  126.283165] RSP: 0000:ffffb2d143f5ff30 EFLAGS: 00010202
[  126.283188] RAX: ffffb2d143f5ff58 RBX: 0000000000000000 RCX: 0000000000000000
[  126.283216] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2d143f5ff58
[  126.283244] RBP: ffffb2d143f5ff48 R08: 0000000000000000 R09: 0000000000000000
[  126.283273] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb2d143f5ff58
[  126.283301] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  126.283329] FS:  00007fd927249740(0000) GS:ffff9615c1480000(0000) knlGS:0000000000000000
[  126.283361] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  126.283385] CR2: 00007fd924803000 CR3: 000000046585e005 CR4: 00000000003606e0
[  126.283413] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  126.283441] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  126.283469] Call Trace:
[  126.283485]  ? general_protection+0x36/0x60
[  126.283504]  general_protection+0x4c/0x60
[  126.283522] RIP: 0033:0x403bbc
[  126.283536] RSP: 002b:00007ffd913bb120 EFLAGS: 00000202
[  126.283558] RAX: 0000000000000003 RBX: 00007fd924c7f000 RCX: 0000000000403bbc
[  126.283586] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  126.283614] RBP: 00007ffd913bb5f0 R08: 0000000000000000 R09: 0000000000000000
[  126.283642] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  126.283670] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  126.283699] Code: 00 00 00 85 c0 0f 85 83 00 00 00 48 89 da be 01 00 00 00 bf 0b 00 00 00 e8 8d b3 06 00 5b 41 5c 41 5d 5d c3 fb 66 0f 1f 44 00 00 <eb> aa be 0d 00 00 00 4c 89 e7 e8 80 52 04 00 85 c0 75 df 4c 89 
[  126.283805] RIP: do_general_protection+0x71/0x150 RSP: ffffb2d143f5ff30
[  126.293255] ---[ end trace 88011931c80a132c ]---

0000000000403bbc <sgx_step_aep_trampoline>:
  403bbc:       48 89 1c 25 c8 71 60    mov    %rbx,0x6071c8
  403bc3:       00 
  403bc4:       48 8d 04 25 c0 71 60    lea    0x6071c0,%rax
  403bcb:       00 
  403bcc:       48 85 c0                test   %rax,%rax
  403bcf:       74 02                   je     403bd3 <sgx_step_aep_trampoline+0x17>
  403bd1:       ff 10                   callq  *(%rax)
  403bd3:       48 8b 1c 25 c8 71 60    mov    0x6071c8,%rbx
  403bda:       00 
  403bdb:       48 8d 0c 25 bc 3b 40    lea    0x403bbc,%rcx
  403be2:       00 
  403be3:       0f 0d 04 25 d0 71 60    prefetch 0x6071d0
  403bea:       00 
  403beb:       0f ae f0                mfence 
  403bee:       0f 31                   rdtsc  
  403bf0:       89 04 25 d0 71 60 00    mov    %eax,0x6071d0
  403bf7:       48 c7 c0 03 00 00 00    mov    $0x3,%rax
  403bfe:       0f 01 d7                enclu  

jo@sgx-dsn:~/sgx-step/app/bench$ LAPTOP=1 NUM=10 STRLEN=1 make parse


[pt.c] /dev/sgx-step opened!
[pt.c] /dev/mem opened!

--------------------------------------------------------------------------------
[main.c] Creating enclave...
--------------------------------------------------------------------------------

[sched.c] continuing on CPU 1
==== System Settings ====
    Pstate max perf pct: 100
    Pstate min perf pct: 100
    Turbo Boost:         0
    cpu pinning:         1
    Designated cpu:      1
    Running on cpu:      1
==== Victim Enclave ====
    Base: 0x7fd924800000
    Size: 8388608
    Limit:  0x7fd925000000
    TCS:  0x7fd924c7f000
    AEP:  0x403bbc
    EDBGRD: debug
[main.c] enclave string adrs at 0x7fd924a1d000

[main.c] enclave trigger code adrs at 0x7fd924803000


--------------------------------------------------------------------------------
[main.c] Establishing user space IDT mapping
--------------------------------------------------------------------------------

[idt.c] DTR.base=0xfffffe0000000000/size=4095 (256 entries)
[idt.c] established user space IDT mapping at 0x7fd927266000
[idt.c] installed IRQ handler with target_rip=0x4013fb
[idt.c] IDT[ 45] @0x7fd9272662d0 = 0x403c01 (seg sel 0x33); p=1; dpl=3; type=15; ist=0
[file.c] reading buffer from '/dev/cpu/1/msr' (size=8)
[apic.c] established local memory mapping for APIC_BASE=0xfee00000 at 0x7fd927265000
[apic.c] apic_id is 2000000
[apic.c] APIC timer one-shot mode with division 2 (lvtt=2d/tdcr=0)
[main.c] calling enclave: attack=2; num_runs=10; timer=40
[main.c] Caught fault 11! Restoring enclave page permissions..
[main.c] ^^ enclave RIP=0x3000; ACCESSED=0
[main.c] ^^ enclave RIP=0x3000; ACCESSED=0
[main.c] ^^ enclave RIP=0x3003; ACCESSED=1

[jovanbulck]

0000000000003000 <my_strlen>:
    3000:       48 89 f8                mov    %rdi,%rax
    3003:       80 38 00                cmpb   $0x0,(%rax)
    3006:       74 05                   je     300d <my_strlen+0xd>
    3008:       48 ff c0                inc    %rax
    300b:       eb f6                   jmp    3003 <my_strlen+0x3>
    300d:       48 29 f8                sub    %rdi,%rax
    3010:       c3                      retq   
        ...
    4011:       90                      nop
    4012:       90                      nop
    4013:       90                      nop
    4014:       90                      nop
    4015:       90                      nop
    4016:       90                      nop
    4017:       90                      nop