You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by rd...@apache.org on 2023/03/17 01:03:37 UTC
[incubator-teaclave-sgx-sdk] branch master updated: Fix access to untrusted memory during unwind
This is an automated email from the ASF dual-hosted git repository.
rduan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-sgx-sdk.git
The following commit(s) were added to refs/heads/master by this push:
new 48d9fb8c Fix access to untrusted memory during unwind
48d9fb8c is described below
commit 48d9fb8c11fd8cb427f272470caa4f688d22f8d8
Author: volcano <vo...@163.com>
AuthorDate: Thu Mar 16 08:54:07 2023 +0800
Fix access to untrusted memory during unwind
---
.gitignore | 6 ++++++
samplecode/backtrace/Makefile | 2 +-
sgx_backtrace/src/backtrace/libunwind.rs | 12 ++++++++++--
sgx_backtrace/src/backtrace/mod.rs | 1 +
sgx_backtrace/src/symbolize/libbacktrace.rs | 15 +++++++++++++++
sgx_trts/src/enclave.rs | 16 ++++++++++++++++
sgx_tstd/src/sys/backtrace/tracing/gcc_s.rs | 10 +++++++++-
sgx_tstd/src/sys_common/gnu/libbacktrace.rs | 18 +++++++++++++++++-
sgx_unwind/libunwind/src/x86_64/Ginit.c | 10 +++++-----
9 files changed, 80 insertions(+), 10 deletions(-)
diff --git a/.gitignore b/.gitignore
index 70d87bbf..8a76568d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,9 +1,14 @@
+#macos
+.DS_Store
.idea
Cargo.lock
#object file
*.o
+#app
+app
+
#library
*.a
@@ -41,3 +46,4 @@ sgx_unwind/libunwind/aclocal.m4
sgx_unwind/libunwind/autom4te.cache/*
sgx_unwind/libunwind/configure
sgx_unwind/libunwind/src/Makefile.in
+sgx_unwind/libunwind/configure~
diff --git a/samplecode/backtrace/Makefile b/samplecode/backtrace/Makefile
index 19599d83..797bd6a6 100644
--- a/samplecode/backtrace/Makefile
+++ b/samplecode/backtrace/Makefile
@@ -20,7 +20,7 @@
SGX_SDK ?= /opt/sgxsdk
SGX_MODE ?= HW
SGX_ARCH ?= x64
-SGX_DEBUG ?= 1
+# SGX_DEBUG ?= 1
TOP_DIR := ../..
include $(TOP_DIR)/buildenv.mk
diff --git a/sgx_backtrace/src/backtrace/libunwind.rs b/sgx_backtrace/src/backtrace/libunwind.rs
index 8c4fc8df..f51d23a6 100644
--- a/sgx_backtrace/src/backtrace/libunwind.rs
+++ b/sgx_backtrace/src/backtrace/libunwind.rs
@@ -35,6 +35,7 @@
#![allow(clippy::upper_case_acronyms)]
use super::super::Bomb;
use core::ffi::c_void;
+use sgx_trts::enclave;
pub enum Frame {
Raw(*mut uw::_Unwind_Context),
@@ -117,9 +118,16 @@ pub unsafe fn trace(mut cb: &mut dyn FnMut(&super::Frame) -> bool) {
};
let mut bomb = Bomb { enabled: true };
- let keep_going = cb(&cx);
+ let mut keep_going = cb(&cx);
bomb.enabled = false;
+ let sym_addr = cx.symbol_address() as usize;
+ let enclave_entry = enclave::rsgx_get_enclave_entry();
+ if enclave_entry == sym_addr || enclave_entry == (sym_addr - 0x04) {
+ //0x04 endbr64
+ keep_going = false;
+ }
+
if keep_going {
uw::_URC_NO_REASON
} else {
@@ -136,7 +144,7 @@ pub unsafe fn trace(mut cb: &mut dyn FnMut(&super::Frame) -> bool) {
#[allow(non_camel_case_types)]
#[allow(non_snake_case)]
#[allow(dead_code)]
-mod uw {
+pub mod uw {
pub use self::_Unwind_Reason_Code::*;
use core::ffi::c_void;
diff --git a/sgx_backtrace/src/backtrace/mod.rs b/sgx_backtrace/src/backtrace/mod.rs
index 6cd1d6a9..f0cca592 100644
--- a/sgx_backtrace/src/backtrace/mod.rs
+++ b/sgx_backtrace/src/backtrace/mod.rs
@@ -144,4 +144,5 @@ impl fmt::Debug for Frame {
mod libunwind;
use self::libunwind::trace as trace_imp;
+pub(crate) use self::libunwind::uw;
pub(crate) use self::libunwind::Frame as FrameImp;
diff --git a/sgx_backtrace/src/symbolize/libbacktrace.rs b/sgx_backtrace/src/symbolize/libbacktrace.rs
index 6a14d9fa..d759ce54 100644
--- a/sgx_backtrace/src/symbolize/libbacktrace.rs
+++ b/sgx_backtrace/src/symbolize/libbacktrace.rs
@@ -41,10 +41,12 @@
#![allow(bad_style)]
#![allow(dead_code)]
+use crate::backtrace::uw;
use crate::bt;
use core::{marker, ptr, slice};
use libc::{self, c_char, c_int, c_void, uintptr_t};
use sgx_trts::c_str::CString;
+use sgx_trts::enclave;
use crate::symbolize::{ResolveWhat, SymbolName};
use crate::types::BytesOrWideString;
@@ -197,6 +199,8 @@ struct SyminfoState<'a> {
pc: usize,
}
+static ENCLAVE_ENTRY_NAME: &str = "enclave_entry\0";
+
extern "C" fn syminfo_cb(
data: *mut c_void,
pc: uintptr_t,
@@ -233,6 +237,17 @@ extern "C" fn syminfo_cb(
&mut pcinfo_state as *mut _ as *mut _,
);
if !pcinfo_state.called {
+ let mut symname = symname;
+ if symname.is_null() {
+ let sym_address =
+ uw::_Unwind_FindEnclosingFunction((pc + 1) as *mut c_void) as usize;
+ let enclave_entry = enclave::rsgx_get_enclave_entry();
+ if sym_address == enclave_entry || (sym_address - 0x04) == enclave_entry {
+ //0x04 endbr64
+ symname = ENCLAVE_ENTRY_NAME as *const _ as *const c_char
+ }
+ }
+
let inner = Symbol::Syminfo {
pc,
symname,
diff --git a/sgx_trts/src/enclave.rs b/sgx_trts/src/enclave.rs
index efddf78b..4db1b0e3 100644
--- a/sgx_trts/src/enclave.rs
+++ b/sgx_trts/src/enclave.rs
@@ -679,3 +679,19 @@ pub fn rsgx_get_elrange_base() -> *const u8 {
pub fn rsgx_get_elrange_size() -> usize {
unsafe { g_global_data.elrange_size as usize }
}
+
+///
+/// rsgx_get_enclave_entry is to get enclave entry point address.
+///
+/// **Note**
+///
+/// This API is only an experimental funtion.
+///
+#[inline]
+pub fn rsgx_get_enclave_entry() -> usize {
+ extern "C" {
+ fn enclave_entry();
+ }
+ let entry_addr: unsafe extern "C" fn() = enclave_entry;
+ entry_addr as usize
+}
diff --git a/sgx_tstd/src/sys/backtrace/tracing/gcc_s.rs b/sgx_tstd/src/sys/backtrace/tracing/gcc_s.rs
index 1b58e532..b354026e 100644
--- a/sgx_tstd/src/sys/backtrace/tracing/gcc_s.rs
+++ b/sgx_tstd/src/sys/backtrace/tracing/gcc_s.rs
@@ -17,6 +17,7 @@
use crate::ffi::c_void;
use crate::sys::backtrace::Bomb;
+use sgx_trts::enclave;
use sgx_unwind as uw;
@@ -101,9 +102,16 @@ pub unsafe fn trace(mut cb: &mut dyn FnMut(&super::Frame) -> bool) {
};
let mut bomb = Bomb::new(true);
- let keep_going = cb(&cx);
+ let mut keep_going = cb(&cx);
bomb.set(false);
+ let sym_addr = cx.symbol_address() as usize;
+ let enclave_entry = enclave::rsgx_get_enclave_entry();
+ if enclave_entry == sym_addr || enclave_entry == (sym_addr - 0x04) {
+ //0x04 endbr64
+ keep_going = false;
+ }
+
if keep_going {
uw::_URC_NO_REASON
} else {
diff --git a/sgx_tstd/src/sys_common/gnu/libbacktrace.rs b/sgx_tstd/src/sys_common/gnu/libbacktrace.rs
index 00b611c7..b3fc0b8e 100644
--- a/sgx_tstd/src/sys_common/gnu/libbacktrace.rs
+++ b/sgx_tstd/src/sys_common/gnu/libbacktrace.rs
@@ -22,9 +22,12 @@ use crate::slice;
use crate::sys::backtrace::{self, Bomb, BytesOrWideString};
use crate::sys_common::backtrace::{ResolveWhat, SymbolName};
-use sgx_backtrace_sys as bt;
+use sgx_trts::enclave;
use sgx_libc::{self, c_char, c_int, c_void, uintptr_t};
+use sgx_backtrace_sys as bt;
+use sgx_unwind as uw;
+
pub enum Symbol<'a> {
Syminfo {
pc: uintptr_t,
@@ -160,6 +163,8 @@ struct SyminfoState<'a> {
pc: usize,
}
+static ENCLAVE_ENTRY_NAME: &str = "enclave_entry\0";
+
extern "C" fn syminfo_cb(
data: *mut c_void,
pc: uintptr_t,
@@ -196,6 +201,17 @@ extern "C" fn syminfo_cb(
&mut pcinfo_state as *mut _ as *mut _,
);
if !pcinfo_state.called {
+ let mut symname = symname;
+ if symname.is_null() {
+ let sym_address =
+ uw::_Unwind_FindEnclosingFunction((pc + 1) as *mut c_void) as usize;
+ let enclave_entry = enclave::rsgx_get_enclave_entry();
+ if sym_address == enclave_entry || (sym_address - 0x04) == enclave_entry {
+ //0x04 endbr64
+ symname = ENCLAVE_ENTRY_NAME as *const _ as *const c_char
+ }
+ }
+
let inner = Symbol::Syminfo {
pc,
symname,
diff --git a/sgx_unwind/libunwind/src/x86_64/Ginit.c b/sgx_unwind/libunwind/src/x86_64/Ginit.c
index cf65579c..7bbd1db2 100644
--- a/sgx_unwind/libunwind/src/x86_64/Ginit.c
+++ b/sgx_unwind/libunwind/src/x86_64/Ginit.c
@@ -134,11 +134,11 @@ write_validate (void *addr)
static int (*mem_validate_func) (void *addr, size_t len);
static int msync_validate (void *addr, size_t len)
{
- // #ifdef HAVE_SGX
- // extern int sgx_is_within_enclave(const void *addr, size_t size);
- // if(!sgx_is_within_enclave(addr, len))
- // abort();
- // #endif
+#ifdef HAVE_SGX
+ extern int sgx_is_within_enclave(const void *addr, size_t size);
+ if(!sgx_is_within_enclave(addr, len))
+ abort();
+#endif
if (msync (addr, len, MS_ASYNC) != 0)
{
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org