general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix reserved memory permission for EDMM support

Browse Source
This commit is contained in:
Hui, Chunyang 2022-12-27 11:58:10 +08:00 committed by volcano
parent 12cb488f36
commit 997c21a45f
2 changed files with 36 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/libos/src/vm/user_space_vm.rs
View File

@ -23,11 +23,9 @@ impl UserSpaceVMManager {
if ptr.is_null() { if ptr.is_null() {
return_errno!(ENOMEM, "run out of reserved memory"); return_errno!(ENOMEM, "run out of reserved memory");
} }
// Change the page permission to RW (default)
assert!( // Without EDMM support and the ReservedMemExecutable is set to 1, the reserved memory will be RWX. And we can't change the reserved memory permission.
sgx_tprotect_rsrv_mem(ptr, rsrv_mem_size, RSRV_MEM_PERM.bits()) // With EDMM support, the reserved memory permission is RW by default. And we can change the permissions when needed.
== sgx_status_t::SGX_SUCCESS
);
let addr = ptr as usize; let addr = ptr as usize;
debug!( debug!(
@ -99,15 +97,4 @@ extern "C" {
// Return: 0 on success; otherwise -1 // Return: 0 on success; otherwise -1
// //
fn sgx_free_rsrv_mem(addr: *const c_void, length: usize) -> i32; fn sgx_free_rsrv_mem(addr: *const c_void, length: usize) -> i32;
// Modify the access permissions of the pages in the reserved memory area
//
// Parameters:
// Inputs: addr[in]: Starting address of region which needs to change access
// permission. Page aligned.
// length[in]: The length of the memory to be manipulated in bytes. Page aligned.
// prot[in]: The target memory protection.
// Return: sgx_status_t
//
fn sgx_tprotect_rsrv_mem(addr: *const c_void, length: usize, prot: i32) -> sgx_status_t;
} }

43
src/libos/src/vm/vm_perms.rs
View File

@ -34,14 +34,7 @@ impl VMPerms {
} }
pub fn apply_perms(protect_range: &VMRange, perms: VMPerms) { pub fn apply_perms(protect_range: &VMRange, perms: VMPerms) {
extern "C" { use sgx_trts::enclave::rsgx_is_supported_EDMM;
pub fn occlum_ocall_mprotect(
retval: *mut i32,
addr: *const c_void,
len: usize,
prot: i32,
) -> sgx_status_t;
};
unsafe { unsafe {
let mut retval = 0; let mut retval = 0;
@ -51,8 +44,18 @@ impl VMPerms {
// Since the memory are managed by our own, mprotect ocall shouldn't use this flag. Otherwise, EINVAL will be thrown. // Since the memory are managed by our own, mprotect ocall shouldn't use this flag. Otherwise, EINVAL will be thrown.
let mut prot = perms.clone(); let mut prot = perms.clone();
prot.remove(VMPerms::GROWSDOWN); prot.remove(VMPerms::GROWSDOWN);
let sgx_status = occlum_ocall_mprotect(&mut retval, addr, len, prot.bits() as i32);
assert!(sgx_status == sgx_status_t::SGX_SUCCESS && retval == 0); if rsgx_is_supported_EDMM() {
// With EDMM support, reserved memory permission should be updated.
assert!(
sgx_tprotect_rsrv_mem(addr, len, prot.bits() as i32)
== sgx_status_t::SGX_SUCCESS
);
} else {
// Without EDMM support, reserved memory permission is statically RWX and we only need to do mprotect ocall.
let sgx_status = occlum_ocall_mprotect(&mut retval, addr, len, prot.bits() as i32);
assert!(sgx_status == sgx_status_t::SGX_SUCCESS && retval == 0);
}
} }
} }
@ -82,3 +85,23 @@ impl Default for VMPerms {
VMPerms::DEFAULT VMPerms::DEFAULT
} }
} }
extern "C" {
// Modify the access permissions of the pages in the reserved memory area
//
// Parameters:
// Inputs: addr[in]: Starting address of region which needs to change access
// permission. Page aligned.
// length[in]: The length of the memory to be manipulated in bytes. Page aligned.
// prot[in]: The target memory protection.
// Return: sgx_status_t
//
fn sgx_tprotect_rsrv_mem(addr: *const c_void, length: usize, prot: i32) -> sgx_status_t;
fn occlum_ocall_mprotect(
retval: *mut i32,
addr: *const c_void,
len: usize,
prot: i32,
) -> sgx_status_t;
}