1*053f45beSAndroid Build Coastguard Worker // SPDX-License-Identifier: GPL-2.0
2*053f45beSAndroid Build Coastguard Worker /* Copyright(c) 2016-20 Intel Corporation. */
3*053f45beSAndroid Build Coastguard Worker
4*053f45beSAndroid Build Coastguard Worker #include <assert.h>
5*053f45beSAndroid Build Coastguard Worker #include <elf.h>
6*053f45beSAndroid Build Coastguard Worker #include <errno.h>
7*053f45beSAndroid Build Coastguard Worker #include <fcntl.h>
8*053f45beSAndroid Build Coastguard Worker #include <stdbool.h>
9*053f45beSAndroid Build Coastguard Worker #include <stdio.h>
10*053f45beSAndroid Build Coastguard Worker #include <stdint.h>
11*053f45beSAndroid Build Coastguard Worker #include <stdlib.h>
12*053f45beSAndroid Build Coastguard Worker #include <string.h>
13*053f45beSAndroid Build Coastguard Worker #include <unistd.h>
14*053f45beSAndroid Build Coastguard Worker #include <sys/ioctl.h>
15*053f45beSAndroid Build Coastguard Worker #include <sys/mman.h>
16*053f45beSAndroid Build Coastguard Worker #include <sys/stat.h>
17*053f45beSAndroid Build Coastguard Worker #include <sys/time.h>
18*053f45beSAndroid Build Coastguard Worker #include <sys/types.h>
19*053f45beSAndroid Build Coastguard Worker #include "defines.h"
20*053f45beSAndroid Build Coastguard Worker #include "main.h"
21*053f45beSAndroid Build Coastguard Worker
encl_delete(struct encl * encl)22*053f45beSAndroid Build Coastguard Worker void encl_delete(struct encl *encl)
23*053f45beSAndroid Build Coastguard Worker {
24*053f45beSAndroid Build Coastguard Worker struct encl_segment *heap_seg;
25*053f45beSAndroid Build Coastguard Worker
26*053f45beSAndroid Build Coastguard Worker if (encl->encl_base)
27*053f45beSAndroid Build Coastguard Worker munmap((void *)encl->encl_base, encl->encl_size);
28*053f45beSAndroid Build Coastguard Worker
29*053f45beSAndroid Build Coastguard Worker if (encl->bin)
30*053f45beSAndroid Build Coastguard Worker munmap(encl->bin, encl->bin_size);
31*053f45beSAndroid Build Coastguard Worker
32*053f45beSAndroid Build Coastguard Worker if (encl->fd)
33*053f45beSAndroid Build Coastguard Worker close(encl->fd);
34*053f45beSAndroid Build Coastguard Worker
35*053f45beSAndroid Build Coastguard Worker if (encl->segment_tbl) {
36*053f45beSAndroid Build Coastguard Worker heap_seg = &encl->segment_tbl[encl->nr_segments - 1];
37*053f45beSAndroid Build Coastguard Worker munmap(heap_seg->src, heap_seg->size);
38*053f45beSAndroid Build Coastguard Worker free(encl->segment_tbl);
39*053f45beSAndroid Build Coastguard Worker }
40*053f45beSAndroid Build Coastguard Worker
41*053f45beSAndroid Build Coastguard Worker memset(encl, 0, sizeof(*encl));
42*053f45beSAndroid Build Coastguard Worker }
43*053f45beSAndroid Build Coastguard Worker
encl_map_bin(const char * path,struct encl * encl)44*053f45beSAndroid Build Coastguard Worker static bool encl_map_bin(const char *path, struct encl *encl)
45*053f45beSAndroid Build Coastguard Worker {
46*053f45beSAndroid Build Coastguard Worker struct stat sb;
47*053f45beSAndroid Build Coastguard Worker void *bin;
48*053f45beSAndroid Build Coastguard Worker int ret;
49*053f45beSAndroid Build Coastguard Worker int fd;
50*053f45beSAndroid Build Coastguard Worker
51*053f45beSAndroid Build Coastguard Worker fd = open(path, O_RDONLY);
52*053f45beSAndroid Build Coastguard Worker if (fd == -1) {
53*053f45beSAndroid Build Coastguard Worker perror("enclave executable open()");
54*053f45beSAndroid Build Coastguard Worker return false;
55*053f45beSAndroid Build Coastguard Worker }
56*053f45beSAndroid Build Coastguard Worker
57*053f45beSAndroid Build Coastguard Worker ret = stat(path, &sb);
58*053f45beSAndroid Build Coastguard Worker if (ret) {
59*053f45beSAndroid Build Coastguard Worker perror("enclave executable stat()");
60*053f45beSAndroid Build Coastguard Worker goto err;
61*053f45beSAndroid Build Coastguard Worker }
62*053f45beSAndroid Build Coastguard Worker
63*053f45beSAndroid Build Coastguard Worker bin = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
64*053f45beSAndroid Build Coastguard Worker if (bin == MAP_FAILED) {
65*053f45beSAndroid Build Coastguard Worker perror("enclave executable mmap()");
66*053f45beSAndroid Build Coastguard Worker goto err;
67*053f45beSAndroid Build Coastguard Worker }
68*053f45beSAndroid Build Coastguard Worker
69*053f45beSAndroid Build Coastguard Worker encl->bin = bin;
70*053f45beSAndroid Build Coastguard Worker encl->bin_size = sb.st_size;
71*053f45beSAndroid Build Coastguard Worker
72*053f45beSAndroid Build Coastguard Worker close(fd);
73*053f45beSAndroid Build Coastguard Worker return true;
74*053f45beSAndroid Build Coastguard Worker
75*053f45beSAndroid Build Coastguard Worker err:
76*053f45beSAndroid Build Coastguard Worker close(fd);
77*053f45beSAndroid Build Coastguard Worker return false;
78*053f45beSAndroid Build Coastguard Worker }
79*053f45beSAndroid Build Coastguard Worker
encl_ioc_create(struct encl * encl)80*053f45beSAndroid Build Coastguard Worker static bool encl_ioc_create(struct encl *encl)
81*053f45beSAndroid Build Coastguard Worker {
82*053f45beSAndroid Build Coastguard Worker struct sgx_secs *secs = &encl->secs;
83*053f45beSAndroid Build Coastguard Worker struct sgx_enclave_create ioc;
84*053f45beSAndroid Build Coastguard Worker int rc;
85*053f45beSAndroid Build Coastguard Worker
86*053f45beSAndroid Build Coastguard Worker assert(encl->encl_base != 0);
87*053f45beSAndroid Build Coastguard Worker
88*053f45beSAndroid Build Coastguard Worker memset(secs, 0, sizeof(*secs));
89*053f45beSAndroid Build Coastguard Worker secs->ssa_frame_size = 1;
90*053f45beSAndroid Build Coastguard Worker secs->attributes = SGX_ATTR_MODE64BIT;
91*053f45beSAndroid Build Coastguard Worker secs->xfrm = 3;
92*053f45beSAndroid Build Coastguard Worker secs->base = encl->encl_base;
93*053f45beSAndroid Build Coastguard Worker secs->size = encl->encl_size;
94*053f45beSAndroid Build Coastguard Worker
95*053f45beSAndroid Build Coastguard Worker ioc.src = (unsigned long)secs;
96*053f45beSAndroid Build Coastguard Worker rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_CREATE, &ioc);
97*053f45beSAndroid Build Coastguard Worker if (rc) {
98*053f45beSAndroid Build Coastguard Worker perror("SGX_IOC_ENCLAVE_CREATE failed");
99*053f45beSAndroid Build Coastguard Worker munmap((void *)secs->base, encl->encl_size);
100*053f45beSAndroid Build Coastguard Worker return false;
101*053f45beSAndroid Build Coastguard Worker }
102*053f45beSAndroid Build Coastguard Worker
103*053f45beSAndroid Build Coastguard Worker return true;
104*053f45beSAndroid Build Coastguard Worker }
105*053f45beSAndroid Build Coastguard Worker
encl_ioc_add_pages(struct encl * encl,struct encl_segment * seg)106*053f45beSAndroid Build Coastguard Worker static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg)
107*053f45beSAndroid Build Coastguard Worker {
108*053f45beSAndroid Build Coastguard Worker struct sgx_enclave_add_pages ioc;
109*053f45beSAndroid Build Coastguard Worker struct sgx_secinfo secinfo;
110*053f45beSAndroid Build Coastguard Worker int rc;
111*053f45beSAndroid Build Coastguard Worker
112*053f45beSAndroid Build Coastguard Worker memset(&secinfo, 0, sizeof(secinfo));
113*053f45beSAndroid Build Coastguard Worker secinfo.flags = seg->flags;
114*053f45beSAndroid Build Coastguard Worker
115*053f45beSAndroid Build Coastguard Worker ioc.src = (uint64_t)seg->src;
116*053f45beSAndroid Build Coastguard Worker ioc.offset = seg->offset;
117*053f45beSAndroid Build Coastguard Worker ioc.length = seg->size;
118*053f45beSAndroid Build Coastguard Worker ioc.secinfo = (unsigned long)&secinfo;
119*053f45beSAndroid Build Coastguard Worker if (seg->measure)
120*053f45beSAndroid Build Coastguard Worker ioc.flags = SGX_PAGE_MEASURE;
121*053f45beSAndroid Build Coastguard Worker else
122*053f45beSAndroid Build Coastguard Worker ioc.flags = 0;
123*053f45beSAndroid Build Coastguard Worker
124*053f45beSAndroid Build Coastguard Worker rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc);
125*053f45beSAndroid Build Coastguard Worker if (rc < 0) {
126*053f45beSAndroid Build Coastguard Worker perror("SGX_IOC_ENCLAVE_ADD_PAGES failed");
127*053f45beSAndroid Build Coastguard Worker return false;
128*053f45beSAndroid Build Coastguard Worker }
129*053f45beSAndroid Build Coastguard Worker
130*053f45beSAndroid Build Coastguard Worker return true;
131*053f45beSAndroid Build Coastguard Worker }
132*053f45beSAndroid Build Coastguard Worker
133*053f45beSAndroid Build Coastguard Worker /*
134*053f45beSAndroid Build Coastguard Worker * Parse the enclave code's symbol table to locate and return address of
135*053f45beSAndroid Build Coastguard Worker * the provided symbol
136*053f45beSAndroid Build Coastguard Worker */
encl_get_entry(struct encl * encl,const char * symbol)137*053f45beSAndroid Build Coastguard Worker uint64_t encl_get_entry(struct encl *encl, const char *symbol)
138*053f45beSAndroid Build Coastguard Worker {
139*053f45beSAndroid Build Coastguard Worker Elf64_Shdr *sections;
140*053f45beSAndroid Build Coastguard Worker Elf64_Sym *symtab;
141*053f45beSAndroid Build Coastguard Worker Elf64_Ehdr *ehdr;
142*053f45beSAndroid Build Coastguard Worker char *sym_names;
143*053f45beSAndroid Build Coastguard Worker int num_sym;
144*053f45beSAndroid Build Coastguard Worker int i;
145*053f45beSAndroid Build Coastguard Worker
146*053f45beSAndroid Build Coastguard Worker ehdr = encl->bin;
147*053f45beSAndroid Build Coastguard Worker sections = encl->bin + ehdr->e_shoff;
148*053f45beSAndroid Build Coastguard Worker
149*053f45beSAndroid Build Coastguard Worker for (i = 0; i < ehdr->e_shnum; i++) {
150*053f45beSAndroid Build Coastguard Worker if (sections[i].sh_type == SHT_SYMTAB) {
151*053f45beSAndroid Build Coastguard Worker symtab = (Elf64_Sym *)((char *)encl->bin + sections[i].sh_offset);
152*053f45beSAndroid Build Coastguard Worker num_sym = sections[i].sh_size / sections[i].sh_entsize;
153*053f45beSAndroid Build Coastguard Worker break;
154*053f45beSAndroid Build Coastguard Worker }
155*053f45beSAndroid Build Coastguard Worker }
156*053f45beSAndroid Build Coastguard Worker
157*053f45beSAndroid Build Coastguard Worker for (i = 0; i < ehdr->e_shnum; i++) {
158*053f45beSAndroid Build Coastguard Worker if (sections[i].sh_type == SHT_STRTAB) {
159*053f45beSAndroid Build Coastguard Worker sym_names = (char *)encl->bin + sections[i].sh_offset;
160*053f45beSAndroid Build Coastguard Worker break;
161*053f45beSAndroid Build Coastguard Worker }
162*053f45beSAndroid Build Coastguard Worker }
163*053f45beSAndroid Build Coastguard Worker
164*053f45beSAndroid Build Coastguard Worker for (i = 0; i < num_sym; i++) {
165*053f45beSAndroid Build Coastguard Worker Elf64_Sym *sym = &symtab[i];
166*053f45beSAndroid Build Coastguard Worker
167*053f45beSAndroid Build Coastguard Worker if (!strcmp(symbol, sym_names + sym->st_name))
168*053f45beSAndroid Build Coastguard Worker return (uint64_t)sym->st_value;
169*053f45beSAndroid Build Coastguard Worker }
170*053f45beSAndroid Build Coastguard Worker
171*053f45beSAndroid Build Coastguard Worker return 0;
172*053f45beSAndroid Build Coastguard Worker }
173*053f45beSAndroid Build Coastguard Worker
encl_load(const char * path,struct encl * encl,unsigned long heap_size)174*053f45beSAndroid Build Coastguard Worker bool encl_load(const char *path, struct encl *encl, unsigned long heap_size)
175*053f45beSAndroid Build Coastguard Worker {
176*053f45beSAndroid Build Coastguard Worker const char device_path[] = "/dev/sgx_enclave";
177*053f45beSAndroid Build Coastguard Worker struct encl_segment *seg;
178*053f45beSAndroid Build Coastguard Worker Elf64_Phdr *phdr_tbl;
179*053f45beSAndroid Build Coastguard Worker off_t src_offset;
180*053f45beSAndroid Build Coastguard Worker Elf64_Ehdr *ehdr;
181*053f45beSAndroid Build Coastguard Worker struct stat sb;
182*053f45beSAndroid Build Coastguard Worker void *ptr;
183*053f45beSAndroid Build Coastguard Worker int i, j;
184*053f45beSAndroid Build Coastguard Worker int ret;
185*053f45beSAndroid Build Coastguard Worker int fd = -1;
186*053f45beSAndroid Build Coastguard Worker
187*053f45beSAndroid Build Coastguard Worker memset(encl, 0, sizeof(*encl));
188*053f45beSAndroid Build Coastguard Worker
189*053f45beSAndroid Build Coastguard Worker fd = open(device_path, O_RDWR);
190*053f45beSAndroid Build Coastguard Worker if (fd < 0) {
191*053f45beSAndroid Build Coastguard Worker perror("Unable to open /dev/sgx_enclave");
192*053f45beSAndroid Build Coastguard Worker goto err;
193*053f45beSAndroid Build Coastguard Worker }
194*053f45beSAndroid Build Coastguard Worker
195*053f45beSAndroid Build Coastguard Worker ret = stat(device_path, &sb);
196*053f45beSAndroid Build Coastguard Worker if (ret) {
197*053f45beSAndroid Build Coastguard Worker perror("device file stat()");
198*053f45beSAndroid Build Coastguard Worker goto err;
199*053f45beSAndroid Build Coastguard Worker }
200*053f45beSAndroid Build Coastguard Worker
201*053f45beSAndroid Build Coastguard Worker ptr = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_SHARED, fd, 0);
202*053f45beSAndroid Build Coastguard Worker if (ptr == (void *)-1) {
203*053f45beSAndroid Build Coastguard Worker perror("mmap for read");
204*053f45beSAndroid Build Coastguard Worker goto err;
205*053f45beSAndroid Build Coastguard Worker }
206*053f45beSAndroid Build Coastguard Worker munmap(ptr, PAGE_SIZE);
207*053f45beSAndroid Build Coastguard Worker
208*053f45beSAndroid Build Coastguard Worker #define ERR_MSG \
209*053f45beSAndroid Build Coastguard Worker "mmap() succeeded for PROT_READ, but failed for PROT_EXEC.\n" \
210*053f45beSAndroid Build Coastguard Worker " Check that /dev does not have noexec set:\n" \
211*053f45beSAndroid Build Coastguard Worker " \tmount | grep \"/dev .*noexec\"\n" \
212*053f45beSAndroid Build Coastguard Worker " If so, remount it executable: mount -o remount,exec /dev\n\n"
213*053f45beSAndroid Build Coastguard Worker
214*053f45beSAndroid Build Coastguard Worker ptr = mmap(NULL, PAGE_SIZE, PROT_EXEC, MAP_SHARED, fd, 0);
215*053f45beSAndroid Build Coastguard Worker if (ptr == (void *)-1) {
216*053f45beSAndroid Build Coastguard Worker fprintf(stderr, ERR_MSG);
217*053f45beSAndroid Build Coastguard Worker goto err;
218*053f45beSAndroid Build Coastguard Worker }
219*053f45beSAndroid Build Coastguard Worker munmap(ptr, PAGE_SIZE);
220*053f45beSAndroid Build Coastguard Worker
221*053f45beSAndroid Build Coastguard Worker encl->fd = fd;
222*053f45beSAndroid Build Coastguard Worker
223*053f45beSAndroid Build Coastguard Worker if (!encl_map_bin(path, encl))
224*053f45beSAndroid Build Coastguard Worker goto err;
225*053f45beSAndroid Build Coastguard Worker
226*053f45beSAndroid Build Coastguard Worker ehdr = encl->bin;
227*053f45beSAndroid Build Coastguard Worker phdr_tbl = encl->bin + ehdr->e_phoff;
228*053f45beSAndroid Build Coastguard Worker
229*053f45beSAndroid Build Coastguard Worker encl->nr_segments = 1; /* one for the heap */
230*053f45beSAndroid Build Coastguard Worker
231*053f45beSAndroid Build Coastguard Worker for (i = 0; i < ehdr->e_phnum; i++) {
232*053f45beSAndroid Build Coastguard Worker Elf64_Phdr *phdr = &phdr_tbl[i];
233*053f45beSAndroid Build Coastguard Worker
234*053f45beSAndroid Build Coastguard Worker if (phdr->p_type == PT_LOAD)
235*053f45beSAndroid Build Coastguard Worker encl->nr_segments++;
236*053f45beSAndroid Build Coastguard Worker }
237*053f45beSAndroid Build Coastguard Worker
238*053f45beSAndroid Build Coastguard Worker encl->segment_tbl = calloc(encl->nr_segments,
239*053f45beSAndroid Build Coastguard Worker sizeof(struct encl_segment));
240*053f45beSAndroid Build Coastguard Worker if (!encl->segment_tbl)
241*053f45beSAndroid Build Coastguard Worker goto err;
242*053f45beSAndroid Build Coastguard Worker
243*053f45beSAndroid Build Coastguard Worker for (i = 0, j = 0; i < ehdr->e_phnum; i++) {
244*053f45beSAndroid Build Coastguard Worker Elf64_Phdr *phdr = &phdr_tbl[i];
245*053f45beSAndroid Build Coastguard Worker unsigned int flags = phdr->p_flags;
246*053f45beSAndroid Build Coastguard Worker
247*053f45beSAndroid Build Coastguard Worker if (phdr->p_type != PT_LOAD)
248*053f45beSAndroid Build Coastguard Worker continue;
249*053f45beSAndroid Build Coastguard Worker
250*053f45beSAndroid Build Coastguard Worker seg = &encl->segment_tbl[j];
251*053f45beSAndroid Build Coastguard Worker
252*053f45beSAndroid Build Coastguard Worker if (!!(flags & ~(PF_R | PF_W | PF_X))) {
253*053f45beSAndroid Build Coastguard Worker fprintf(stderr,
254*053f45beSAndroid Build Coastguard Worker "%d has invalid segment flags 0x%02x.\n", i,
255*053f45beSAndroid Build Coastguard Worker phdr->p_flags);
256*053f45beSAndroid Build Coastguard Worker goto err;
257*053f45beSAndroid Build Coastguard Worker }
258*053f45beSAndroid Build Coastguard Worker
259*053f45beSAndroid Build Coastguard Worker if (j == 0 && flags != (PF_R | PF_W)) {
260*053f45beSAndroid Build Coastguard Worker fprintf(stderr,
261*053f45beSAndroid Build Coastguard Worker "TCS has invalid segment flags 0x%02x.\n",
262*053f45beSAndroid Build Coastguard Worker phdr->p_flags);
263*053f45beSAndroid Build Coastguard Worker goto err;
264*053f45beSAndroid Build Coastguard Worker }
265*053f45beSAndroid Build Coastguard Worker
266*053f45beSAndroid Build Coastguard Worker if (j == 0) {
267*053f45beSAndroid Build Coastguard Worker src_offset = phdr->p_offset & PAGE_MASK;
268*053f45beSAndroid Build Coastguard Worker encl->src = encl->bin + src_offset;
269*053f45beSAndroid Build Coastguard Worker
270*053f45beSAndroid Build Coastguard Worker seg->prot = PROT_READ | PROT_WRITE;
271*053f45beSAndroid Build Coastguard Worker seg->flags = SGX_PAGE_TYPE_TCS << 8;
272*053f45beSAndroid Build Coastguard Worker } else {
273*053f45beSAndroid Build Coastguard Worker seg->prot = (phdr->p_flags & PF_R) ? PROT_READ : 0;
274*053f45beSAndroid Build Coastguard Worker seg->prot |= (phdr->p_flags & PF_W) ? PROT_WRITE : 0;
275*053f45beSAndroid Build Coastguard Worker seg->prot |= (phdr->p_flags & PF_X) ? PROT_EXEC : 0;
276*053f45beSAndroid Build Coastguard Worker seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot;
277*053f45beSAndroid Build Coastguard Worker }
278*053f45beSAndroid Build Coastguard Worker
279*053f45beSAndroid Build Coastguard Worker seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset;
280*053f45beSAndroid Build Coastguard Worker seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK;
281*053f45beSAndroid Build Coastguard Worker seg->src = encl->src + seg->offset;
282*053f45beSAndroid Build Coastguard Worker seg->measure = true;
283*053f45beSAndroid Build Coastguard Worker
284*053f45beSAndroid Build Coastguard Worker j++;
285*053f45beSAndroid Build Coastguard Worker }
286*053f45beSAndroid Build Coastguard Worker
287*053f45beSAndroid Build Coastguard Worker assert(j == encl->nr_segments - 1);
288*053f45beSAndroid Build Coastguard Worker
289*053f45beSAndroid Build Coastguard Worker seg = &encl->segment_tbl[j];
290*053f45beSAndroid Build Coastguard Worker seg->offset = encl->segment_tbl[j - 1].offset + encl->segment_tbl[j - 1].size;
291*053f45beSAndroid Build Coastguard Worker seg->size = heap_size;
292*053f45beSAndroid Build Coastguard Worker seg->src = mmap(NULL, heap_size, PROT_READ | PROT_WRITE,
293*053f45beSAndroid Build Coastguard Worker MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
294*053f45beSAndroid Build Coastguard Worker seg->prot = PROT_READ | PROT_WRITE;
295*053f45beSAndroid Build Coastguard Worker seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot;
296*053f45beSAndroid Build Coastguard Worker seg->measure = false;
297*053f45beSAndroid Build Coastguard Worker
298*053f45beSAndroid Build Coastguard Worker if (seg->src == MAP_FAILED)
299*053f45beSAndroid Build Coastguard Worker goto err;
300*053f45beSAndroid Build Coastguard Worker
301*053f45beSAndroid Build Coastguard Worker encl->src_size = encl->segment_tbl[j].offset + encl->segment_tbl[j].size;
302*053f45beSAndroid Build Coastguard Worker
303*053f45beSAndroid Build Coastguard Worker for (encl->encl_size = 4096; encl->encl_size < encl->src_size; )
304*053f45beSAndroid Build Coastguard Worker encl->encl_size <<= 1;
305*053f45beSAndroid Build Coastguard Worker
306*053f45beSAndroid Build Coastguard Worker return true;
307*053f45beSAndroid Build Coastguard Worker
308*053f45beSAndroid Build Coastguard Worker err:
309*053f45beSAndroid Build Coastguard Worker if (fd != -1)
310*053f45beSAndroid Build Coastguard Worker close(fd);
311*053f45beSAndroid Build Coastguard Worker encl_delete(encl);
312*053f45beSAndroid Build Coastguard Worker return false;
313*053f45beSAndroid Build Coastguard Worker }
314*053f45beSAndroid Build Coastguard Worker
encl_map_area(struct encl * encl)315*053f45beSAndroid Build Coastguard Worker static bool encl_map_area(struct encl *encl)
316*053f45beSAndroid Build Coastguard Worker {
317*053f45beSAndroid Build Coastguard Worker size_t encl_size = encl->encl_size;
318*053f45beSAndroid Build Coastguard Worker void *area;
319*053f45beSAndroid Build Coastguard Worker
320*053f45beSAndroid Build Coastguard Worker area = mmap(NULL, encl_size * 2, PROT_NONE,
321*053f45beSAndroid Build Coastguard Worker MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
322*053f45beSAndroid Build Coastguard Worker if (area == MAP_FAILED) {
323*053f45beSAndroid Build Coastguard Worker perror("reservation mmap()");
324*053f45beSAndroid Build Coastguard Worker return false;
325*053f45beSAndroid Build Coastguard Worker }
326*053f45beSAndroid Build Coastguard Worker
327*053f45beSAndroid Build Coastguard Worker encl->encl_base = ((uint64_t)area + encl_size - 1) & ~(encl_size - 1);
328*053f45beSAndroid Build Coastguard Worker
329*053f45beSAndroid Build Coastguard Worker munmap(area, encl->encl_base - (uint64_t)area);
330*053f45beSAndroid Build Coastguard Worker munmap((void *)(encl->encl_base + encl_size),
331*053f45beSAndroid Build Coastguard Worker (uint64_t)area + encl_size - encl->encl_base);
332*053f45beSAndroid Build Coastguard Worker
333*053f45beSAndroid Build Coastguard Worker return true;
334*053f45beSAndroid Build Coastguard Worker }
335*053f45beSAndroid Build Coastguard Worker
encl_build(struct encl * encl)336*053f45beSAndroid Build Coastguard Worker bool encl_build(struct encl *encl)
337*053f45beSAndroid Build Coastguard Worker {
338*053f45beSAndroid Build Coastguard Worker struct sgx_enclave_init ioc;
339*053f45beSAndroid Build Coastguard Worker int ret;
340*053f45beSAndroid Build Coastguard Worker int i;
341*053f45beSAndroid Build Coastguard Worker
342*053f45beSAndroid Build Coastguard Worker if (!encl_map_area(encl))
343*053f45beSAndroid Build Coastguard Worker return false;
344*053f45beSAndroid Build Coastguard Worker
345*053f45beSAndroid Build Coastguard Worker if (!encl_ioc_create(encl))
346*053f45beSAndroid Build Coastguard Worker return false;
347*053f45beSAndroid Build Coastguard Worker
348*053f45beSAndroid Build Coastguard Worker /*
349*053f45beSAndroid Build Coastguard Worker * Pages must be added before mapping VMAs because their permissions
350*053f45beSAndroid Build Coastguard Worker * cap the VMA permissions.
351*053f45beSAndroid Build Coastguard Worker */
352*053f45beSAndroid Build Coastguard Worker for (i = 0; i < encl->nr_segments; i++) {
353*053f45beSAndroid Build Coastguard Worker struct encl_segment *seg = &encl->segment_tbl[i];
354*053f45beSAndroid Build Coastguard Worker
355*053f45beSAndroid Build Coastguard Worker if (!encl_ioc_add_pages(encl, seg))
356*053f45beSAndroid Build Coastguard Worker return false;
357*053f45beSAndroid Build Coastguard Worker }
358*053f45beSAndroid Build Coastguard Worker
359*053f45beSAndroid Build Coastguard Worker ioc.sigstruct = (uint64_t)&encl->sigstruct;
360*053f45beSAndroid Build Coastguard Worker ret = ioctl(encl->fd, SGX_IOC_ENCLAVE_INIT, &ioc);
361*053f45beSAndroid Build Coastguard Worker if (ret) {
362*053f45beSAndroid Build Coastguard Worker perror("SGX_IOC_ENCLAVE_INIT failed");
363*053f45beSAndroid Build Coastguard Worker return false;
364*053f45beSAndroid Build Coastguard Worker }
365*053f45beSAndroid Build Coastguard Worker
366*053f45beSAndroid Build Coastguard Worker return true;
367*053f45beSAndroid Build Coastguard Worker }
368