xref: /openbmc/linux/tools/testing/selftests/sgx/load.c (revision 8fc4e4aa)
1 // SPDX-License-Identifier: GPL-2.0
2 /*  Copyright(c) 2016-20 Intel Corporation. */
3 
4 #include <assert.h>
5 #include <elf.h>
6 #include <errno.h>
7 #include <fcntl.h>
8 #include <stdbool.h>
9 #include <stdio.h>
10 #include <stdint.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include <unistd.h>
14 #include <sys/ioctl.h>
15 #include <sys/mman.h>
16 #include <sys/stat.h>
17 #include <sys/time.h>
18 #include <sys/types.h>
19 #include "defines.h"
20 #include "main.h"
21 
22 void encl_delete(struct encl *encl)
23 {
24 	if (encl->encl_base)
25 		munmap((void *)encl->encl_base, encl->encl_size);
26 
27 	if (encl->bin)
28 		munmap(encl->bin, encl->bin_size);
29 
30 	if (encl->fd)
31 		close(encl->fd);
32 
33 	if (encl->segment_tbl)
34 		free(encl->segment_tbl);
35 
36 	memset(encl, 0, sizeof(*encl));
37 }
38 
39 static bool encl_map_bin(const char *path, struct encl *encl)
40 {
41 	struct stat sb;
42 	void *bin;
43 	int ret;
44 	int fd;
45 
46 	fd = open(path, O_RDONLY);
47 	if (fd == -1)  {
48 		perror("enclave executable open()");
49 		return false;
50 	}
51 
52 	ret = stat(path, &sb);
53 	if (ret) {
54 		perror("enclave executable stat()");
55 		goto err;
56 	}
57 
58 	bin = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
59 	if (bin == MAP_FAILED) {
60 		perror("enclave executable mmap()");
61 		goto err;
62 	}
63 
64 	encl->bin = bin;
65 	encl->bin_size = sb.st_size;
66 
67 	close(fd);
68 	return true;
69 
70 err:
71 	close(fd);
72 	return false;
73 }
74 
75 static bool encl_ioc_create(struct encl *encl)
76 {
77 	struct sgx_secs *secs = &encl->secs;
78 	struct sgx_enclave_create ioc;
79 	int rc;
80 
81 	assert(encl->encl_base != 0);
82 
83 	memset(secs, 0, sizeof(*secs));
84 	secs->ssa_frame_size = 1;
85 	secs->attributes = SGX_ATTR_MODE64BIT;
86 	secs->xfrm = 3;
87 	secs->base = encl->encl_base;
88 	secs->size = encl->encl_size;
89 
90 	ioc.src = (unsigned long)secs;
91 	rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_CREATE, &ioc);
92 	if (rc) {
93 		perror("SGX_IOC_ENCLAVE_CREATE failed");
94 		munmap((void *)secs->base, encl->encl_size);
95 		return false;
96 	}
97 
98 	return true;
99 }
100 
101 static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg)
102 {
103 	struct sgx_enclave_add_pages ioc;
104 	struct sgx_secinfo secinfo;
105 	int rc;
106 
107 	memset(&secinfo, 0, sizeof(secinfo));
108 	secinfo.flags = seg->flags;
109 
110 	ioc.src = (uint64_t)encl->src + seg->offset;
111 	ioc.offset = seg->offset;
112 	ioc.length = seg->size;
113 	ioc.secinfo = (unsigned long)&secinfo;
114 	ioc.flags = SGX_PAGE_MEASURE;
115 
116 	rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc);
117 	if (rc < 0) {
118 		perror("SGX_IOC_ENCLAVE_ADD_PAGES failed");
119 		return false;
120 	}
121 
122 	return true;
123 }
124 
125 
126 
127 bool encl_load(const char *path, struct encl *encl)
128 {
129 	const char device_path[] = "/dev/sgx_enclave";
130 	Elf64_Phdr *phdr_tbl;
131 	off_t src_offset;
132 	Elf64_Ehdr *ehdr;
133 	struct stat sb;
134 	void *ptr;
135 	int i, j;
136 	int ret;
137 	int fd = -1;
138 
139 	memset(encl, 0, sizeof(*encl));
140 
141 	fd = open(device_path, O_RDWR);
142 	if (fd < 0) {
143 		perror("Unable to open /dev/sgx_enclave");
144 		goto err;
145 	}
146 
147 	ret = stat(device_path, &sb);
148 	if (ret) {
149 		perror("device file stat()");
150 		goto err;
151 	}
152 
153 	/*
154 	 * This just checks if the /dev file has these permission
155 	 * bits set.  It does not check that the current user is
156 	 * the owner or in the owning group.
157 	 */
158 	if (!(sb.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) {
159 		fprintf(stderr, "no execute permissions on device file %s\n", device_path);
160 		goto err;
161 	}
162 
163 	ptr = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_SHARED, fd, 0);
164 	if (ptr == (void *)-1) {
165 		perror("mmap for read");
166 		goto err;
167 	}
168 	munmap(ptr, PAGE_SIZE);
169 
170 #define ERR_MSG \
171 "mmap() succeeded for PROT_READ, but failed for PROT_EXEC.\n" \
172 " Check that current user has execute permissions on %s and \n" \
173 " that /dev does not have noexec set: mount | grep \"/dev .*noexec\"\n" \
174 " If so, remount it executable: mount -o remount,exec /dev\n\n"
175 
176 	ptr = mmap(NULL, PAGE_SIZE, PROT_EXEC, MAP_SHARED, fd, 0);
177 	if (ptr == (void *)-1) {
178 		fprintf(stderr, ERR_MSG, device_path);
179 		goto err;
180 	}
181 	munmap(ptr, PAGE_SIZE);
182 
183 	encl->fd = fd;
184 
185 	if (!encl_map_bin(path, encl))
186 		goto err;
187 
188 	ehdr = encl->bin;
189 	phdr_tbl = encl->bin + ehdr->e_phoff;
190 
191 	for (i = 0; i < ehdr->e_phnum; i++) {
192 		Elf64_Phdr *phdr = &phdr_tbl[i];
193 
194 		if (phdr->p_type == PT_LOAD)
195 			encl->nr_segments++;
196 	}
197 
198 	encl->segment_tbl = calloc(encl->nr_segments,
199 				   sizeof(struct encl_segment));
200 	if (!encl->segment_tbl)
201 		goto err;
202 
203 	for (i = 0, j = 0; i < ehdr->e_phnum; i++) {
204 		Elf64_Phdr *phdr = &phdr_tbl[i];
205 		unsigned int flags = phdr->p_flags;
206 		struct encl_segment *seg;
207 
208 		if (phdr->p_type != PT_LOAD)
209 			continue;
210 
211 		seg = &encl->segment_tbl[j];
212 
213 		if (!!(flags & ~(PF_R | PF_W | PF_X))) {
214 			fprintf(stderr,
215 				"%d has invalid segment flags 0x%02x.\n", i,
216 				phdr->p_flags);
217 			goto err;
218 		}
219 
220 		if (j == 0 && flags != (PF_R | PF_W)) {
221 			fprintf(stderr,
222 				"TCS has invalid segment flags 0x%02x.\n",
223 				phdr->p_flags);
224 			goto err;
225 		}
226 
227 		if (j == 0) {
228 			src_offset = phdr->p_offset & PAGE_MASK;
229 
230 			seg->prot = PROT_READ | PROT_WRITE;
231 			seg->flags = SGX_PAGE_TYPE_TCS << 8;
232 		} else  {
233 			seg->prot = (phdr->p_flags & PF_R) ? PROT_READ : 0;
234 			seg->prot |= (phdr->p_flags & PF_W) ? PROT_WRITE : 0;
235 			seg->prot |= (phdr->p_flags & PF_X) ? PROT_EXEC : 0;
236 			seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot;
237 		}
238 
239 		seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset;
240 		seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK;
241 
242 		printf("0x%016lx 0x%016lx 0x%02x\n", seg->offset, seg->size,
243 		       seg->prot);
244 
245 		j++;
246 	}
247 
248 	assert(j == encl->nr_segments);
249 
250 	encl->src = encl->bin + src_offset;
251 	encl->src_size = encl->segment_tbl[j - 1].offset +
252 			 encl->segment_tbl[j - 1].size;
253 
254 	for (encl->encl_size = 4096; encl->encl_size < encl->src_size; )
255 		encl->encl_size <<= 1;
256 
257 	return true;
258 
259 err:
260 	if (fd != -1)
261 		close(fd);
262 	encl_delete(encl);
263 	return false;
264 }
265 
266 static bool encl_map_area(struct encl *encl)
267 {
268 	size_t encl_size = encl->encl_size;
269 	void *area;
270 
271 	area = mmap(NULL, encl_size * 2, PROT_NONE,
272 		    MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
273 	if (area == MAP_FAILED) {
274 		perror("reservation mmap()");
275 		return false;
276 	}
277 
278 	encl->encl_base = ((uint64_t)area + encl_size - 1) & ~(encl_size - 1);
279 
280 	munmap(area, encl->encl_base - (uint64_t)area);
281 	munmap((void *)(encl->encl_base + encl_size),
282 	       (uint64_t)area + encl_size - encl->encl_base);
283 
284 	return true;
285 }
286 
287 bool encl_build(struct encl *encl)
288 {
289 	struct sgx_enclave_init ioc;
290 	int ret;
291 	int i;
292 
293 	if (!encl_map_area(encl))
294 		return false;
295 
296 	if (!encl_ioc_create(encl))
297 		return false;
298 
299 	/*
300 	 * Pages must be added before mapping VMAs because their permissions
301 	 * cap the VMA permissions.
302 	 */
303 	for (i = 0; i < encl->nr_segments; i++) {
304 		struct encl_segment *seg = &encl->segment_tbl[i];
305 
306 		if (!encl_ioc_add_pages(encl, seg))
307 			return false;
308 	}
309 
310 	ioc.sigstruct = (uint64_t)&encl->sigstruct;
311 	ret = ioctl(encl->fd, SGX_IOC_ENCLAVE_INIT, &ioc);
312 	if (ret) {
313 		perror("SGX_IOC_ENCLAVE_INIT failed");
314 		return false;
315 	}
316 
317 	return true;
318 }
319