From d67bb7107596055be373f5f62da97b55f8cec2c3 Mon Sep 17 00:00:00 2001 From: houmingyong Date: Sat, 28 Oct 2023 10:47:42 +0800 Subject: [PATCH] backport patch and cve --- ...ng-vulnerability-for-MessageSet-type.patch | 367 ++++++++++++++++++ ...x-sgx_create_enclave-retry-mechanism.patch | 251 ++++++++++++ linux-sgx.spec | 5 + 3 files changed, 623 insertions(+) create mode 100644 backport-CVE-2022-1941-Fix-parsing-vulnerability-for-MessageSet-type.patch create mode 100644 backport-Fix-sgx_create_enclave-retry-mechanism.patch diff --git a/backport-CVE-2022-1941-Fix-parsing-vulnerability-for-MessageSet-type.patch b/backport-CVE-2022-1941-Fix-parsing-vulnerability-for-MessageSet-type.patch new file mode 100644 index 0000000..c2a662f --- /dev/null +++ b/backport-CVE-2022-1941-Fix-parsing-vulnerability-for-MessageSet-type.patch @@ -0,0 +1,367 @@ +From 55815e423bb82cc828836bbd60c79c1f9a195763 Mon Sep 17 00:00:00 2001 +From: Deanna Garcia +Date: Tue, 13 Sep 2022 17:20:00 +0000 +Subject: [PATCH] Apply patch + +Reference:https://github.com/protocolbuffers/protobuf/commit/55815e423bb82cc828836bbd60c79c1f9a195763 +Conflict: Changing the Source File Path +--- + src/google/protobuf/extension_set_inl.h | 27 +++-- + src/google/protobuf/wire_format.cc | 26 +++-- + src/google/protobuf/wire_format_lite.h | 27 +++-- + src/google/protobuf/wire_format_unittest.cc | 109 ++++++++++++++++++-- + 4 files changed, 152 insertions(+), 37 deletions(-) + +diff --git a/external/protobuf/protobuf_code/src/google/protobuf/extension_set_inl.h b/external/protobuf/protobuf_code/src/google/protobuf/extension_set_inl.h +index 074784b96d5..77f95f62fd5 100644 +--- a/external/protobuf/protobuf_code/src/google/protobuf/extension_set_inl.h ++++ b/external/protobuf/protobuf_code/src/google/protobuf/extension_set_inl.h +@@ -206,16 +206,21 @@ const char* ExtensionSet::ParseMessageSetItemTmpl( + const char* ptr, const Msg* containing_type, + internal::InternalMetadata* metadata, internal::ParseContext* ctx) { + std::string payload; +- uint32 type_id = 0; +- bool payload_read = false; ++ uint32 type_id; ++ enum class State { kNoTag, kHasType, kHasPayload, kDone }; ++ State state = State::kNoTag; ++ + while (!ctx->Done(&ptr)) { + uint32 tag = static_cast(*ptr++); + if (tag == WireFormatLite::kMessageSetTypeIdTag) { + uint64 tmp; + ptr = ParseBigVarint(ptr, &tmp); + GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); +- type_id = tmp; +- if (payload_read) { ++ if (state == State::kNoTag) { ++ type_id = tmp; ++ state = State::kHasType; ++ } else if (state == State::kHasPayload) { ++ type_id = tmp; + ExtensionInfo extension; + bool was_packed_on_wire; + if (!FindExtension(2, type_id, containing_type, ctx, &extension, +@@ -241,20 +246,24 @@ const char* ExtensionSet::ParseMessageSetItemTmpl( + GOOGLE_PROTOBUF_PARSER_ASSERT(value->_InternalParse(p, &tmp_ctx) && + tmp_ctx.EndedAtLimit()); + } +- type_id = 0; ++ state = State::kDone; + } + } else if (tag == WireFormatLite::kMessageSetMessageTag) { +- if (type_id != 0) { ++ if (state == State::kHasType) { + ptr = ParseFieldMaybeLazily(static_cast(type_id) * 8 + 2, ptr, + containing_type, metadata, ctx); + GOOGLE_PROTOBUF_PARSER_ASSERT(ptr != nullptr); +- type_id = 0; ++ state = State::kDone; + } else { ++ std::string tmp; + int32 size = ReadSize(&ptr); + GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); +- ptr = ctx->ReadString(ptr, size, &payload); ++ ptr = ctx->ReadString(ptr, size, &tmp); + GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); +- payload_read = true; ++ if (state == State::kNoTag) { ++ payload = std::move(tmp); ++ state = State::kHasPayload; ++ } + } + } else { + ptr = ReadTag(ptr - 1, &tag); +diff --git a/external/protobuf/protobuf_code/src/google/protobuf/wire_format.cc b/external/protobuf/protobuf_code/src/google/protobuf/wire_format.cc +index c30b7abff63..382d01ea0cf 100644 +--- a/external/protobuf/protobuf_code/src/google/protobuf/wire_format.cc ++++ b/external/protobuf/protobuf_code/src/google/protobuf/wire_format.cc +@@ -657,9 +657,11 @@ struct WireFormat::MessageSetParser { + const char* _InternalParse(const char* ptr, internal::ParseContext* ctx) { + // Parse a MessageSetItem + auto metadata = reflection->MutableInternalMetadata(msg); ++ enum class State { kNoTag, kHasType, kHasPayload, kDone }; ++ State state = State::kNoTag; ++ + std::string payload; + uint32 type_id = 0; +- bool payload_read = false; + while (!ctx->Done(&ptr)) { + // We use 64 bit tags in order to allow typeid's that span the whole + // range of 32 bit numbers. +@@ -668,8 +670,11 @@ struct WireFormat::MessageSetParser { + uint64 tmp; + ptr = ParseBigVarint(ptr, &tmp); + GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); +- type_id = tmp; +- if (payload_read) { ++ if (state == State::kNoTag) { ++ type_id = tmp; ++ state = State::kHasType; ++ } else if (state == State::kHasPayload) { ++ type_id = tmp; + const FieldDescriptor* field; + if (ctx->data().pool == nullptr) { + field = reflection->FindKnownExtensionByNumber(type_id); +@@ -696,17 +701,17 @@ struct WireFormat::MessageSetParser { + GOOGLE_PROTOBUF_PARSER_ASSERT(value->_InternalParse(p, &tmp_ctx) && + tmp_ctx.EndedAtLimit()); + } +- type_id = 0; ++ state = State::kDone; + } + continue; + } else if (tag == WireFormatLite::kMessageSetMessageTag) { +- if (type_id == 0) { ++ if (state == State::kNoTag) { + int32 size = ReadSize(&ptr); + GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); + ptr = ctx->ReadString(ptr, size, &payload); + GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); +- payload_read = true; +- } else { ++ state = State::kHasPayload; ++ } else if (state == State::kHasType) { + // We're now parsing the payload + const FieldDescriptor* field = nullptr; + if (descriptor->IsExtensionNumber(type_id)) { +@@ -720,7 +725,12 @@ struct WireFormat::MessageSetParser { + ptr = WireFormat::_InternalParseAndMergeField( + msg, ptr, ctx, static_cast(type_id) * 8 + 2, reflection, + field); +- type_id = 0; ++ state = State::kDone; ++ } else { ++ int32 size = ReadSize(&ptr); ++ GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); ++ ptr = ctx->Skip(ptr, size); ++ GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); + } + } else { + // An unknown field in MessageSetItem. +diff --git a/external/protobuf/protobuf_code/src/google/protobuf/wire_format_lite.h b/external/protobuf/protobuf_code/src/google/protobuf/wire_format_lite.h +index f2a3cad8281..0b13096ccbf 100644 +--- a/external/protobuf/protobuf_code/src/google/protobuf/wire_format_lite.h ++++ b/external/protobuf/protobuf_code/src/google/protobuf/wire_format_lite.h +@@ -1798,6 +1798,9 @@ bool ParseMessageSetItemImpl(io::CodedInputStream* input, MS ms) { + // we can parse it later. + std::string message_data; + ++ enum class State { kNoTag, kHasType, kHasPayload, kDone }; ++ State state = State::kNoTag; ++ + while (true) { + const uint32 tag = input->ReadTagNoLastTag(); + if (tag == 0) return false; +@@ -1806,26 +1809,34 @@ bool ParseMessageSetItemImpl(io::CodedInputStream* input, MS ms) { + case WireFormatLite::kMessageSetTypeIdTag: { + uint32 type_id; + if (!input->ReadVarint32(&type_id)) return false; +- last_type_id = type_id; +- +- if (!message_data.empty()) { ++ if (state == State::kNoTag) { ++ last_type_id = type_id; ++ state = State::kHasType; ++ } else if (state == State::kHasPayload) { + // We saw some message data before the type_id. Have to parse it + // now. + io::CodedInputStream sub_input( + reinterpret_cast(message_data.data()), + static_cast(message_data.size())); + sub_input.SetRecursionLimit(input->RecursionBudget()); +- if (!ms.ParseField(last_type_id, &sub_input)) { ++ if (!ms.ParseField(type_id, &sub_input)) { + return false; + } + message_data.clear(); ++ state = State::kDone; + } + + break; + } + + case WireFormatLite::kMessageSetMessageTag: { +- if (last_type_id == 0) { ++ if (state == State::kHasType) { ++ // Already saw type_id, so we can parse this directly. ++ if (!ms.ParseField(last_type_id, input)) { ++ return false; ++ } ++ state = State::kDone; ++ } else if (state == State::kNoTag) { + // We haven't seen a type_id yet. Append this data to message_data. + uint32 length; + if (!input->ReadVarint32(&length)) return false; +@@ -1836,11 +1847,9 @@ bool ParseMessageSetItemImpl(io::CodedInputStream* input, MS ms) { + auto ptr = reinterpret_cast(&message_data[0]); + ptr = io::CodedOutputStream::WriteVarint32ToArray(length, ptr); + if (!input->ReadRaw(ptr, length)) return false; ++ state = State::kHasPayload; + } else { +- // Already saw type_id, so we can parse this directly. +- if (!ms.ParseField(last_type_id, input)) { +- return false; +- } ++ if (!ms.SkipField(tag, input)) return false; + } + + break; +diff --git a/external/protobuf/protobuf_code/src/google/protobuf/wire_format_unittest.cc b/external/protobuf/protobuf_code/src/google/protobuf/wire_format_unittest.cc +index e75fc316f87..8d767b2833e 100644 +--- a/external/protobuf/protobuf_code/src/google/protobuf/wire_format_unittest.cc ++++ b/external/protobuf/protobuf_code/src/google/protobuf/wire_format_unittest.cc +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -585,30 +586,56 @@ TEST(WireFormatTest, ParseMessageSet) { + EXPECT_EQ(message_set.DebugString(), dynamic_message_set.DebugString()); + } + +-TEST(WireFormatTest, ParseMessageSetWithReverseTagOrder) { ++namespace { ++std::string BuildMessageSetItemStart() { + std::string data; + { +- unittest::TestMessageSetExtension1 message; +- message.set_i(123); +- // Build a MessageSet manually with its message content put before its +- // type_id. + io::StringOutputStream output_stream(&data); + io::CodedOutputStream coded_output(&output_stream); + coded_output.WriteTag(WireFormatLite::kMessageSetItemStartTag); ++ } ++ return data; ++} ++std::string BuildMessageSetItemEnd() { ++ std::string data; ++ { ++ io::StringOutputStream output_stream(&data); ++ io::CodedOutputStream coded_output(&output_stream); ++ coded_output.WriteTag(WireFormatLite::kMessageSetItemEndTag); ++ } ++ return data; ++} ++std::string BuildMessageSetTestExtension1(int value = 123) { ++ std::string data; ++ { ++ unittest::TestMessageSetExtension1 message; ++ message.set_i(value); ++ io::StringOutputStream output_stream(&data); ++ io::CodedOutputStream coded_output(&output_stream); + // Write the message content first. + WireFormatLite::WriteTag(WireFormatLite::kMessageSetMessageNumber, + WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + &coded_output); + coded_output.WriteVarint32(message.ByteSizeLong()); + message.SerializeWithCachedSizes(&coded_output); +- // Write the type id. +- uint32 type_id = message.GetDescriptor()->extension(0)->number(); ++ } ++ return data; ++} ++std::string BuildMessageSetItemTypeId(int extension_number) { ++ std::string data; ++ { ++ io::StringOutputStream output_stream(&data); ++ io::CodedOutputStream coded_output(&output_stream); + WireFormatLite::WriteUInt32(WireFormatLite::kMessageSetTypeIdNumber, +- type_id, &coded_output); +- coded_output.WriteTag(WireFormatLite::kMessageSetItemEndTag); ++ extension_number, &coded_output); + } ++ return data; ++} ++void ValidateTestMessageSet(const std::string& test_case, ++ const std::string& data) { ++ SCOPED_TRACE(test_case); + { +- proto2_wireformat_unittest::TestMessageSet message_set; ++ ::proto2_wireformat_unittest::TestMessageSet message_set; + ASSERT_TRUE(message_set.ParseFromString(data)); + + EXPECT_EQ(123, +@@ -616,10 +643,15 @@ TEST(WireFormatTest, ParseMessageSetWithReverseTagOrder) { + .GetExtension( + unittest::TestMessageSetExtension1::message_set_extension) + .i()); ++ ++ // Make sure it does not contain anything else. ++ message_set.ClearExtension( ++ unittest::TestMessageSetExtension1::message_set_extension); ++ EXPECT_EQ(message_set.SerializeAsString(), ""); + } + { + // Test parse the message via Reflection. +- proto2_wireformat_unittest::TestMessageSet message_set; ++ ::proto2_wireformat_unittest::TestMessageSet message_set; + io::CodedInputStream input(reinterpret_cast(data.data()), + data.size()); + EXPECT_TRUE(WireFormat::ParseAndMergePartial(&input, &message_set)); +@@ -631,6 +663,61 @@ TEST(WireFormatTest, ParseMessageSetWithReverseTagOrder) { + unittest::TestMessageSetExtension1::message_set_extension) + .i()); + } ++ { ++ // Test parse the message via DynamicMessage. ++ DynamicMessageFactory factory; ++ std::unique_ptr msg( ++ factory ++ .GetPrototype( ++ ::proto2_wireformat_unittest::TestMessageSet::descriptor()) ++ ->New()); ++ msg->ParseFromString(data); ++ auto* reflection = msg->GetReflection(); ++ std::vector fields; ++ reflection->ListFields(*msg, &fields); ++ ASSERT_EQ(fields.size(), 1); ++ const auto& sub = reflection->GetMessage(*msg, fields[0]); ++ reflection = sub.GetReflection(); ++ EXPECT_EQ(123, reflection->GetInt32( ++ sub, sub.GetDescriptor()->FindFieldByName("i"))); ++ } ++} ++} // namespace ++ ++TEST(WireFormatTest, ParseMessageSetWithAnyTagOrder) { ++ std::string start = BuildMessageSetItemStart(); ++ std::string end = BuildMessageSetItemEnd(); ++ std::string id = BuildMessageSetItemTypeId( ++ unittest::TestMessageSetExtension1::descriptor()->extension(0)->number()); ++ std::string message = BuildMessageSetTestExtension1(); ++ ++ ValidateTestMessageSet("id + message", start + id + message + end); ++ ValidateTestMessageSet("message + id", start + message + id + end); ++} ++ ++TEST(WireFormatTest, ParseMessageSetWithDuplicateTags) { ++ std::string start = BuildMessageSetItemStart(); ++ std::string end = BuildMessageSetItemEnd(); ++ std::string id = BuildMessageSetItemTypeId( ++ unittest::TestMessageSetExtension1::descriptor()->extension(0)->number()); ++ std::string other_id = BuildMessageSetItemTypeId(123456); ++ std::string message = BuildMessageSetTestExtension1(); ++ std::string other_message = BuildMessageSetTestExtension1(321); ++ ++ // Double id ++ ValidateTestMessageSet("id + other_id + message", ++ start + id + other_id + message + end); ++ ValidateTestMessageSet("id + message + other_id", ++ start + id + message + other_id + end); ++ ValidateTestMessageSet("message + id + other_id", ++ start + message + id + other_id + end); ++ // Double message ++ ValidateTestMessageSet("id + message + other_message", ++ start + id + message + other_message + end); ++ ValidateTestMessageSet("message + id + other_message", ++ start + message + id + other_message + end); ++ ValidateTestMessageSet("message + other_message + id", ++ start + message + other_message + id + end); + } + + void SerializeReverseOrder( diff --git a/backport-Fix-sgx_create_enclave-retry-mechanism.patch b/backport-Fix-sgx_create_enclave-retry-mechanism.patch new file mode 100644 index 0000000..3c41dbd --- /dev/null +++ b/backport-Fix-sgx_create_enclave-retry-mechanism.patch @@ -0,0 +1,251 @@ +From 2502597c269947edcd2bc38d9d4277f558a4a25e Mon Sep 17 00:00:00 2001 +From: gaoyusong +Date: Tue, 28 Feb 2023 19:57:46 +0800 +Subject: [PATCH] Fix sgx_create_enclave retry mechanism + +Reference: https://github.com/intel/linux-sgx/commit/111a916b5d19554d2c86f3d881bf00ac91de1b34 +Conflict: NA + +--- + .../templates/sgx/SGXEnclave/untrusted/sample.cpp | 5 +++++ + SampleCode/Cxx11SGXDemo/App/App.cpp | 5 +++++ + SampleCode/Cxx14SGXDemo/App/App.cpp | 5 +++++ + SampleCode/PowerTransition/App/ErrorSupport.cpp | 1 + + SampleCode/ProtobufSGXDemo/App/App.cpp | 5 +++++ + SampleCode/SampleDNNL/App/App.cpp | 5 +++++ + SampleCode/SampleEnclave/App/App.cpp | 5 +++++ + SampleCode/SampleEnclaveGMIPP/App/App.cpp | 5 +++++ + SampleCode/SampleEnclavePCL/App/App.cpp | 5 +++++ + SampleCode/SealUnseal/App/ErrorSupport.cpp | 1 + + SampleCode/Switchless/App/App.cpp | 5 +++++ + common/inc/sgx_error.h | 2 +- + psw/ae/aesm_service/source/oal/linux/internal_log.cpp | 1 + + psw/urts/loader.cpp | 9 +++++---- + 14 files changed, 54 insertions(+), 5 deletions(-) + +diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/untrusted/sample.cpp b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/untrusted/sample.cpp +index 2885ebd..c8bcf48 100644 +--- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/untrusted/sample.cpp ++++ b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/untrusted/sample.cpp +@@ -102,6 +102,11 @@ static sgx_errlist_t sgx_errlist[] = { + "Can't open enclave file.", + NULL + }, ++ { ++ SGX_ERROR_MEMORY_MAP_FAILURE, ++ "Failed to reserve memory for the enclave.", ++ NULL ++ }, + }; + + /* Check error conditions for loading enclave */ +diff --git a/SampleCode/Cxx11SGXDemo/App/App.cpp b/SampleCode/Cxx11SGXDemo/App/App.cpp +index cc92865..f44b435 100644 +--- a/SampleCode/Cxx11SGXDemo/App/App.cpp ++++ b/SampleCode/Cxx11SGXDemo/App/App.cpp +@@ -132,6 +132,11 @@ static sgx_errlist_t sgx_errlist[] = { + "The enclave is signed as product enclave, and can not be created as debuggable enclave.", + NULL + }, ++ { ++ SGX_ERROR_MEMORY_MAP_FAILURE, ++ "Failed to reserve memory for the enclave.", ++ NULL ++ }, + }; + + /* Check error conditions for loading enclave */ +diff --git a/SampleCode/Cxx14SGXDemo/App/App.cpp b/SampleCode/Cxx14SGXDemo/App/App.cpp +index 62a8dde..59cdfbe 100644 +--- a/SampleCode/Cxx14SGXDemo/App/App.cpp ++++ b/SampleCode/Cxx14SGXDemo/App/App.cpp +@@ -132,6 +132,11 @@ static sgx_errlist_t sgx_errlist[] = { + "The enclave is signed as product enclave, and can not be created as debuggable enclave.", + NULL + }, ++ { ++ SGX_ERROR_MEMORY_MAP_FAILURE, ++ "Failed to reserve memory for the enclave.", ++ NULL ++ }, + }; + + /* Check error conditions for loading enclave */ +diff --git a/SampleCode/PowerTransition/App/ErrorSupport.cpp b/SampleCode/PowerTransition/App/ErrorSupport.cpp +index 4142ab0..9fdf0ce 100644 +--- a/SampleCode/PowerTransition/App/ErrorSupport.cpp ++++ b/SampleCode/PowerTransition/App/ErrorSupport.cpp +@@ -51,6 +51,7 @@ static sgx_errlist_t sgx_errlist[] = { + {SGX_ERROR_OUT_OF_EPC, "Out of EPC memory."}, + {SGX_ERROR_NO_DEVICE, "Invalid SGX device."}, + {SGX_ERROR_MEMORY_MAP_CONFLICT, "Memory map conflicted."}, ++ {SGX_ERROR_MEMORY_MAP_FAILURE, "Failed to reserve memory for the enclave."}, + {SGX_ERROR_INVALID_METADATA, "Invalid encalve metadata."}, + {SGX_ERROR_DEVICE_BUSY, "SGX device is busy."}, + {SGX_ERROR_INVALID_VERSION, "Enclave metadata version is invalid."}, +diff --git a/SampleCode/ProtobufSGXDemo/App/App.cpp b/SampleCode/ProtobufSGXDemo/App/App.cpp +index 58b74b4..ae7f2f3 100644 +--- a/SampleCode/ProtobufSGXDemo/App/App.cpp ++++ b/SampleCode/ProtobufSGXDemo/App/App.cpp +@@ -132,6 +132,11 @@ static sgx_errlist_t sgx_errlist[] = { + "The enclave is signed as product enclave, and can not be created as debuggable enclave.", + NULL + }, ++ { ++ SGX_ERROR_MEMORY_MAP_FAILURE, ++ "Failed to reserve memory for the enclave.", ++ NULL ++ }, + }; + + /* Check error conditions for loading enclave */ +diff --git a/SampleCode/SampleDNNL/App/App.cpp b/SampleCode/SampleDNNL/App/App.cpp +index 41c6752..cfb4f15 100644 +--- a/SampleCode/SampleDNNL/App/App.cpp ++++ b/SampleCode/SampleDNNL/App/App.cpp +@@ -134,6 +134,11 @@ static sgx_errlist_t sgx_errlist[] = { + "Can't open enclave file.", + NULL + }, ++ { ++ SGX_ERROR_MEMORY_MAP_FAILURE, ++ "Failed to reserve memory for the enclave.", ++ NULL ++ }, + }; + + /* Check error conditions for loading enclave */ +diff --git a/SampleCode/SampleEnclave/App/App.cpp b/SampleCode/SampleEnclave/App/App.cpp +index 6ac49c8..8aa10da 100644 +--- a/SampleCode/SampleEnclave/App/App.cpp ++++ b/SampleCode/SampleEnclave/App/App.cpp +@@ -128,6 +128,11 @@ static sgx_errlist_t sgx_errlist[] = { + "Can't open enclave file.", + NULL + }, ++ { ++ SGX_ERROR_MEMORY_MAP_FAILURE, ++ "Failed to reserve memory for the enclave.", ++ NULL ++ }, + }; + + /* Check error conditions for loading enclave */ +diff --git a/SampleCode/SampleEnclaveGMIPP/App/App.cpp b/SampleCode/SampleEnclaveGMIPP/App/App.cpp +index 9e951ae..8b2123c 100644 +--- a/SampleCode/SampleEnclaveGMIPP/App/App.cpp ++++ b/SampleCode/SampleEnclaveGMIPP/App/App.cpp +@@ -129,6 +129,11 @@ static sgx_errlist_t sgx_errlist[] = { + "Can't open enclave file.", + NULL + }, ++ { ++ SGX_ERROR_MEMORY_MAP_FAILURE, ++ "Failed to reserve memory for the enclave.", ++ NULL ++ }, + }; + + /* Check error conditions for loading enclave */ +diff --git a/SampleCode/SampleEnclavePCL/App/App.cpp b/SampleCode/SampleEnclavePCL/App/App.cpp +index 092c68f..42d3c64 100644 +--- a/SampleCode/SampleEnclavePCL/App/App.cpp ++++ b/SampleCode/SampleEnclavePCL/App/App.cpp +@@ -158,6 +158,11 @@ static sgx_errlist_t sgx_errlist[] = { + "PCL sealed key GUID mismatch.", + NULL + }, ++ { ++ SGX_ERROR_MEMORY_MAP_FAILURE, ++ "Failed to reserve memory for the enclave.", ++ NULL ++ }, + }; + + /* Check error conditions for loading enclave */ +diff --git a/SampleCode/SealUnseal/App/ErrorSupport.cpp b/SampleCode/SealUnseal/App/ErrorSupport.cpp +index d890442..8b456a8 100644 +--- a/SampleCode/SealUnseal/App/ErrorSupport.cpp ++++ b/SampleCode/SealUnseal/App/ErrorSupport.cpp +@@ -50,6 +50,7 @@ static sgx_errlist_t sgx_errlist[] = { + {SGX_ERROR_OUT_OF_EPC, "Out of EPC memory."}, + {SGX_ERROR_NO_DEVICE, "Invalid SGX device."}, + {SGX_ERROR_MEMORY_MAP_CONFLICT, "Memory map conflicted."}, ++ {SGX_ERROR_MEMORY_MAP_FAILURE, "Failed to reserve memory for the enclave."}, + {SGX_ERROR_INVALID_METADATA, "Invalid encalve metadata."}, + {SGX_ERROR_DEVICE_BUSY, "SGX device is busy."}, + {SGX_ERROR_INVALID_VERSION, "Enclave metadata version is invalid."}, +diff --git a/SampleCode/Switchless/App/App.cpp b/SampleCode/Switchless/App/App.cpp +index e86b49b..4f05c19 100644 +--- a/SampleCode/Switchless/App/App.cpp ++++ b/SampleCode/Switchless/App/App.cpp +@@ -132,6 +132,11 @@ static sgx_errlist_t sgx_errlist[] = { + "Can't open enclave file.", + NULL + }, ++ { ++ SGX_ERROR_MEMORY_MAP_FAILURE, ++ "Failed to reserve memory for the enclave.", ++ NULL ++ }, + }; + + /* Check error conditions for loading enclave */ +diff --git a/common/inc/sgx_error.h b/common/inc/sgx_error.h +index 1a410ca..d38ec05 100644 +--- a/common/inc/sgx_error.h ++++ b/common/inc/sgx_error.h +@@ -61,7 +61,7 @@ typedef enum _status_t + SGX_ERROR_NDEBUG_ENCLAVE = SGX_MK_ERROR(0x2004), /* The enclave is signed as product enclave, and can not be created as debuggable enclave. */ + SGX_ERROR_OUT_OF_EPC = SGX_MK_ERROR(0x2005), /* Not enough EPC is available to load the enclave */ + SGX_ERROR_NO_DEVICE = SGX_MK_ERROR(0x2006), /* Can't open SGX device */ +- SGX_ERROR_MEMORY_MAP_CONFLICT= SGX_MK_ERROR(0x2007), /* Page mapping failed in driver */ ++ SGX_ERROR_MEMORY_MAP_CONFLICT= SGX_MK_ERROR(0x2007), /* Page mapping failed in driver. Deprecated*/ + SGX_ERROR_INVALID_METADATA = SGX_MK_ERROR(0x2009), /* The metadata is incorrect. */ + SGX_ERROR_DEVICE_BUSY = SGX_MK_ERROR(0x200c), /* Device is busy, mostly EINIT failed. */ + SGX_ERROR_INVALID_VERSION = SGX_MK_ERROR(0x200d), /* Metadata version is inconsistent between uRTS and sgx_sign or uRTS is incompatible with current platform. */ +diff --git a/psw/ae/aesm_service/source/oal/linux/internal_log.cpp b/psw/ae/aesm_service/source/oal/linux/internal_log.cpp +index f10c3de..c2be8fb 100644 +--- a/psw/ae/aesm_service/source/oal/linux/internal_log.cpp ++++ b/psw/ae/aesm_service/source/oal/linux/internal_log.cpp +@@ -468,6 +468,7 @@ static const char *get_sgx_status_t_string(sgx_status_t status) + CASE_ENUM_RET_STRING(SGX_ERROR_OUT_OF_EPC) + CASE_ENUM_RET_STRING(SGX_ERROR_NO_DEVICE) + CASE_ENUM_RET_STRING(SGX_ERROR_MEMORY_MAP_CONFLICT) ++ CASE_ENUM_RET_STRING(SGX_ERROR_MEMORY_MAP_FAILURE) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_METADATA) + CASE_ENUM_RET_STRING(SGX_ERROR_DEVICE_BUSY) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_VERSION) +diff --git a/psw/urts/loader.cpp b/psw/urts/loader.cpp +index bd98a3c..7ad8a69 100644 +--- a/psw/urts/loader.cpp ++++ b/psw/urts/loader.cpp +@@ -907,7 +907,7 @@ int CLoader::load_enclave(SGXLaunchToken *lc, int debug, const metadata_t *metad + + int CLoader::load_enclave_ex(SGXLaunchToken *lc, bool debug, const metadata_t *metadata, sgx_config_id_t *config_id, sgx_config_svn_t config_svn, le_prd_css_file_t *prd_css_file, sgx_misc_attribute_t *misc_attr) + { +- unsigned int ret = SGX_SUCCESS, map_conflict_count = 3; ++ unsigned int ret = SGX_SUCCESS, map_retry_count = 3; + bool retry = true; + + while (retry) +@@ -919,12 +919,13 @@ int CLoader::load_enclave_ex(SGXLaunchToken *lc, bool debug, const metadata_t *m + case SGX_ERROR_ENCLAVE_LOST: //caused by loading enclave while power transition occurs + break; + +- //If memroy map conflict occurs, we only retry 3 times. ++ //If memroy map fail or conflict occurs, we only retry 3 times. ++ case SGX_ERROR_MEMORY_MAP_FAILURE: + case SGX_ERROR_MEMORY_MAP_CONFLICT: +- if(0 == map_conflict_count) ++ if(0 == map_retry_count) + retry = false; + else +- map_conflict_count--; ++ map_retry_count--; + break; + + //We don't re-load enclave due to other error code. +-- +2.33.0 + diff --git a/linux-sgx.spec b/linux-sgx.spec index 91603a9..d433d0f 100644 --- a/linux-sgx.spec +++ b/linux-sgx.spec @@ -30,6 +30,8 @@ Patch8: backport-CVE-2022-2068-Fix-file-operations-in-c_rehash.patch Patch9: backport-CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch Patch10: DCAP-disabling-the-rpatch-option.patch Patch11: add-strip-compilation-option-for-pck-id-retrieval-tool.patch +Patch12: backport-Fix-sgx_create_enclave-retry-mechanism.patch +Patch13: backport-CVE-2022-1941-Fix-parsing-vulnerability-for-MessageSet-type.patch BuildRequires: gcc-c++ protobuf-devel libtool ocaml-ocamlbuild openssl openssl-devel cmake python curl-devel createrepo_c git nasm @@ -1032,6 +1034,9 @@ fi %files -n libsgx-headers -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-headers/build/list-libsgx-headers %changelog +* Sat Oct 28 2023 houmingyong - 2.15.1-9 +- backport patch and cve + * Sat Sep 24 2022 wangyu - 2.15.1-8 - The postun script should distinguish uninstall and upgrade scenarios -- Gitee