diff --git a/0054-fix-gen-ecall-header-error.patch b/0054-fix-gen-ecall-header-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..cca49b4cfe4529ebe382cf0ab76da400d4402cf7 --- /dev/null +++ b/0054-fix-gen-ecall-header-error.patch @@ -0,0 +1,25 @@ +From c7e1d5815471a37761ba92b8ed750f2dd789d16e Mon Sep 17 00:00:00 2001 +From: houmingyong +Date: Sat, 17 Dec 2022 18:54:41 +0800 +Subject: [PATCH] fix gen ecall header error + +--- + tools/codegener/Genheader.ml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/codegener/Genheader.ml b/tools/codegener/Genheader.ml +index 0f244f3..24083d6 100644 +--- a/tools/codegener/Genheader.ml ++++ b/tools/codegener/Genheader.ml +@@ -387,7 +387,7 @@ let generate_untrusted_header (ec: enclave_content) = + hfile_start ^ hfile_include; + c_start; + agent_id; +- trust_fproto_com ^ r_proxy ^ r_proxy_sl_async ^ ";"; ++ trust_fproto_com ^ r_proxy ^ ";\n\n" ^ r_proxy_sl_async ^ ";"; + if (List.length ec.ufunc_decls <> 0) then untrust_fproto_com ^ untrust_func ^ ";" + else "/**** There is no untrusted function ****/"; + c_end; +-- +2.27.0 + diff --git a/0055-switchless-readme-add-async-interface.patch b/0055-switchless-readme-add-async-interface.patch new file mode 100644 index 0000000000000000000000000000000000000000..29db46ac9e160d1067412205f2c67eafa5135b13 --- /dev/null +++ b/0055-switchless-readme-add-async-interface.patch @@ -0,0 +1,21 @@ +From 6568766c40fbc343a3af68292b66899f6e3e921c Mon Sep 17 00:00:00 2001 +From: houmingyong +Date: Mon, 19 Dec 2022 11:13:21 +0800 +Subject: [PATCH] switchless readme add async interface + +--- + examples/switchless/README.md | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/examples/switchless/README.md b/examples/switchless/README.md +index f42a54e..13084d3 100644 +--- a/examples/switchless/README.md ++++ b/examples/switchless/README.md +@@ -116,3 +116,4 @@ switchless API清单 + | ---- | ---- | + | cc_malloc_shared_memory() | 创建安全环境与非安全环境可同时访问的共享内存。
参数:
enclave,安全环境上下文句柄。因不同平台共享内存模型不同,同时保持接口跨平台的一致性,该参数仅在ARM平台被使用,SGX平台该入参会被忽略。
size,共享内存大小。
返回值:
NULL:共享内存申请失败。
其他:共享内存首地址
| + | cc_free_shared_memory() | 释放共享内存。
参数:
enclave,安全环境上下文句柄。因不同平台共享内存模型不同,同时保持接口跨平台的一致性,该参数仅在ARM平台被使用(该参数必须与调用cc_malloc_shared_memory接口时传入的enclave保持一致),SGX平台该入参会被忽略。
ptr:cc_malloc_shared_memory接口返回的共享内存地址。
返回值:
CC_ERROR_BAD_PARAMETERS,入参非法。
CC_ERROR_INVALID_HANDLE, 无效enclave或者传入的enclave与ptr所对应的enclave不匹配(仅在ARM平台生效,SGX平台会忽略enclave,故不会对enclave进行检查)。
CC_ERROR_NOT_IMPLEMENTED,该接口未实现。
CC_ERROR_SHARED_MEMORY_START_ADDR_INVALID,
ptr不是cc_malloc_shared_memory接口返回的共享内存地址(仅在ARM平台生效)。
CC_ERROR_OUT_OF_MEMORY,内存不足(仅在ARM平台生效)。
CC_FAIL,一般性错误。
CC_SUCCESS,成功。| ++| cc_sl_get_async_result() | 检查异步调用结果并释放异步调用资源(当前仅支持ARM)。
参数:
enclave: 安全环境上下文句柄。
task_id: 异步调用任务编号。
retval: 用于接收返回值的缓冲区。
返回值:
CC_SUCCESS,异步调用成功。
CC_ERROR_SWITCHLESS_ASYNC_TASK_UNFINISHED, 异步调用处理中。
CC_ERROR_SWITCHLESS_INVALID_TASK_ID,非法的task_id。
其他,一般性错误。| +-- +2.27.0 + diff --git a/0056-destroy-enclave-release-remain-shared-memory.patch b/0056-destroy-enclave-release-remain-shared-memory.patch new file mode 100644 index 0000000000000000000000000000000000000000..59f6ac1890a9237a714ab4b1059ec94caff4a61c --- /dev/null +++ b/0056-destroy-enclave-release-remain-shared-memory.patch @@ -0,0 +1,127 @@ +From b722d85901dbe0906ddb8fed5f5aa9f0646ba9fb Mon Sep 17 00:00:00 2001 +From: houmingyong +Date: Mon, 19 Dec 2022 19:26:22 +0800 +Subject: [PATCH] destory enclave release remain shared memory + +--- + src/host_src/gp/gp_enclave.c | 5 +++ + src/host_src/gp/gp_shared_memory.c | 54 ++++++++++++++++++++++++------ + src/host_src/gp/gp_shared_memory.h | 2 +- + 3 files changed, 50 insertions(+), 11 deletions(-) + +diff --git a/src/host_src/gp/gp_enclave.c b/src/host_src/gp/gp_enclave.c +index 521a850..952d584 100644 +--- a/src/host_src/gp/gp_enclave.c ++++ b/src/host_src/gp/gp_enclave.c +@@ -520,11 +520,16 @@ cc_enclave_result_t _gp_destroy(cc_enclave_t *context) + { + int res; + TEEC_Result ret; ++ cc_enclave_result_t cc_ret; + + if (!context || !context->private_data) { + print_error_term("The input parameters are wrong \n"); + return CC_ERROR_BAD_PARAMETERS; + } ++ cc_ret = gp_release_all_shared_memory(context); ++ if (cc_ret != CC_SUCCESS) { ++ print_error_goto("Fail to release all shared memory, errno:%x\n", cc_ret); ++ } + + fini_features(context); + +diff --git a/src/host_src/gp/gp_shared_memory.c b/src/host_src/gp/gp_shared_memory.c +index 60520a4..b6a958d 100644 +--- a/src/host_src/gp/gp_shared_memory.c ++++ b/src/host_src/gp/gp_shared_memory.c +@@ -195,19 +195,10 @@ cc_enclave_result_t gp_register_shared_memory(cc_enclave_t *enclave, void *ptr) + return CC_SUCCESS; + } + +-cc_enclave_result_t gp_unregister_shared_memory(cc_enclave_t *enclave, void* ptr) ++cc_enclave_result_t unregister_shared_memory(cc_enclave_t *enclave, gp_shared_memory_t* gp_shared_mem) + { + uint32_t ms = TEE_SECE_AGENT_ID; + +- if (!gp_is_shared_mem_start_addr(ptr)) { +- return CC_ERROR_SHARED_MEMORY_START_ADDR_INVALID; +- } +- +- if (GP_SHARED_MEMORY_ENTRY(ptr)->enclave != enclave) { +- return CC_ERROR_INVALID_HANDLE; +- } +- +- gp_shared_memory_t *gp_shared_mem = GP_SHARED_MEMORY_ENTRY(ptr); + if (!__atomic_load_n(&gp_shared_mem->is_registered, __ATOMIC_ACQUIRE)) { + return CC_ERROR_SHARED_MEMORY_NOT_REGISTERED; + } +@@ -236,6 +227,7 @@ cc_enclave_result_t gp_unregister_shared_memory(cc_enclave_t *enclave, void* ptr + char *out_param_buf = param_buf + in_param_buf_size; + + /* Copy in_params to in_buf */ ++ void *ptr = (char *)gp_shared_mem + sizeof(gp_shared_memory_t); + memcpy(in_param_buf, &args_size, size_to_aligned_size(sizeof(args_size))); + memcpy(in_param_buf + ptr_offset, &ptr, sizeof(void*)); + +@@ -262,3 +254,45 @@ cc_enclave_result_t gp_unregister_shared_memory(cc_enclave_t *enclave, void* ptr + free(param_buf); + return CC_SUCCESS; + } ++cc_enclave_result_t gp_unregister_shared_memory(cc_enclave_t *enclave, void* ptr) ++{ ++ ++ if (!gp_is_shared_mem_start_addr(ptr)) { ++ return CC_ERROR_SHARED_MEMORY_START_ADDR_INVALID; ++ } ++ ++ if (GP_SHARED_MEMORY_ENTRY(ptr)->enclave != enclave) { ++ return CC_ERROR_INVALID_HANDLE; ++ } ++ ++ gp_shared_memory_t *gp_shared_mem = GP_SHARED_MEMORY_ENTRY(ptr); ++ return unregister_shared_memory(enclave, gp_shared_mem); ++} ++ ++cc_enclave_result_t gp_release_all_shared_memory(cc_enclave_t *enclave) ++{ ++ list_node_t *cur = NULL; ++ list_node_t *tmp = NULL; ++ gp_shared_memory_t *mem = NULL; ++ cc_enclave_result_t step_ret; ++ cc_enclave_result_t ret = CC_SUCCESS; ++ ++ CC_RWLOCK_LOCK_RD(&g_shared_mem_list_lock); ++ list_for_each_safe(cur, tmp, &g_shared_mem_list) { ++ mem = list_entry(cur, gp_shared_memory_t, node); ++ if (mem->is_control_buf) { ++ continue; ++ } ++ step_ret = unregister_shared_memory(enclave, mem); ++ if (step_ret != CC_SUCCESS) { ++ ret = step_ret; ++ continue; ++ } ++ list_remove(&mem->node); ++ TEEC_SharedMemory sharedMem = *(TEEC_SharedMemory *)mem; ++ TEEC_ReleaseSharedMemory(&sharedMem); ++ } ++ CC_RWLOCK_UNLOCK(&g_shared_mem_list_lock); ++ ++ return ret; ++} +diff --git a/src/host_src/gp/gp_shared_memory.h b/src/host_src/gp/gp_shared_memory.h +index 2ec66a8..6914193 100644 +--- a/src/host_src/gp/gp_shared_memory.h ++++ b/src/host_src/gp/gp_shared_memory.h +@@ -59,7 +59,7 @@ cc_enclave_result_t gp_register_shared_memory(cc_enclave_t *enclave, void *ptr); + * Return: CC_SUCCESS, success; others failed. + */ + cc_enclave_result_t gp_unregister_shared_memory(cc_enclave_t *enclave, void *ptr); +- ++cc_enclave_result_t gp_release_all_shared_memory(cc_enclave_t *enclave); + #ifdef __cplusplus + } + #endif +-- +2.27.0 + diff --git a/secGear.spec b/secGear.spec index a98a97c6cb0b566cf6d8e21749d2311d4ff1f4e8..e4d3a4636452229fd85ee748e1ea4d614d03fada 100644 --- a/secGear.spec +++ b/secGear.spec @@ -1,6 +1,6 @@ Name: secGear Version: 0.1.0 -Release: 34 +Release: 35 Summary: secGear is an SDK to develop confidential computing apps based on hardware enclave features @@ -62,6 +62,9 @@ Patch49: 0050-switchless-schedule-policy.patch Patch50: 0051-asynchronous-switchless.patch Patch51: 0052-rollback-to-common-invoking-when-async-invoking-fail.patch Patch52: 0053-asynchronous-switchless-example.patch +Patch53: 0054-fix-gen-ecall-header-error.patch +Patch54: 0055-switchless-readme-add-async-interface.patch +Patch55: 0056-destroy-enclave-release-remain-shared-memory.patch BuildRequires: gcc python automake autoconf libtool BUildRequires: glibc glibc-devel cmake ocaml-dune rpm gcc-c++ @@ -180,6 +183,9 @@ popd systemctl restart rsyslog %changelog +* Tue Dec 20 2022 houmingyong - 0.1.0-35 +- fix aysnchronous ecall bug + * Tue Dec 20 2022 houmingyong - 0.1.0-34 - add asynchronous switchless example