Comments (6)
Hi StanPlatinum,
Thanks for your interest in our work and thanks for reporting! This looks like a bug that shouldn't happen indeed.. Not sure about SGXv2, as I don't have immediate access to such a machine at the moment. Not sure what's going wrong exactly and if it's related to SGXv2 somehow.
A full log would help, but from the lines above it looks like something goes wrong in the unprotected application, even before the enclave is called. Since the aep_cb_func
doesn't output things and hence is never called? What goes wrong I think is that there's a SEGFAULT for some reason in the unprotected application and then the handler is called which thinks the enclave faulted and tries to resume after restoring the PTE. This would trigger an infite loop where the handler is called again and again, until it terminates through the ASSERT.
I suggest the following to try and pinpoint the cause for the bug: can you improve the output of the handler to print at which address the fault occurs? That should be fairly straightforward eg as follows:
https://github.com/jovanbulck/sgx-tutorial-space18/blob/master/common/pf.c
Once you get the si->si_addr
address, we can see what code is causing the fault. It would also be useful to provide an objdump
of the relevant program addresses around that location to see what goes wrong.
I can try to make some time next week then to dive a bit deeper if necessary ^^
from sgx-step.
Hi jovanbulck,
Thanks for the reply!
I disabled ASLR.
Following your instructions, here is the added fault handler wrapper:
void fault_handler_wrapper(int signo, siginfo_t *si, void *ctx)
{
void *base_adrs;
ucontext_t *uc = (ucontext_t *)ctx;
info("fault_handler_wrapper addr: %x\n", fault_handler_wrapper);
switch (signo)
{
case SIGSEGV:
base_adrs = si->si_addr;
info("Caught page fault (base address=%p)", base_adrs);
break;
default:
info("Caught unknown signal '%d'", signo);
abort();
}
/* Mask lower PFN bits to simulate clearing by SGX hardware when executing
the unprotected programs */
//base_adrs = GET_PFN(base_adrs);
//if (__fault_handler_cb) __fault_handler_cb(base_adrs);
*pte_encl = MARK_NOT_EXECUTE_DISABLE(*pte_encl);
ASSERT(fault_cnt++ < 10);
}
Here is some output:
sgxstep@xxxxxx:~/sgx-step/app/bench$ sudo ./app
--------------------------------------------------------------------------------
[main.c] Creating enclave...
--------------------------------------------------------------------------------
[sched.c] continuing on CPU 1
==== System Settings ====
Pstate max perf pct: 100
Pstate min perf pct: 53
Turbo Boost: 0
cpu pinning: 1
Designated cpu: 1
Running on cpu: 1
[main.c] WARNING: interactive terminal detected; known to cause
[main.c] unstable timer intervals! Use stdout file redirection for
[main.c] precise single-stepping results...
[pt.c] /dev/sgx-step opened!
==== Victim Enclave ====
Base: 0x7ffff6000000
Size: 8388608
Limit: 0x7ffff6800000
TCS: 0x7ffff6471000
SSA: 0x7ffff6472f48
AEP: 0x5555555586c7
EDBGRD: debug
[main.c] enclave string adrs at 0x7ffff6210000
[pt.c] /dev/mem opened!
[main.c] enclave trigger code adrs at 0x7ffff6002000
--------------------------------------------------------------------------------
[main.c] Establishing user space APIC/IDT mappings
--------------------------------------------------------------------------------
[main.c] fault_handler_wrapper addr: 55555531
[main.c] Caught page fault (base address=0xd68)
[main.c] fault_handler_wrapper addr: 55555531
It seems the program had run into a weird/invalid place (0xd68
)...
0xd68
is beyond the address space of the program.
from sgx-step.
Thanks for the additional info. In the meantime, I managed to reproduce this behavior on a recent i5-1035G1 machine. I found the problem is not related to SGXv2 but to recent CPU support for User-Mode Instruction Prevention (UMIP) which disallows certain instructions like SIDT, used by libsgxstep
, from user-space.
The fix should be fairly simple by adding the clearcpuid=514
kernel boot parameter to disable UMIP altogether. I updated the README with instructions. On my machine, bench
idt
and cpl
all work as expected now ^^
from sgx-step.
Hope this fixes your problem, let me know if you run into more troubles!
from sgx-step.
Thanks!
Sorry for the delay. We have disabled the UMIP successfully according your instructions. Then all bench
idt
cpl
can work well.
FYI, lvi
gets frozen after
[main.c] enclave_page_b at 0x7fc0dda0e000 w PTE
+-------------------------------------------------------------------------------------------+
| XD | PK | IGN | RSVD | PHYS ADRS | IGN | G | PAT | D | A | PCD | PWT | U/S | R/W | P |
| 0 | x | x | 0 | 0x0000703ef000 | x | x | x | 1 | 1 | x | x | 1 | 1 | 1 |
+-------------------------------------------------------------------------------------------+
, and foreshadow
goes with a very low accuracy since we cannot use TSX (inside SGX) on our machine.
BTW, we are curious how do you find this problem that is not related to SGX2 but with this UMIP feature? Thanks!
And we @ya0guang have listened to your presentation at the Intel Webinar today. Great talk!
from sgx-step.
Thanks! Glad to hear the fix worked for you :) The UMIP problem became visible when running the idt
app and then inspecting the instruction at faulting instruction pointer. Also dmesg
outputted a warning. Generally, it's good to first try to run app/idt
and app/cpl
and app/aep-redirect
to check that all basic SGX-Step features work accordingly ^^
Regarding LVI: when the program doesn't output anything after that line, that probably means your processor is immune to the LVI variant (LVI-SB) exploited in the lvi
demo. (This also holds for the foreshadow
app btw, if your processor has silicon and/or microcode mitigations, the test program won't work of course.) For reference, you can find a list of affected LVI processors here:
from sgx-step.
Related Issues (20)
- kernel panics when single-stepping [SOLVED: KPTI #PF for kernel IRQ] HOT 12
- error when running bench: [file.c] assertion '(f = fopen(path, "w"))' failed: No such file or directory HOT 6
- Work-in-progress Gramine port HOT 17
- Could add some explanation for each test application under app/ to README? HOT 1
- /dev/sgx-step would be uninstalled after os reboot HOT 2
- foreshadow/lvi building error , memcmp running error HOT 2
- os would always hang after running cpl/idt/memcmp HOT 8
- Refactor: page-fault abstraction in libsgxstep HOT 2
- Could sgx-step support SGX in-kernel/dcap driver? HOT 2
- victim.base && "no enclave found in /proc/self/maps HOT 4
- Support multithreaded enclaves
- ./install_SGX_SDK.sh can't find python2 HOT 3
- Trying to run app/memcmp but gives assertion error HOT 5
- Questions regarding the use of unmap_alias and sim_reload HOT 3
- Questions regarding fs_reload_threshold in foreshadow HOT 1
- Refactor build system
- More questions regarding unmap_alias() and leaking data HOT 1
- Compatibility with Linux 6.5 and later HOT 5
- [load_qe ../qe_logic.cpp:697] Error, call sgx_create_enclave QE fail [load_ Failed to load QE3: 0x4004 HOT 1
- Add x2APIC support HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sgx-step.