From 15e89a9140a87aae4d8e84fb2d7b60d2d91b8bb5 Mon Sep 17 00:00:00 2001 From: Jo Van Bulck Date: Tue, 24 Sep 2024 16:41:17 +0000 Subject: [PATCH] libsgxstep: support compilation as shared library Elementary PoC works, needs further testing. Cf #76 --- libsgxstep/Makefile | 19 ++++++++++------- libsgxstep/aep.c | 1 + libsgxstep/aep_trampoline.S | 21 ++++++++----------- libsgxstep/irq_entry.S | 41 ++++++++++++++++++++++--------------- 4 files changed, 46 insertions(+), 36 deletions(-) diff --git a/libsgxstep/Makefile b/libsgxstep/Makefile index 596c148..718d9a8 100644 --- a/libsgxstep/Makefile +++ b/libsgxstep/Makefile @@ -4,6 +4,7 @@ CC = gcc AS = gcc AR = ar ARFLAGS = -rcs +CFLAGS = -fPIC ifneq "$(WITH_PSTATE)" "0" CPPFLAGS += -DHAS_PSTATE @@ -21,7 +22,7 @@ endif SOURCES = $(shell ls *.c) ASM = $(shell ls *.S) OBJECTS = $(SOURCES:.c=.o) $(ASM:.S=.o) -OUTPUT = libsgx-step.a +OUTPUT = libsgx-step.a libsgx-step.so ifeq ($(GRAMINE), 1) CFLAGS += -DSGX_SSAFRAMESIZE=16384 @@ -30,18 +31,22 @@ endif all: $(OUTPUT) -$(OUTPUT): $(OBJECTS) - echo "$(INDENT)[AR] " $(OUTPUT) - $(AR) $(ARFLAGS) $(OUTPUT) $(OBJECTS) +%.a: $(OBJECTS) + @echo "$(INDENT)[AR] " $@ + $(AR) $(ARFLAGS) $@ $(OBJECTS) + +%.so: $(OBJECTS) + @echo "$(INDENT)[LD] " $@ + $(CC) -shared $(LDFLAGS) $(OBJECTS) -o $@ %.o : %.c - echo "$(INDENT)[CC] " $< + @echo "$(INDENT)[CC] " $< $(CC) $(CPPFLAGS) $(CFLAGS) $(INCLUDE) -c $< -o $@ %.o : %.S - echo "$(INDENT)[AS] " $< + @echo "$(INDENT)[AS] " $< $(AS) $(ASFLAGS) $(INCLUDE) -c $< -o $@ clean: - echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT) + @echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT) rm -f $(OBJECTS) $(OUTPUT) diff --git a/libsgxstep/aep.c b/libsgxstep/aep.c index 3ddd95e..1190df3 100644 --- a/libsgxstep/aep.c +++ b/libsgxstep/aep.c @@ -84,5 +84,6 @@ void __attribute__((constructor)) xs_register_fault_handler(void) /* Block all signals while the signal is being handled */ sigfillset(&act.sa_mask); + info("installing sigtrap handler to intercept ENCLU.."); ASSERT(!sigaction(SIGTRAP, &act, &old_act)); } diff --git a/libsgxstep/aep_trampoline.S b/libsgxstep/aep_trampoline.S index 9b27148..0b94f6d 100644 --- a/libsgxstep/aep_trampoline.S +++ b/libsgxstep/aep_trampoline.S @@ -56,31 +56,26 @@ sgx_step_aep_trampoline: and $~0xf, %rsp /* optional C function callback */ - lea sgx_step_aep_cb(%rip), %xax + mov sgx_step_aep_cb@GOTPCREL(%rip), %xax mov (%xax), %xax test %xax, %xax je .Leresume call *%xax .Leresume: - incl sgx_step_eresume_cnt(%rip) + mov sgx_step_eresume_cnt@GOTPCREL(%rip), %rax + incl (%rax) /* restore stack and TCS address */ mov %rbp, %rsp pop %xbx - lea sgx_step_aep_trampoline(%rip), %xcx /* AEP address */ - - prefetch nemesis_tsc_eresume(%rip) - mfence - - rdtsc - mov %eax, nemesis_tsc_eresume(%rip) + mov sgx_step_aep_trampoline@GOTPCREL(%rip), %xcx /* AEP address */ mov $3, %xax /* ERESUME leaf */ /* optionally set RFLAGS.TF to enable simulated single-stepping for DEBUG enclaves */ - lea sgx_step_do_trap(%rip), %rdx + mov sgx_step_do_trap@GOTPCREL(%rip), %rdx mov (%rdx), %rdx test %rdx, %rdx je sgx_step_aep_eresume @@ -95,7 +90,9 @@ sgx_step_aep_eresume: .global xs_enclu_stub xs_enclu_stub: - mov xs_aep_pt(%rip), %rcx + mov xs_aep_pt@GOTPCREL(%rip), %rcx + mov (%rcx), %rcx enclu - jmp *xs_enclu_cont_inst(%rip) + mov xs_enclu_cont_inst@GOTPCREL(%rip), %rbx + jmp *(%rbx) diff --git a/libsgxstep/irq_entry.S b/libsgxstep/irq_entry.S index 93de73e..b78b1fe 100644 --- a/libsgxstep/irq_entry.S +++ b/libsgxstep/irq_entry.S @@ -16,7 +16,7 @@ .section isr_section,"awx",@progbits .align 0x1000 - .global __ss_irq_fired, __ss_irq_count, __ss_irq_cpl, apic_base, nemesis_tsc_aex, __ss_irq_rip, __ss_irq_rax + .global __ss_irq_fired, __ss_irq_count, __ss_irq_cpl, nemesis_tsc_aex, __ss_irq_rip __ss_irq_fired: .int 0x0 __ss_irq_count: @@ -24,6 +24,7 @@ __ss_irq_count: __ss_irq_cpl: .int 0xff #if !X2APIC + .global apic_base apic_base: .quad 0x0 #endif @@ -45,24 +46,29 @@ __ss_irq_rip: .global __ss_irq_handler __ss_irq_handler: /* Nemesis IRQ latency timestamp */ - mov %rax, __ss_irq_rax(%rip) - mov %rdx, __ss_irq_rdx(%rip) + push %rax + push %rcx + push %rdx rdtsc - mov %eax, nemesis_tsc_aex(%rip) - mov %edx, nemesis_tsc_aex+4(%rip) - mov %rcx, __ss_irq_rcx(%rip) + mov nemesis_tsc_aex@GOTPCREL(%rip), %rcx + mov %eax, (%rcx) + mov %edx, 4(%rcx) /* IRQ bookkeeping */ - mov 0(%rsp), %rax - mov %rax, __ss_irq_rip(%rip) - movw %cs, __ss_irq_cpl(%rip) - andw $0x3, __ss_irq_cpl(%rip) - incl __ss_irq_count(%rip) - incl __ss_irq_fired(%rip) + mov 12(%rsp), %rax + mov __ss_irq_rip@GOTPCREL(%rip), %rcx + mov %rax, (%rcx) + mov __ss_irq_cpl@GOTPCREL(%rip), %rcx + movw %cs, (%rcx) + andw $0x3, (%rcx) + mov __ss_irq_count@GOTPCREL(%rip), %rcx + incl (%rcx) + mov __ss_irq_fired@GOTPCREL(%rip), %rcx + incl (%rcx) /* apic_write(APIC_EOI, 0x0); */ #if !X2APIC - lea apic_base(%rip), %rax + mov apic_base@GOTPCREL(%rip), %rax mov (%rax),%rax test %rax, %rax jz 1f @@ -75,9 +81,9 @@ __ss_irq_handler: mov $0x80b, %ecx wrmsr #endif - mov __ss_irq_rax(%rip), %rax - mov __ss_irq_rdx(%rip), %rdx - mov __ss_irq_rcx(%rip), %rcx + pop %rdx + pop %rcx + pop %rax iretq /* ********************************************************************** */ @@ -97,7 +103,8 @@ __ss_irq_gate_cb: .align 0x1000 .global __ss_irq_gate __ss_irq_gate: - call *__ss_irq_gate_cb(%rip) + mov __ss_irq_gate_cb@GOTPCREL(%rip), %rax + call *(%rax) iretq /*