Merge pull request #151 from yuyuany/ocall_exit_enclave

lzha101 · web-flow · commit df9b03289867 · 2017-09-05T10:41:22.000+08:00
Check for crash in sgx_ocall and exit enclave if enclave is crashed.

Signed-off-by: Zhang Lili lili.z.zhang@intel.com
diff --git a/sdk/trts/linux/trts_pic.S b/sdk/trts/linux/trts_pic.S
@@ -190,6 +190,13 @@ DECLARE_GLOBAL_FUNC enclave_entry
     
     .cfi_endproc
 
+DECLARE_GLOBAL_FUNC force_exit_enclave
+    READ_TD_DATA last_sp
+    sub     $(2*SE_WORDSIZE), %xax
+    mov     %xax, %xbp
+    mov     $SGX_ERROR_ENCLAVE_CRASHED, %xbx
+    jmp     .Lexit_enclave
+
 /* 
  * -------------------------------------------------------------------------
  *  sgx_status_t do_ocall(unsigned int index, void *ms);
diff --git a/sdk/trts/trts_ocall.cpp b/sdk/trts/trts_ocall.cpp
@@ -39,6 +39,7 @@
 #include "xsave.h"
 #include "trts_internal.h"
 
+extern "C" void force_exit_enclave();
 extern "C" sgx_status_t asm_oret(uintptr_t sp, void *ms);
 extern "C" sgx_status_t __morestack(const unsigned int index, void *ms);
 #define do_ocall __morestack
@@ -53,6 +54,10 @@ extern "C" sgx_status_t __morestack(const unsigned int index, void *ms);
 //
 sgx_status_t sgx_ocall(const unsigned int index, void *ms)
 {
+    if(get_enclave_state() == ENCLAVE_CRASHED) {
+        force_exit_enclave();
+    }
+
     // sgx_ocall is not allowed during exception handling
     thread_data_t *thread_data = get_thread_data();
     
