18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. 48c2ecf20Sopenharmony_ci */ 58c2ecf20Sopenharmony_ci 68c2ecf20Sopenharmony_ci/** 78c2ecf20Sopenharmony_ci * DOC: Sample flow of using the ioctl interface provided by the Nitro Enclaves (NE) 88c2ecf20Sopenharmony_ci * kernel driver. 98c2ecf20Sopenharmony_ci * 108c2ecf20Sopenharmony_ci * Usage 118c2ecf20Sopenharmony_ci * ----- 128c2ecf20Sopenharmony_ci * 138c2ecf20Sopenharmony_ci * Load the nitro_enclaves module, setting also the enclave CPU pool. The 148c2ecf20Sopenharmony_ci * enclave CPUs need to be full cores from the same NUMA node. CPU 0 and its 158c2ecf20Sopenharmony_ci * siblings have to remain available for the primary / parent VM, so they 168c2ecf20Sopenharmony_ci * cannot be included in the enclave CPU pool. 178c2ecf20Sopenharmony_ci * 188c2ecf20Sopenharmony_ci * See the cpu list section from the kernel documentation. 198c2ecf20Sopenharmony_ci * https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html#cpu-lists 208c2ecf20Sopenharmony_ci * 218c2ecf20Sopenharmony_ci * insmod drivers/virt/nitro_enclaves/nitro_enclaves.ko 228c2ecf20Sopenharmony_ci * lsmod 238c2ecf20Sopenharmony_ci * 248c2ecf20Sopenharmony_ci * The CPU pool can be set at runtime, after the kernel module is loaded. 258c2ecf20Sopenharmony_ci * 268c2ecf20Sopenharmony_ci * echo <cpu-list> > /sys/module/nitro_enclaves/parameters/ne_cpus 278c2ecf20Sopenharmony_ci * 288c2ecf20Sopenharmony_ci * NUMA and CPU siblings information can be found using: 298c2ecf20Sopenharmony_ci * 308c2ecf20Sopenharmony_ci * lscpu 318c2ecf20Sopenharmony_ci * /proc/cpuinfo 328c2ecf20Sopenharmony_ci * 338c2ecf20Sopenharmony_ci * Check the online / offline CPU list. The CPUs from the pool should be 348c2ecf20Sopenharmony_ci * offlined. 358c2ecf20Sopenharmony_ci * 368c2ecf20Sopenharmony_ci * lscpu 378c2ecf20Sopenharmony_ci * 388c2ecf20Sopenharmony_ci * Check dmesg for any warnings / errors through the NE driver lifetime / usage. 398c2ecf20Sopenharmony_ci * The NE logs contain the "nitro_enclaves" or "pci 0000:00:02.0" pattern. 408c2ecf20Sopenharmony_ci * 418c2ecf20Sopenharmony_ci * dmesg 428c2ecf20Sopenharmony_ci * 438c2ecf20Sopenharmony_ci * Setup hugetlbfs huge pages. The memory needs to be from the same NUMA node as 448c2ecf20Sopenharmony_ci * the enclave CPUs. 458c2ecf20Sopenharmony_ci * 468c2ecf20Sopenharmony_ci * https://www.kernel.org/doc/html/latest/admin-guide/mm/hugetlbpage.html 478c2ecf20Sopenharmony_ci * 488c2ecf20Sopenharmony_ci * By default, the allocation of hugetlb pages are distributed on all possible 498c2ecf20Sopenharmony_ci * NUMA nodes. Use the following configuration files to set the number of huge 508c2ecf20Sopenharmony_ci * pages from a NUMA node: 518c2ecf20Sopenharmony_ci * 528c2ecf20Sopenharmony_ci * /sys/devices/system/node/node<X>/hugepages/hugepages-2048kB/nr_hugepages 538c2ecf20Sopenharmony_ci * /sys/devices/system/node/node<X>/hugepages/hugepages-1048576kB/nr_hugepages 548c2ecf20Sopenharmony_ci * 558c2ecf20Sopenharmony_ci * or, if not on a system with multiple NUMA nodes, can also set the number 568c2ecf20Sopenharmony_ci * of 2 MiB / 1 GiB huge pages using 578c2ecf20Sopenharmony_ci * 588c2ecf20Sopenharmony_ci * /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages 598c2ecf20Sopenharmony_ci * /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages 608c2ecf20Sopenharmony_ci * 618c2ecf20Sopenharmony_ci * In this example 256 hugepages of 2 MiB are used. 628c2ecf20Sopenharmony_ci * 638c2ecf20Sopenharmony_ci * Build and run the NE sample. 648c2ecf20Sopenharmony_ci * 658c2ecf20Sopenharmony_ci * make -C samples/nitro_enclaves clean 668c2ecf20Sopenharmony_ci * make -C samples/nitro_enclaves 678c2ecf20Sopenharmony_ci * ./samples/nitro_enclaves/ne_ioctl_sample <path_to_enclave_image> 688c2ecf20Sopenharmony_ci * 698c2ecf20Sopenharmony_ci * Unload the nitro_enclaves module. 708c2ecf20Sopenharmony_ci * 718c2ecf20Sopenharmony_ci * rmmod nitro_enclaves 728c2ecf20Sopenharmony_ci * lsmod 738c2ecf20Sopenharmony_ci */ 748c2ecf20Sopenharmony_ci 758c2ecf20Sopenharmony_ci#include <stdio.h> 768c2ecf20Sopenharmony_ci#include <stdlib.h> 778c2ecf20Sopenharmony_ci#include <errno.h> 788c2ecf20Sopenharmony_ci#include <fcntl.h> 798c2ecf20Sopenharmony_ci#include <limits.h> 808c2ecf20Sopenharmony_ci#include <poll.h> 818c2ecf20Sopenharmony_ci#include <pthread.h> 828c2ecf20Sopenharmony_ci#include <string.h> 838c2ecf20Sopenharmony_ci#include <sys/eventfd.h> 848c2ecf20Sopenharmony_ci#include <sys/ioctl.h> 858c2ecf20Sopenharmony_ci#include <sys/mman.h> 868c2ecf20Sopenharmony_ci#include <sys/socket.h> 878c2ecf20Sopenharmony_ci#include <sys/stat.h> 888c2ecf20Sopenharmony_ci#include <sys/types.h> 898c2ecf20Sopenharmony_ci#include <unistd.h> 908c2ecf20Sopenharmony_ci 918c2ecf20Sopenharmony_ci#include <linux/mman.h> 928c2ecf20Sopenharmony_ci#include <linux/nitro_enclaves.h> 938c2ecf20Sopenharmony_ci#include <linux/vm_sockets.h> 948c2ecf20Sopenharmony_ci 958c2ecf20Sopenharmony_ci/** 968c2ecf20Sopenharmony_ci * NE_DEV_NAME - Nitro Enclaves (NE) misc device that provides the ioctl interface. 978c2ecf20Sopenharmony_ci */ 988c2ecf20Sopenharmony_ci#define NE_DEV_NAME "/dev/nitro_enclaves" 998c2ecf20Sopenharmony_ci 1008c2ecf20Sopenharmony_ci/** 1018c2ecf20Sopenharmony_ci * NE_POLL_WAIT_TIME - Timeout in seconds for each poll event. 1028c2ecf20Sopenharmony_ci */ 1038c2ecf20Sopenharmony_ci#define NE_POLL_WAIT_TIME (60) 1048c2ecf20Sopenharmony_ci/** 1058c2ecf20Sopenharmony_ci * NE_POLL_WAIT_TIME_MS - Timeout in milliseconds for each poll event. 1068c2ecf20Sopenharmony_ci */ 1078c2ecf20Sopenharmony_ci#define NE_POLL_WAIT_TIME_MS (NE_POLL_WAIT_TIME * 1000) 1088c2ecf20Sopenharmony_ci 1098c2ecf20Sopenharmony_ci/** 1108c2ecf20Sopenharmony_ci * NE_SLEEP_TIME - Amount of time in seconds for the process to keep the enclave alive. 1118c2ecf20Sopenharmony_ci */ 1128c2ecf20Sopenharmony_ci#define NE_SLEEP_TIME (300) 1138c2ecf20Sopenharmony_ci 1148c2ecf20Sopenharmony_ci/** 1158c2ecf20Sopenharmony_ci * NE_DEFAULT_NR_VCPUS - Default number of vCPUs set for an enclave. 1168c2ecf20Sopenharmony_ci */ 1178c2ecf20Sopenharmony_ci#define NE_DEFAULT_NR_VCPUS (2) 1188c2ecf20Sopenharmony_ci 1198c2ecf20Sopenharmony_ci/** 1208c2ecf20Sopenharmony_ci * NE_MIN_MEM_REGION_SIZE - Minimum size of a memory region - 2 MiB. 1218c2ecf20Sopenharmony_ci */ 1228c2ecf20Sopenharmony_ci#define NE_MIN_MEM_REGION_SIZE (2 * 1024 * 1024) 1238c2ecf20Sopenharmony_ci 1248c2ecf20Sopenharmony_ci/** 1258c2ecf20Sopenharmony_ci * NE_DEFAULT_NR_MEM_REGIONS - Default number of memory regions of 2 MiB set for 1268c2ecf20Sopenharmony_ci * an enclave. 1278c2ecf20Sopenharmony_ci */ 1288c2ecf20Sopenharmony_ci#define NE_DEFAULT_NR_MEM_REGIONS (256) 1298c2ecf20Sopenharmony_ci 1308c2ecf20Sopenharmony_ci/** 1318c2ecf20Sopenharmony_ci * NE_IMAGE_LOAD_HEARTBEAT_CID - Vsock CID for enclave image loading heartbeat logic. 1328c2ecf20Sopenharmony_ci */ 1338c2ecf20Sopenharmony_ci#define NE_IMAGE_LOAD_HEARTBEAT_CID (3) 1348c2ecf20Sopenharmony_ci/** 1358c2ecf20Sopenharmony_ci * NE_IMAGE_LOAD_HEARTBEAT_PORT - Vsock port for enclave image loading heartbeat logic. 1368c2ecf20Sopenharmony_ci */ 1378c2ecf20Sopenharmony_ci#define NE_IMAGE_LOAD_HEARTBEAT_PORT (9000) 1388c2ecf20Sopenharmony_ci/** 1398c2ecf20Sopenharmony_ci * NE_IMAGE_LOAD_HEARTBEAT_VALUE - Heartbeat value for enclave image loading. 1408c2ecf20Sopenharmony_ci */ 1418c2ecf20Sopenharmony_ci#define NE_IMAGE_LOAD_HEARTBEAT_VALUE (0xb7) 1428c2ecf20Sopenharmony_ci 1438c2ecf20Sopenharmony_ci/** 1448c2ecf20Sopenharmony_ci * struct ne_user_mem_region - User space memory region set for an enclave. 1458c2ecf20Sopenharmony_ci * @userspace_addr: Address of the user space memory region. 1468c2ecf20Sopenharmony_ci * @memory_size: Size of the user space memory region. 1478c2ecf20Sopenharmony_ci */ 1488c2ecf20Sopenharmony_cistruct ne_user_mem_region { 1498c2ecf20Sopenharmony_ci void *userspace_addr; 1508c2ecf20Sopenharmony_ci size_t memory_size; 1518c2ecf20Sopenharmony_ci}; 1528c2ecf20Sopenharmony_ci 1538c2ecf20Sopenharmony_ci/** 1548c2ecf20Sopenharmony_ci * ne_create_vm() - Create a slot for the enclave VM. 1558c2ecf20Sopenharmony_ci * @ne_dev_fd: The file descriptor of the NE misc device. 1568c2ecf20Sopenharmony_ci * @slot_uid: The generated slot uid for the enclave. 1578c2ecf20Sopenharmony_ci * @enclave_fd : The generated file descriptor for the enclave. 1588c2ecf20Sopenharmony_ci * 1598c2ecf20Sopenharmony_ci * Context: Process context. 1608c2ecf20Sopenharmony_ci * Return: 1618c2ecf20Sopenharmony_ci * * 0 on success. 1628c2ecf20Sopenharmony_ci * * Negative return value on failure. 1638c2ecf20Sopenharmony_ci */ 1648c2ecf20Sopenharmony_cistatic int ne_create_vm(int ne_dev_fd, unsigned long *slot_uid, int *enclave_fd) 1658c2ecf20Sopenharmony_ci{ 1668c2ecf20Sopenharmony_ci int rc = -EINVAL; 1678c2ecf20Sopenharmony_ci *enclave_fd = ioctl(ne_dev_fd, NE_CREATE_VM, slot_uid); 1688c2ecf20Sopenharmony_ci 1698c2ecf20Sopenharmony_ci if (*enclave_fd < 0) { 1708c2ecf20Sopenharmony_ci rc = *enclave_fd; 1718c2ecf20Sopenharmony_ci switch (errno) { 1728c2ecf20Sopenharmony_ci case NE_ERR_NO_CPUS_AVAIL_IN_POOL: { 1738c2ecf20Sopenharmony_ci printf("Error in create VM, no CPUs available in the NE CPU pool\n"); 1748c2ecf20Sopenharmony_ci 1758c2ecf20Sopenharmony_ci break; 1768c2ecf20Sopenharmony_ci } 1778c2ecf20Sopenharmony_ci 1788c2ecf20Sopenharmony_ci default: 1798c2ecf20Sopenharmony_ci printf("Error in create VM [%m]\n"); 1808c2ecf20Sopenharmony_ci } 1818c2ecf20Sopenharmony_ci 1828c2ecf20Sopenharmony_ci return rc; 1838c2ecf20Sopenharmony_ci } 1848c2ecf20Sopenharmony_ci 1858c2ecf20Sopenharmony_ci return 0; 1868c2ecf20Sopenharmony_ci} 1878c2ecf20Sopenharmony_ci 1888c2ecf20Sopenharmony_ci 1898c2ecf20Sopenharmony_ci/** 1908c2ecf20Sopenharmony_ci * ne_poll_enclave_fd() - Thread function for polling the enclave fd. 1918c2ecf20Sopenharmony_ci * @data: Argument provided for the polling function. 1928c2ecf20Sopenharmony_ci * 1938c2ecf20Sopenharmony_ci * Context: Process context. 1948c2ecf20Sopenharmony_ci * Return: 1958c2ecf20Sopenharmony_ci * * NULL on success / failure. 1968c2ecf20Sopenharmony_ci */ 1978c2ecf20Sopenharmony_civoid *ne_poll_enclave_fd(void *data) 1988c2ecf20Sopenharmony_ci{ 1998c2ecf20Sopenharmony_ci int enclave_fd = *(int *)data; 2008c2ecf20Sopenharmony_ci struct pollfd fds[1] = {}; 2018c2ecf20Sopenharmony_ci int i = 0; 2028c2ecf20Sopenharmony_ci int rc = -EINVAL; 2038c2ecf20Sopenharmony_ci 2048c2ecf20Sopenharmony_ci printf("Running from poll thread, enclave fd %d\n", enclave_fd); 2058c2ecf20Sopenharmony_ci 2068c2ecf20Sopenharmony_ci fds[0].fd = enclave_fd; 2078c2ecf20Sopenharmony_ci fds[0].events = POLLIN | POLLERR | POLLHUP; 2088c2ecf20Sopenharmony_ci 2098c2ecf20Sopenharmony_ci /* Keep on polling until the current process is terminated. */ 2108c2ecf20Sopenharmony_ci while (1) { 2118c2ecf20Sopenharmony_ci printf("[iter %d] Polling ...\n", i); 2128c2ecf20Sopenharmony_ci 2138c2ecf20Sopenharmony_ci rc = poll(fds, 1, NE_POLL_WAIT_TIME_MS); 2148c2ecf20Sopenharmony_ci if (rc < 0) { 2158c2ecf20Sopenharmony_ci printf("Error in poll [%m]\n"); 2168c2ecf20Sopenharmony_ci 2178c2ecf20Sopenharmony_ci return NULL; 2188c2ecf20Sopenharmony_ci } 2198c2ecf20Sopenharmony_ci 2208c2ecf20Sopenharmony_ci i++; 2218c2ecf20Sopenharmony_ci 2228c2ecf20Sopenharmony_ci if (!rc) { 2238c2ecf20Sopenharmony_ci printf("Poll: %d seconds elapsed\n", 2248c2ecf20Sopenharmony_ci i * NE_POLL_WAIT_TIME); 2258c2ecf20Sopenharmony_ci 2268c2ecf20Sopenharmony_ci continue; 2278c2ecf20Sopenharmony_ci } 2288c2ecf20Sopenharmony_ci 2298c2ecf20Sopenharmony_ci printf("Poll received value 0x%x\n", fds[0].revents); 2308c2ecf20Sopenharmony_ci 2318c2ecf20Sopenharmony_ci if (fds[0].revents & POLLHUP) { 2328c2ecf20Sopenharmony_ci printf("Received POLLHUP\n"); 2338c2ecf20Sopenharmony_ci 2348c2ecf20Sopenharmony_ci return NULL; 2358c2ecf20Sopenharmony_ci } 2368c2ecf20Sopenharmony_ci 2378c2ecf20Sopenharmony_ci if (fds[0].revents & POLLNVAL) { 2388c2ecf20Sopenharmony_ci printf("Received POLLNVAL\n"); 2398c2ecf20Sopenharmony_ci 2408c2ecf20Sopenharmony_ci return NULL; 2418c2ecf20Sopenharmony_ci } 2428c2ecf20Sopenharmony_ci } 2438c2ecf20Sopenharmony_ci 2448c2ecf20Sopenharmony_ci return NULL; 2458c2ecf20Sopenharmony_ci} 2468c2ecf20Sopenharmony_ci 2478c2ecf20Sopenharmony_ci/** 2488c2ecf20Sopenharmony_ci * ne_alloc_user_mem_region() - Allocate a user space memory region for an enclave. 2498c2ecf20Sopenharmony_ci * @ne_user_mem_region: User space memory region allocated using hugetlbfs. 2508c2ecf20Sopenharmony_ci * 2518c2ecf20Sopenharmony_ci * Context: Process context. 2528c2ecf20Sopenharmony_ci * Return: 2538c2ecf20Sopenharmony_ci * * 0 on success. 2548c2ecf20Sopenharmony_ci * * Negative return value on failure. 2558c2ecf20Sopenharmony_ci */ 2568c2ecf20Sopenharmony_cistatic int ne_alloc_user_mem_region(struct ne_user_mem_region *ne_user_mem_region) 2578c2ecf20Sopenharmony_ci{ 2588c2ecf20Sopenharmony_ci /** 2598c2ecf20Sopenharmony_ci * Check available hugetlb encodings for different huge page sizes in 2608c2ecf20Sopenharmony_ci * include/uapi/linux/mman.h. 2618c2ecf20Sopenharmony_ci */ 2628c2ecf20Sopenharmony_ci ne_user_mem_region->userspace_addr = mmap(NULL, ne_user_mem_region->memory_size, 2638c2ecf20Sopenharmony_ci PROT_READ | PROT_WRITE, 2648c2ecf20Sopenharmony_ci MAP_PRIVATE | MAP_ANONYMOUS | 2658c2ecf20Sopenharmony_ci MAP_HUGETLB | MAP_HUGE_2MB, -1, 0); 2668c2ecf20Sopenharmony_ci if (ne_user_mem_region->userspace_addr == MAP_FAILED) { 2678c2ecf20Sopenharmony_ci printf("Error in mmap memory [%m]\n"); 2688c2ecf20Sopenharmony_ci 2698c2ecf20Sopenharmony_ci return -1; 2708c2ecf20Sopenharmony_ci } 2718c2ecf20Sopenharmony_ci 2728c2ecf20Sopenharmony_ci return 0; 2738c2ecf20Sopenharmony_ci} 2748c2ecf20Sopenharmony_ci 2758c2ecf20Sopenharmony_ci/** 2768c2ecf20Sopenharmony_ci * ne_load_enclave_image() - Place the enclave image in the enclave memory. 2778c2ecf20Sopenharmony_ci * @enclave_fd : The file descriptor associated with the enclave. 2788c2ecf20Sopenharmony_ci * @ne_user_mem_regions: User space memory regions allocated for the enclave. 2798c2ecf20Sopenharmony_ci * @enclave_image_path : The file path of the enclave image. 2808c2ecf20Sopenharmony_ci * 2818c2ecf20Sopenharmony_ci * Context: Process context. 2828c2ecf20Sopenharmony_ci * Return: 2838c2ecf20Sopenharmony_ci * * 0 on success. 2848c2ecf20Sopenharmony_ci * * Negative return value on failure. 2858c2ecf20Sopenharmony_ci */ 2868c2ecf20Sopenharmony_cistatic int ne_load_enclave_image(int enclave_fd, struct ne_user_mem_region ne_user_mem_regions[], 2878c2ecf20Sopenharmony_ci char *enclave_image_path) 2888c2ecf20Sopenharmony_ci{ 2898c2ecf20Sopenharmony_ci unsigned char *enclave_image = NULL; 2908c2ecf20Sopenharmony_ci int enclave_image_fd = -1; 2918c2ecf20Sopenharmony_ci size_t enclave_image_size = 0; 2928c2ecf20Sopenharmony_ci size_t enclave_memory_size = 0; 2938c2ecf20Sopenharmony_ci unsigned long i = 0; 2948c2ecf20Sopenharmony_ci size_t image_written_bytes = 0; 2958c2ecf20Sopenharmony_ci struct ne_image_load_info image_load_info = { 2968c2ecf20Sopenharmony_ci .flags = NE_EIF_IMAGE, 2978c2ecf20Sopenharmony_ci }; 2988c2ecf20Sopenharmony_ci struct stat image_stat_buf = {}; 2998c2ecf20Sopenharmony_ci int rc = -EINVAL; 3008c2ecf20Sopenharmony_ci size_t temp_image_offset = 0; 3018c2ecf20Sopenharmony_ci 3028c2ecf20Sopenharmony_ci for (i = 0; i < NE_DEFAULT_NR_MEM_REGIONS; i++) 3038c2ecf20Sopenharmony_ci enclave_memory_size += ne_user_mem_regions[i].memory_size; 3048c2ecf20Sopenharmony_ci 3058c2ecf20Sopenharmony_ci rc = stat(enclave_image_path, &image_stat_buf); 3068c2ecf20Sopenharmony_ci if (rc < 0) { 3078c2ecf20Sopenharmony_ci printf("Error in get image stat info [%m]\n"); 3088c2ecf20Sopenharmony_ci 3098c2ecf20Sopenharmony_ci return rc; 3108c2ecf20Sopenharmony_ci } 3118c2ecf20Sopenharmony_ci 3128c2ecf20Sopenharmony_ci enclave_image_size = image_stat_buf.st_size; 3138c2ecf20Sopenharmony_ci 3148c2ecf20Sopenharmony_ci if (enclave_memory_size < enclave_image_size) { 3158c2ecf20Sopenharmony_ci printf("The enclave memory is smaller than the enclave image size\n"); 3168c2ecf20Sopenharmony_ci 3178c2ecf20Sopenharmony_ci return -ENOMEM; 3188c2ecf20Sopenharmony_ci } 3198c2ecf20Sopenharmony_ci 3208c2ecf20Sopenharmony_ci rc = ioctl(enclave_fd, NE_GET_IMAGE_LOAD_INFO, &image_load_info); 3218c2ecf20Sopenharmony_ci if (rc < 0) { 3228c2ecf20Sopenharmony_ci switch (errno) { 3238c2ecf20Sopenharmony_ci case NE_ERR_NOT_IN_INIT_STATE: { 3248c2ecf20Sopenharmony_ci printf("Error in get image load info, enclave not in init state\n"); 3258c2ecf20Sopenharmony_ci 3268c2ecf20Sopenharmony_ci break; 3278c2ecf20Sopenharmony_ci } 3288c2ecf20Sopenharmony_ci 3298c2ecf20Sopenharmony_ci case NE_ERR_INVALID_FLAG_VALUE: { 3308c2ecf20Sopenharmony_ci printf("Error in get image load info, provided invalid flag\n"); 3318c2ecf20Sopenharmony_ci 3328c2ecf20Sopenharmony_ci break; 3338c2ecf20Sopenharmony_ci } 3348c2ecf20Sopenharmony_ci 3358c2ecf20Sopenharmony_ci default: 3368c2ecf20Sopenharmony_ci printf("Error in get image load info [%m]\n"); 3378c2ecf20Sopenharmony_ci } 3388c2ecf20Sopenharmony_ci 3398c2ecf20Sopenharmony_ci return rc; 3408c2ecf20Sopenharmony_ci } 3418c2ecf20Sopenharmony_ci 3428c2ecf20Sopenharmony_ci printf("Enclave image offset in enclave memory is %lld\n", 3438c2ecf20Sopenharmony_ci image_load_info.memory_offset); 3448c2ecf20Sopenharmony_ci 3458c2ecf20Sopenharmony_ci enclave_image_fd = open(enclave_image_path, O_RDONLY); 3468c2ecf20Sopenharmony_ci if (enclave_image_fd < 0) { 3478c2ecf20Sopenharmony_ci printf("Error in open enclave image file [%m]\n"); 3488c2ecf20Sopenharmony_ci 3498c2ecf20Sopenharmony_ci return enclave_image_fd; 3508c2ecf20Sopenharmony_ci } 3518c2ecf20Sopenharmony_ci 3528c2ecf20Sopenharmony_ci enclave_image = mmap(NULL, enclave_image_size, PROT_READ, 3538c2ecf20Sopenharmony_ci MAP_PRIVATE, enclave_image_fd, 0); 3548c2ecf20Sopenharmony_ci if (enclave_image == MAP_FAILED) { 3558c2ecf20Sopenharmony_ci printf("Error in mmap enclave image [%m]\n"); 3568c2ecf20Sopenharmony_ci 3578c2ecf20Sopenharmony_ci return -1; 3588c2ecf20Sopenharmony_ci } 3598c2ecf20Sopenharmony_ci 3608c2ecf20Sopenharmony_ci temp_image_offset = image_load_info.memory_offset; 3618c2ecf20Sopenharmony_ci 3628c2ecf20Sopenharmony_ci for (i = 0; i < NE_DEFAULT_NR_MEM_REGIONS; i++) { 3638c2ecf20Sopenharmony_ci size_t bytes_to_write = 0; 3648c2ecf20Sopenharmony_ci size_t memory_offset = 0; 3658c2ecf20Sopenharmony_ci size_t memory_size = ne_user_mem_regions[i].memory_size; 3668c2ecf20Sopenharmony_ci size_t remaining_bytes = 0; 3678c2ecf20Sopenharmony_ci void *userspace_addr = ne_user_mem_regions[i].userspace_addr; 3688c2ecf20Sopenharmony_ci 3698c2ecf20Sopenharmony_ci if (temp_image_offset >= memory_size) { 3708c2ecf20Sopenharmony_ci temp_image_offset -= memory_size; 3718c2ecf20Sopenharmony_ci 3728c2ecf20Sopenharmony_ci continue; 3738c2ecf20Sopenharmony_ci } else if (temp_image_offset != 0) { 3748c2ecf20Sopenharmony_ci memory_offset = temp_image_offset; 3758c2ecf20Sopenharmony_ci memory_size -= temp_image_offset; 3768c2ecf20Sopenharmony_ci temp_image_offset = 0; 3778c2ecf20Sopenharmony_ci } 3788c2ecf20Sopenharmony_ci 3798c2ecf20Sopenharmony_ci remaining_bytes = enclave_image_size - image_written_bytes; 3808c2ecf20Sopenharmony_ci bytes_to_write = memory_size < remaining_bytes ? 3818c2ecf20Sopenharmony_ci memory_size : remaining_bytes; 3828c2ecf20Sopenharmony_ci 3838c2ecf20Sopenharmony_ci memcpy(userspace_addr + memory_offset, 3848c2ecf20Sopenharmony_ci enclave_image + image_written_bytes, bytes_to_write); 3858c2ecf20Sopenharmony_ci 3868c2ecf20Sopenharmony_ci image_written_bytes += bytes_to_write; 3878c2ecf20Sopenharmony_ci 3888c2ecf20Sopenharmony_ci if (image_written_bytes == enclave_image_size) 3898c2ecf20Sopenharmony_ci break; 3908c2ecf20Sopenharmony_ci } 3918c2ecf20Sopenharmony_ci 3928c2ecf20Sopenharmony_ci munmap(enclave_image, enclave_image_size); 3938c2ecf20Sopenharmony_ci 3948c2ecf20Sopenharmony_ci close(enclave_image_fd); 3958c2ecf20Sopenharmony_ci 3968c2ecf20Sopenharmony_ci return 0; 3978c2ecf20Sopenharmony_ci} 3988c2ecf20Sopenharmony_ci 3998c2ecf20Sopenharmony_ci/** 4008c2ecf20Sopenharmony_ci * ne_set_user_mem_region() - Set a user space memory region for the given enclave. 4018c2ecf20Sopenharmony_ci * @enclave_fd : The file descriptor associated with the enclave. 4028c2ecf20Sopenharmony_ci * @ne_user_mem_region : User space memory region to be set for the enclave. 4038c2ecf20Sopenharmony_ci * 4048c2ecf20Sopenharmony_ci * Context: Process context. 4058c2ecf20Sopenharmony_ci * Return: 4068c2ecf20Sopenharmony_ci * * 0 on success. 4078c2ecf20Sopenharmony_ci * * Negative return value on failure. 4088c2ecf20Sopenharmony_ci */ 4098c2ecf20Sopenharmony_cistatic int ne_set_user_mem_region(int enclave_fd, struct ne_user_mem_region ne_user_mem_region) 4108c2ecf20Sopenharmony_ci{ 4118c2ecf20Sopenharmony_ci struct ne_user_memory_region mem_region = { 4128c2ecf20Sopenharmony_ci .flags = NE_DEFAULT_MEMORY_REGION, 4138c2ecf20Sopenharmony_ci .memory_size = ne_user_mem_region.memory_size, 4148c2ecf20Sopenharmony_ci .userspace_addr = (__u64)ne_user_mem_region.userspace_addr, 4158c2ecf20Sopenharmony_ci }; 4168c2ecf20Sopenharmony_ci int rc = -EINVAL; 4178c2ecf20Sopenharmony_ci 4188c2ecf20Sopenharmony_ci rc = ioctl(enclave_fd, NE_SET_USER_MEMORY_REGION, &mem_region); 4198c2ecf20Sopenharmony_ci if (rc < 0) { 4208c2ecf20Sopenharmony_ci switch (errno) { 4218c2ecf20Sopenharmony_ci case NE_ERR_NOT_IN_INIT_STATE: { 4228c2ecf20Sopenharmony_ci printf("Error in set user memory region, enclave not in init state\n"); 4238c2ecf20Sopenharmony_ci 4248c2ecf20Sopenharmony_ci break; 4258c2ecf20Sopenharmony_ci } 4268c2ecf20Sopenharmony_ci 4278c2ecf20Sopenharmony_ci case NE_ERR_INVALID_MEM_REGION_SIZE: { 4288c2ecf20Sopenharmony_ci printf("Error in set user memory region, mem size not multiple of 2 MiB\n"); 4298c2ecf20Sopenharmony_ci 4308c2ecf20Sopenharmony_ci break; 4318c2ecf20Sopenharmony_ci } 4328c2ecf20Sopenharmony_ci 4338c2ecf20Sopenharmony_ci case NE_ERR_INVALID_MEM_REGION_ADDR: { 4348c2ecf20Sopenharmony_ci printf("Error in set user memory region, invalid user space address\n"); 4358c2ecf20Sopenharmony_ci 4368c2ecf20Sopenharmony_ci break; 4378c2ecf20Sopenharmony_ci } 4388c2ecf20Sopenharmony_ci 4398c2ecf20Sopenharmony_ci case NE_ERR_UNALIGNED_MEM_REGION_ADDR: { 4408c2ecf20Sopenharmony_ci printf("Error in set user memory region, unaligned user space address\n"); 4418c2ecf20Sopenharmony_ci 4428c2ecf20Sopenharmony_ci break; 4438c2ecf20Sopenharmony_ci } 4448c2ecf20Sopenharmony_ci 4458c2ecf20Sopenharmony_ci case NE_ERR_MEM_REGION_ALREADY_USED: { 4468c2ecf20Sopenharmony_ci printf("Error in set user memory region, memory region already used\n"); 4478c2ecf20Sopenharmony_ci 4488c2ecf20Sopenharmony_ci break; 4498c2ecf20Sopenharmony_ci } 4508c2ecf20Sopenharmony_ci 4518c2ecf20Sopenharmony_ci case NE_ERR_MEM_NOT_HUGE_PAGE: { 4528c2ecf20Sopenharmony_ci printf("Error in set user memory region, not backed by huge pages\n"); 4538c2ecf20Sopenharmony_ci 4548c2ecf20Sopenharmony_ci break; 4558c2ecf20Sopenharmony_ci } 4568c2ecf20Sopenharmony_ci 4578c2ecf20Sopenharmony_ci case NE_ERR_MEM_DIFFERENT_NUMA_NODE: { 4588c2ecf20Sopenharmony_ci printf("Error in set user memory region, different NUMA node than CPUs\n"); 4598c2ecf20Sopenharmony_ci 4608c2ecf20Sopenharmony_ci break; 4618c2ecf20Sopenharmony_ci } 4628c2ecf20Sopenharmony_ci 4638c2ecf20Sopenharmony_ci case NE_ERR_MEM_MAX_REGIONS: { 4648c2ecf20Sopenharmony_ci printf("Error in set user memory region, max memory regions reached\n"); 4658c2ecf20Sopenharmony_ci 4668c2ecf20Sopenharmony_ci break; 4678c2ecf20Sopenharmony_ci } 4688c2ecf20Sopenharmony_ci 4698c2ecf20Sopenharmony_ci case NE_ERR_INVALID_PAGE_SIZE: { 4708c2ecf20Sopenharmony_ci printf("Error in set user memory region, has page not multiple of 2 MiB\n"); 4718c2ecf20Sopenharmony_ci 4728c2ecf20Sopenharmony_ci break; 4738c2ecf20Sopenharmony_ci } 4748c2ecf20Sopenharmony_ci 4758c2ecf20Sopenharmony_ci case NE_ERR_INVALID_FLAG_VALUE: { 4768c2ecf20Sopenharmony_ci printf("Error in set user memory region, provided invalid flag\n"); 4778c2ecf20Sopenharmony_ci 4788c2ecf20Sopenharmony_ci break; 4798c2ecf20Sopenharmony_ci } 4808c2ecf20Sopenharmony_ci 4818c2ecf20Sopenharmony_ci default: 4828c2ecf20Sopenharmony_ci printf("Error in set user memory region [%m]\n"); 4838c2ecf20Sopenharmony_ci } 4848c2ecf20Sopenharmony_ci 4858c2ecf20Sopenharmony_ci return rc; 4868c2ecf20Sopenharmony_ci } 4878c2ecf20Sopenharmony_ci 4888c2ecf20Sopenharmony_ci return 0; 4898c2ecf20Sopenharmony_ci} 4908c2ecf20Sopenharmony_ci 4918c2ecf20Sopenharmony_ci/** 4928c2ecf20Sopenharmony_ci * ne_free_mem_regions() - Unmap all the user space memory regions that were set 4938c2ecf20Sopenharmony_ci * aside for the enclave. 4948c2ecf20Sopenharmony_ci * @ne_user_mem_regions: The user space memory regions associated with an enclave. 4958c2ecf20Sopenharmony_ci * 4968c2ecf20Sopenharmony_ci * Context: Process context. 4978c2ecf20Sopenharmony_ci */ 4988c2ecf20Sopenharmony_cistatic void ne_free_mem_regions(struct ne_user_mem_region ne_user_mem_regions[]) 4998c2ecf20Sopenharmony_ci{ 5008c2ecf20Sopenharmony_ci unsigned int i = 0; 5018c2ecf20Sopenharmony_ci 5028c2ecf20Sopenharmony_ci for (i = 0; i < NE_DEFAULT_NR_MEM_REGIONS; i++) 5038c2ecf20Sopenharmony_ci munmap(ne_user_mem_regions[i].userspace_addr, 5048c2ecf20Sopenharmony_ci ne_user_mem_regions[i].memory_size); 5058c2ecf20Sopenharmony_ci} 5068c2ecf20Sopenharmony_ci 5078c2ecf20Sopenharmony_ci/** 5088c2ecf20Sopenharmony_ci * ne_add_vcpu() - Add a vCPU to the given enclave. 5098c2ecf20Sopenharmony_ci * @enclave_fd : The file descriptor associated with the enclave. 5108c2ecf20Sopenharmony_ci * @vcpu_id: vCPU id to be set for the enclave, either provided or 5118c2ecf20Sopenharmony_ci * auto-generated (if provided vCPU id is 0). 5128c2ecf20Sopenharmony_ci * 5138c2ecf20Sopenharmony_ci * Context: Process context. 5148c2ecf20Sopenharmony_ci * Return: 5158c2ecf20Sopenharmony_ci * * 0 on success. 5168c2ecf20Sopenharmony_ci * * Negative return value on failure. 5178c2ecf20Sopenharmony_ci */ 5188c2ecf20Sopenharmony_cistatic int ne_add_vcpu(int enclave_fd, unsigned int *vcpu_id) 5198c2ecf20Sopenharmony_ci{ 5208c2ecf20Sopenharmony_ci int rc = -EINVAL; 5218c2ecf20Sopenharmony_ci 5228c2ecf20Sopenharmony_ci rc = ioctl(enclave_fd, NE_ADD_VCPU, vcpu_id); 5238c2ecf20Sopenharmony_ci if (rc < 0) { 5248c2ecf20Sopenharmony_ci switch (errno) { 5258c2ecf20Sopenharmony_ci case NE_ERR_NO_CPUS_AVAIL_IN_POOL: { 5268c2ecf20Sopenharmony_ci printf("Error in add vcpu, no CPUs available in the NE CPU pool\n"); 5278c2ecf20Sopenharmony_ci 5288c2ecf20Sopenharmony_ci break; 5298c2ecf20Sopenharmony_ci } 5308c2ecf20Sopenharmony_ci 5318c2ecf20Sopenharmony_ci case NE_ERR_VCPU_ALREADY_USED: { 5328c2ecf20Sopenharmony_ci printf("Error in add vcpu, the provided vCPU is already used\n"); 5338c2ecf20Sopenharmony_ci 5348c2ecf20Sopenharmony_ci break; 5358c2ecf20Sopenharmony_ci } 5368c2ecf20Sopenharmony_ci 5378c2ecf20Sopenharmony_ci case NE_ERR_VCPU_NOT_IN_CPU_POOL: { 5388c2ecf20Sopenharmony_ci printf("Error in add vcpu, the provided vCPU is not in the NE CPU pool\n"); 5398c2ecf20Sopenharmony_ci 5408c2ecf20Sopenharmony_ci break; 5418c2ecf20Sopenharmony_ci } 5428c2ecf20Sopenharmony_ci 5438c2ecf20Sopenharmony_ci case NE_ERR_VCPU_INVALID_CPU_CORE: { 5448c2ecf20Sopenharmony_ci printf("Error in add vcpu, the core id of the provided vCPU is invalid\n"); 5458c2ecf20Sopenharmony_ci 5468c2ecf20Sopenharmony_ci break; 5478c2ecf20Sopenharmony_ci } 5488c2ecf20Sopenharmony_ci 5498c2ecf20Sopenharmony_ci case NE_ERR_NOT_IN_INIT_STATE: { 5508c2ecf20Sopenharmony_ci printf("Error in add vcpu, enclave not in init state\n"); 5518c2ecf20Sopenharmony_ci 5528c2ecf20Sopenharmony_ci break; 5538c2ecf20Sopenharmony_ci } 5548c2ecf20Sopenharmony_ci 5558c2ecf20Sopenharmony_ci case NE_ERR_INVALID_VCPU: { 5568c2ecf20Sopenharmony_ci printf("Error in add vcpu, the provided vCPU is out of avail CPUs range\n"); 5578c2ecf20Sopenharmony_ci 5588c2ecf20Sopenharmony_ci break; 5598c2ecf20Sopenharmony_ci } 5608c2ecf20Sopenharmony_ci 5618c2ecf20Sopenharmony_ci default: 5628c2ecf20Sopenharmony_ci printf("Error in add vcpu [%m]\n"); 5638c2ecf20Sopenharmony_ci 5648c2ecf20Sopenharmony_ci } 5658c2ecf20Sopenharmony_ci return rc; 5668c2ecf20Sopenharmony_ci } 5678c2ecf20Sopenharmony_ci 5688c2ecf20Sopenharmony_ci return 0; 5698c2ecf20Sopenharmony_ci} 5708c2ecf20Sopenharmony_ci 5718c2ecf20Sopenharmony_ci/** 5728c2ecf20Sopenharmony_ci * ne_start_enclave() - Start the given enclave. 5738c2ecf20Sopenharmony_ci * @enclave_fd : The file descriptor associated with the enclave. 5748c2ecf20Sopenharmony_ci * @enclave_start_info : Enclave metadata used for starting e.g. vsock CID. 5758c2ecf20Sopenharmony_ci * 5768c2ecf20Sopenharmony_ci * Context: Process context. 5778c2ecf20Sopenharmony_ci * Return: 5788c2ecf20Sopenharmony_ci * * 0 on success. 5798c2ecf20Sopenharmony_ci * * Negative return value on failure. 5808c2ecf20Sopenharmony_ci */ 5818c2ecf20Sopenharmony_cistatic int ne_start_enclave(int enclave_fd, struct ne_enclave_start_info *enclave_start_info) 5828c2ecf20Sopenharmony_ci{ 5838c2ecf20Sopenharmony_ci int rc = -EINVAL; 5848c2ecf20Sopenharmony_ci 5858c2ecf20Sopenharmony_ci rc = ioctl(enclave_fd, NE_START_ENCLAVE, enclave_start_info); 5868c2ecf20Sopenharmony_ci if (rc < 0) { 5878c2ecf20Sopenharmony_ci switch (errno) { 5888c2ecf20Sopenharmony_ci case NE_ERR_NOT_IN_INIT_STATE: { 5898c2ecf20Sopenharmony_ci printf("Error in start enclave, enclave not in init state\n"); 5908c2ecf20Sopenharmony_ci 5918c2ecf20Sopenharmony_ci break; 5928c2ecf20Sopenharmony_ci } 5938c2ecf20Sopenharmony_ci 5948c2ecf20Sopenharmony_ci case NE_ERR_NO_MEM_REGIONS_ADDED: { 5958c2ecf20Sopenharmony_ci printf("Error in start enclave, no memory regions have been added\n"); 5968c2ecf20Sopenharmony_ci 5978c2ecf20Sopenharmony_ci break; 5988c2ecf20Sopenharmony_ci } 5998c2ecf20Sopenharmony_ci 6008c2ecf20Sopenharmony_ci case NE_ERR_NO_VCPUS_ADDED: { 6018c2ecf20Sopenharmony_ci printf("Error in start enclave, no vCPUs have been added\n"); 6028c2ecf20Sopenharmony_ci 6038c2ecf20Sopenharmony_ci break; 6048c2ecf20Sopenharmony_ci } 6058c2ecf20Sopenharmony_ci 6068c2ecf20Sopenharmony_ci case NE_ERR_FULL_CORES_NOT_USED: { 6078c2ecf20Sopenharmony_ci printf("Error in start enclave, enclave has no full cores set\n"); 6088c2ecf20Sopenharmony_ci 6098c2ecf20Sopenharmony_ci break; 6108c2ecf20Sopenharmony_ci } 6118c2ecf20Sopenharmony_ci 6128c2ecf20Sopenharmony_ci case NE_ERR_ENCLAVE_MEM_MIN_SIZE: { 6138c2ecf20Sopenharmony_ci printf("Error in start enclave, enclave memory is less than min size\n"); 6148c2ecf20Sopenharmony_ci 6158c2ecf20Sopenharmony_ci break; 6168c2ecf20Sopenharmony_ci } 6178c2ecf20Sopenharmony_ci 6188c2ecf20Sopenharmony_ci case NE_ERR_INVALID_FLAG_VALUE: { 6198c2ecf20Sopenharmony_ci printf("Error in start enclave, provided invalid flag\n"); 6208c2ecf20Sopenharmony_ci 6218c2ecf20Sopenharmony_ci break; 6228c2ecf20Sopenharmony_ci } 6238c2ecf20Sopenharmony_ci 6248c2ecf20Sopenharmony_ci case NE_ERR_INVALID_ENCLAVE_CID: { 6258c2ecf20Sopenharmony_ci printf("Error in start enclave, provided invalid enclave CID\n"); 6268c2ecf20Sopenharmony_ci 6278c2ecf20Sopenharmony_ci break; 6288c2ecf20Sopenharmony_ci } 6298c2ecf20Sopenharmony_ci 6308c2ecf20Sopenharmony_ci default: 6318c2ecf20Sopenharmony_ci printf("Error in start enclave [%m]\n"); 6328c2ecf20Sopenharmony_ci } 6338c2ecf20Sopenharmony_ci 6348c2ecf20Sopenharmony_ci return rc; 6358c2ecf20Sopenharmony_ci } 6368c2ecf20Sopenharmony_ci 6378c2ecf20Sopenharmony_ci return 0; 6388c2ecf20Sopenharmony_ci} 6398c2ecf20Sopenharmony_ci 6408c2ecf20Sopenharmony_ci/** 6418c2ecf20Sopenharmony_ci * ne_start_enclave_check_booted() - Start the enclave and wait for a hearbeat 6428c2ecf20Sopenharmony_ci * from it, on a newly created vsock channel, 6438c2ecf20Sopenharmony_ci * to check it has booted. 6448c2ecf20Sopenharmony_ci * @enclave_fd : The file descriptor associated with the enclave. 6458c2ecf20Sopenharmony_ci * 6468c2ecf20Sopenharmony_ci * Context: Process context. 6478c2ecf20Sopenharmony_ci * Return: 6488c2ecf20Sopenharmony_ci * * 0 on success. 6498c2ecf20Sopenharmony_ci * * Negative return value on failure. 6508c2ecf20Sopenharmony_ci */ 6518c2ecf20Sopenharmony_cistatic int ne_start_enclave_check_booted(int enclave_fd) 6528c2ecf20Sopenharmony_ci{ 6538c2ecf20Sopenharmony_ci struct sockaddr_vm client_vsock_addr = {}; 6548c2ecf20Sopenharmony_ci int client_vsock_fd = -1; 6558c2ecf20Sopenharmony_ci socklen_t client_vsock_len = sizeof(client_vsock_addr); 6568c2ecf20Sopenharmony_ci struct ne_enclave_start_info enclave_start_info = {}; 6578c2ecf20Sopenharmony_ci struct pollfd fds[1] = {}; 6588c2ecf20Sopenharmony_ci int rc = -EINVAL; 6598c2ecf20Sopenharmony_ci unsigned char recv_buf = 0; 6608c2ecf20Sopenharmony_ci struct sockaddr_vm server_vsock_addr = { 6618c2ecf20Sopenharmony_ci .svm_family = AF_VSOCK, 6628c2ecf20Sopenharmony_ci .svm_cid = NE_IMAGE_LOAD_HEARTBEAT_CID, 6638c2ecf20Sopenharmony_ci .svm_port = NE_IMAGE_LOAD_HEARTBEAT_PORT, 6648c2ecf20Sopenharmony_ci }; 6658c2ecf20Sopenharmony_ci int server_vsock_fd = -1; 6668c2ecf20Sopenharmony_ci 6678c2ecf20Sopenharmony_ci server_vsock_fd = socket(AF_VSOCK, SOCK_STREAM, 0); 6688c2ecf20Sopenharmony_ci if (server_vsock_fd < 0) { 6698c2ecf20Sopenharmony_ci rc = server_vsock_fd; 6708c2ecf20Sopenharmony_ci 6718c2ecf20Sopenharmony_ci printf("Error in socket [%m]\n"); 6728c2ecf20Sopenharmony_ci 6738c2ecf20Sopenharmony_ci return rc; 6748c2ecf20Sopenharmony_ci } 6758c2ecf20Sopenharmony_ci 6768c2ecf20Sopenharmony_ci rc = bind(server_vsock_fd, (struct sockaddr *)&server_vsock_addr, 6778c2ecf20Sopenharmony_ci sizeof(server_vsock_addr)); 6788c2ecf20Sopenharmony_ci if (rc < 0) { 6798c2ecf20Sopenharmony_ci printf("Error in bind [%m]\n"); 6808c2ecf20Sopenharmony_ci 6818c2ecf20Sopenharmony_ci goto out; 6828c2ecf20Sopenharmony_ci } 6838c2ecf20Sopenharmony_ci 6848c2ecf20Sopenharmony_ci rc = listen(server_vsock_fd, 1); 6858c2ecf20Sopenharmony_ci if (rc < 0) { 6868c2ecf20Sopenharmony_ci printf("Error in listen [%m]\n"); 6878c2ecf20Sopenharmony_ci 6888c2ecf20Sopenharmony_ci goto out; 6898c2ecf20Sopenharmony_ci } 6908c2ecf20Sopenharmony_ci 6918c2ecf20Sopenharmony_ci rc = ne_start_enclave(enclave_fd, &enclave_start_info); 6928c2ecf20Sopenharmony_ci if (rc < 0) 6938c2ecf20Sopenharmony_ci goto out; 6948c2ecf20Sopenharmony_ci 6958c2ecf20Sopenharmony_ci printf("Enclave started, CID %llu\n", enclave_start_info.enclave_cid); 6968c2ecf20Sopenharmony_ci 6978c2ecf20Sopenharmony_ci fds[0].fd = server_vsock_fd; 6988c2ecf20Sopenharmony_ci fds[0].events = POLLIN; 6998c2ecf20Sopenharmony_ci 7008c2ecf20Sopenharmony_ci rc = poll(fds, 1, NE_POLL_WAIT_TIME_MS); 7018c2ecf20Sopenharmony_ci if (rc < 0) { 7028c2ecf20Sopenharmony_ci printf("Error in poll [%m]\n"); 7038c2ecf20Sopenharmony_ci 7048c2ecf20Sopenharmony_ci goto out; 7058c2ecf20Sopenharmony_ci } 7068c2ecf20Sopenharmony_ci 7078c2ecf20Sopenharmony_ci if (!rc) { 7088c2ecf20Sopenharmony_ci printf("Poll timeout, %d seconds elapsed\n", NE_POLL_WAIT_TIME); 7098c2ecf20Sopenharmony_ci 7108c2ecf20Sopenharmony_ci rc = -ETIMEDOUT; 7118c2ecf20Sopenharmony_ci 7128c2ecf20Sopenharmony_ci goto out; 7138c2ecf20Sopenharmony_ci } 7148c2ecf20Sopenharmony_ci 7158c2ecf20Sopenharmony_ci if ((fds[0].revents & POLLIN) == 0) { 7168c2ecf20Sopenharmony_ci printf("Poll received value %d\n", fds[0].revents); 7178c2ecf20Sopenharmony_ci 7188c2ecf20Sopenharmony_ci rc = -EINVAL; 7198c2ecf20Sopenharmony_ci 7208c2ecf20Sopenharmony_ci goto out; 7218c2ecf20Sopenharmony_ci } 7228c2ecf20Sopenharmony_ci 7238c2ecf20Sopenharmony_ci rc = accept(server_vsock_fd, (struct sockaddr *)&client_vsock_addr, 7248c2ecf20Sopenharmony_ci &client_vsock_len); 7258c2ecf20Sopenharmony_ci if (rc < 0) { 7268c2ecf20Sopenharmony_ci printf("Error in accept [%m]\n"); 7278c2ecf20Sopenharmony_ci 7288c2ecf20Sopenharmony_ci goto out; 7298c2ecf20Sopenharmony_ci } 7308c2ecf20Sopenharmony_ci 7318c2ecf20Sopenharmony_ci client_vsock_fd = rc; 7328c2ecf20Sopenharmony_ci 7338c2ecf20Sopenharmony_ci /* 7348c2ecf20Sopenharmony_ci * Read the heartbeat value that the init process in the enclave sends 7358c2ecf20Sopenharmony_ci * after vsock connect. 7368c2ecf20Sopenharmony_ci */ 7378c2ecf20Sopenharmony_ci rc = read(client_vsock_fd, &recv_buf, sizeof(recv_buf)); 7388c2ecf20Sopenharmony_ci if (rc < 0) { 7398c2ecf20Sopenharmony_ci printf("Error in read [%m]\n"); 7408c2ecf20Sopenharmony_ci 7418c2ecf20Sopenharmony_ci goto out; 7428c2ecf20Sopenharmony_ci } 7438c2ecf20Sopenharmony_ci 7448c2ecf20Sopenharmony_ci if (rc != sizeof(recv_buf) || recv_buf != NE_IMAGE_LOAD_HEARTBEAT_VALUE) { 7458c2ecf20Sopenharmony_ci printf("Read %d instead of %d\n", recv_buf, 7468c2ecf20Sopenharmony_ci NE_IMAGE_LOAD_HEARTBEAT_VALUE); 7478c2ecf20Sopenharmony_ci 7488c2ecf20Sopenharmony_ci goto out; 7498c2ecf20Sopenharmony_ci } 7508c2ecf20Sopenharmony_ci 7518c2ecf20Sopenharmony_ci /* Write the heartbeat value back. */ 7528c2ecf20Sopenharmony_ci rc = write(client_vsock_fd, &recv_buf, sizeof(recv_buf)); 7538c2ecf20Sopenharmony_ci if (rc < 0) { 7548c2ecf20Sopenharmony_ci printf("Error in write [%m]\n"); 7558c2ecf20Sopenharmony_ci 7568c2ecf20Sopenharmony_ci goto out; 7578c2ecf20Sopenharmony_ci } 7588c2ecf20Sopenharmony_ci 7598c2ecf20Sopenharmony_ci rc = 0; 7608c2ecf20Sopenharmony_ci 7618c2ecf20Sopenharmony_ciout: 7628c2ecf20Sopenharmony_ci close(server_vsock_fd); 7638c2ecf20Sopenharmony_ci 7648c2ecf20Sopenharmony_ci return rc; 7658c2ecf20Sopenharmony_ci} 7668c2ecf20Sopenharmony_ci 7678c2ecf20Sopenharmony_ciint main(int argc, char *argv[]) 7688c2ecf20Sopenharmony_ci{ 7698c2ecf20Sopenharmony_ci int enclave_fd = -1; 7708c2ecf20Sopenharmony_ci unsigned int i = 0; 7718c2ecf20Sopenharmony_ci int ne_dev_fd = -1; 7728c2ecf20Sopenharmony_ci struct ne_user_mem_region ne_user_mem_regions[NE_DEFAULT_NR_MEM_REGIONS] = {}; 7738c2ecf20Sopenharmony_ci unsigned int ne_vcpus[NE_DEFAULT_NR_VCPUS] = {}; 7748c2ecf20Sopenharmony_ci int rc = -EINVAL; 7758c2ecf20Sopenharmony_ci pthread_t thread_id = 0; 7768c2ecf20Sopenharmony_ci unsigned long slot_uid = 0; 7778c2ecf20Sopenharmony_ci 7788c2ecf20Sopenharmony_ci if (argc != 2) { 7798c2ecf20Sopenharmony_ci printf("Usage: %s <path_to_enclave_image>\n", argv[0]); 7808c2ecf20Sopenharmony_ci 7818c2ecf20Sopenharmony_ci exit(EXIT_FAILURE); 7828c2ecf20Sopenharmony_ci } 7838c2ecf20Sopenharmony_ci 7848c2ecf20Sopenharmony_ci if (strlen(argv[1]) >= PATH_MAX) { 7858c2ecf20Sopenharmony_ci printf("The size of the path to enclave image is higher than max path\n"); 7868c2ecf20Sopenharmony_ci 7878c2ecf20Sopenharmony_ci exit(EXIT_FAILURE); 7888c2ecf20Sopenharmony_ci } 7898c2ecf20Sopenharmony_ci 7908c2ecf20Sopenharmony_ci ne_dev_fd = open(NE_DEV_NAME, O_RDWR | O_CLOEXEC); 7918c2ecf20Sopenharmony_ci if (ne_dev_fd < 0) { 7928c2ecf20Sopenharmony_ci printf("Error in open NE device [%m]\n"); 7938c2ecf20Sopenharmony_ci 7948c2ecf20Sopenharmony_ci exit(EXIT_FAILURE); 7958c2ecf20Sopenharmony_ci } 7968c2ecf20Sopenharmony_ci 7978c2ecf20Sopenharmony_ci printf("Creating enclave slot ...\n"); 7988c2ecf20Sopenharmony_ci 7998c2ecf20Sopenharmony_ci rc = ne_create_vm(ne_dev_fd, &slot_uid, &enclave_fd); 8008c2ecf20Sopenharmony_ci 8018c2ecf20Sopenharmony_ci close(ne_dev_fd); 8028c2ecf20Sopenharmony_ci 8038c2ecf20Sopenharmony_ci if (rc < 0) 8048c2ecf20Sopenharmony_ci exit(EXIT_FAILURE); 8058c2ecf20Sopenharmony_ci 8068c2ecf20Sopenharmony_ci printf("Enclave fd %d\n", enclave_fd); 8078c2ecf20Sopenharmony_ci 8088c2ecf20Sopenharmony_ci rc = pthread_create(&thread_id, NULL, ne_poll_enclave_fd, (void *)&enclave_fd); 8098c2ecf20Sopenharmony_ci if (rc < 0) { 8108c2ecf20Sopenharmony_ci printf("Error in thread create [%m]\n"); 8118c2ecf20Sopenharmony_ci 8128c2ecf20Sopenharmony_ci close(enclave_fd); 8138c2ecf20Sopenharmony_ci 8148c2ecf20Sopenharmony_ci exit(EXIT_FAILURE); 8158c2ecf20Sopenharmony_ci } 8168c2ecf20Sopenharmony_ci 8178c2ecf20Sopenharmony_ci for (i = 0; i < NE_DEFAULT_NR_MEM_REGIONS; i++) { 8188c2ecf20Sopenharmony_ci ne_user_mem_regions[i].memory_size = NE_MIN_MEM_REGION_SIZE; 8198c2ecf20Sopenharmony_ci 8208c2ecf20Sopenharmony_ci rc = ne_alloc_user_mem_region(&ne_user_mem_regions[i]); 8218c2ecf20Sopenharmony_ci if (rc < 0) { 8228c2ecf20Sopenharmony_ci printf("Error in alloc userspace memory region, iter %d\n", i); 8238c2ecf20Sopenharmony_ci 8248c2ecf20Sopenharmony_ci goto release_enclave_fd; 8258c2ecf20Sopenharmony_ci } 8268c2ecf20Sopenharmony_ci } 8278c2ecf20Sopenharmony_ci 8288c2ecf20Sopenharmony_ci rc = ne_load_enclave_image(enclave_fd, ne_user_mem_regions, argv[1]); 8298c2ecf20Sopenharmony_ci if (rc < 0) 8308c2ecf20Sopenharmony_ci goto release_enclave_fd; 8318c2ecf20Sopenharmony_ci 8328c2ecf20Sopenharmony_ci for (i = 0; i < NE_DEFAULT_NR_MEM_REGIONS; i++) { 8338c2ecf20Sopenharmony_ci rc = ne_set_user_mem_region(enclave_fd, ne_user_mem_regions[i]); 8348c2ecf20Sopenharmony_ci if (rc < 0) { 8358c2ecf20Sopenharmony_ci printf("Error in set memory region, iter %d\n", i); 8368c2ecf20Sopenharmony_ci 8378c2ecf20Sopenharmony_ci goto release_enclave_fd; 8388c2ecf20Sopenharmony_ci } 8398c2ecf20Sopenharmony_ci } 8408c2ecf20Sopenharmony_ci 8418c2ecf20Sopenharmony_ci printf("Enclave memory regions were added\n"); 8428c2ecf20Sopenharmony_ci 8438c2ecf20Sopenharmony_ci for (i = 0; i < NE_DEFAULT_NR_VCPUS; i++) { 8448c2ecf20Sopenharmony_ci /* 8458c2ecf20Sopenharmony_ci * The vCPU is chosen from the enclave vCPU pool, if the value 8468c2ecf20Sopenharmony_ci * of the vcpu_id is 0. 8478c2ecf20Sopenharmony_ci */ 8488c2ecf20Sopenharmony_ci ne_vcpus[i] = 0; 8498c2ecf20Sopenharmony_ci rc = ne_add_vcpu(enclave_fd, &ne_vcpus[i]); 8508c2ecf20Sopenharmony_ci if (rc < 0) { 8518c2ecf20Sopenharmony_ci printf("Error in add vcpu, iter %d\n", i); 8528c2ecf20Sopenharmony_ci 8538c2ecf20Sopenharmony_ci goto release_enclave_fd; 8548c2ecf20Sopenharmony_ci } 8558c2ecf20Sopenharmony_ci 8568c2ecf20Sopenharmony_ci printf("Added vCPU %d to the enclave\n", ne_vcpus[i]); 8578c2ecf20Sopenharmony_ci } 8588c2ecf20Sopenharmony_ci 8598c2ecf20Sopenharmony_ci printf("Enclave vCPUs were added\n"); 8608c2ecf20Sopenharmony_ci 8618c2ecf20Sopenharmony_ci rc = ne_start_enclave_check_booted(enclave_fd); 8628c2ecf20Sopenharmony_ci if (rc < 0) { 8638c2ecf20Sopenharmony_ci printf("Error in the enclave start / image loading heartbeat logic [rc=%d]\n", rc); 8648c2ecf20Sopenharmony_ci 8658c2ecf20Sopenharmony_ci goto release_enclave_fd; 8668c2ecf20Sopenharmony_ci } 8678c2ecf20Sopenharmony_ci 8688c2ecf20Sopenharmony_ci printf("Entering sleep for %d seconds ...\n", NE_SLEEP_TIME); 8698c2ecf20Sopenharmony_ci 8708c2ecf20Sopenharmony_ci sleep(NE_SLEEP_TIME); 8718c2ecf20Sopenharmony_ci 8728c2ecf20Sopenharmony_ci close(enclave_fd); 8738c2ecf20Sopenharmony_ci 8748c2ecf20Sopenharmony_ci ne_free_mem_regions(ne_user_mem_regions); 8758c2ecf20Sopenharmony_ci 8768c2ecf20Sopenharmony_ci exit(EXIT_SUCCESS); 8778c2ecf20Sopenharmony_ci 8788c2ecf20Sopenharmony_cirelease_enclave_fd: 8798c2ecf20Sopenharmony_ci close(enclave_fd); 8808c2ecf20Sopenharmony_ci ne_free_mem_regions(ne_user_mem_regions); 8818c2ecf20Sopenharmony_ci 8828c2ecf20Sopenharmony_ci exit(EXIT_FAILURE); 8838c2ecf20Sopenharmony_ci} 884