Skip to content

Commit

Permalink
Move ring buffer bound check early (microsoft#4514)
Browse files Browse the repository at this point in the history 
(cherry picked from commit 6c7d2ee)
  • Loading branch information
@jumaffre
jumaffre authored and Julien Maffre committed Nov 10, 2022
1 parent 7e018d2 commit f5bcfd7
Showing 1 changed file with 17 additions and 30 deletions.
47 changes: 17 additions & 30 deletions src/enclave/main.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,22 @@ extern "C"
auto writer_factory = std::make_unique<oversized::WriterFactory>(
*basic_writer_factory, ec.writer_config);

// Check that ringbuffer memory ranges are entirely outside of the enclave
if (
!ccf::pal::is_outside_enclave(
ec.from_enclave_buffer_start, ec.from_enclave_buffer_size) ||
!ccf::pal::is_outside_enclave(
ec.to_enclave_buffer_start, ec.to_enclave_buffer_size) ||
!ccf::pal::is_outside_enclave(
ec.to_enclave_buffer_offsets, sizeof(ringbuffer::Offsets)) ||
!ccf::pal::is_outside_enclave(
ec.from_enclave_buffer_offsets, sizeof(ringbuffer::Offsets)))
{
return CreateNodeStatus::MemoryNotOutsideEnclave;
}

// Note: because logger uses ringbuffer, logger can only be initialised once
// ringbuffer memory has been verified
auto new_logger = std::make_unique<ccf::RingbufferLogger>(
writer_factory->create_writer_to_outside());
auto ringbuffer_logger = new_logger.get();
Expand Down Expand Up @@ -190,36 +206,7 @@ extern "C"
ccf::host_time_us =
static_cast<decltype(ccf::host_time_us)>(time_location);

// Check that ringbuffer memory ranges are entirely outside of the enclave
if (!oe_is_outside_enclave(
ec.to_enclave_buffer_start, ec.to_enclave_buffer_size))
{
LOG_FAIL_FMT("Memory outside enclave: to_enclave buffer start");
return CreateNodeStatus::MemoryNotOutsideEnclave;
}

if (!oe_is_outside_enclave(
ec.from_enclave_buffer_start, ec.from_enclave_buffer_size))
{
LOG_FAIL_FMT("Memory outside enclave: from_enclave buffer start");
return CreateNodeStatus::MemoryNotOutsideEnclave;
}

if (!oe_is_outside_enclave(
ec.to_enclave_buffer_offsets, sizeof(ringbuffer::Offsets)))
{
LOG_FAIL_FMT("Memory outside enclave: to_enclave buffer offset");
return CreateNodeStatus::MemoryNotOutsideEnclave;
}

if (!oe_is_outside_enclave(
ec.from_enclave_buffer_offsets, sizeof(ringbuffer::Offsets)))
{
LOG_FAIL_FMT("Memory outside enclave: from_enclave buffer offset");
return CreateNodeStatus::MemoryNotOutsideEnclave;
}

oe_lfence();
ccf::pal::speculation_barrier();
}

if (!oe_is_outside_enclave(ccf_config, ccf_config_size))
Expand Down

0 comments on commit f5bcfd7

Please sign in to comment.