Skip to content
This repository has been archived by the owner on Nov 22, 2022. It is now read-only.

Pagefault in enclave when trying to write to custom address. #14

Open
daves003 opened this issue Nov 18, 2021 · 1 comment
Open

Pagefault in enclave when trying to write to custom address. #14

daves003 opened this issue Nov 18, 2021 · 1 comment

Comments

@daves003
Copy link

I am trying to add support for reading/writing memory addresses outside of the regular enclave and shared memory buffers.
I did manage to define an additional memory region in the enclave struct and that seems to get set correctly when context switching. However, I still get pagefaults in the enclave when trying to use it.
Ultimately I want to use this to facilitate communication with I/O (such as the UART connection) devices from within the enclave.

Some more detail:

  • New memory region type (enum value 3)
  • This type only gets set when entering the enclave. The entry should get cleared when leaving so that the default rules apply.
  • This new address is currently hardcoded to 0x10000000-0x10001000 (UART base address for the QEMU setup)
  • Add debugging prints in the SM, host app, and eapp(through edge calls). They are prefixed with [SM], [linux] and [eapp] respectively.

Problem:

  • I am still getting a pagefault from the eyrie runtime. I am not sure why that is since the PMP registers should be set correctly.
  • My understanding is that paging is disabled per default in eyrie. (USE_PAGING is not defined and the pagefault occurs at the correct physical address).
  • The scause register indicates "Load page fault" or "Store/AMO page fault" depending if the eapp tries to read or write.

Output from running a test enclave:

# ./uart-native.ke 
Verifying archive integrity... All good.
Uncompressing Keystone Enclave Package
[linux] Host is starting
pmp_set() [hart 0]: reg[1], mode[NAPOT], range[0x00000000b8000000-0x00000000b8200000], perm[0x0]
PMP regions in enclave:
        ID: 2  type: 1  base: 0xb8000000  size: 0x200000
        ID: 3  type: 2  base: 0xb8200000  size: 0x100000
        ID: 4  type: 3  base: 0x10000000  size: 0x1000
[linux] untrusted base pointer is 0x0000000080000000
[linux] shared buffer base ptr is 0x00000000ce946000
[linux] start enclave
[SM] context_switch_to_enclave()
pmp_set() [hart 0]: reg[7], mode[NAPOT], range[0x0000000000000000-0xffffffffffffffff], perm[0x0]
pmp_set() [hart 0]: reg[1], mode[NAPOT], range[0x00000000b8000000-0x00000000b8200000], perm[0x7]
pmp_set() [hart 0]: reg[7], mode[NAPOT], range[0x00000000b8200000-0x00000000b8300000], perm[0x7]
pmp_set() [hart 0]: reg[2], mode[NAPOT], range[0x0000000010000000-0x0000000010001000], perm[0x7]
{ ... }
[SM] context_switch_to_host()
pmp_set() [hart 0]: reg[1], mode[NAPOT], range[0x00000000b8000000-0x00000000b8200000], perm[0x7]
pmp_set() [hart 0]: reg[7], mode[NAPOT], range[0x00000000b8200000-0x00000000b8300000], perm[0x7]
pmp_set() [hart 0]: reg[7], mode[NAPOT], range[0x0000000000000000-0xffffffffffffffff], perm[0x7]
[eapp] starting...
[SM] context_switch_to_enclave()
pmp_set() [hart 0]: reg[7], mode[NAPOT], range[0x0000000000000000-0xffffffffffffffff], perm[0x0]
pmp_set() [hart 0]: reg[1], mode[NAPOT], range[0x00000000b8000000-0x00000000b8200000], perm[0x7]
pmp_set() [hart 0]: reg[7], mode[NAPOT], range[0x00000000b8200000-0x00000000b8300000], perm[0x7]
pmp_set() [hart 0]: reg[2], mode[NAPOT], range[0x0000000010000000-0x0000000010001000], perm[0x7]
{ ... }
[SM] context_switch_to_host()
pmp_set() [hart 0]: reg[1], mode[NAPOT], range[0x00000000b8000000-0x00000000b8200000], perm[0x7]
pmp_set() [hart 0]: reg[7], mode[NAPOT], range[0x00000000b8200000-0x00000000b8300000], perm[0x7]
pmp_set() [hart 0]: reg[7], mode[NAPOT], range[0x0000000000000000-0xffffffffffffffff], perm[0x7]
[eapp] Trying to read from UART...
[SM] context_switch_to_enclave()
pmp_set() [hart 0]: reg[7], mode[NAPOT], range[0x0000000000000000-0xffffffffffffffff], perm[0x0]
pmp_set() [hart 0]: reg[1], mode[NAPOT], range[0x00000000b8000000-0x00000000b8200000], perm[0x7]
pmp_set() [hart 0]: reg[7], mode[NAPOT], range[0x00000000b8200000-0x00000000b8300000], perm[0x7]
pmp_set() [hart 0]: reg[2], mode[NAPOT], range[0x0000000010000000-0x0000000010001000], perm[0x7]
[runtime] page fault at 0x100f8 on 0x10000000 (scause: 0xd)
[SM] context_switch_to_host()
pmp_set() [hart 0]: reg[1], mode[NAPOT], range[0x00000000b8000000-0x00000000b8200000], perm[0x7]
pmp_set() [hart 0]: reg[7], mode[NAPOT], range[0x00000000b8200000-0x00000000b8300000], perm[0x7]
pmp_set() [hart 0]: reg[7], mode[NAPOT], range[0x0000000000000000-0xffffffffffffffff], perm[0x7]
[linux] stop enclave
[linux] Host is shutting down

If needed, I can provide my modifications to the SM and the eapp code, but they are not yet in any git repo.
Thanks for the help.

@daves003
Copy link
Author

daves003 commented Dec 7, 2021

Update:
I've tried writing to 0x10000000 from machine mode both before and after the call to context_switch_to_enclave. Both seem to be working as intended. However after switching to supervisor mode, this write fails.
There seems to be some address translation even with USE_PAGING and USE_FREEMEM both disabled. The SM is still setting the satp register to a non-zero value which I think may be causing this. I cannot change this since that would result in validate_and_hash_enclave to fail.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant