github.com/epfl-dcsl/gotee@v0.0.0-20200909122901-014b35f5e5e9/src/syscall/gosec.go (about) 1 package syscall 2 3 import ( 4 "runtime" 5 "unsafe" 6 ) 7 8 func memcpy(dest, source, l uintptr) { 9 for i := uintptr(0); i < l; i++ { 10 d := (*byte)(unsafe.Pointer(dest + i)) 11 s := (*byte)(unsafe.Pointer(source + i)) 12 *d = *s 13 } 14 } 15 16 func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno) { 17 if runtime.IsEnclave() { 18 syscid, csys := runtime.Cooprt.AcquireSysPool() 19 _tpe := runtime.S3 20 switch trap { 21 case SYS_FSTAT: 22 sstat := unsafe.Sizeof(Stat_t{}) 23 statbuf := runtime.UnsafeAllocator.Malloc(sstat) 24 memcpy(statbuf, a2, sstat) 25 req := runtime.OcallReq{_tpe, trap, a1, statbuf, a3, 0, 0, 0, syscid} 26 runtime.Cooprt.Ocall <- req 27 res := <-csys 28 //copy back the results 29 memcpy(a2, statbuf, sstat) 30 runtime.UnsafeAllocator.Free(statbuf, sstat) 31 r1, r2, err = res.R1, res.R2, Errno(res.Err) 32 case SYS_CLOSE: 33 req := runtime.OcallReq{_tpe, trap, a1, a2, a3, 0, 0, 0, syscid} 34 runtime.Cooprt.Ocall <- req 35 res := <-csys 36 r1, r2, err = res.R1, res.R2, Errno(res.Err) 37 case SYS_FCNTL: 38 req := runtime.OcallReq{_tpe, trap, a1, a2, a3, 0, 0, 0, syscid} 39 runtime.Cooprt.Ocall <- req 40 res := <-csys 41 r1, r2, err = res.R1, res.R2, Errno(res.Err) 42 case SYS_WRITE: 43 destptr := runtime.UnsafeAllocator.Malloc(a3) 44 memcpy(destptr, a2, a3) 45 req := runtime.OcallReq{_tpe, trap, a1, destptr, a3, 0, 0, 0, syscid} 46 runtime.Cooprt.Ocall <- req 47 res := <-csys 48 runtime.UnsafeAllocator.Free(destptr, a3) 49 r1, r2, err = res.R1, res.R2, Errno(res.Err) 50 case uintptr(318): 51 destptr := runtime.UnsafeAllocator.Malloc(a2) 52 req := runtime.OcallReq{_tpe, trap, destptr, a2, a3, 0, 0, 0, syscid} 53 runtime.Cooprt.Ocall <- req 54 res := <-csys 55 memcpy(destptr, a1, a2) 56 runtime.UnsafeAllocator.Free(destptr, a2) 57 r1, r2, err = res.R1, res.R2, Errno(res.Err) 58 case SYS_GETUID: 59 req := runtime.OcallReq{_tpe, trap, a1, a2, a3, 0, 0, 0, syscid} 60 runtime.Cooprt.Ocall <- req 61 res := <-csys 62 r1, r2, err = res.R1, res.R2, Errno(res.Err) 63 // For network part. 64 case SYS_BIND: 65 sockaddr := runtime.UnsafeAllocator.Malloc(a3) 66 memcpy(sockaddr, a2, a3) 67 req := runtime.OcallReq{_tpe, trap, a1, sockaddr, a3, 0, 0, 0, syscid} 68 runtime.Cooprt.Ocall <- req 69 res := <-csys 70 runtime.UnsafeAllocator.Free(sockaddr, a3) 71 r1, r2, err = res.R1, res.R2, Errno(res.Err) 72 case SYS_LISTEN: 73 req := runtime.OcallReq{_tpe, trap, a1, a2, a3, 0, 0, 0, syscid} 74 runtime.Cooprt.Ocall <- req 75 res := <-csys 76 r1, r2, err = res.R1, res.R2, Errno(res.Err) 77 case SYS_ACCEPT: 78 // copy the sockaddr 79 sasize := unsafe.Sizeof(*(*RawSockaddrAny)(unsafe.Pointer(a2))) 80 sockaddr := runtime.UnsafeAllocator.Malloc(sasize) 81 memcpy(sockaddr, a2, sasize) 82 //copy the socklen 83 slsize := unsafe.Sizeof(*(*_Socklen)(unsafe.Pointer(a3))) 84 socklen := runtime.UnsafeAllocator.Malloc(slsize) 85 memcpy(socklen, a3, slsize) 86 req := runtime.OcallReq{_tpe, trap, a1, sockaddr, socklen, 0, 0, 0, syscid} 87 runtime.Cooprt.Ocall <- req 88 res := <-csys 89 r1, r2, err = res.R1, res.R2, Errno(res.Err) 90 // copy back 91 memcpy(a2, sockaddr, sasize) 92 memcpy(a3, socklen, slsize) 93 // free 94 runtime.UnsafeAllocator.Free(sockaddr, sasize) 95 runtime.UnsafeAllocator.Free(socklen, slsize) 96 case SYS_READ: 97 buf := runtime.UnsafeAllocator.Malloc(a3) 98 req := runtime.OcallReq{_tpe, trap, a1, buf, a3, 0, 0, 0, syscid} 99 runtime.Cooprt.Ocall <- req 100 res := <-csys 101 r1, r2, err = res.R1, res.R2, Errno(res.Err) 102 // copy back 103 memcpy(a2, buf, a3) 104 // free 105 runtime.UnsafeAllocator.Free(buf, a3) 106 default: 107 panic("unsupported system call.") 108 } 109 runtime.Cooprt.ReleaseSysPool(syscid) 110 return 111 } 112 return SSyscall(trap, a1, a2, a3) 113 } 114 115 func SRawSyscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno) { 116 if runtime.IsEnclave() { 117 syscid, csys := runtime.Cooprt.AcquireSysPool() 118 _tpe := runtime.RS3 119 switch trap { 120 case SYS_SOCKET: 121 req := runtime.OcallReq{_tpe, trap, a1, a2, a3, 0, 0, 0, syscid} 122 runtime.Cooprt.Ocall <- req 123 res := <-csys 124 r1, r2, err = res.R1, res.R2, Errno(res.Err) 125 case SYS_GETSOCKNAME: 126 ssockaddr := unsafe.Sizeof(RawSockaddrAny{}) 127 var _bof _Socklen = 0 128 ssocklen := unsafe.Sizeof(_bof) 129 addr := runtime.UnsafeAllocator.Malloc(ssockaddr) 130 slen := runtime.UnsafeAllocator.Malloc(ssocklen) 131 // copy to 132 memcpy(addr, a2, ssockaddr) 133 memcpy(slen, a3, ssocklen) 134 req := runtime.OcallReq{_tpe, trap, a1, addr, slen, 0, 0, 0, syscid} 135 runtime.Cooprt.Ocall <- req 136 res := <-csys 137 r1, r2, err = res.R1, res.R2, Errno(res.Err) 138 //copy back 139 memcpy(a2, addr, ssockaddr) 140 memcpy(a3, slen, ssocklen) 141 runtime.UnsafeAllocator.Free(addr, ssockaddr) 142 runtime.UnsafeAllocator.Free(slen, ssocklen) 143 default: 144 panic("Not yet implemented") 145 } 146 runtime.Cooprt.ReleaseSysPool(syscid) 147 return 148 } 149 panic("Not the enclave, should never have come here.") 150 } 151 152 func Syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno) { 153 if runtime.IsEnclave() { 154 syscid, csys := runtime.Cooprt.AcquireSysPool() 155 _tpe := runtime.S6 156 switch trap { 157 case SYS_ACCEPT4: 158 // copy the sockaddr 159 sasize := unsafe.Sizeof(*(*RawSockaddrAny)(unsafe.Pointer(a2))) 160 sockaddr := runtime.UnsafeAllocator.Malloc(sasize) 161 memcpy(sockaddr, a2, sasize) 162 //copy the socklen 163 slsize := unsafe.Sizeof(*(*_Socklen)(unsafe.Pointer(a3))) 164 socklen := runtime.UnsafeAllocator.Malloc(slsize) 165 memcpy(socklen, a3, slsize) 166 req := runtime.OcallReq{_tpe, trap, a1, sockaddr, socklen, a4, a5, a6, syscid} 167 runtime.Cooprt.Ocall <- req 168 res := <-csys 169 r1, r2, err = res.R1, res.R2, Errno(res.Err) 170 // copy back 171 memcpy(a2, sockaddr, sasize) 172 memcpy(a3, socklen, slsize) 173 // free 174 runtime.UnsafeAllocator.Free(sockaddr, sasize) 175 runtime.UnsafeAllocator.Free(socklen, slsize) 176 case SYS_SETSOCKOPT: 177 // Copy the a4 (opt pointer) 178 opt := runtime.UnsafeAllocator.Malloc(a5) 179 memcpy(opt, a4, a5) 180 req := runtime.OcallReq{_tpe, trap, a1, a2, a3, opt, a5, a6, syscid} 181 runtime.Cooprt.Ocall <- req 182 res := <-csys 183 r1, r2, err = res.R1, res.R2, Errno(res.Err) 184 runtime.UnsafeAllocator.Free(opt, a5) 185 case SYS_SENDTO: 186 buf := runtime.UnsafeAllocator.Malloc(a3) 187 memcpy(buf, a2, a3) 188 sockaddr := runtime.UnsafeAllocator.Malloc(a6) 189 memcpy(sockaddr, a5, a6) 190 req := runtime.OcallReq{_tpe, trap, a1, buf, a3, a4, sockaddr, a6, syscid} 191 runtime.Cooprt.Ocall <- req 192 res := <-csys 193 r1, r2, err = res.R1, res.R2, Errno(res.Err) 194 runtime.UnsafeAllocator.Free(buf, a3) 195 runtime.UnsafeAllocator.Free(sockaddr, a6) 196 case SYS_OPENAT: 197 buf := runtime.UnsafeAllocator.Malloc(a6 + 1) 198 memcpy(buf, a2, a6+1) 199 req := runtime.OcallReq{_tpe, trap, a1, buf, a3, a4, a5, 0, syscid} 200 runtime.Cooprt.Ocall <- req 201 res := <-csys 202 r1, r2, err = res.R1, res.R2, Errno(res.Err) 203 runtime.UnsafeAllocator.Free(buf, a6+1) 204 default: 205 panic("Unallowed system call inside the enclave.") 206 } 207 runtime.Cooprt.ReleaseSysPool(syscid) 208 return 209 } 210 return SSyscall6(trap, a1, a2, a3, a4, a5, a6) 211 }