[PAL/Linux-SGX] Add diagnostics to error message about sigstruct size

Signed-off-by: Wojtek Porczyk <[email protected]>
gramineproject · Sep 10, 2024 · 8de342e · 8de342e
1 parent aef14f1
commit 8de342e
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 21 deletions.
diff --git a/pal/src/host/linux-sgx/host_framework.c b/pal/src/host/linux-sgx/host_framework.c
@@ -129,23 +129,36 @@ int create_dummy_enclave_token(sgx_sigstruct_t* sig, sgx_arch_token_t* out_token
                                      &out_token->body.attributes.xfrm);
 }
 
-int read_enclave_sigstruct(int sigfile, sgx_sigstruct_t* sig) {
+int read_enclave_sigstruct(char* sig_path, sgx_sigstruct_t* sig) {
     struct stat stat;
+    int sigfile_fd = -1;
     int ret;
-    ret = DO_SYSCALL(fstat, sigfile, &stat);
+
+    sigfile_fd = DO_SYSCALL(open, sig_path, O_RDONLY | O_CLOEXEC, 0);
+    if (sigfile_fd < 0) {
+        log_error("Cannot open sigstruct file %s", sig_path);
+        ret = sigfile_fd;
+        goto out;
+    }
+
+    ret = DO_SYSCALL(fstat, sigfile_fd, &stat);
     if (ret < 0)
-        return ret;
+        goto out;
 
     if ((size_t)stat.st_size != sizeof(sgx_sigstruct_t)) {
-        log_error("size of sigstruct size does not match");
-        return -EINVAL;
+        log_error("size of sigstruct file (%s) does not match: expected %zu, found %zu",
+                  sig_path, sizeof(sgx_sigstruct_t), (size_t)stat.st_size);
+        ret = -EINVAL;
+        goto out;
     }
 
-    ret = read_all(sigfile, sig, sizeof(sgx_sigstruct_t));
-    if (ret < 0)
-        return ret;
+    ret = read_all(sigfile_fd, sig, sizeof(sgx_sigstruct_t));
 
-    return 0;
+out:
+    if (sigfile_fd >= 0)
+        DO_SYSCALL(close, sigfile_fd);
+
+    return ret;
 }
 
 bool is_wrfsbase_supported(void) {

diff --git a/pal/src/host/linux-sgx/host_internal.h b/pal/src/host/linux-sgx/host_internal.h
@@ -69,7 +69,7 @@ bool is_wrfsbase_supported(void);
 
 int read_enclave_token(int token_file, sgx_arch_token_t* out_token);
 int create_dummy_enclave_token(sgx_sigstruct_t* sig, sgx_arch_token_t* out_token);
-int read_enclave_sigstruct(int sigfile, sgx_sigstruct_t* sig);
+int read_enclave_sigstruct(char* sig_path, sgx_sigstruct_t* sig);
 
 int create_enclave(sgx_arch_secs_t* secs, sgx_arch_token_t* token);
 

diff --git a/pal/src/host/linux-sgx/host_main.c b/pal/src/host/linux-sgx/host_main.c
@@ -251,7 +251,6 @@ static int initialize_enclave(struct pal_enclave* enclave, const char* manifest_
     unsigned long enclave_entry_addr;
     unsigned long enclave_heap_min;
     char* sig_path = NULL;
-    int sigfile_fd = -1;
     size_t areas_size = 0;
     struct mem_area* areas = NULL;
 
@@ -301,14 +300,7 @@ static int initialize_enclave(struct pal_enclave* enclave, const char* manifest_
         goto out;
     }
 
-    sigfile_fd = DO_SYSCALL(open, sig_path, O_RDONLY | O_CLOEXEC, 0);
-    if (sigfile_fd < 0) {
-        log_error("Cannot open sigstruct file %s", sig_path);
-        ret = -EINVAL;
-        goto out;
-    }
-
-    ret = read_enclave_sigstruct(sigfile_fd, &enclave_sigstruct);
+    ret = read_enclave_sigstruct(sig_path, &enclave_sigstruct);
     if (ret < 0) {
         log_error("Reading enclave sigstruct failed: %s", unix_strerror(ret));
         goto out;
@@ -649,8 +641,6 @@ static int initialize_enclave(struct pal_enclave* enclave, const char* manifest_
     free(tcs_addrs);
     if (enclave_image >= 0)
         DO_SYSCALL(close, enclave_image);
-    if (sigfile_fd >= 0)
-        DO_SYSCALL(close, sigfile_fd);
     if (areas)
         DO_SYSCALL(munmap, areas, areas_size);
     free(sig_path);