Skip to content

Commit 75d01b1

Browse files
lum1n0uslum1n0us
committed
refactor(enclave): add module and instance handle release functions for better resource management
1 parent 8e4cb28 commit 75d01b1

4 files changed

Lines changed: 75 additions & 27 deletions

File tree

.gitignore

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,9 +21,9 @@ core/iwasm/libraries/lib-wasi-threads/test/*.wasm
2121
core/iwasm/libraries/lib-socket/test/*.wasm
2222

2323
product-mini/app-samples/hello-world/test.wasm
24-
product-mini/platforms/linux-sgx/enclave-sample/App/
25-
product-mini/platforms/linux-sgx/enclave-sample/Enclave/
26-
product-mini/platforms/linux-sgx/enclave-sample/iwasm
24+
product-mini/platforms/linux-sgx/enclave-sample/
25+
!product-mini/platforms/linux-sgx/enclave-sample/App/App.*
26+
!product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.*
2727

2828
build_out
2929
tests/wamr-test-suites/workspace

product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.config.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
<ReservedMemExecutable>1</ReservedMemExecutable>
99
<TCSNum>10</TCSNum>
1010
<TCSPolicy>1</TCSPolicy>
11-
<!-- SECURITY FIX: Debug mode disabled for production enclave security -->
11+
<!-- Debug mode disabled for production enclave security -->
1212
<DisableDebug>1</DisableDebug>
1313
<MiscSelect>0</MiscSelect>
1414
<MiscMask>0xFFFFFFFF</MiscMask>

product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.cpp

Lines changed: 70 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ static EnclaveModule *enclave_module_list = NULL;
8181
static korp_mutex enclave_module_list_lock = OS_THREAD_MUTEX_INITIALIZER;
8282
#endif
8383

84-
/* SECURITY FIX: Handle table for secure EnclaveModule reference management */
84+
/* Handle table for secure EnclaveModule reference management */
8585
#define MAX_MODULES 128
8686
typedef struct HandleTableEntry {
8787
uint32 id;
@@ -93,7 +93,7 @@ static HandleTableEntry module_table[MAX_MODULES] = { 0 };
9393
static uint32 next_module_id = 1;
9494
static korp_mutex module_table_lock = OS_THREAD_MUTEX_INITIALIZER;
9595

96-
/* SECURITY: Allocate secure handle for EnclaveModule, preventing pointer
96+
/* : Allocate secure handle for EnclaveModule, preventing pointer
9797
* exposure */
9898
static uint32
9999
allocate_module_handle(EnclaveModule *module)
@@ -124,8 +124,7 @@ allocate_module_handle(EnclaveModule *module)
124124
return handle_id;
125125
}
126126

127-
/* SECURITY: Lookup EnclaveModule by handle ID, preventing direct pointer access
128-
*/
127+
/* Lookup EnclaveModule by handle ID, preventing direct pointer access */
129128
static EnclaveModule *
130129
lookup_module_by_handle(uint32 handle_id)
131130
{
@@ -148,8 +147,24 @@ lookup_module_by_handle(uint32 handle_id)
148147
return module;
149148
}
150149

151-
/* SECURITY FIX: Handle table for secure wasm_module_inst_t reference management
152-
*/
150+
static void
151+
release_module_handle(uint32 handle_id)
152+
{
153+
os_mutex_lock(&module_table_lock);
154+
155+
for (uint32 i = 0; i < MAX_MODULES; i++) {
156+
if (module_table[i].in_use && module_table[i].id == handle_id) {
157+
module_table[i].id = 0;
158+
module_table[i].module_ref = NULL;
159+
module_table[i].in_use = false;
160+
break;
161+
}
162+
}
163+
164+
os_mutex_unlock(&module_table_lock);
165+
}
166+
167+
/* Handle table for secure wasm_module_inst_t reference management */
153168
#define MAX_INSTANCES 128
154169
typedef struct InstanceTableEntry {
155170
uint32 id;
@@ -161,8 +176,7 @@ static InstanceTableEntry instance_table[MAX_INSTANCES] = { 0 };
161176
static uint32 next_instance_id = 1;
162177
static korp_mutex instance_table_lock = OS_THREAD_MUTEX_INITIALIZER;
163178

164-
/* SECURITY: Allocate secure handle for wasm_module_inst_t, preventing pointer
165-
* exposure */
179+
/*Allocate secure handle for wasm_module_inst_t, preventing pointer exposure */
166180
static uint32
167181
allocate_instance_handle(wasm_module_inst_t inst)
168182
{
@@ -215,6 +229,23 @@ lookup_instance_by_handle(uint32 handle_id)
215229
return inst;
216230
}
217231

232+
static void
233+
release_instance_handle(uint32 handle_id)
234+
{
235+
os_mutex_lock(&instance_table_lock);
236+
237+
for (uint32 i = 0; i < MAX_INSTANCES; i++) {
238+
if (instance_table[i].in_use && instance_table[i].id == handle_id) {
239+
instance_table[i].id = 0;
240+
instance_table[i].inst_ref = NULL;
241+
instance_table[i].in_use = false;
242+
break;
243+
}
244+
}
245+
246+
os_mutex_unlock(&instance_table_lock);
247+
}
248+
218249
#if WASM_ENABLE_GLOBAL_HEAP_POOL != 0
219250
static char global_heap_buf[WASM_GLOBAL_HEAP_SIZE] = { 0 };
220251
#endif
@@ -411,7 +442,6 @@ handle_cmd_load_module(uint64 *args, uint32 argc)
411442
return;
412443
}
413444

414-
/* SECURITY FIX: Return secure handle ID instead of direct pointer */
415445
uint32 enclave_module_id = allocate_module_handle(enclave_module);
416446
if (enclave_module_id == 0) {
417447
/* Handle table full - cleanup and return error */
@@ -444,7 +474,8 @@ handle_cmd_load_module(uint64 *args, uint32 argc)
444474
static void
445475
handle_cmd_unload_module(uint64 *args, uint32 argc)
446476
{
447-
EnclaveModule *enclave_module = *(EnclaveModule **)args++;
477+
uint32 module_handle_id = *(uint32 *)args++;
478+
EnclaveModule *enclave_module = lookup_module_by_handle(module_handle_id);
448479

449480
bh_assert(argc == 1);
450481

@@ -473,6 +504,9 @@ handle_cmd_unload_module(uint64 *args, uint32 argc)
473504
os_mutex_unlock(&enclave_module_list_lock);
474505
#endif
475506

507+
/* Release module handle */
508+
release_module_handle(module_handle_id);
509+
476510
/* Destroy enclave module resources */
477511
if (enclave_module->wasi_arg_buf)
478512
wasm_runtime_free(enclave_module->wasi_arg_buf);
@@ -513,8 +547,6 @@ static void
513547
handle_cmd_instantiate_module(uint64 *args, uint32 argc)
514548
{
515549
uint64 *args_org = args;
516-
/* SECURITY FIX: Use handle lookup instead of direct pointer from untrusted
517-
* host */
518550
uint32 module_handle_id = *(uint32 *)args++;
519551
EnclaveModule *enclave_module = lookup_module_by_handle(module_handle_id);
520552
uint32 stack_size = *(uint32 *)args++;
@@ -537,7 +569,6 @@ handle_cmd_instantiate_module(uint64 *args, uint32 argc)
537569
return;
538570
}
539571

540-
/* SECURITY FIX: Return secure handle ID instead of direct pointer */
541572
uint32 instance_id = allocate_instance_handle(module_inst);
542573
if (instance_id == 0) {
543574
wasm_runtime_deinstantiate(module_inst);
@@ -552,7 +583,9 @@ handle_cmd_instantiate_module(uint64 *args, uint32 argc)
552583
static void
553584
handle_cmd_deinstantiate_module(uint64 *args, uint32 argc)
554585
{
555-
wasm_module_inst_t module_inst = *(wasm_module_inst_t *)args++;
586+
uint32 instance_handle_id = *(uint32 *)args++;
587+
wasm_module_inst_t module_inst =
588+
lookup_instance_by_handle(instance_handle_id);
556589

557590
bh_assert(argc == 1);
558591

@@ -562,14 +595,18 @@ handle_cmd_deinstantiate_module(uint64 *args, uint32 argc)
562595

563596
wasm_runtime_deinstantiate(module_inst);
564597

598+
release_instance_handle(instance_handle_id);
599+
565600
LOG_VERBOSE("Deinstantiate module success.\n");
566601
}
567602

568603
static void
569604
handle_cmd_get_exception(uint64 *args, uint32 argc)
570605
{
571606
uint64 *args_org = args;
572-
wasm_module_inst_t module_inst = *(wasm_module_inst_t *)args++;
607+
uint32 instance_handle_id = *(uint32 *)args++;
608+
wasm_module_inst_t module_inst =
609+
lookup_instance_by_handle(instance_handle_id);
573610
char *exception = *(char **)args++;
574611
uint32 exception_size = *(uint32 *)args++;
575612
const char *exception1;
@@ -593,7 +630,9 @@ handle_cmd_get_exception(uint64 *args, uint32 argc)
593630
static void
594631
handle_cmd_exec_app_main(uint64 *args, int32 argc)
595632
{
596-
wasm_module_inst_t module_inst = *(wasm_module_inst_t *)args++;
633+
uint32 instance_handle_id = *(uint32 *)args++;
634+
wasm_module_inst_t module_inst =
635+
lookup_instance_by_handle(instance_handle_id);
597636
uint32 app_argc = *(uint32 *)args++;
598637
char **app_argv = NULL;
599638
uint64 total_size;
@@ -626,7 +665,9 @@ handle_cmd_exec_app_main(uint64 *args, int32 argc)
626665
static void
627666
handle_cmd_exec_app_func(uint64 *args, int32 argc)
628667
{
629-
wasm_module_inst_t module_inst = *(wasm_module_inst_t *)args++;
668+
uint32 instance_handle_id = *(uint32 *)args++;
669+
wasm_module_inst_t module_inst =
670+
lookup_instance_by_handle(instance_handle_id);
630671
char *func_name = *(char **)args++;
631672
uint32 app_argc = *(uint32 *)args++;
632673
char **app_argv = NULL;
@@ -670,7 +711,6 @@ static void
670711
handle_cmd_set_wasi_args(uint64 *args, int32 argc)
671712
{
672713
uint64 *args_org = args;
673-
/* SECURITY FIX: Use handle lookup instead of direct pointer from host */
674714
uint32 module_handle_id = *(uint32 *)args++;
675715
EnclaveModule *enclave_module = lookup_module_by_handle(module_handle_id);
676716
char **dir_list = *(char ***)args++;
@@ -695,7 +735,7 @@ handle_cmd_set_wasi_args(uint64 *args, int32 argc)
695735
return;
696736
}
697737

698-
/* SECURITY FIX: Validate all pointer arrays before use */
738+
/* Validate all pointer arrays before use */
699739
if (dir_list_size > 0
700740
&& (!dir_list
701741
|| !sgx_is_outside_enclave(dir_list,
@@ -893,18 +933,23 @@ void
893933
ecall_handle_command(unsigned cmd, unsigned char *cmd_buf,
894934
unsigned cmd_buf_size)
895935
{
896-
/* SECURITY FIX: Validate buffer before processing */
897-
if (!cmd_buf || cmd_buf_size < sizeof(uint64)) {
936+
/*
937+
* Validate buffer before processing
938+
* cmd_buf can be NULL if cmd_buf_size is 0, but if cmd_buf_size is
939+
* non-zero, cmd_buf must be valid
940+
*/
941+
if ((!cmd_buf && cmd_buf_size > 0) || (cmd_buf && cmd_buf_size == 0)) {
898942
int bytes_written = 0;
899943
ocall_print(&bytes_written,
900944
"SECURITY ERROR: Invalid buffer parameters\n");
901945
return;
902946
}
903947

904-
if (!sgx_is_outside_enclave(cmd_buf, cmd_buf_size)) {
948+
// Because of [in, out] cmd_buf in edl, it is allocated inside enclave.
949+
if (cmd_buf && sgx_is_outside_enclave(cmd_buf, cmd_buf_size)) {
905950
int bytes_written = 0;
906951
ocall_print(&bytes_written,
907-
"SECURITY ERROR: Buffer not outside enclave\n");
952+
"SECURITY ERROR: Buffer should be inside enclave\n");
908953
return;
909954
}
910955

@@ -918,6 +963,8 @@ ecall_handle_command(unsigned cmd, unsigned char *cmd_buf,
918963
uint64 *args = (uint64 *)cmd_buf;
919964
uint32 argc = cmd_buf_size / sizeof(uint64);
920965

966+
LOG_VERBOSE("Received command %d with %u arguments.\n", cmd, argc);
967+
921968
switch (cmd) {
922969
case CMD_INIT_RUNTIME:
923970
handle_cmd_init_runtime(args, argc);

product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.edl

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ enclave {
1818
from "sgx_tprotected_fs.edl" import *;
1919
#endif
2020

21+
//TODO: replace void with an int as error code
2122
trusted {
2223
/* define ECALLs here. */
2324
public void ecall_handle_command(unsigned cmd,

0 commit comments

Comments
 (0)