Skip to content

Commit

Permalink
fixup! [LibOS] Single-process-lifetime rollback protection for protec…
Browse files Browse the repository at this point in the history
…ted files (SPLRB)

Signed-off-by: g2flyer <[email protected]>
  • Loading branch information
g2flyer committed Aug 7, 2024
1 parent 3e6c4ae commit 4b0b0b6
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 39 deletions.
22 changes: 11 additions & 11 deletions common/src/protected_files/protected_files.c
Original file line number Diff line number Diff line change
Expand Up @@ -1076,7 +1076,7 @@ static void ipf_delete_cache(pf_context_t* pf) {
}
}

static bool ipf_close(pf_context_t* pf, pf_mac_t* closing_root_gmac) {
static bool ipf_close(pf_context_t* pf, pf_mac_t* closing_root_mac) {
bool retval = true;

if (pf->file_status != PF_STATUS_SUCCESS) {
Expand All @@ -1089,8 +1089,8 @@ static bool ipf_close(pf_context_t* pf, pf_mac_t* closing_root_gmac) {
}
}

if (closing_root_gmac != NULL) {
memcpy(*closing_root_gmac, pf->file_metadata.plain_part.metadata_gmac, sizeof(pf_mac_t));
if (closing_root_mac != NULL) {
memcpy(*closing_root_mac, pf->metadata_node.plaintext_part.metadata_mac, sizeof(pf_mac_t));
}

// omeg: fs close is done by Gramine handler
Expand Down Expand Up @@ -1131,24 +1131,24 @@ void pf_set_callbacks(pf_read_f read_f, pf_write_f write_f, pf_fsync_f fsync_f,

pf_status_t pf_open(pf_handle_t handle, const char* path, uint64_t underlying_size,
pf_file_mode_t mode, bool create, const pf_key_t* key,
pf_mac_t* opening_root_gmac, pf_context_t** context) {
pf_mac_t* opening_root_mac, pf_context_t** context) {
if (!g_initialized)
return PF_STATUS_UNINITIALIZED;

pf_status_t status;
*context = ipf_open(path, mode, create, handle, underlying_size, key, &status);
if ((*context != NULL) && (opening_root_gmac != NULL)) {
memcpy(*opening_root_gmac, (*context)->file_metadata.plain_part.metadata_gmac,
if ((*context != NULL) && (opening_root_mac != NULL)) {
memcpy(*opening_root_mac, (*context)->metadata_node.plaintext_part.metadata_mac,
sizeof(pf_mac_t));
}
return status;
}

pf_status_t pf_close(pf_context_t* pf, pf_mac_t* closing_root_gmac) {
pf_status_t pf_close(pf_context_t* pf, pf_mac_t* closing_root_mac) {
if (!g_initialized)
return PF_STATUS_UNINITIALIZED;

if (ipf_close(pf, closing_root_gmac)) {
if (ipf_close(pf, closing_root_mac)) {
free(pf);
return PF_STATUS_SUCCESS;
}
Expand Down Expand Up @@ -1217,7 +1217,7 @@ pf_status_t pf_set_size(pf_context_t* pf, uint64_t size) {
return PF_STATUS_SUCCESS;
}

pf_status_t pf_rename(pf_context_t* pf, const char* new_path, pf_mac_t* new_root_gmac) {
pf_status_t pf_rename(pf_context_t* pf, const char* new_path, pf_mac_t* new_root_mac) {
if (!g_initialized)
return PF_STATUS_UNINITIALIZED;

Expand All @@ -1233,8 +1233,8 @@ pf_status_t pf_rename(pf_context_t* pf, const char* new_path, pf_mac_t* new_root
pf->need_writing = true;
if (!ipf_internal_flush(pf))
return pf->last_error;
if (new_root_gmac != NULL) {
memcpy(*new_root_gmac, pf->file_metadata.plain_part.metadata_gmac, sizeof(pf_mac_t));
if (new_root_mac != NULL) {
memcpy(*new_root_mac, pf->metadata_node.plaintext_part.metadata_mac, sizeof(pf_mac_t));
}

return PF_STATUS_SUCCESS;
Expand Down
12 changes: 6 additions & 6 deletions common/src/protected_files/protected_files.h
Original file line number Diff line number Diff line change
Expand Up @@ -224,24 +224,24 @@ const char* pf_strerror(int err);
* \param mode Access mode.
* \param create Overwrite file contents if true.
* \param key Wrap key.
* \param opening_root_gmac If non-NULL, !create & successfull open, returns root-hash of file
* \param opening_root_mac If non-NULL, !create & successfull open, returns root-hash of file
* \param[out] context PF context for later calls.
*
* \returns PF status.
*/
pf_status_t pf_open(pf_handle_t handle, const char* path, uint64_t underlying_size,
pf_file_mode_t mode, bool create, const pf_key_t* key,
pf_mac_t* opening_root_gmac, pf_context_t** context);
pf_mac_t* opening_root_mac, pf_context_t** context);

/*!
* \brief Close a protected file and commit all changes to disk.
*
* \param pf PF context.
* \param closing_root_gmac If non-NULL, returns root-hash of file at closing time
* \param closing_root_mac If non-NULL, returns root-hash of file at closing time
*
* \returns PF status.
*/
pf_status_t pf_close(pf_context_t* pf, pf_mac_t* closing_root_gmac);
pf_status_t pf_close(pf_context_t* pf, pf_mac_t* closing_root_mac);

/*!
* \brief Read from a protected file.
Expand Down Expand Up @@ -296,12 +296,12 @@ pf_status_t pf_set_size(pf_context_t* pf, uint64_t size);
*
* \param pf PF context.
* \param new_path New file path.
* \param new_root_gmac if non-NULL, returns new root-hash of file
* \param new_root_mac if non-NULL, returns new root-hash of file
*
* Updates the path inside protected file header, and flushes all changes. The caller is responsible
* for renaming the underlying file.
*/
pf_status_t pf_rename(pf_context_t* pf, const char* new_path, pf_mac_t* new_root_gmac);
pf_status_t pf_rename(pf_context_t* pf, const char* new_path, pf_mac_t* new_root_mac);

/*!
* \brief Flush any pending data of a protected file to disk.
Expand Down
2 changes: 1 addition & 1 deletion libos/include/libos_fs_encrypted.h
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ typedef enum {
struct libos_encrypted_volume_state_map {
char* norm_path; // assumptions: all paths canonicalized, symlinks are resolved & no hard links
libos_encrypted_file_state_t state;
pf_mac_t last_seen_root_gmac;
pf_mac_t last_seen_root_mac;
UT_hash_handle hh;
};

Expand Down
42 changes: 21 additions & 21 deletions libos/src/fs/libos_fs_encrypted.c
Original file line number Diff line number Diff line change
Expand Up @@ -221,9 +221,9 @@ static int encrypted_file_internal_open(struct libos_encrypted_file* enc, PAL_HA
ret = -EACCES;
goto out;
}
pf_mac_t opening_root_gmac;
pf_mac_t opening_root_mac;
pf_status_t pfs = pf_open(pal_handle, norm_path, size, PF_FILE_MODE_READ | PF_FILE_MODE_WRITE,
create, &enc->volume->key->pf_key, &opening_root_gmac, &pf);
create, &enc->volume->key->pf_key, &opening_root_mac, &pf);
unlock(&g_keys_lock);
if (PF_FAILURE(pfs)) {
log_warning("pf_open failed: %s", pf_strerror(pfs));
Expand All @@ -233,7 +233,7 @@ static int encrypted_file_internal_open(struct libos_encrypted_file* enc, PAL_HA
/* rollback protection */
struct libos_encrypted_volume_state_map* file_state = NULL;
log_debug("file '%s' opened with MAC=" MAC_PRINTF_PATTERN, norm_path,
MAC_PRINTF_ARGS(opening_root_gmac)); // TODO (MST): remove me eventually?
MAC_PRINTF_ARGS(opening_root_mac)); // TODO (MST): remove me eventually?
lock(&(enc->volume->files_state_map_lock));
/* - get current state */
HASH_FIND_STR(enc->volume->files_state_map, norm_path, file_state);
Expand All @@ -259,14 +259,14 @@ static int encrypted_file_internal_open(struct libos_encrypted_file* enc, PAL_HA
goto out_unlock_map;
}
}
if (memcmp(file_state->last_seen_root_gmac, opening_root_gmac, sizeof(pf_mac_t)) != 0) {
if (memcmp(file_state->last_seen_root_mac, opening_root_mac, sizeof(pf_mac_t)) != 0) {
log_error(
"file '%s' was seen before but in different inconsistent (rolled-back?) "
"state, expected MAC=" MAC_PRINTF_PATTERN
" but file had "
"MAC=" MAC_PRINTF_PATTERN,
norm_path, MAC_PRINTF_ARGS(file_state->last_seen_root_gmac),
MAC_PRINTF_ARGS(opening_root_gmac));
norm_path, MAC_PRINTF_ARGS(file_state->last_seen_root_mac),
MAC_PRINTF_ARGS(opening_root_mac));
if (enc->volume->protection_mode != PF_ENCLAVE_LIFE_RB_PROTECTION_NONE) {
pf_set_corrupted(pf);
ret = -EACCES;
Expand Down Expand Up @@ -299,7 +299,7 @@ static int encrypted_file_internal_open(struct libos_encrypted_file* enc, PAL_HA
}
/* we do below unconditionally as we might recreate a deleted file or overwrite an existing
* one */
memcpy(file_state->last_seen_root_gmac, opening_root_gmac, sizeof(pf_mac_t));
memcpy(file_state->last_seen_root_mac, opening_root_mac, sizeof(pf_mac_t));
file_state->state = PF_FILE_STATE_ACTIVE;

enc->pf = pf;
Expand Down Expand Up @@ -335,16 +335,16 @@ int parse_pf_key(const char* key_str, pf_key_t* pf_key) {

static void encrypted_file_internal_close(struct libos_encrypted_file* enc, bool fs_reachable) {
assert(enc->pf);
pf_mac_t closing_root_gmac;
pf_status_t pfs = pf_close(enc->pf, &closing_root_gmac);
pf_mac_t closing_root_mac;
pf_status_t pfs = pf_close(enc->pf, &closing_root_mac);
char* norm_path = NULL;
int ret = uri_to_normalized_path(enc->uri, &norm_path);
if (ret < 0) {
log_error("Could not normalize uri %s while closing file (ret=%d)", enc->uri, ret);
} else {
log_debug("%sreachable file '%s' closed with MAC=" MAC_PRINTF_PATTERN,
(fs_reachable ? "" : "un"), norm_path,
MAC_PRINTF_ARGS(closing_root_gmac)); // TODO (MST): remove me eventually?
MAC_PRINTF_ARGS(closing_root_mac)); // TODO (MST): remove me eventually?
lock(&(enc->volume->files_state_map_lock));
struct libos_encrypted_volume_state_map* file_state = NULL;

Expand All @@ -359,7 +359,7 @@ static void encrypted_file_internal_close(struct libos_encrypted_file* enc, bool
/* note: we only update if reachable in fileystem to prevent file-handles made
* unreachable via unlink or rename to modify state. We also do not touch it if
* earlier we determined this file is in inconsistent error state. */
memcpy(file_state->last_seen_root_gmac, closing_root_gmac, sizeof(pf_mac_t));
memcpy(file_state->last_seen_root_mac, closing_root_mac, sizeof(pf_mac_t));
}
}
unlock(&(enc->volume->files_state_map_lock));
Expand Down Expand Up @@ -818,8 +818,8 @@ int encrypted_file_rename(struct libos_encrypted_file* enc, const char* new_uri)
if (ret < 0)
goto out;

pf_mac_t new_root_gmac;
pf_status_t pfs = pf_rename(enc->pf, new_norm_path, &new_root_gmac);
pf_mac_t new_root_mac;
pf_status_t pfs = pf_rename(enc->pf, new_norm_path, &new_root_mac);
if (PF_FAILURE(pfs)) {
log_warning("pf_rename failed: %s", pf_strerror(pfs));
ret = -EACCES;
Expand All @@ -831,7 +831,7 @@ int encrypted_file_rename(struct libos_encrypted_file* enc, const char* new_uri)
log_warning("PalStreamChangeName failed: %s", pal_strerror(ret));

/* We failed to rename the file. Try to restore the name in header. */
pfs = pf_rename(enc->pf, old_norm_path, &new_root_gmac);
pfs = pf_rename(enc->pf, old_norm_path, &new_root_mac);
if (PF_FAILURE(pfs)) {
log_warning("pf_rename (during cleanup) failed, the file might be unusable: %s",
pf_strerror(pfs));
Expand All @@ -843,7 +843,7 @@ int encrypted_file_rename(struct libos_encrypted_file* enc, const char* new_uri)
/* update file state map */
log_debug("file '%s' renamed to '%s' with MAC=" MAC_PRINTF_PATTERN, old_norm_path,
new_norm_path,
MAC_PRINTF_ARGS(new_root_gmac)); // TODO (MST): remove me eventually?
MAC_PRINTF_ARGS(new_root_mac)); // TODO (MST): remove me eventually?
lock(&(enc->volume->files_state_map_lock));
struct libos_encrypted_volume_state_map* old_file_state = NULL;
HASH_FIND_STR(enc->volume->files_state_map, old_norm_path, old_file_state);
Expand All @@ -864,10 +864,10 @@ int encrypted_file_rename(struct libos_encrypted_file* enc, const char* new_uri)
new_norm_path = new_file_state->norm_path;
}
new_file_state->state = old_file_state->state;
memcpy(new_file_state->last_seen_root_gmac, new_root_gmac, sizeof(pf_mac_t));
memcpy(new_file_state->last_seen_root_mac, new_root_mac, sizeof(pf_mac_t));
old_file_state->state = PF_FILE_STATE_DELETED; /* note: this might remove error state from that
file but that is fine as it is deleted now. */
memset(old_file_state->last_seen_root_gmac, 0, sizeof(pf_mac_t));
memset(old_file_state->last_seen_root_mac, 0, sizeof(pf_mac_t));
unlock(&(enc->volume->files_state_map_lock));

free(enc->uri);
Expand Down Expand Up @@ -905,13 +905,13 @@ int encrypted_file_unlink(struct libos_encrypted_file* enc) {
struct libos_encrypted_volume_state_map* file_state = NULL;
HASH_FIND_STR(enc->volume->files_state_map, norm_path, file_state);
assert(file_state != NULL);
pf_mac_t root_gmac_before_unlink;
memcpy(root_gmac_before_unlink, file_state->last_seen_root_gmac, sizeof(pf_mac_t));
pf_mac_t root_mac_before_unlink;
memcpy(root_mac_before_unlink, file_state->last_seen_root_mac, sizeof(pf_mac_t));
file_state->state = PF_FILE_STATE_DELETED;
memset(file_state->last_seen_root_gmac, 0, sizeof(pf_mac_t));
memset(file_state->last_seen_root_mac, 0, sizeof(pf_mac_t));
unlock(&(enc->volume->files_state_map_lock));
log_debug("file '%s' unlinked, previously with MAC=" MAC_PRINTF_PATTERN, norm_path,
MAC_PRINTF_ARGS(root_gmac_before_unlink)); // TODO (MST): remove me eventually?
MAC_PRINTF_ARGS(root_mac_before_unlink)); // TODO (MST): remove me eventually?
return 0;
}

Expand Down

0 comments on commit 4b0b0b6

Please sign in to comment.