Add runtime inited checks in Enclave command handlings to improve security (#2416)

Call ecall commands arbitrarily from host when enclave's runtime isn't initialized may cause unexpected behavior, for example, load/instantiate wasm module. Add runtime inited status checks in enclave to improve the security. Also fix `wait_map` issue mentioned in https://github.com/bytecodealliance/wasm-micro-runtime/issues/2252#issuecomment-1634940219
2024-11-26 15:32:05 +00:00 · 2023-08-04 14:32:04 +08:00 · 2023-08-04 14:32:04 +08:00 · 8fc621a1b2
commit 8fc621a1b2
parent 91592429f4
1 changed files with 64 additions and 0 deletions
--- a/product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.cpp
+++ b/product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.cpp
@ -92,6 +92,8 @@ set_error_buf(char *error_buf, uint32 error_buf_size, const char *string)
        snprintf(error_buf, error_buf_size, "%s", string);
 }

+static bool runtime_inited = false;
+
 static void
 handle_cmd_init_runtime(uint64 *args, uint32 argc)
 {
@ -100,6 +102,12 @@ handle_cmd_init_runtime(uint64 *args, uint32 argc)

    bh_assert(argc == 1);

+    /* avoid duplicated init */
+    if (runtime_inited) {
+        args[0] = false;
+        return;
+    }
+
    os_set_print_function(enclave_print);

    max_thread_num = (uint32)args[0];
@ -122,6 +130,7 @@ handle_cmd_init_runtime(uint64 *args, uint32 argc)
        return;
    }

+    runtime_inited = true;
    args[0] = true;

    LOG_VERBOSE("Init runtime environment success.\n");
@ -130,7 +139,11 @@ handle_cmd_init_runtime(uint64 *args, uint32 argc)
 static void
 handle_cmd_destroy_runtime()
 {
+    if (!runtime_inited)
+        return;
+
    wasm_runtime_destroy();
+    runtime_inited = false;

    LOG_VERBOSE("Destroy runtime success.\n");
 }
@ -214,6 +227,11 @@ handle_cmd_load_module(uint64 *args, uint32 argc)

    bh_assert(argc == 4);

+    if (!runtime_inited) {
+        *(void **)args_org = NULL;
+        return;
+    }
+
    if (!is_xip_file((uint8 *)wasm_file, wasm_file_size)) {
        if (total_size >= UINT32_MAX
            || !(enclave_module = (EnclaveModule *)wasm_runtime_malloc(
@ -284,6 +302,10 @@ handle_cmd_unload_module(uint64 *args, uint32 argc)

    bh_assert(argc == 1);

+    if (!runtime_inited) {
+        return;
+    }
+
 #if WASM_ENABLE_LIB_RATS != 0
    /* Remove enclave module from enclave module list */
    os_mutex_lock(&enclave_module_list_lock);
@ -354,6 +376,11 @@ handle_cmd_instantiate_module(uint64 *args, uint32 argc)

    bh_assert(argc == 5);

+    if (!runtime_inited) {
+        *(void **)args_org = NULL;
+        return;
+    }
+
    if (!(module_inst =
              wasm_runtime_instantiate(enclave_module->module, stack_size,
                                       heap_size, error_buf, error_buf_size))) {
@ -373,6 +400,10 @@ handle_cmd_deinstantiate_module(uint64 *args, uint32 argc)

    bh_assert(argc == 1);

+    if (!runtime_inited) {
+        return;
+    }
+
    wasm_runtime_deinstantiate(module_inst);

    LOG_VERBOSE("Deinstantiate module success.\n");
@ -389,6 +420,11 @@ handle_cmd_get_exception(uint64 *args, uint32 argc)

    bh_assert(argc == 3);

+    if (!runtime_inited) {
+        args_org[0] = false;
+        return;
+    }
+
    if ((exception1 = wasm_runtime_get_exception(module_inst))) {
        snprintf(exception, exception_size, "%s", exception1);
        args_org[0] = true;
@ -410,6 +446,10 @@ handle_cmd_exec_app_main(uint64 *args, int32 argc)
    bh_assert(argc >= 3);
    bh_assert(app_argc >= 1);

+    if (!runtime_inited) {
+        return;
+    }
+
    total_size = sizeof(char *) * (app_argc > 2 ? (uint64)app_argc : 2);

    if (total_size >= UINT32_MAX
@ -439,6 +479,10 @@ handle_cmd_exec_app_func(uint64 *args, int32 argc)

    bh_assert(argc == app_argc + 3);

+    if (!runtime_inited) {
+        return;
+    }
+
    total_size = sizeof(char *) * (app_argc > 2 ? (uint64)app_argc : 2);

    if (total_size >= UINT32_MAX
@ -488,6 +532,11 @@ handle_cmd_set_wasi_args(uint64 *args, int32 argc)

    bh_assert(argc == 10);

+    if (!runtime_inited) {
+        *args_org = false;
+        return;
+    }
+
    total_size += sizeof(char *) * (uint64)dir_list_size
                  + sizeof(char *) * (uint64)env_list_size
                  + sizeof(char *) * (uint64)addr_pool_list_size
@ -610,6 +659,11 @@ handle_cmd_get_pgo_prof_buf_size(uint64 *args, int32 argc)

    bh_assert(argc == 1);

+    if (!runtime_inited) {
+        args[0] = 0;
+        return;
+    }
+
    buf_len = wasm_runtime_get_pgo_prof_data_size(module_inst);
    args[0] = buf_len;
 }
@ -625,6 +679,11 @@ handle_cmd_get_pro_prof_buf_data(uint64 *args, int32 argc)

    bh_assert(argc == 3);

+    if (!runtime_inited) {
+        args_org[0] = 0;
+        return;
+    }
+
    bytes_dumped =
        wasm_runtime_dump_pgo_prof_data_to_buf(module_inst, buf, len);
    args_org[0] = bytes_dumped;
@ -704,6 +763,11 @@ ecall_iwasm_main(uint8_t *wasm_file_buf, uint32_t wasm_file_size)
    char error_buf[128];
    const char *exception;

+    /* avoid duplicated init */
+    if (runtime_inited) {
+        return;
+    }
+
    os_set_print_function(enclave_print);

    memset(&init_args, 0, sizeof(RuntimeInitArgs));