Skip to content
This repository has been archived by the owner on Jan 20, 2022. It is now read-only.

Commit

Permalink
Strip confidential information from logs on "error" level
Browse files Browse the repository at this point in the history 
Signed-off-by: Michał Kowalczyk <mkow@invisiblethingslab.com>
  • Loading branch information
@mkow
mkow committed Jul 2, 2021
1 parent c25a0f4 commit 754d4e0
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 59 deletions.
17 changes: 3 additions & 14 deletions Pal/src/host/Linux-SGX/db_exception.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ static bool handle_ud(sgx_cpu_context_t* uc) {
/* syscall: LibOS may know how to handle this */
return false;
}
log_error("Unknown or illegal instruction at RIP 0x%016lx", uc->rip);
log_error("Unknown or illegal instruction executed");
return false;
}

Expand Down Expand Up @@ -226,23 +226,12 @@ void _DkExceptionHandler(unsigned int exit_info, sgx_cpu_context_t* uc,

if (ei.info.valid) {
/* EXITINFO field: vector = exception number, exit_type = 0x3 for HW / 0x6 for SW */
log_error("(SGX HW reported AEX vector 0x%x with exit_type = 0x%x)", ei.info.vector,
log_debug("(SGX HW reported AEX vector 0x%x with exit_type = 0x%x)", ei.info.vector,
ei.info.exit_type);
} else {
log_error("(untrusted PAL sent PAL event 0x%x)", ei.intval);
log_debug("(untrusted PAL sent PAL event 0x%x)", ei.intval);
}

log_error("rax: 0x%08lx rcx: 0x%08lx rdx: 0x%08lx rbx: 0x%08lx\n"
"rsp: 0x%08lx rbp: 0x%08lx rsi: 0x%08lx rdi: 0x%08lx\n"
"r8 : 0x%08lx r9 : 0x%08lx r10: 0x%08lx r11: 0x%08lx\n"
"r12: 0x%08lx r13: 0x%08lx r14: 0x%08lx r15: 0x%08lx\n"
"rflags: 0x%08lx rip: 0x%08lx",
uc->rax, uc->rcx, uc->rdx, uc->rbx,
uc->rsp, uc->rbp, uc->rsi, uc->rdi,
uc->r8, uc->r9, uc->r10, uc->r11,
uc->r12, uc->r13, uc->r14, uc->r15,
uc->rflags, uc->rip);

_DkProcessExit(1);
}

Expand Down
54 changes: 27 additions & 27 deletions Pal/src/host/Linux-SGX/db_files.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ static int file_open(PAL_HANDLE* handle, const char* type, const char* uri, int
char* path = (void*)hdl + HANDLE_SIZE(file);
int ret;
if ((ret = get_norm_path(uri, path, &uri_size)) < 0) {
log_error("Could not normalize path (%s): %s", uri, pal_strerror(ret));
log_warning("Could not normalize path (%s): %s", uri, pal_strerror(ret));
free(hdl);
return ret;
}
Expand All @@ -71,7 +71,7 @@ static int file_open(PAL_HANDLE* handle, const char* type, const char* uri, int
/* check if the file is seekable and get real file size */
ret = ocall_fstat(fd, &st);
if (ret < 0) {
log_error("file_open(%s): fstat failed: %d", path, ret);
log_warning("file_open(%s): fstat failed: %d", path, ret);
ret = unix_to_pal_error(ret);
goto out;
}
Expand All @@ -90,7 +90,7 @@ static int file_open(PAL_HANDLE* handle, const char* type, const char* uri, int
/* disallow opening more than one writable handle to a PF */
if (pf_mode & PF_FILE_MODE_WRITE) {
if (pf->writable_fd >= 0) {
log_error("file_open(%s): disallowing concurrent writable handle", path);
log_warning("file_open(%s): disallowing concurrent writable handle", path);
ret = -PAL_ERROR_DENIED;
goto out;
}
Expand All @@ -100,7 +100,7 @@ static int file_open(PAL_HANDLE* handle, const char* type, const char* uri, int

/* the protected files should be regular files (seekable) */
if (!hdl->file.seekable) {
log_error("file_open(%s): disallowing non-seekable file handle", path);
log_warning("file_open(%s): disallowing non-seekable file handle", path);
goto out;
}

Expand All @@ -111,7 +111,7 @@ static int file_open(PAL_HANDLE* handle, const char* type, const char* uri, int
pf->writable_fd = fd;
}
} else {
log_error("load_protected_file(%s, %d) failed", path, hdl->file.fd);
log_warning("load_protected_file(%s, %d) failed", path, hdl->file.fd);
goto out;
}
} else {
Expand All @@ -120,9 +120,9 @@ static int file_open(PAL_HANDLE* handle, const char* type, const char* uri, int
void* umem;
ret = load_trusted_file(hdl, &chunk_hashes, &total, create, &umem);
if (ret < 0) {
log_error("Accessing file:%s is denied (%s). This file is not trusted or allowed."
" Trusted files should be regular files (seekable).", hdl->file.realpath,
pal_strerror(ret));
log_warning("Accessing file:%s is denied (%s). This file is not trusted or allowed."
" Trusted files should be regular files (seekable).", hdl->file.realpath,
pal_strerror(ret));
goto out;
}

Expand Down Expand Up @@ -155,15 +155,15 @@ static int64_t pf_file_read(struct protected_file* pf, PAL_HANDLE handle, uint64
int fd = handle->file.fd;

if (!pf->context) {
log_error("pf_file_read(PF fd %d): PF not initialized", fd);
log_warning("pf_file_read(PF fd %d): PF not initialized", fd);
return -PAL_ERROR_BADHANDLE;
}

size_t bytes_read = 0;
pf_status_t pfs = pf_read(pf->context, offset, count, buffer, &bytes_read);

if (PF_FAILURE(pfs)) {
log_error("pf_file_read(PF fd %d): pf_read failed: %s", fd, pf_strerror(pfs));
log_warning("pf_file_read(PF fd %d): pf_read failed: %s", fd, pf_strerror(pfs));
return -PAL_ERROR_DENIED;
}

Expand Down Expand Up @@ -216,14 +216,14 @@ static int64_t pf_file_write(struct protected_file* pf, PAL_HANDLE handle, uint6
int fd = handle->file.fd;

if (!pf->context) {
log_error("pf_file_write(PF fd %d): PF not initialized", fd);
log_warning("pf_file_write(PF fd %d): PF not initialized", fd);
return -PAL_ERROR_BADHANDLE;
}

pf_status_t pf_ret = pf_write(pf->context, offset, count, buffer);

if (PF_FAILURE(pf_ret)) {
log_error("pf_file_write(PF fd %d): pf_write failed: %s", fd, pf_strerror(pf_ret));
log_warning("pf_file_write(PF fd %d): pf_write failed: %s", fd, pf_strerror(pf_ret));
return -PAL_ERROR_DENIED;
}

Expand Down Expand Up @@ -254,7 +254,7 @@ static int64_t file_write(PAL_HANDLE handle, uint64_t offset, uint64_t count, co
}

/* case of trusted file: disallow writing completely */
log_error("Writing to a trusted file (%s) is disallowed!", handle->file.realpath);
log_warning("Writing to a trusted file (%s) is disallowed!", handle->file.realpath);
return -PAL_ERROR_DENIED;
}

Expand Down Expand Up @@ -324,12 +324,12 @@ static int pf_file_map(struct protected_file* pf, PAL_HANDLE handle, void** addr

assert(WITHIN_MASK(prot, PAL_PROT_MASK));
if ((prot & PAL_PROT_READ) && (prot & PAL_PROT_WRITE)) {
log_error("pf_file_map(PF fd %d): trying to map with R+W access", fd);
log_warning("pf_file_map(PF fd %d): trying to map with R+W access", fd);
return -PAL_ERROR_NOTSUPPORT;
}

if (!pf->context) {
log_error("pf_file_map(PF fd %d): PF not initialized", fd);
log_warning("pf_file_map(PF fd %d): PF not initialized", fd);
return -PAL_ERROR_BADHANDLE;
}

Expand Down Expand Up @@ -370,8 +370,8 @@ static int pf_file_map(struct protected_file* pf, PAL_HANDLE handle, void** addr
if (prot & PAL_PROT_READ) {
/* we don't check this on writes since file size may be extended then */
if (offset >= pf_size) {
log_error("pf_file_map(PF fd %d): offset (%lu) >= file size (%lu)", fd, offset,
pf_size);
log_warning("pf_file_map(PF fd %d): offset (%lu) >= file size (%lu)", fd, offset,
pf_size);
ret = -PAL_ERROR_INVAL;
goto out;
}
Expand All @@ -385,7 +385,7 @@ static int pf_file_map(struct protected_file* pf, PAL_HANDLE handle, void** addr
pf_ret = PF_STATUS_CORRUPTED;
}
if (PF_FAILURE(pf_ret)) {
log_error("pf_file_map(PF fd %d): pf_read failed: %s", fd, pf_strerror(pf_ret));
log_warning("pf_file_map(PF fd %d): pf_read failed: %s", fd, pf_strerror(pf_ret));
ret = -PAL_ERROR_DENIED;
goto out;
}
Expand Down Expand Up @@ -435,7 +435,7 @@ static int file_map(PAL_HANDLE handle, void** addr, int prot, uint64_t offset, u
}

if (!(prot & PAL_PROT_WRITECOPY) && (prot & PAL_PROT_WRITE)) {
log_error(
log_warning(
"file_map does not currently support writable pass-through mappings on SGX. You "
"may add the PAL_PROT_WRITECOPY (MAP_PRIVATE) flag to your file mapping to keep "
"the writes inside the enclave but they won't be reflected outside of the "
Expand Down Expand Up @@ -482,7 +482,7 @@ static int file_map(PAL_HANDLE handle, void** addr, int prot, uint64_t offset, u
} else if (bytes == -EINTR || bytes == -EAGAIN) {
continue;
} else {
log_error("file_map - ocall_pread on allowed file returned %ld", bytes);
log_warning("file_map - ocall_pread on allowed file returned %ld", bytes);
ret = unix_to_pal_error(bytes);
goto out;
}
Expand Down Expand Up @@ -510,8 +510,8 @@ static int64_t pf_file_setlength(struct protected_file* pf, PAL_HANDLE handle, u

pf_status_t pfs = pf_set_size(pf->context, length);
if (PF_FAILURE(pfs)) {
log_error("pf_file_setlength(PF fd %d, %lu): pf_set_size returned %s", fd, length,
pf_strerror(pfs));
log_warning("pf_file_setlength(PF fd %d, %lu): pf_set_size returned %s", fd, length,
pf_strerror(pfs));
return -PAL_ERROR_DENIED;
}
return length;
Expand All @@ -538,12 +538,12 @@ static int file_flush(PAL_HANDLE handle) {
if (pf) {
int ret = flush_pf_maps(pf, /*buffer=*/NULL, /*remove=*/false);
if (ret < 0) {
log_error("file_flush(PF fd %d): flush_pf_maps returned %s", fd, pal_strerror(ret));
log_warning("file_flush(PF fd %d): flush_pf_maps returned %s", fd, pal_strerror(ret));
return ret;
}
pf_status_t pfs = pf_flush(pf->context);
if (PF_FAILURE(pfs)) {
log_error("file_flush(PF fd %d): pf_flush returned %s", fd, pf_strerror(pfs));
log_warning("file_flush(PF fd %d): pf_flush returned %s", fd, pf_strerror(pfs));
return -PAL_ERROR_DENIED;
}
} else {
Expand Down Expand Up @@ -584,8 +584,8 @@ static int pf_file_attrquery(struct protected_file* pf, int fd_from_attrquery, c
pf = load_protected_file(path, &fd_from_attrquery, real_size, PF_FILE_MODE_READ,
/*create=*/false, pf);
if (!pf) {
log_error("pf_file_attrquery: load_protected_file(%s, %d) failed", path,
fd_from_attrquery);
log_warning("pf_file_attrquery: load_protected_file(%s, %d) failed", path,
fd_from_attrquery);
/* The call above will fail for PFs that were tampered with or have a wrong path.
* glibc kills the process if this fails during directory enumeration, but that
* should be fine given the scenario.
Expand Down Expand Up @@ -643,7 +643,7 @@ static int file_attrquery(const char* type, const char* uri, PAL_STREAM_ATTR* at
}
ret = get_norm_path(uri, path, &len);
if (ret < 0) {
log_error("Could not normalize path (%s): %s", uri, pal_strerror(ret));
log_warning("Could not normalize path (%s): %s", uri, pal_strerror(ret));
goto out;
}

Expand Down
36 changes: 18 additions & 18 deletions Pal/src/host/Linux-SGX/enclave_pf.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,14 @@ static pf_status_t cb_read(pf_handle_t handle, void* buffer, uint64_t offset, si
continue;

if (read < 0) {
log_error("cb_read(%d, %p, %lu, %lu): read failed: %ld", fd, buffer, offset,
size, read);
log_warning("cb_read(%d, %p, %lu, %lu): read failed: %ld", fd, buffer, offset,
size, read);
return PF_STATUS_CALLBACK_FAILED;
}

/* EOF is an error condition, we want to read exactly `size` bytes */
if (read == 0) {
log_error("cb_read(%d, %p, %lu, %lu): EOF", fd, buffer, offset, size);
log_warning("cb_read(%d, %p, %lu, %lu): EOF", fd, buffer, offset, size);
return PF_STATUS_CALLBACK_FAILED;
}

Expand All @@ -70,14 +70,14 @@ static pf_status_t cb_write(pf_handle_t handle, const void* buffer, uint64_t off
continue;

if (written < 0) {
log_error("cb_write(%d, %p, %lu, %lu): write failed: %ld", fd, buffer, offset,
size, written);
log_warning("cb_write(%d, %p, %lu, %lu): write failed: %ld", fd, buffer, offset,
size, written);
return PF_STATUS_CALLBACK_FAILED;
}

/* EOF is an error condition, we want to write exactly `size` bytes */
if (written == 0) {
log_error("cb_write(%d, %p, %lu, %lu): EOF", fd, buffer, offset, size);
log_warning("cb_write(%d, %p, %lu, %lu): EOF", fd, buffer, offset, size);
return PF_STATUS_CALLBACK_FAILED;
}

Expand All @@ -91,7 +91,7 @@ static pf_status_t cb_truncate(pf_handle_t handle, uint64_t size) {
int fd = *(int*)handle;
int ret = ocall_ftruncate(fd, size);
if (ret < 0) {
log_error("cb_truncate(%d, %lu): ocall failed: %d", fd, size, ret);
log_warning("cb_truncate(%d, %lu): ocall failed: %d", fd, size, ret);
return PF_STATUS_CALLBACK_FAILED;
}
return PF_STATUS_SUCCESS;
Expand All @@ -108,7 +108,7 @@ static pf_status_t cb_aes_cmac(const pf_key_t* key, const void* input, size_t in
int ret = lib_AESCMAC((const uint8_t*)key, sizeof(*key), input, input_size, (uint8_t*)mac,
sizeof(*mac));
if (ret != 0) {
log_error("lib_AESCMAC failed: %d", ret);
log_warning("lib_AESCMAC failed: %d", ret);
return PF_STATUS_CALLBACK_FAILED;
}
return PF_STATUS_SUCCESS;
Expand All @@ -120,7 +120,7 @@ static pf_status_t cb_aes_gcm_encrypt(const pf_key_t* key, const pf_iv_t* iv, co
int ret = lib_AESGCMEncrypt((const uint8_t*)key, sizeof(*key), (const uint8_t*)iv, input,
input_size, aad, aad_size, output, (uint8_t*)mac, sizeof(*mac));
if (ret != 0) {
log_error("lib_AESGCMEncrypt failed: %d", ret);
log_warning("lib_AESGCMEncrypt failed: %d", ret);
return PF_STATUS_CALLBACK_FAILED;
}
return PF_STATUS_SUCCESS;
Expand All @@ -133,7 +133,7 @@ static pf_status_t cb_aes_gcm_decrypt(const pf_key_t* key, const pf_iv_t* iv, co
input_size, aad, aad_size, output, (const uint8_t*)mac,
sizeof(*mac));
if (ret != 0) {
log_error("lib_AESGCMDecrypt failed: %d", ret);
log_warning("lib_AESGCMDecrypt failed: %d", ret);
return PF_STATUS_CALLBACK_FAILED;
}
return PF_STATUS_SUCCESS;
Expand All @@ -142,7 +142,7 @@ static pf_status_t cb_aes_gcm_decrypt(const pf_key_t* key, const pf_iv_t* iv, co
static pf_status_t cb_random(uint8_t* buffer, size_t size) {
int ret = _DkRandomBitsRead(buffer, size);
if (ret < 0) {
log_error("_DkRandomBitsRead failed: %d", ret);
log_warning("_DkRandomBitsRead failed: %d", ret);
return PF_STATUS_CALLBACK_FAILED;
}
return PF_STATUS_SUCCESS;
Expand Down Expand Up @@ -261,7 +261,7 @@ static int is_directory(const char* path, bool* is_dir) {
fd = ret;
ret = ocall_fstat(fd, &st);
if (ret < 0) {
log_error("is_directory(%s): fstat failed: %d", path, ret);
log_warning("is_directory(%s): fstat failed: %d", path, ret);
goto out;
}

Expand All @@ -272,7 +272,7 @@ static int is_directory(const char* path, bool* is_dir) {
if (fd >= 0) {
int rv = ocall_close(fd);
if (rv < 0) {
log_error("is_directory(%s): close failed: %d", path, rv);
log_warning("is_directory(%s): close failed: %d", path, rv);
}
}

Expand All @@ -291,7 +291,7 @@ static int register_protected_dir(const char* path) {

ret = ocall_open(path, O_RDONLY | O_DIRECTORY, 0);
if (ret < 0) {
log_error("register_protected_dir: opening %s failed: %d", path, ret);
log_warning("register_protected_dir: opening %s failed: %d", path, ret);
ret = unix_to_pal_error(ret);
goto out;
}
Expand All @@ -303,7 +303,7 @@ static int register_protected_dir(const char* path) {
returned = ocall_getdents(fd, buf, bufsize);
if (returned < 0) {
ret = unix_to_pal_error(returned);
log_error("register_protected_dir: reading %s failed: %d", path, ret);
log_warning("register_protected_dir: reading %s failed: %d", path, ret);
goto out;
}

Expand Down Expand Up @@ -355,7 +355,7 @@ static int register_protected_path(const char* path, struct protected_file** new
size_t len = URI_MAX;
ret = get_norm_path(path, normpath, &len);
if (ret < 0) {
log_error("Couldn't normalize path (%s): %s", path, pal_strerror(ret));
log_warning("Couldn't normalize path (%s): %s", path, pal_strerror(ret));
goto out;
}

Expand Down Expand Up @@ -533,7 +533,7 @@ static int open_protected_file(const char* path, struct protected_file* pf, pf_h
pf_status_t pfs;
pfs = pf_open(handle, path, size, mode, create, &g_pf_wrap_key, &pf->context);
if (PF_FAILURE(pfs)) {
log_error("pf_open(%d, %s) failed: %s", *(int*)handle, path, pf_strerror(pfs));
log_warning("pf_open(%d, %s) failed: %s", *(int*)handle, path, pf_strerror(pfs));
return -PAL_ERROR_DENIED;
}
return 0;
Expand Down Expand Up @@ -621,7 +621,7 @@ int unload_protected_file(struct protected_file* pf) {
return ret;
pf_status_t pfs = pf_close(pf->context);
if (PF_FAILURE(pfs)) {
log_error("unload_protected_file(%p) failed: %s", pf, pf_strerror(pfs));
log_warning("unload_protected_file(%p) failed: %s", pf, pf_strerror(pfs));
}

pf->context = NULL;
Expand Down

0 comments on commit 754d4e0

Please sign in to comment.