Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1493 Discussions

Buffer management issues between enclave and untrusted memory

Aref_Asvadi
Beginner
‎07-29-2017 01:05 PM
1,342 Views

Hi there,
To be honest I'm not sure if this is a valid and predicted behaviour or maybe my implementation and thought-process is wrong. Let me explain.
When there's a need to bring in data from untrusted memory to enclave, I thought I can use an ocall which has a buffer with out directive that will be called from within enclave so after ocall finishes, enclave code will use the provided buffer to move forward with the program.

void ocall_transfer_to_enclave([out, size = buffer_len] unsigned char* transfer_buffer,size_t buffer_len);

But ocall fails for buffers more than 120KB. But I can do it with a different logic. Whenever there's a need to move data from untrusted memory to enclave, design your program steps in a way that you can do it with an ecall which has a buffer with in directive.

public void ecall_transfer_to_enclave([in, size = buffer_len] unsigned char* transfer_buffer, size_t len);

Now I can send a reasonably big buffer to enclave (80MB).

Can someone help understand why I encounter such behavior?

0 Kudos

Link Copied

3 Replies
Anusha_K_Intel
Employee
‎08-01-2017 12:13 AM
1,342 Views

Hi,

Can you please share your code if possible?? And what is the error you are encountering while running the ocall function when passing the data?? if you could specify the error we can resolve whether it is caused by the enclave or the application.

 

0 Kudos
Copy link
Ishai_N_Intel
Employee
‎08-01-2017 05:14 AM
1,342 Views

In an ECALL, when copying a buffer into the enclave, the edger8r generated code allocates a memory buffer inside the enclave to copy the data into - this allocation is done with malloc, then the data is copied. After the called function finishes execution the memory is freed - you can see that in the generated code.

In an OCALL, when copying a buffer out of the enclave, the edger8r generated code allocates a memory buffer outside the enclave with a mechanizm similar to 'alloca' - the memory is allocated on the untrusted stack (sgx_ocalloc), and not with malloc. Stack size is limited, therefore you can't use that for big buffers.

0 Kudos
Copy link
Aref_Asvadi
Beginner
‎08-01-2017 12:16 PM
1,342 Views

Hi Ishai,
Thanks a lot, it makes sense now. But, why not allocating memory from heap for ocall instead of stack? Is this for security reasons? Like for the case that an sgx machine may host a malicious enclave program that can potentially ask for a big chunk of buffer and cause system to crash? Just curious to see what is the underlying security consideration.

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.