Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Handling exceptions inside enclave

Subhendu_M_
Beginner
2,106 Views

Hi,

I'm trying to handle hardware exceptions inside the enclave. From the references given, I came to know that the function "sgx_register_exception_handler()" can be used to handle exceptions inside the enclave. But trying some sample code, it seems it can't handle the memory based exception (SIGSEGV). I'm able to handle the arithmetic errors (SIGFPE).

Is there any to do handle the same?

I have registered the handler as: sgx_register_exception_handler(10,exception_handler);

I saw the post here : https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/671518
It mentions that " If an exception happens while running within the enclave, the OS will search for registered exception handlers and will find what sgx_urts.dll has registered. When the sgx_urts.dll's handler gets control, ECALLs into the enclave again to execute the trusted exception handler.". But in my case it is not able to call the registered exception handler.

Thanks,

Subhendu.

0 Kudos
7 Replies
Surenthar_S_Intel
2,106 Views

Hi,

The exception handler has one parameter, a pointer to sgx_exception_info_t. The sgx_cpu_context_t part of this parameter is loaded with the CPU registers from the SSA frame. After the exception handler returns and only if it returns EXCEPTION_CONTINUE_EXECUTION, which indicates the exception has been handled, the updated CPU context values will be stored back into the SSA frame.

If you register an exception handler using sgx_register_exception_handler( ), then your exception handler will be called with a sgx_exception_info_t structure. The info->exception_type and info->exception_vector will define the type and vector from EXITINFO. 

Note: your exception handler will not be called if you reenter the enclave after an interrupt or an exception that is not recorded in EXITINFO.

-Surenthar

0 Kudos
Subhendu_M_
Beginner
2,106 Views

In the case of SIGSEGV errors, the error handling mechanism is not going in the 2nd phase to call my registered handler.
Is there a specific reason to not handle SIGSEGV errors?

thanks,

Subhendu.
 

0 Kudos
Anusha_K_Intel
Employee
2,106 Views

Hi,

   To handle exceptions occurred by SIGSEGV we need signal handlers.Technically, you can catch segfaults with a signal handler for SIGSEGV. The handler is supported only if signal.h header file is available,but the header file is not supported inside enclave.

For further information please refer to the  Unsupported C Standard Functions (pg. 353) from here

 

0 Kudos
Subhendu_M_
Beginner
2,106 Views

But I'm able to get the control when there is an SIGFPE error to the registered handler. That also requires to have the signal.h header included inside the enclave.

Thanks,

Subhendu

0 Kudos
Anusha_K_Intel
Employee
2,106 Views

Hi,

According to the document, it is given that these functions are not supported inside enclave, So you need to write your own function to handle this exception by using an OCALL. Can you share your code so we can look into the error which your facing?

 

0 Kudos
Subhendu_M_
Beginner
2,106 Views

The code is in the repo:

https://github.com/deathholes/sgx-enclave-sample

The file Enclave/Enclave.cpp contains the ecall functions:

There are two errors in the function, namely an arithmetic error(SIGFPE) at line 80 and an address boundary error(SIGSEGV) at line 84.

Output for the arithmetic error is:


before: RANDOM STRING
String : registered
String : registered[sig_handler sig_handler.cpp:94] signal handler is triggered
[sig_handler sig_handler.cpp:112] exception on ERESUME
[sig_handler sig_handler.cpp:94] signal handler is triggered
[sig_handler sig_handler.cpp:112] exception on ERESUME
[sig_handler sig_handler.cpp:150] NOT enclave signal
fish: “./app” terminated by signal SIGFPE (Floating point exception)


Clearly, the signal handler is triggered here. Also, putting a breakpoint at the entry of the handler( line # 11), in the debug mode, the control is reaching there.

For the address boundary error, the Output is:


before: RANDOM STRING
String : registered
String : registered[sig_handler sig_handler.cpp:94] signal handler is triggered
[sig_handler sig_handler.cpp:112] exception on ERESUME
[sig_handler sig_handler.cpp:150] NOT enclave signal
fish: “./app” terminated by signal SIGSEGV (Address boundary error)


Here there is no call to the signal handler. Putting the same breakpoint doesn't help.
I tried this for SIGILL error also.

The code is:

vector<int> v;
v.resize(1);
v.at(150) = 5;

It also behaves the same as SIGSEGV error.

Thanks,

Subhendu.

0 Kudos
Divya_M_
Beginner
2,106 Views

Hello, 

I am interested in handling SIGSEGV inside the enclave too. Did you get any further with this? If you can't do it by registering a custom handler through `sgx_register_exception_handler` is there an alternative way of doing it? I am especially keen to know how I can modify the context stored in the SSA and get past the offending instruction. 

 

Thanks, 

0 Kudos
Reply