Crash when using local_pck_url on Azure since v1.20

[thomasten]

Update: this is fixed with DCAP 1.21 release.

Hi,
I use the default QPL in an Azure VM. With this config
https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/qcnl/linux/sgx_default_qcnl_azure.conf
I get the following crash:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff71683bc in CertificationService::setup_quote_config (tcbm="1515020401800e", '0' <repeats 19 times>, "D00", 
    pck_cert="-----BEGIN CERTIFICATE-----\nMIIEjTCCBDSgAwIBAgIVAPv92/ivD54aS+IbpnNcrFVOAG69MAoGCCqGSM49BAMC\nMHExIzAhBgNVBAMMGkludGVsIFNHWCBQQ0sgUHJvY2Vzc29yIENBMRowGAYDVQQK\nDBFJbnRlbCBDb3Jwb3JhdGlvbjEUMBIGA1UEBwwLU2"..., 
    certchain="-----BEGIN CERTIFICATE-----\nMIICmDCCAj6gAwIBAgIVANDoqtp11/kuSReYPHsUZdDV8llNMAoGCCqGSM49BAMC\nMGgxGjAYBgNVBAMMEUludGVsIFNHWCBSb290IENBMRowGAYDVQQKDBFJbnRlbCBD\nb3Jwb3JhdGlvbjEUMBIGA1UEBwwLU2FudGEgQ2xhcm"..., pp_quote_config=0x0) at ../certification_service.cpp:139
139	../certification_service.cpp: No such file or directory.
(gdb) bt
#0  0x00007ffff71683bc in CertificationService::setup_quote_config (tcbm="1515020401800e", '0' <repeats 19 times>, "D00", 
    pck_cert="-----BEGIN CERTIFICATE-----\nMIIEjTCCBDSgAwIBAgIVAPv92/ivD54aS+IbpnNcrFVOAG69MAoGCCqGSM49BAMC\nMHExIzAhBgNVBAMMGkludGVsIFNHWCBQQ0sgUHJvY2Vzc29yIENBMRowGAYDVQQK\nDBFJbnRlbCBDb3Jwb3JhdGlvbjEUMBIGA1UEBwwLU2"..., 
    certchain="-----BEGIN CERTIFICATE-----\nMIICmDCCAj6gAwIBAgIVANDoqtp11/kuSReYPHsUZdDV8llNMAoGCCqGSM49BAMC\nMGgxGjAYBgNVBAMMEUludGVsIFNHWCBSb290IENBMRowGAYDVQQKDBFJbnRlbCBD\nb3Jwb3JhdGlvbjEUMBIGA1UEBwwLU2FudGEgQ2xhcm"..., pp_quote_config=0x0) at ../certification_service.cpp:139
#1  0x00007ffff71686db in CertificationService::resp_obj_to_pck_certchain (pccs_resp_obj=0x7fffffffbe90, args=<optimized out>)
    at ../certification_service.cpp:386
#2  0x00007ffff717ed1c in CertificationService::get_pck_cert_chain (this=this@entry=0x7fffffffbfd0, p_pck_cert_id=p_pck_cert_id@entry=0x7fffffffc100, 
    pp_quote_config=pp_quote_config@entry=0x7fffffffc050) at ../certification_service.cpp:602
#3  0x00007ffff7160d02 in sgx_qcnl_get_pck_cert_chain (p_pck_cert_id=0x7fffffffc100, pp_quote_config=0x7fffffffc050) at ../sgx_default_qcnl_wrapper.cpp:96
#4  0x00007ffff74a4f2a in sgx_ql_get_quote_config (p_cert_id=<optimized out>, pp_quote_config=<optimized out>) at ../sgx_default_quote_provider.cpp:116
#5  0x00007ffff776b98d in ?? () from /lib/x86_64-linux-gnu/libsgx_qe3_logic.so
#6  0x00007ffff776d4e1 in ?? () from /lib/x86_64-linux-gnu/libsgx_qe3_logic.so
#7  0x00007ffff776f33b in sgx_ql_init_quote () from /lib/x86_64-linux-gnu/libsgx_qe3_logic.so
#8  0x00007ffff7777652 in sgx_qe_get_target_info () from /lib/x86_64-linux-gnu/libsgx_dcap_ql.so.1
#9  0x0000000000449b8a in oe_sgx_qe_get_target_info (format_id=format_id@entry=0x4a4340, opt_params=opt_params@entry=0x0, 
    opt_params_size=opt_params_size@entry=0, 
    target_info=target_info@entry=0x4a4390 "\226\263G\246NZ\004^'6\234&\346\334\332Q\375|\205\016\233::y\347\030\364\062a\336\341\344\025")
    at /source/openenclave/host/sgx/sgxquote.c:942

Without local_pck_url configured, it works. Downgrading to v1.19 also works.

[ScottR-Intel]

What distro and version are you running?

[thomasten]

This happens on all distros I tried: Ubuntu 20.04, Ubuntu 22.04, RHEL 9.2

[hello31337]

I encountered exactly the same symptoms on an Azure VM (DCsv3, Ubuntu 22.04), so I will provide several logs as a supplement.

Output of journalctl -xe after crash：

Feb 05 05:10:39 machine kernel: aesm_service[23303]: segfault at 0 ip 00007f66c3c7090c sp 00007f66c3bfd5b0 error 6 in libsgx_default_qcnl_wrapper.so.1.13.107.2[7f66c3c57000+1f9000] likely on CPU 1 (core 1, socket 0)
Feb 05 05:10:39 machine kernel: Code: 5c 41 5d 41 5e 41 5f c3 66 0f 1f 44 00 00 48 83 7e 08 00 49 89 f5 74 ac 48 89 fd be 01 00 00 00 bf 22 00 00 00 e8 94 79 fe ff <48> 89 03 48 85 c0 0f 84 f9 00 00 00 c7 00 01 00 00 00 48 8b 7d 00
Feb 05 05:10:39 machine systemd[1]: aesmd.service: Main process exited, code=dumped, status=11/SEGV
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ An ExecStart= process belonging to unit aesmd.service has exited.
░░ 
░░ The process' exit code is 'dumped' and its exit status is 11.
Feb 05 05:10:39 machine systemd[1]: aesmd.service: Failed with result 'core-dump'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ The unit aesmd.service has entered the 'failed' state with result 'core-dump'. 

stdout (stderr) of QuoteGenerationSample with make DEBUG=1

[APP] Step1: Call sgx_qe_get_target_info:
[init ../../../psw/ae/aesm_service/source/core/ipc/UnixCommunicationSocket.cpp:225] Failed to connect to socket /var/run/aesmd/aesm.socket
Error in sgx_qe_get_target_info. 0xe040

The crash appears to occur in the sgx_qe_get_target_info function.
As Thomasten said, this problem can be temporarily avoided by either not setting local_pck_url or by downgrading libsgx-dcap-default-qpl to 1.19.

It would be helpful if you could share your progress in resolving this issue.

[lingyuj]

PR is ready for review here:
#370

[thomasten]

I can confirm that this is fixed with DCAP 1.21 release.