[Pal/Linux-SGX] Fix refcounting on open/close of Protected Files

LibOS/shim/test/regression/.gitignore

@@ -1,5 +1,6 @@
 /*.manifest
 /*.xml
+/*.dat
 
 /.cache
 /abort
@@ -76,6 +77,7 @@
 /proc_common
 /proc_cpuinfo
 /proc_path
+/protected_file
 /pselect
 /pthread_set_get_affinity
 /rdtsc

LibOS/shim/test/regression/Makefile

@@ -67,6 +67,7 @@ c_executables = \
 	proc_common \
 	proc_cpuinfo \
 	proc_path \
+	protected_file \
 	pselect \
 	pthread_set_get_affinity \
 	readdir \

LibOS/shim/test/regression/manifest.template

@@ -40,3 +40,7 @@ sgx.allowed_files.testfile = "file:testfile" # for mmap_file test
 sgx.thread_num = 16
 
 sgx.nonpie_binary = 1
+
+# for protected_file test
+sgx.protected_files.pf1 = "file:protected_file_1.dat"
+sgx.protected_files_key = "ffeeddccbbaa99887766554433221100"

LibOS/shim/test/regression/protected_file.c

@@ -0,0 +1,84 @@
+/* This test opens the same file twice, reads from one FD, reads from another FD, and closes both
+ * FDs. This test exists mainly to test Protected Files Linux-SGX feature. */
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#define BUF_LENGTH 256
+#define STRING "Hello World"
+
+static ssize_t rw_file(int fd, char* buf, size_t bytes, bool write_flag) {
+    ssize_t rv = 0;
+    ssize_t ret;
+
+    while (bytes > rv) {
+        if (write_flag)
+            ret = write(fd, buf + rv, bytes - rv);
+        else
+            ret = read(fd, buf + rv, bytes - rv);
+
+        if (ret > 0) {
+            rv += ret;
+        } else {
+            if (ret < 0 && (errno == EAGAIN || errno == EINTR)) {
+                continue;
+            } else {
+                fprintf(stderr, "%s failed:%s\n", write_flag ? "write" : "read", strerror(errno));
+                return ret;
+            }
+        }
+    }
+
+    return rv;
+}
+
+int main(int argc, char** argv) {
+    int ret;
+    char buf[BUF_LENGTH] = {0};
+    ssize_t bytes;
+
+    if (argc != 2) {
+        fprintf(stderr, "Usage: %s protected_file_path\n", argv[0]);
+        return 1;
+    }
+
+    char* protected_file_path = argv[1];
+    int fd1 = open(protected_file_path, O_CREAT | O_RDONLY, 0644);
+    if (fd1 < 0)
+        err(1, "open of first fd");
+
+    int fd2 = open(protected_file_path, O_CREAT | O_RDWR, 0644);
+    if (fd2 < 0)
+        err(1, "open of second fd");
+
+    bytes = rw_file(fd2, STRING, sizeof(STRING), /*write_flag=*/true);
+    if (bytes != sizeof(STRING))
+        errx(1, "writing '" STRING "' to second fd failed");
+
+    bytes = rw_file(fd1, buf, sizeof(STRING), /*write_flag=*/false);
+    if (bytes < 0)
+        errx(1, "reading '" STRING "' from first fd failed");
+
+    buf[bytes - 1] = '\0';
+
+    if (strcmp(STRING, buf))
+        errx(1, "unexpected '%s' was read", buf);
+
+    ret = close(fd2);
+    if (ret < 0)
+        err(1, "close of second fd");
+
+    ret = close(fd1);
+    if (ret < 0)
+        err(1, "close of first fd");
+
+    puts("TEST OK");
+    return 0;
+}

LibOS/shim/test/regression/test_libos.py

@@ -381,6 +381,12 @@ def test_032_file_size(self):
         stdout, _ = self.run_binary(['file_size'])
         self.assertIn('test completed successfully', stdout)
 
+    def test_033_protected_file(self):
+        if os.path.exists("protected_file_1.dat"):
+            os.remove("protected_file_1.dat")
+        stdout, _ = self.run_binary(['protected_file', 'protected_file_1.dat'])
+        self.assertIn('TEST OK', stdout)
+
     def test_040_futex_bitset(self):
         stdout, _ = self.run_binary(['futex_bitset'])