Hi Vikrant,
On 13.02.25 11:01, Vikrant Garg wrote:
Hello All,
I am using the QEMU for emulating nitro enclave images. In my enclave
image, I have an attestation service implemented in Rust. This
application fetches attestations using IOCTL command. I have noticed
that response from the nsm virtio device is always of length 0x3000
(i.e. maximum NSM response size). Instead, it should be the actual
size of response bytes. Same case is also happening with the
attestation service implemented in python. On the other hand, the same
Rust attestation service is working with AWS nitro enclaves. It looks
like an NSM emulation issue.
I would like to confirm if this is the expected behaviour and need
help on further debugging.
Thanks a lot for the report! Does this happen with all commands or only
the Attest command? The NSM emulation code attempts to trim the response
size to the actual payload, but there may well be a bug in that logic.
I do have a hunch on what the problem may be. Can you please quickly try
the patch below?
Thanks!
Alex
index 098e1aeac6..b22aa74e34 100644
--- a/hw/virtio/virtio-nsm.c
+++ b/hw/virtio/virtio-nsm.c
@@ -1596,7 +1596,7 @@ static void handle_input(VirtIODevice *vdev,
VirtQueue *vq)
g_free(req.iov_base);
g_free(res.iov_base);
virtqueue_push(vq, out_elem, 0);
- virtqueue_push(vq, in_elem, in_elem->in_sg->iov_len);
+ virtqueue_push(vq, in_elem, sz);
virtio_notify(vdev, vq);
return;
