Thanks a lot, Alex. You got the right fix. This is working for me. Expected length of response is being returned now.
Vikrant On Thu, Feb 13, 2025 at 4:00 PM Alexander Graf <[email protected]> wrote: > Hi Vikrant, > > On 13.02.25 11:01, Vikrant Garg wrote: > > > Hello All, > > > > I am using the QEMU for emulating nitro enclave images. In my enclave > > image, I have an attestation service implemented in Rust. This > > application fetches attestations using IOCTL command. I have noticed > > that response from the nsm virtio device is always of length 0x3000 > > (i.e. maximum NSM response size). Instead, it should be the actual > > size of response bytes. Same case is also happening with the > > attestation service implemented in python. On the other hand, the same > > Rust attestation service is working with AWS nitro enclaves. It looks > > like an NSM emulation issue. > > > > I would like to confirm if this is the expected behaviour and need > > help on further debugging. > > > Thanks a lot for the report! Does this happen with all commands or only > the Attest command? The NSM emulation code attempts to trim the response > size to the actual payload, but there may well be a bug in that logic. > > I do have a hunch on what the problem may be. Can you please quickly try > the patch below? > > > Thanks! > > Alex > > > index 098e1aeac6..b22aa74e34 100644 > --- a/hw/virtio/virtio-nsm.c > +++ b/hw/virtio/virtio-nsm.c > @@ -1596,7 +1596,7 @@ static void handle_input(VirtIODevice *vdev, > VirtQueue *vq) > g_free(req.iov_base); > g_free(res.iov_base); > virtqueue_push(vq, out_elem, 0); > - virtqueue_push(vq, in_elem, in_elem->in_sg->iov_len); > + virtqueue_push(vq, in_elem, sz); > virtio_notify(vdev, vq); > return; > >
