general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Works on SGX 1.0

Browse Source
This commit is contained in:
Tate, Hongliang Tian 2018-12-18 14:18:41 +08:00
parent e9064e3914
commit 0cda8dffe7
5 changed files with 30 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libos/Enclave_config.xml
View File

@ -3,7 +3,7 @@
<ProdID>0</ProdID> <ProdID>0</ProdID>
<ISVSVN>0</ISVSVN> <ISVSVN>0</ISVSVN>
<StackMaxSize>0x80000</StackMaxSize> <StackMaxSize>0x80000</StackMaxSize>
<HeapMaxSize>0x6000000</HeapMaxSize> <HeapMaxSize>0x1000000</HeapMaxSize>
<TCSNum>8</TCSNum> <TCSNum>8</TCSNum>
<TCSPolicy>1</TCSPolicy> <TCSPolicy>1</TCSPolicy>
<DisableDebug>0</DisableDebug> <DisableDebug>0</DisableDebug>

3
src/libos/src/process/spawn/init_vm.rs
View File

@ -41,9 +41,6 @@ pub fn do_init(elf_file: &ElfFile, elf_buf: &[u8]) -> Result<ProcessVM, Error> {
reloc_symbols(process_base_addr, elf_file)?; reloc_symbols(process_base_addr, elf_file)?;
link_syscalls(process_base_addr, elf_file)?; link_syscalls(process_base_addr, elf_file)?;
// Make code executable
code_seg.mprotect(PERM_R | PERM_W | PERM_X);
Ok(process_vm) Ok(process_vm)
} }

8
src/libos/src/process/spawn/segment.rs
View File

@ -77,10 +77,13 @@ impl Segment {
} }
pub fn mprotect(&mut self, perm: u32) { pub fn mprotect(&mut self, perm: u32) {
panic!("Not implemented yet!");
/*
unsafe { unsafe {
trts_mprotect(self.start_addr, self.end_addr - self.start_addr, trts_mprotect(self.start_addr, self.end_addr - self.start_addr,
perm as u64); perm as u64);
} }
*/
} }
} }
@ -98,5 +101,10 @@ pub fn get_data_segment(elf_file: &ElfFile) -> Result<Segment, Error> {
#[link(name = "sgx_trts")] #[link(name = "sgx_trts")]
extern { extern {
// XXX: trts_mprotect is a private SGX function that is not supposed to be
// used by external users. At least, this is the case for SGX v2.2. To use
// this function, we need to modify Intel SGX SDK slightly. I suppose
// this functionality will be exposed to external users as an SGX API in
// the future.
pub fn trts_mprotect(start: size_t, size: size_t, perms: uint64_t) -> sgx_status_t; pub fn trts_mprotect(start: size_t, size: size_t, perms: uint64_t) -> sgx_status_t;
} }

25
src/libos/src/vm/process_vm.rs
View File

@ -1,17 +1,14 @@
use super::*; use super::*;
const DATA_SPACE_SIZE : usize = 12 * 1024 * 1024; // 16MB
lazy_static! { lazy_static! {
static ref DATA_SPACE: SgxMutex<VMSpace> = { static ref DATA_SPACE: SgxMutex<VMSpace> = {
let size = DATA_SPACE_SIZE; let (addr, size) = {
let addr = { let mut addr : usize = 0;
let ptr = unsafe { aligned_malloc(size, PAGE_SIZE) }; let mut size : usize = 0;
if ptr == (0 as *mut c_void) { unsafe { vm_get_prealloced_data_space(&mut addr, &mut size) };
panic!("Out of memory"); (addr, size)
};
ptr as usize
}; };
println!("addr = {:X?}, size = {}", addr, size);
let vm_space = unsafe { let vm_space = unsafe {
match VMSpace::new(addr, size, VMGuardAreaType::None) { match VMSpace::new(addr, size, VMGuardAreaType::None) {
Ok(vm_space) => vm_space, Ok(vm_space) => vm_space,
@ -22,14 +19,8 @@ lazy_static! {
}; };
} }
unsafe fn aligned_malloc(mem_size: usize, mem_align: usize) -> *mut c_void { extern {
let mut mem_ptr = ::core::ptr::null_mut(); pub fn vm_get_prealloced_data_space(addr: &mut usize, size: &mut usize);
let ret = libc::posix_memalign(&mut mem_ptr, mem_align, mem_size);
if ret == 0 {
mem_ptr
} else {
0 as *mut c_void
}
} }
#[derive(Debug)] #[derive(Debug)]

13
src/libos/src/vm/vm_space_prealloced.c Normal file
View File

@ -0,0 +1,13 @@
#include <stddef.h>
#define DATA_SPACE_SIZE (16*1024*1024)
static char __prealloced_data_space[DATA_SPACE_SIZE]
__attribute__ ((
section(".exectuable_data,\"awx\",@nobits#"),
aligned(4096))) = {0};
void vm_get_prealloced_data_space(void** paddr, size_t* psize) {
*paddr = __prealloced_data_space;
*psize = DATA_SPACE_SIZE;
}