Works on SGX 1.0

2018-12-18 14:18:41 +08:00 · 2018-12-18 14:18:41 +08:00 · 0cda8dffe7
commit 0cda8dffe7
parent e9064e3914
5 changed files with 30 additions and 21 deletions
--- a/src/libos/Enclave_config.xml
+++ b/src/libos/Enclave_config.xml
@ -3,7 +3,7 @@
  <ProdID>0</ProdID>
  <ISVSVN>0</ISVSVN>
  <StackMaxSize>0x80000</StackMaxSize>
-  <HeapMaxSize>0x6000000</HeapMaxSize>
+  <HeapMaxSize>0x1000000</HeapMaxSize>
  <TCSNum>8</TCSNum>
  <TCSPolicy>1</TCSPolicy>
  <DisableDebug>0</DisableDebug>
--- a/src/libos/src/process/spawn/init_vm.rs
+++ b/src/libos/src/process/spawn/init_vm.rs
@ -41,9 +41,6 @@ pub fn do_init(elf_file: &ElfFile, elf_buf: &[u8]) -> Result<ProcessVM, Error> {
    reloc_symbols(process_base_addr, elf_file)?;
    link_syscalls(process_base_addr, elf_file)?;

-    // Make code executable
-    code_seg.mprotect(PERM_R | PERM_W | PERM_X);
-
    Ok(process_vm)
 }

--- a/src/libos/src/process/spawn/segment.rs
+++ b/src/libos/src/process/spawn/segment.rs
@ -77,10 +77,13 @@ impl Segment {
    }

    pub fn mprotect(&mut self, perm: u32) {
+        panic!("Not implemented yet!");
+        /*
        unsafe {
            trts_mprotect(self.start_addr, self.end_addr - self.start_addr,
                          perm as u64);
        }
+        */
    }
 }

@ -98,5 +101,10 @@ pub fn get_data_segment(elf_file: &ElfFile) -> Result<Segment, Error> {

 #[link(name = "sgx_trts")]
 extern {
+    // XXX: trts_mprotect is a private SGX function that is not supposed to be
+    // used by external users. At least, this is the case for SGX v2.2. To use
+    // this function, we need to modify Intel SGX SDK slightly. I suppose
+    // this functionality will be exposed to external users as an SGX API in
+    // the future.
    pub fn trts_mprotect(start: size_t, size: size_t, perms: uint64_t) -> sgx_status_t;
 }
--- a/src/libos/src/vm/process_vm.rs
+++ b/src/libos/src/vm/process_vm.rs
@ -1,17 +1,14 @@
 use super::*;

-const DATA_SPACE_SIZE : usize = 12 * 1024 * 1024; // 16MB
-
 lazy_static! {
    static ref DATA_SPACE: SgxMutex<VMSpace> = {
-        let size = DATA_SPACE_SIZE;
-        let addr = {
-            let ptr = unsafe { aligned_malloc(size, PAGE_SIZE) };
-            if ptr == (0 as *mut c_void) {
-                panic!("Out of memory");
-            };
-            ptr as usize
+        let (addr, size) = {
+            let mut addr : usize = 0;
+            let mut size : usize = 0;
+            unsafe { vm_get_prealloced_data_space(&mut addr, &mut size) };
+            (addr, size)
        };
+        println!("addr = {:X?}, size = {}", addr, size);
        let vm_space = unsafe {
            match VMSpace::new(addr, size, VMGuardAreaType::None) {
                Ok(vm_space) => vm_space,
@ -22,14 +19,8 @@ lazy_static! {
    };
 }

-unsafe fn aligned_malloc(mem_size: usize, mem_align: usize) -> *mut c_void {
-    let mut mem_ptr = ::core::ptr::null_mut();
-    let ret = libc::posix_memalign(&mut mem_ptr, mem_align, mem_size);
-    if ret == 0 {
-        mem_ptr
-    } else {
-        0 as *mut c_void
-    }
+extern {
+    pub fn vm_get_prealloced_data_space(addr: &mut usize, size: &mut usize);
 }

 #[derive(Debug)]
--- a/src/libos/src/vm/vm_space_prealloced.c
+++ b/src/libos/src/vm/vm_space_prealloced.c
@ -0,0 +1,13 @@
+#include <stddef.h>
+
+#define DATA_SPACE_SIZE (16*1024*1024)
+
+static char __prealloced_data_space[DATA_SPACE_SIZE]
+    __attribute__ ((
+        section(".exectuable_data,\"awx\",@nobits#"),
+        aligned(4096))) = {0};
+
+void vm_get_prealloced_data_space(void** paddr, size_t* psize) {
+    *paddr = __prealloced_data_space;
+    *psize = DATA_SPACE_SIZE;
+}