From 0ec4ba93053f189c81d8a74c0532ae2d3b413254 Mon Sep 17 00:00:00 2001 From: WangRunji Date: Wed, 13 Mar 2019 00:16:36 +0800 Subject: [PATCH] load program bin from SEFS --- src/libos/src/entry.rs | 1 + src/libos/src/fs/inode_file.rs | 14 ++++++++++++ src/libos/src/fs/mod.rs | 4 ++-- src/libos/src/process/spawn/mod.rs | 12 ++++------ src/libos/src/syscall/mod.rs | 1 + test/Makefile | 15 ++++++++++++- test/argv/main.c | 2 +- test/pipe/main.c | 2 +- test/pipe_throughput/main.c | 2 +- test/spawn/main.c | 2 +- test/spawn_and_exit_latency/main.c | 2 +- test/test_common.mk | 36 +++++++++--------------------- 12 files changed, 51 insertions(+), 42 deletions(-) diff --git a/src/libos/src/entry.rs b/src/libos/src/entry.rs index 5e57d86d..f0de3087 100644 --- a/src/libos/src/entry.rs +++ b/src/libos/src/entry.rs @@ -64,6 +64,7 @@ fn parse_arguments( // TODO: make sure do_boot can only be called once fn do_boot(path_str: &str, argv: &Vec) -> Result<(), Error> { + info!("boot: path: {:?}, argv: {:?}", path_str, argv); util::mpx_util::mpx_enable()?; let envp = std::vec::Vec::new(); diff --git a/src/libos/src/fs/inode_file.rs b/src/libos/src/fs/inode_file.rs index 58ebeae6..416a6ead 100644 --- a/src/libos/src/fs/inode_file.rs +++ b/src/libos/src/fs/inode_file.rs @@ -144,3 +144,17 @@ impl Debug for INodeFile { *self.offset.lock().unwrap(), self.options) } } + +pub trait INodeExt { + fn read_as_vec(&self) -> Result, Error>; +} + +impl INodeExt for INode { + fn read_as_vec(&self) -> Result, Error> { + let size = self.metadata()?.size; + let mut buf = Vec::with_capacity(size); + unsafe { buf.set_len(size); } + self.read_at(0, buf.as_mut_slice())?; + Ok(buf) + } +} diff --git a/src/libos/src/fs/mod.rs b/src/libos/src/fs/mod.rs index 0d55d17b..2478dbbb 100644 --- a/src/libos/src/fs/mod.rs +++ b/src/libos/src/fs/mod.rs @@ -11,7 +11,7 @@ mod inode_file; pub use self::file::{File, FileRef, SgxFile, StdinFile, StdoutFile}; pub use self::file_table::{FileDesc, FileTable}; pub use self::pipe::Pipe; -pub use self::inode_file::{INodeFile, ROOT_INODE}; +pub use self::inode_file::{INodeFile, ROOT_INODE, INodeExt}; use rcore_fs::vfs::{FsError, FileType, INode, Metadata, Timespec}; use self::inode_file::OpenOptions; use process::Process; @@ -244,7 +244,7 @@ extern "C" { } impl Process { - fn lookup_inode(&self, path: &str) -> Result, Error> { + pub fn lookup_inode(&self, path: &str) -> Result, Error> { let cwd = self.get_exec_path().split_at(1).1; // skip start '/' let inode = ROOT_INODE.lookup(cwd)?.lookup(path)?; Ok(inode) diff --git a/src/libos/src/process/spawn/mod.rs b/src/libos/src/process/spawn/mod.rs index 370aee87..4ce641fa 100644 --- a/src/libos/src/process/spawn/mod.rs +++ b/src/libos/src/process/spawn/mod.rs @@ -1,7 +1,7 @@ use self::init_stack::{AuxKey, AuxTable}; use super::task::Task; use super::*; -use fs::{File, FileDesc, FileTable, StdinFile, StdoutFile /*, StderrFile*/}; +use fs::{File, FileDesc, FileTable, StdinFile, StdoutFile, ROOT_INODE, INodeExt}; use std::ffi::{CStr, CString}; use std::path::Path; use std::sgxfs::SgxFile; @@ -30,13 +30,9 @@ pub fn do_spawn>( parent_ref: &ProcessRef, ) -> Result { let mut elf_buf = { - let key: sgx_key_128bit_t = [0 as uint8_t; 16]; - let mut sgx_file = SgxFile::open_ex(elf_path, &key) - .map_err(|e| (Errno::ENOENT, "Failed to open the SGX-protected file"))?; - - let mut elf_buf = Vec::::new(); - sgx_file.read_to_end(&mut elf_buf); - elf_buf + let path = elf_path.as_ref().to_str().unwrap(); + let inode = ROOT_INODE.lookup(path)?; + inode.read_as_vec()? }; let elf_file = { diff --git a/src/libos/src/syscall/mod.rs b/src/libos/src/syscall/mod.rs index ac9cd35f..854894d1 100644 --- a/src/libos/src/syscall/mod.rs +++ b/src/libos/src/syscall/mod.rs @@ -158,6 +158,7 @@ fn do_spawn( let envp = clone_cstrings_safely(envp)?; let file_actions = clone_file_actions_safely(fdop_list)?; let parent = process::get_current(); + info!("spawn: path: {:?}, argv: {:?}, envp: {:?}, fdop: {:?}", path, argv, envp, file_actions); let child_pid = process::do_spawn(&path, &argv, &envp, &file_actions, &parent)?; diff --git a/test/Makefile b/test/Makefile index b282e958..5de43a36 100644 --- a/test/Makefile +++ b/test/Makefile @@ -25,19 +25,31 @@ GREEN := \033[1;32m RED := \033[1;31m NO_COLOR := \033[0m +FS_PATH := fs +SEFS_PATH := sefs + ############################################################################# # Build targets ############################################################################# all: build -build: $(BUILD_TARGETS) +build: $(BUILD_TARGETS) sefs $(BUILD_TARGETS): %: @$(ECHO) "$(CYAN)BUILD TEST => $@$(NO_COLOR)" @$(MAKE) --no-print-directory -C $@ @$(ECHO) "$(GREEN)DONE$(NO_COLOR)" +sefs: + @$(RM) -rf $(SEFS_PATH) + @cd $(PROJECT_DIR)/deps/sefs/sefs-fuse/bin/ && \ + ./app \ + $(CUR_DIR)/$(SEFS_PATH) \ + $(CUR_DIR)/$(FS_PATH) \ + zip + @echo "SEFS => $@" + ############################################################################# # Test targets ############################################################################# @@ -80,6 +92,7 @@ $(BENCH_TARGETS): bench-%: % pal libocclum.signed.so clean: $(CLEAN_TARGETS) @$(RM) -f pal libocclum.signed.so + @$(RM) -rf $(FS_PATH) $(SEFS_PATH) $(CLEAN_TARGETS): clean-%: @$(MAKE) --no-print-directory -C $(patsubst clean-%,%,$@) clean diff --git a/test/argv/main.c b/test/argv/main.c index ed19366e..d6bbb6b6 100644 --- a/test/argv/main.c +++ b/test/argv/main.c @@ -4,7 +4,7 @@ // Expected arguments are given by Makefile throught macro ARGC, ARG1, ARG2 and // ARG3 const char* expected_argv[EXPECTED_ARGC] = { - "bin.encrypted", + "argv", EXPECTED_ARG1, EXPECTED_ARG2, EXPECTED_ARG3, diff --git a/test/pipe/main.c b/test/pipe/main.c index faa0a553..b1d10271 100644 --- a/test/pipe/main.c +++ b/test/pipe/main.c @@ -25,7 +25,7 @@ int main(int argc, const char* argv[]) { posix_spawn_file_actions_addclose(&file_actions, pipe_rd_fd); const char* msg = "Echo!\n"; - const char* child_prog = "../hello_world/bin.encrypted"; + const char* child_prog = "hello_world"; const char* child_argv[3] = { child_prog, msg, NULL }; int child_pid; if (posix_spawn(&child_pid, child_prog, &file_actions, diff --git a/test/pipe_throughput/main.c b/test/pipe_throughput/main.c index 87b35380..4ca17372 100644 --- a/test/pipe_throughput/main.c +++ b/test/pipe_throughput/main.c @@ -33,7 +33,7 @@ int main(int argc, const char* argv[]) { posix_spawn_file_actions_addclose(&file_actions, pipe_wr_fd); int child_pid; - if (posix_spawn(&child_pid, "dev_null/bin.encrypted", &file_actions, + if (posix_spawn(&child_pid, "dev_null", &file_actions, NULL, NULL, NULL) < 0) { printf("ERROR: failed to spawn a child process\n"); return -1; diff --git a/test/spawn/main.c b/test/spawn/main.c index 1c1ae4b7..98c4bd52 100644 --- a/test/spawn/main.c +++ b/test/spawn/main.c @@ -8,7 +8,7 @@ int main(int argc, const char* argv[]) { int ret, child_pid, status; printf("Run a parent process has pid = %d and ppid = %d\n", getpid(), getppid()); - ret = posix_spawn(&child_pid, "../getpid/bin.encrypted", NULL, NULL, NULL, NULL); + ret = posix_spawn(&child_pid, "getpid", NULL, NULL, NULL, NULL); if (ret < 0) { printf("ERROR: failed to spawn a child process\n"); return -1; diff --git a/test/spawn_and_exit_latency/main.c b/test/spawn_and_exit_latency/main.c index b3a3896f..90f93715 100644 --- a/test/spawn_and_exit_latency/main.c +++ b/test/spawn_and_exit_latency/main.c @@ -13,7 +13,7 @@ int main(int argc, const char* argv[]) { gettimeofday(&tv_start, NULL); for (unsigned long i = 0; i < NREPEATS; i++) { int child_pid, status; - if (posix_spawn(&child_pid, "../empty/bin.encrypted", NULL, NULL, NULL, NULL) <0) { + if (posix_spawn(&child_pid, "empty", NULL, NULL, NULL, NULL) <0) { printf("ERROR: failed to spawn (# of repeats = %lu)\n", i); return -1; } diff --git a/test/test_common.mk b/test/test_common.mk index faffd536..c0909b9e 100644 --- a/test/test_common.mk +++ b/test/test_common.mk @@ -7,12 +7,12 @@ CC := /usr/local/occlum/bin/musl-clang C_SRCS := $(wildcard *.c) S_FILES := $(C_SRCS:%.c=%.S) C_OBJS := $(C_SRCS:%.c=%.o) -BIN_NAME := bin -BIN_ENC_NAME := bin.encrypted +FS_PATH := ../fs +BIN_NAME := $(shell basename $(CUR_DIR)) +BIN_FS_PATH := $(BIN_NAME) +BIN_PATH := $(FS_PATH)/$(BIN_FS_PATH) OBJDUMP_FILE := bin.objdump READELF_FILE := bin.readelf -FS_NAME := fs -SEFS_NAME := sefs CLANG_BIN_PATH := $(shell clang -print-prog-name=clang) LLVM_PATH := $(abspath $(dir $(CLANG_BIN_PATH))../) @@ -27,26 +27,12 @@ LINK_FLAGS = $(C_FLAGS) $(EXTRA_LINK_FLAGS) # Build ############################################################################# -all: $(BIN_ENC_NAME) $(SEFS_NAME) +all: $(BIN_PATH) -$(BIN_ENC_NAME): $(BIN_NAME) - @$(RM) -f $(BIN_ENC_NAME) - @cd $(PROJECT_DIR)/deps/sgx_protect_file/ && \ - ./sgx_protect_file encrypt \ - -i $(CUR_DIR)/$(BIN_NAME) \ - -o $(CUR_DIR)/$(BIN_ENC_NAME) \ - -k 123 > /dev/null - @echo "GEN => $@" - -$(SEFS_NAME): - @mkdir -p $(FS_NAME) - @$(RM) -rf $(SEFS_NAME) - @cd $(PROJECT_DIR)/deps/sefs/sefs-fuse/bin/ && \ - ./app \ - $(CUR_DIR)/$(SEFS_NAME) \ - $(CUR_DIR)/$(FS_NAME) \ - zip - @echo "SEFS => $@" +$(BIN_PATH): $(BIN_NAME) + @mkdir -p $(shell dirname $@) + @cp $^ $@ + @echo "COPY => $@" debug: $(OBJDUMP_FILE) $(READELF_FILE) @@ -71,9 +57,7 @@ $(C_OBJS): %.o: %.c ############################################################################# test: $(BIN_ENC_NAME) - # run test on current directory - @ln -sf ../pal ../libocclum.signed.so $(CUR_DIR) - @cd $(CUR_DIR) && RUST_BACKTRACE=1 ./pal $(BIN_ENC_NAME) $(BIN_ARGS) + @cd $(CUR_DIR)/.. && RUST_BACKTRACE=1 ./pal $(BIN_FS_PATH) $(BIN_ARGS) ############################################################################# # Misc