load program bin from SEFS

src/libos/src/entry.rs

@@ -64,6 +64,7 @@ fn parse_arguments(
 
 // TODO: make sure do_boot can only be called once
 fn do_boot(path_str: &str, argv: &Vec<CString>) -> Result<(), Error> {
+    info!("boot: path: {:?}, argv: {:?}", path_str, argv);
     util::mpx_util::mpx_enable()?;
 
     let envp = std::vec::Vec::new();

src/libos/src/fs/inode_file.rs

@@ -144,3 +144,17 @@ impl Debug for INodeFile {
                *self.offset.lock().unwrap(), self.options)
     }
 }
+
+pub trait INodeExt {
+    fn read_as_vec(&self) -> Result<Vec<u8>, Error>;
+}
+
+impl INodeExt for INode {
+    fn read_as_vec(&self) -> Result<Vec<u8>, Error> {
+        let size = self.metadata()?.size;
+        let mut buf = Vec::with_capacity(size);
+        unsafe { buf.set_len(size); }
+        self.read_at(0, buf.as_mut_slice())?;
+        Ok(buf)
+    }
+}

src/libos/src/fs/mod.rs

@@ -11,7 +11,7 @@ mod inode_file;
 pub use self::file::{File, FileRef, SgxFile, StdinFile, StdoutFile};
 pub use self::file_table::{FileDesc, FileTable};
 pub use self::pipe::Pipe;
-pub use self::inode_file::{INodeFile, ROOT_INODE};
+pub use self::inode_file::{INodeFile, ROOT_INODE, INodeExt};
 use rcore_fs::vfs::{FsError, FileType, INode, Metadata, Timespec};
 use self::inode_file::OpenOptions;
 use process::Process;
@@ -244,7 +244,7 @@ extern "C" {
 }
 
 impl Process {
-    fn lookup_inode(&self, path: &str) -> Result<Arc<INode>, Error> {
+    pub fn lookup_inode(&self, path: &str) -> Result<Arc<INode>, Error> {
         let cwd = self.get_exec_path().split_at(1).1; // skip start '/'
         let inode = ROOT_INODE.lookup(cwd)?.lookup(path)?;
         Ok(inode)

src/libos/src/process/spawn/mod.rs

@@ -1,7 +1,7 @@
 use self::init_stack::{AuxKey, AuxTable};
 use super::task::Task;
 use super::*;
-use fs::{File, FileDesc, FileTable, StdinFile, StdoutFile /*, StderrFile*/};
+use fs::{File, FileDesc, FileTable, StdinFile, StdoutFile, ROOT_INODE, INodeExt};
 use std::ffi::{CStr, CString};
 use std::path::Path;
 use std::sgxfs::SgxFile;
@@ -30,13 +30,9 @@ pub fn do_spawn<P: AsRef<Path>>(
     parent_ref: &ProcessRef,
 ) -> Result<u32, Error> {
     let mut elf_buf = {
-        let key: sgx_key_128bit_t = [0 as uint8_t; 16];
+        let path = elf_path.as_ref().to_str().unwrap();
-        let mut sgx_file = SgxFile::open_ex(elf_path, &key)
+        let inode = ROOT_INODE.lookup(path)?;
-            .map_err(|e| (Errno::ENOENT, "Failed to open the SGX-protected file"))?;
+        inode.read_as_vec()?
-
-        let mut elf_buf = Vec::<u8>::new();
-        sgx_file.read_to_end(&mut elf_buf);
-        elf_buf
     };
 
     let elf_file = {

src/libos/src/syscall/mod.rs

@@ -158,6 +158,7 @@ fn do_spawn(
     let envp = clone_cstrings_safely(envp)?;
     let file_actions = clone_file_actions_safely(fdop_list)?;
     let parent = process::get_current();
+    info!("spawn: path: {:?}, argv: {:?}, envp: {:?}, fdop: {:?}", path, argv, envp, file_actions);
 
     let child_pid = process::do_spawn(&path, &argv, &envp, &file_actions, &parent)?;
 

test/Makefile

@@ -25,19 +25,31 @@ GREEN := \033[1;32m
 RED := \033[1;31m
 NO_COLOR := \033[0m
 
+FS_PATH := fs
+SEFS_PATH := sefs
+
 #############################################################################
 # Build targets
 #############################################################################
 
 all: build
 
-build: $(BUILD_TARGETS)
+build: $(BUILD_TARGETS) sefs
 
 $(BUILD_TARGETS): %:
 	@$(ECHO) "$(CYAN)BUILD TEST => $@$(NO_COLOR)"
 	@$(MAKE) --no-print-directory -C $@
 	@$(ECHO) "$(GREEN)DONE$(NO_COLOR)"
 
+sefs:
+	@$(RM) -rf $(SEFS_PATH)
+	@cd $(PROJECT_DIR)/deps/sefs/sefs-fuse/bin/ && \
+		./app \
+			$(CUR_DIR)/$(SEFS_PATH) \
+			$(CUR_DIR)/$(FS_PATH) \
+			zip
+	@echo "SEFS => $@"
+
 #############################################################################
 # Test targets
 #############################################################################
@@ -80,6 +92,7 @@ $(BENCH_TARGETS): bench-%: % pal libocclum.signed.so
 
 clean: $(CLEAN_TARGETS)
 	@$(RM) -f pal libocclum.signed.so
+	@$(RM) -rf $(FS_PATH) $(SEFS_PATH)
 
 $(CLEAN_TARGETS): clean-%:
 	@$(MAKE) --no-print-directory -C $(patsubst clean-%,%,$@) clean

test/argv/main.c

@@ -4,7 +4,7 @@
 // Expected arguments are given by Makefile throught macro ARGC, ARG1, ARG2 and
 // ARG3
 const char* expected_argv[EXPECTED_ARGC] = {
-    "bin.encrypted",
+    "argv",
     EXPECTED_ARG1,
     EXPECTED_ARG2,
     EXPECTED_ARG3,

test/pipe/main.c

@@ -25,7 +25,7 @@ int main(int argc, const char* argv[]) {
     posix_spawn_file_actions_addclose(&file_actions, pipe_rd_fd);
 
     const char* msg = "Echo!\n";
-    const char* child_prog = "../hello_world/bin.encrypted";
+    const char* child_prog = "hello_world";
     const char* child_argv[3] = { child_prog, msg, NULL };
     int child_pid;
     if (posix_spawn(&child_pid, child_prog, &file_actions,

test/pipe_throughput/main.c

@@ -33,7 +33,7 @@ int main(int argc, const char* argv[]) {
     posix_spawn_file_actions_addclose(&file_actions, pipe_wr_fd);
 
     int child_pid;
-    if (posix_spawn(&child_pid, "dev_null/bin.encrypted", &file_actions,
+    if (posix_spawn(&child_pid, "dev_null", &file_actions,
             NULL, NULL, NULL) < 0) {
         printf("ERROR: failed to spawn a child process\n");
         return -1;

test/spawn/main.c

@@ -8,7 +8,7 @@ int main(int argc, const char* argv[]) {
     int ret, child_pid, status;
     printf("Run a parent process has pid = %d and ppid = %d\n", getpid(), getppid());
 
-    ret = posix_spawn(&child_pid, "../getpid/bin.encrypted", NULL, NULL, NULL, NULL);
+    ret = posix_spawn(&child_pid, "getpid", NULL, NULL, NULL, NULL);
     if (ret < 0) {
         printf("ERROR: failed to spawn a child process\n");
         return -1;

test/spawn_and_exit_latency/main.c

@@ -13,7 +13,7 @@ int main(int argc, const char* argv[]) {
     gettimeofday(&tv_start, NULL);
     for (unsigned long i = 0; i < NREPEATS; i++) {
         int child_pid, status;
-        if (posix_spawn(&child_pid, "../empty/bin.encrypted", NULL, NULL, NULL, NULL) <0) {
+        if (posix_spawn(&child_pid, "empty", NULL, NULL, NULL, NULL) <0) {
             printf("ERROR: failed to spawn (# of repeats = %lu)\n", i);
             return -1;
         }

test/test_common.mk

@@ -7,12 +7,12 @@ CC := /usr/local/occlum/bin/musl-clang
 C_SRCS := $(wildcard *.c)
 S_FILES := $(C_SRCS:%.c=%.S)
 C_OBJS := $(C_SRCS:%.c=%.o)
-BIN_NAME := bin
+FS_PATH := ../fs
-BIN_ENC_NAME := bin.encrypted
+BIN_NAME := $(shell basename $(CUR_DIR))
+BIN_FS_PATH := $(BIN_NAME)
+BIN_PATH := $(FS_PATH)/$(BIN_FS_PATH)
 OBJDUMP_FILE := bin.objdump
 READELF_FILE := bin.readelf
-FS_NAME := fs
-SEFS_NAME := sefs
 
 CLANG_BIN_PATH := $(shell clang -print-prog-name=clang)
 LLVM_PATH := $(abspath $(dir $(CLANG_BIN_PATH))../)
@@ -27,26 +27,12 @@ LINK_FLAGS = $(C_FLAGS) $(EXTRA_LINK_FLAGS)
 # Build
 #############################################################################
 
-all: $(BIN_ENC_NAME) $(SEFS_NAME)
+all: $(BIN_PATH)
 
-$(BIN_ENC_NAME): $(BIN_NAME)
+$(BIN_PATH): $(BIN_NAME)
-	@$(RM) -f $(BIN_ENC_NAME)
+	@mkdir -p $(shell dirname $@)
-	@cd $(PROJECT_DIR)/deps/sgx_protect_file/ && \
+	@cp $^ $@
-		./sgx_protect_file encrypt \
+	@echo "COPY => $@"
-			-i $(CUR_DIR)/$(BIN_NAME) \
-			-o $(CUR_DIR)/$(BIN_ENC_NAME) \
-			-k 123 > /dev/null
-	@echo "GEN => $@"
-
-$(SEFS_NAME):
-	@mkdir -p $(FS_NAME)
-	@$(RM) -rf $(SEFS_NAME)
-	@cd $(PROJECT_DIR)/deps/sefs/sefs-fuse/bin/ && \
-		./app \
-			$(CUR_DIR)/$(SEFS_NAME) \
-			$(CUR_DIR)/$(FS_NAME) \
-			zip
-	@echo "SEFS => $@"
 
 debug: $(OBJDUMP_FILE) $(READELF_FILE)
 
@@ -71,9 +57,7 @@ $(C_OBJS): %.o: %.c
 #############################################################################
 
 test: $(BIN_ENC_NAME)
-	# run test on current directory
+	@cd $(CUR_DIR)/.. && RUST_BACKTRACE=1 ./pal $(BIN_FS_PATH) $(BIN_ARGS)
-	@ln -sf ../pal ../libocclum.signed.so $(CUR_DIR)
-	@cd $(CUR_DIR) && RUST_BACKTRACE=1 ./pal $(BIN_ENC_NAME) $(BIN_ARGS)
 
 #############################################################################
 # Misc