general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add integrity_only_opt and sgx_file_cache feature

Browse Source
This commit is contained in:
WangRunji 2019-04-26 22:44:10 +08:00
parent 6e871f7948
commit 413586f729
5 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libos/Cargo.toml
View File

@ -14,8 +14,10 @@ rcore-fs = { path = "../../deps/sefs/rcore-fs" }
rcore-fs-sefs = { path = "../../deps/sefs/rcore-fs-sefs" } rcore-fs-sefs = { path = "../../deps/sefs/rcore-fs-sefs" }
[features] [features]
default = [] default = ["integrity_only_opt", "sgx_file_cache"]
syscall_timing = [] syscall_timing = [] # Timing for each syscall. But it has cost from more ocall.
integrity_only_opt = [] # Clear bss only. It should be disabled if checking memory reads.
sgx_file_cache = [] # Cache SgxFile objects. Invalidation is unimplemented.
[target.'cfg(not(target_env = "sgx"))'.dependencies] [target.'cfg(not(target_env = "sgx"))'.dependencies]
xmas-elf = { path = "../../deps/xmas-elf" } xmas-elf = { path = "../../deps/xmas-elf" }

1
src/libos/src/fs/mod.rs
View File

@ -499,7 +499,6 @@ impl OpenFlags {
} }
} }
#[derive(Debug)]
#[repr(packed)] // Don't use 'C'. Or its size will align up to 8 bytes. #[repr(packed)] // Don't use 'C'. Or its size will align up to 8 bytes.
pub struct LinuxDirent64 { pub struct LinuxDirent64 {
/// Inode number /// Inode number

6
src/libos/src/fs/sgx_impl.rs
View File

@ -25,6 +25,7 @@ impl SgxStorage {
/// Get file by `file_id`. /// Get file by `file_id`.
/// It lookups cache first, if miss, then call `open_fn` to open one, /// It lookups cache first, if miss, then call `open_fn` to open one,
/// and add it to cache before return. /// and add it to cache before return.
#[cfg(feature = "sgx_file_cache")]
fn get(&self, file_id: usize, open_fn: impl FnOnce(&Self) -> LockedFile) -> LockedFile { fn get(&self, file_id: usize, open_fn: impl FnOnce(&Self) -> LockedFile) -> LockedFile {
// query cache // query cache
let mut caches = self.file_cache.lock().unwrap(); let mut caches = self.file_cache.lock().unwrap();
@ -38,6 +39,11 @@ impl SgxStorage {
caches.insert(file_id, locked_file.clone()); caches.insert(file_id, locked_file.clone());
locked_file locked_file
} }
/// Get file by `file_id` without cache.
#[cfg(not(feature = "sgx_file_cache"))]
fn get(&self, file_id: usize, open_fn: impl FnOnce(&Self) -> LockedFile) -> LockedFile {
open_fn(self)
}
} }
impl Storage for SgxStorage { impl Storage for SgxStorage {

9
src/libos/src/process/spawn/segment.rs
View File

@ -66,10 +66,15 @@ impl Segment {
let mut target_buf = unsafe { let mut target_buf = unsafe {
slice::from_raw_parts_mut( slice::from_raw_parts_mut(
(self.process_base_addr + self.mem_addr) as *mut u8, (self.process_base_addr + self.mem_addr) as *mut u8,
self.file_size, self.mem_size,
) )
}; };
target_buf.copy_from_slice(&elf_buf[self.file_offset..(self.file_offset + self.file_size)]); target_buf[0..self.file_size]
.copy_from_slice(&elf_buf[self.file_offset..(self.file_offset + self.file_size)]);
#[cfg(feature = "integrity_only_opt")]
for i in &mut target_buf[self.file_size..self.mem_size] {
*i = 0;
}
} }
pub fn set_runtime_info( pub fn set_runtime_info(

4
src/libos/src/vm/process_vm.rs
View File

@ -116,7 +116,7 @@ impl ProcessVM {
code_size, code_size,
rx_flags, rx_flags,
VMGrowthType::Fixed, VMGrowthType::Fixed,
true, !cfg!(feature = "integrity_only_opt"),
)?; )?;
let data_vma = alloc_vma_continuously( let data_vma = alloc_vma_continuously(
&mut addr, &mut addr,
@ -124,7 +124,7 @@ impl ProcessVM {
data_size, data_size,
rw_flags, rw_flags,
VMGrowthType::Fixed, VMGrowthType::Fixed,
true, !cfg!(feature = "integrity_only_opt"),
)?; )?;
let heap_vma = alloc_vma_continuously( let heap_vma = alloc_vma_continuously(
&mut addr, &mut addr,