From 7deeccb03b7a7a8701ceb100142808ff56d00003 Mon Sep 17 00:00:00 2001
From: LI Qing <geding.lq@antfin.com>
Date: Mon, 1 Mar 2021 17:40:35 +0800
Subject: [PATCH] Fix the error of demos with encrypted fs image

---
 demos/fish/Occlum.json              | 41 ++++++++++++++++++++++-------
 src/libos/src/entry.rs              |  7 +++--
 src/libos/src/fs/fs_ops/mount.rs    |  7 ++---
 src/libos/src/fs/syscalls.rs        |  5 ++--
 tools/gen_internal_conf/src/main.rs |  2 +-
 5 files changed, 43 insertions(+), 19 deletions(-)

diff --git a/demos/fish/Occlum.json b/demos/fish/Occlum.json
index a615af57..7b87bc40 100644
--- a/demos/fish/Occlum.json
+++ b/demos/fish/Occlum.json
@@ -1,7 +1,7 @@
 {
     "resource_limits": {
         "user_space_size": "512MB",
-        "kernel_space_heap_size": "32MB",
+        "kernel_space_heap_size": "64MB",
         "kernel_space_stack_size": "1MB",
         "max_num_of_threads": 32
     },
@@ -29,16 +29,25 @@
     "mount": [
         {
             "target": "/",
-            "type": "sefs",
-            "source": "./image",
+            "type": "unionfs",
             "options": {
-                "integrity_only": true
+                "layers": [
+                    {
+                        "target": "/",
+                        "type": "sefs",
+                        "source": "./build/mount/__ROOT",
+                        "options": {
+                            "MAC": ""
+                        }
+                    },
+                    {
+                        "target": "/",
+                        "type": "sefs",
+                        "source": "./run/mount/__ROOT"
+                    }
+                ]
             }
         },
-        {
-            "target": "/root",
-            "type": "sefs"
-        },
         {
             "target": "/host",
             "type": "hostfs",
@@ -46,7 +55,19 @@
         },
         {
             "target": "/tmp",
-            "type": "ramfs"
+            "type": "sefs",
+            "source": "./run/mount/tmp",
+            "options": {
+                "temporary": true
+            }
+        },
+        {
+            "target": "/proc",
+            "type": "procfs"
+        },
+        {
+            "target": "/dev",
+            "type": "devfs"
         }
     ]
-}
\ No newline at end of file
+}
diff --git a/src/libos/src/entry.rs b/src/libos/src/entry.rs
index 98278262..23b2f9c3 100644
--- a/src/libos/src/entry.rs
+++ b/src/libos/src/entry.rs
@@ -21,6 +21,8 @@ static mut ENCLAVE_PATH: String = String::new();
 lazy_static! {
     static ref INIT_ONCE: Once = Once::new();
     static ref HAS_INIT: AtomicBool = AtomicBool::new(false);
+    pub static ref ENTRY_POINTS: RwLock<Vec<PathBuf>> =
+        RwLock::new(config::LIBOS_CONFIG.entry_points.clone());
 }
 
 macro_rules! ecall_errno {
@@ -292,8 +294,9 @@ fn validate_program_path(target_path: &PathBuf) -> Result<()> {
     }
 
     // Check whether the prefix of the program path matches one of the entry points
-    let is_valid_entry_point = &config::LIBOS_CONFIG
-        .entry_points
+    let is_valid_entry_point = &ENTRY_POINTS
+        .read()
+        .unwrap()
         .iter()
         .any(|valid_path_prefix| target_path.starts_with(valid_path_prefix));
     if !is_valid_entry_point {
diff --git a/src/libos/src/fs/fs_ops/mount.rs b/src/libos/src/fs/fs_ops/mount.rs
index 4dcaf8f7..8251b19a 100644
--- a/src/libos/src/fs/fs_ops/mount.rs
+++ b/src/libos/src/fs/fs_ops/mount.rs
@@ -8,7 +8,7 @@ lazy_static! {
 }
 
 pub fn do_mount_rootfs(
-    mount_configs: &Vec<ConfigMount>,
+    user_config: &config::Config,
     user_key: &Option<sgx_key_128bit_t>,
 ) -> Result<()> {
     debug!("mount rootfs");
@@ -17,14 +17,15 @@ pub fn do_mount_rootfs(
         return_errno!(EPERM, "rootfs cannot be mounted more than once");
     }
     let new_root_inode = {
-        let rootfs = open_root_fs_according_to(mount_configs, user_key)?;
+        let rootfs = open_root_fs_according_to(&user_config.mount, user_key)?;
         rootfs.root_inode()
     };
-    mount_nonroot_fs_according_to(&new_root_inode, mount_configs, user_key)?;
+    mount_nonroot_fs_according_to(&new_root_inode, &user_config.mount, user_key)?;
     MOUNT_ONCE.call_once(|| {
         let mut root_inode = ROOT_INODE.write().unwrap();
         root_inode.fs().sync().expect("failed to sync old rootfs");
         *root_inode = new_root_inode;
+        *ENTRY_POINTS.write().unwrap() = user_config.entry_points.to_owned();
     });
     Ok(())
 }
diff --git a/src/libos/src/fs/syscalls.rs b/src/libos/src/fs/syscalls.rs
index 61ec1bba..852dd308 100644
--- a/src/libos/src/fs/syscalls.rs
+++ b/src/libos/src/fs/syscalls.rs
@@ -533,8 +533,7 @@ pub fn do_mount_rootfs(
     }
     let expected_occlum_json_mac = unsafe { occlum_json_mac_ptr.read() };
     let user_config_path = unsafe { format!("{}{}", INSTANCE_DIR, "/build/Occlum.json.protected") };
-    let user_mount_config =
-        config::load_config(&user_config_path, &expected_occlum_json_mac)?.mount;
-    fs_ops::do_mount_rootfs(&user_mount_config, &key)?;
+    let user_config = config::load_config(&user_config_path, &expected_occlum_json_mac)?;
+    fs_ops::do_mount_rootfs(&user_config, &key)?;
     Ok(0)
 }
diff --git a/tools/gen_internal_conf/src/main.rs b/tools/gen_internal_conf/src/main.rs
index 79bb8128..3353edff 100644
--- a/tools/gen_internal_conf/src/main.rs
+++ b/tools/gen_internal_conf/src/main.rs
@@ -237,7 +237,7 @@ fn main() {
                 default_heap_size: occlum_config.process.default_heap_size,
                 default_mmap_size: occlum_config.process.default_mmap_size,
             },
-            entry_points: occlum_config.entry_points,
+            entry_points: json!(["/bin"]),
             env: occlum_config.env,
             mount: gen_sys_mount_config(occlum_conf_init_fs_mac.to_string()),
         };