From 942321363d9ada4e80bddbf9951cddb19c582d25 Mon Sep 17 00:00:00 2001 From: "zongmin.gu" Date: Sun, 24 May 2020 13:18:33 +0800 Subject: [PATCH] Combine the enclave configuration into the occlum configuration file Update the occlum.json to align with the gen_enclave_conf design. Below is the two updated structures: "metadata": { "product_id": 0, "version_number": 0, "debuggable": true }, "resource_limits": { "max_num_of_threads": 32, "kernel_space_heap_size": "32MB", "kernel_space_stack_size": "1MB", "user_space_size": "256MB" } --- demos/golang/run_golang_on_occlum.sh | 2 +- demos/openvino/run_benchmark_on_occlum.sh | 2 +- etc/template/Enclave.xml | 12 - etc/template/Occlum.json | 12 +- src/libos/src/config.rs | 30 +- test/Enclave.xml | 12 - test/Makefile | 2 +- test/Occlum.json | 10 +- tools/Makefile | 2 + tools/gen_enclave_conf/.gitignore | 1 + tools/gen_enclave_conf/Cargo.lock | 342 ++++++++++++++++++++++ tools/gen_enclave_conf/Cargo.toml | 17 ++ tools/gen_enclave_conf/Makefile | 21 ++ tools/gen_enclave_conf/src/main.rs | 178 +++++++++++ tools/occlum | 9 +- tools/occlum-build-enclave | 15 +- tools/occlum-gen-default-occlum-json | 2 +- 17 files changed, 614 insertions(+), 55 deletions(-) delete mode 100644 etc/template/Enclave.xml delete mode 100644 test/Enclave.xml create mode 100644 tools/gen_enclave_conf/.gitignore create mode 100644 tools/gen_enclave_conf/Cargo.lock create mode 100644 tools/gen_enclave_conf/Cargo.toml create mode 100644 tools/gen_enclave_conf/Makefile create mode 100644 tools/gen_enclave_conf/src/main.rs diff --git a/demos/golang/run_golang_on_occlum.sh b/demos/golang/run_golang_on_occlum.sh index 0d10a858..2552c10e 100755 --- a/demos/golang/run_golang_on_occlum.sh +++ b/demos/golang/run_golang_on_occlum.sh @@ -16,7 +16,7 @@ fi rm -rf occlum_context && mkdir occlum_context cd occlum_context occlum init -jq '.vm.user_space_size = "380MB"' Occlum.json > temp_Occlum.json +jq '.resource_limits.user_space_size = "380MB"' Occlum.json > temp_Occlum.json jq '.process.default_mmap_size = "300MB"' temp_Occlum.json > Occlum.json # 2. Copy program into Occlum Workspace and build diff --git a/demos/openvino/run_benchmark_on_occlum.sh b/demos/openvino/run_benchmark_on_occlum.sh index 8ad43951..4f17a702 100755 --- a/demos/openvino/run_benchmark_on_occlum.sh +++ b/demos/openvino/run_benchmark_on_occlum.sh @@ -9,7 +9,7 @@ rm -rf occlum_context mkdir occlum_context cd occlum_context occlum init -jq '.vm.user_space_size = "320MB"' Occlum.json > temp_Occlum.json +jq '.resource_limits.user_space_size = "320MB"' Occlum.json > temp_Occlum.json jq '.process.default_mmap_size = "256MB"' temp_Occlum.json > Occlum.json # 2. Copy files into Occlum Workspace and Build diff --git a/etc/template/Enclave.xml b/etc/template/Enclave.xml deleted file mode 100644 index 6210e789..00000000 --- a/etc/template/Enclave.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - 0 - 0 - 0x100000 - 0x2000000 - 32 - 1 - 0 - 0 - 0xFFFFFFFF - diff --git a/etc/template/Occlum.json b/etc/template/Occlum.json index f551925e..f6de9e97 100644 --- a/etc/template/Occlum.json +++ b/etc/template/Occlum.json @@ -1,5 +1,13 @@ { - "vm": { + "metadata": { + "product_id": 0, + "version_number": 0, + "debuggable": true + }, + "resource_limits": { + "max_num_of_threads": 32, + "kernel_space_heap_size": "32MB", + "kernel_space_stack_size": "1MB", "user_space_size": "256MB" }, "process": { @@ -41,4 +49,4 @@ "type": "ramfs" } ] -} +} \ No newline at end of file diff --git a/src/libos/src/config.rs b/src/libos/src/config.rs index 56ba103b..f90456fd 100644 --- a/src/libos/src/config.rs +++ b/src/libos/src/config.rs @@ -77,7 +77,7 @@ fn parse_mac(mac_str: &str) -> Result { #[derive(Debug)] pub struct Config { - pub vm: ConfigVM, + pub resource_limits: ConfigResourceLimits, pub process: ConfigProcess, pub env: ConfigEnv, pub entry_points: Vec, @@ -85,7 +85,7 @@ pub struct Config { } #[derive(Debug)] -pub struct ConfigVM { +pub struct ConfigResourceLimits { pub user_space_size: usize, } @@ -126,7 +126,7 @@ pub struct ConfigMountOptions { impl Config { fn from_input(input: &InputConfig) -> Result { - let vm = ConfigVM::from_input(&input.vm)?; + let resource_limits = ConfigResourceLimits::from_input(&input.resource_limits)?; let process = ConfigProcess::from_input(&input.process)?; let env = ConfigEnv::from_input(&input.env)?; let entry_points = { @@ -148,7 +148,7 @@ impl Config { mount }; Ok(Config { - vm, + resource_limits, process, env, entry_points, @@ -157,10 +157,10 @@ impl Config { } } -impl ConfigVM { - fn from_input(input: &InputConfigVM) -> Result { +impl ConfigResourceLimits { + fn from_input(input: &InputConfigResourceLimits) -> Result { let user_space_size = parse_memory_size(&input.user_space_size)?; - Ok(ConfigVM { user_space_size }) + Ok(ConfigResourceLimits { user_space_size }) } } @@ -262,7 +262,7 @@ fn parse_memory_size(mem_str: &str) -> Result { #[serde(deny_unknown_fields)] struct InputConfig { #[serde(default)] - pub vm: InputConfigVM, + pub resource_limits: InputConfigResourceLimits, #[serde(default)] pub process: InputConfigProcess, #[serde(default)] @@ -275,21 +275,21 @@ struct InputConfig { #[derive(Deserialize, Debug)] #[serde(deny_unknown_fields)] -struct InputConfigVM { - #[serde(default = "InputConfigVM::get_user_space_size")] +struct InputConfigResourceLimits { + #[serde(default = "InputConfigResourceLimits::get_user_space_size")] pub user_space_size: String, } -impl InputConfigVM { +impl InputConfigResourceLimits { fn get_user_space_size() -> String { "128MB".to_string() } } -impl Default for InputConfigVM { - fn default() -> InputConfigVM { - InputConfigVM { - user_space_size: InputConfigVM::get_user_space_size(), +impl Default for InputConfigResourceLimits { + fn default() -> InputConfigResourceLimits { + InputConfigResourceLimits { + user_space_size: InputConfigResourceLimits::get_user_space_size(), } } } diff --git a/test/Enclave.xml b/test/Enclave.xml deleted file mode 100644 index 7d9f7639..00000000 --- a/test/Enclave.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - 0 - 0 - 0x100000 - 0x2000000 - 8 - 1 - 0 - 0 - 0xFFFFFFFF - diff --git a/test/Makefile b/test/Makefile index 866bb51e..9c3f3a89 100644 --- a/test/Makefile +++ b/test/Makefile @@ -55,7 +55,7 @@ prebuild: @mkdir -p $(BUILD_DIR)/test @cd $(BUILD_DIR)/test && \ $(BUILD_DIR)/bin/occlum init - @cp Occlum.json Enclave.xml $(BUILD_DIR)/test/ + @cp Occlum.json $(BUILD_DIR)/test/ $(BUILD_TARGETS): %: @$(ECHO) "$(CYAN)BUILD TEST => $@$(NO_COLOR)" diff --git a/test/Occlum.json b/test/Occlum.json index 66b7ec89..cfc6da85 100644 --- a/test/Occlum.json +++ b/test/Occlum.json @@ -1,5 +1,13 @@ { - "vm": { + "metadata": { + "product_id": 0, + "version_number": 0, + "debuggable": true + }, + "resource_limits": { + "max_num_of_threads": 32, + "kernel_space_heap_size": "32MB", + "kernel_space_stack_size": "1MB", "user_space_size": "128MB" }, "process": { diff --git a/tools/Makefile b/tools/Makefile index 32a4188c..98bf9349 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -14,6 +14,7 @@ all: @ln -s -f ../../tools/occlum-build-enclave ../$(BUILD_DIR)/bin/occlum-build-enclave @ln -s -f ../../tools/occlum-gen-default-occlum-json ../$(BUILD_DIR)/bin/occlum-gen-default-occlum-json @$(MAKE) --no-print-directory -C protect-integrity + @$(MAKE) --no-print-directory -C gen_enclave_conf format: @$(MAKE) --no-print-directory -C protect-integrity format @@ -23,3 +24,4 @@ format-check: clean: @$(MAKE) --no-print-directory -C protect-integrity clean + @$(MAKE) --no-print-directory -C gen_enclave_conf clean diff --git a/tools/gen_enclave_conf/.gitignore b/tools/gen_enclave_conf/.gitignore new file mode 100644 index 00000000..ea8c4bf7 --- /dev/null +++ b/tools/gen_enclave_conf/.gitignore @@ -0,0 +1 @@ +/target diff --git a/tools/gen_enclave_conf/Cargo.lock b/tools/gen_enclave_conf/Cargo.lock new file mode 100644 index 00000000..1798e9cd --- /dev/null +++ b/tools/gen_enclave_conf/Cargo.lock @@ -0,0 +1,342 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +[[package]] +name = "aho-corasick" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8716408b8bc624ed7f65d223ddb9ac2d044c0547b6fa4b0d554f3a9540496ada" +dependencies = [ + "memchr", +] + +[[package]] +name = "ansi_term" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" +dependencies = [ + "winapi", +] + +[[package]] +name = "atty" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" +dependencies = [ + "hermit-abi", + "libc", + "winapi", +] + +[[package]] +name = "bitflags" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" + +[[package]] +name = "cfg-if" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" + +[[package]] +name = "clap" +version = "2.33.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bdfa80d47f954d53a35a64987ca1422f495b8d6483c0fe9f7117b36c2a792129" +dependencies = [ + "ansi_term", + "atty", + "bitflags", + "strsim", + "textwrap", + "unicode-width", + "vec_map", +] + +[[package]] +name = "env_logger" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44533bbbb3bb3c1fa17d9f2e4e38bbbaf8396ba82193c4cb1b6445d711445d36" +dependencies = [ + "atty", + "humantime", + "log", + "regex", + "termcolor", +] + +[[package]] +name = "gen_enclave_conf" +version = "0.1.0" +dependencies = [ + "clap", + "env_logger", + "log", + "regex", + "serde", + "serde-xml-rs", + "serde_derive", + "serde_json", +] + +[[package]] +name = "hermit-abi" +version = "0.1.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91780f809e750b0a89f5544be56617ff6b1227ee485bcb06ebe10cdf89bd3b71" +dependencies = [ + "libc", +] + +[[package]] +name = "humantime" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df004cfca50ef23c36850aaaa59ad52cc70d0e90243c3c7737a4dd32dc7a3c4f" +dependencies = [ + "quick-error", +] + +[[package]] +name = "itoa" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8b7a7c0c47db5545ed3fef7468ee7bb5b74691498139e4b3f6a20685dc6dd8e" + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" + +[[package]] +name = "libc" +version = "0.2.70" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3baa92041a6fec78c687fa0cc2b3fae8884f743d672cf551bed1d6dac6988d0f" + +[[package]] +name = "log" +version = "0.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14b6052be84e6b71ab17edffc2eeabf5c2c3ae1fdb464aae35ac50c67a44e1f7" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "memchr" +version = "2.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3728d817d99e5ac407411fa471ff9800a778d88a24685968b36824eaf4bee400" + +[[package]] +name = "proc-macro2" +version = "1.0.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1502d12e458c49a4c9cbff560d0fe0060c252bc29799ed94ca2ed4bb665a0101" +dependencies = [ + "unicode-xid", +] + +[[package]] +name = "quick-error" +version = "1.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" + +[[package]] +name = "quote" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "54a21852a652ad6f610c9510194f398ff6f8692e334fd1145fed931f7fbe44ea" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "regex" +version = "1.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6020f034922e3194c711b82a627453881bc4682166cabb07134a10c26ba7692" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", + "thread_local", +] + +[[package]] +name = "regex-syntax" +version = "0.6.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fe5bd57d1d7414c6b5ed48563a2c855d995ff777729dcd91c369ec7fea395ae" + +[[package]] +name = "ryu" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed3d612bc64430efeb3f7ee6ef26d590dce0c43249217bddc62112540c7941e1" + +[[package]] +name = "serde" +version = "1.0.110" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99e7b308464d16b56eba9964e4972a3eee817760ab60d88c3f86e1fecb08204c" + +[[package]] +name = "serde-xml-rs" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "efe415925cf3d0bbb2fc47d09b56ce03eef51c5d56846468a39bcc293c7a846c" +dependencies = [ + "log", + "serde", + "thiserror", + "xml-rs", +] + +[[package]] +name = "serde_derive" +version = "1.0.110" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "818fbf6bfa9a42d3bfcaca148547aa00c7b915bec71d1757aa2d44ca68771984" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.53" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "993948e75b189211a9b31a7528f950c6adc21f9720b6438ff80a7fa2f864cea2" +dependencies = [ + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "strsim" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" + +[[package]] +name = "syn" +version = "1.0.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95b5f192649e48a5302a13f2feb224df883b98933222369e4b3b0fe2a5447269" +dependencies = [ + "proc-macro2", + "quote", + "unicode-xid", +] + +[[package]] +name = "termcolor" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb6bfa289a4d7c5766392812c0a1f4c1ba45afa1ad47803c11e1f407d846d75f" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "textwrap" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" +dependencies = [ + "unicode-width", +] + +[[package]] +name = "thiserror" +version = "1.0.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b13f926965ad00595dd129fa12823b04bbf866e9085ab0a5f2b05b850fbfc344" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "893582086c2f98cde18f906265a65b5030a074b1046c674ae898be6519a7f479" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thread_local" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d40c6d1b69745a6ec6fb1ca717914848da4b44ae29d9b3080cbee91d72a69b14" +dependencies = [ + "lazy_static", +] + +[[package]] +name = "unicode-width" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "caaa9d531767d1ff2150b9332433f32a24622147e5ebb1f26409d5da67afd479" + +[[package]] +name = "unicode-xid" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "826e7639553986605ec5979c7dd957c7895e93eabed50ab2ffa7f6128a75097c" + +[[package]] +name = "vec_map" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" + +[[package]] +name = "winapi" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8093091eeb260906a183e6ae1abdba2ef5ef2257a21801128899c3fc699229c6" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-util" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" +dependencies = [ + "winapi", +] + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "xml-rs" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b07db065a5cf61a7e4ba64f29e67db906fb1787316516c4e6e5ff0fea1efcd8a" diff --git a/tools/gen_enclave_conf/Cargo.toml b/tools/gen_enclave_conf/Cargo.toml new file mode 100644 index 00000000..087f08b0 --- /dev/null +++ b/tools/gen_enclave_conf/Cargo.toml @@ -0,0 +1,17 @@ +[package] +name = "gen_enclave_conf" +version = "0.1.0" +authors = ["zongmin.gu "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +clap = "2.33" +serde = "1.0" +serde_json = "1.0" +serde_derive = "1.0" +log = "0.4" +env_logger = "0.7" +serde-xml-rs = "0.4" +regex = "1" \ No newline at end of file diff --git a/tools/gen_enclave_conf/Makefile b/tools/gen_enclave_conf/Makefile new file mode 100644 index 00000000..345ce4f9 --- /dev/null +++ b/tools/gen_enclave_conf/Makefile @@ -0,0 +1,21 @@ +include ../../src/sgxenv.mk + +SRC_FILES := $(shell find . -type f -name '*.rs') Cargo.toml +RUST_TARGET_DIR := $(BUILD_DIR)/tools/genconf/cargo-target +RUST_OUT_DIR := $(BUILD_DIR)/bin +TARGET_BINARY := $(RUST_OUT_DIR)/gen_enclave_conf + +.PHONY: all clean + +all: $(SRC_FILES) +ifeq ($(OCCLUM_RELEASE_BUILD), 1) + @RUSTC_BOOTSTRAP=1 cargo build --release --target-dir=$(RUST_TARGET_DIR) -Z unstable-options --out-dir=$(RUST_OUT_DIR) + @echo "CARGO (release) => gen_enclave_conf" +else + @RUSTC_BOOTSTRAP=1 cargo build --target-dir=$(RUST_TARGET_DIR) -Z unstable-options --out-dir=$(RUST_OUT_DIR) + @echo "CARGO (debug) => gen_enclave_conf" +endif + +clean: + @cargo clean --target-dir=$(RUST_TARGET_DIR) + @-$(RM) -f $(TARGET_BINARY) diff --git a/tools/gen_enclave_conf/src/main.rs b/tools/gen_enclave_conf/src/main.rs new file mode 100644 index 00000000..467c8a8b --- /dev/null +++ b/tools/gen_enclave_conf/src/main.rs @@ -0,0 +1,178 @@ +extern crate clap; +extern crate env_logger; +extern crate log; +extern crate regex; +extern crate serde; +extern crate serde_derive; +extern crate serde_xml_rs; + +use clap::{App, Arg}; +use log::debug; +use serde_derive::{Deserialize, Serialize}; +use std::fs::File; +use std::io::Write; +use std::path::Path; + +fn main() { + env_logger::init(); + + let matches = App::new("gen_enclave_conf") + .version("0.1.0") + .arg( + Arg::with_name("input") + .short("i") + .long("input") + .required(true) + .validator(|f| match Path::new(&f).exists() { + true => Ok(()), + false => { + let err_message = String::from(f) + " is not exist"; + Err(err_message) + } + }) + .takes_value(true), + ) + .arg( + Arg::with_name("output") + .short("o") + .long("output") + .required(true) + .validator(|f| match File::create(f) { + Ok(_e) => Ok(()), + Err(e) => Err(e.to_string()), + }) + .takes_value(true), + ) + .get_matches(); + + let occlum_config_file_path = matches.value_of("input").unwrap(); + debug!( + "Occlum config (json) file name {:?}", + occlum_config_file_path + ); + + let enclave_config_file_path = matches.value_of("output").unwrap(); + debug!( + "Enclave config (xml) file name {:?}", + enclave_config_file_path + ); + + // Read the occlum configuration file + let occlum_config_file = + File::open(occlum_config_file_path).expect("The Occlum configuration file does not exist"); + let occlum_config: OcclumConfiguration = serde_json::from_reader(occlum_config_file) + .expect("It is not a valid Occlum configuration file."); + debug!("The occlum config is:{:?}", occlum_config); + + // get the kernel stack size + let stack_max_size = parse_memory_size(&occlum_config.resource_limits.kernel_space_stack_size); + if stack_max_size.is_err() { + println!( + "The kernel_space_stack_size \"{}\" is not correct.", + occlum_config.resource_limits.kernel_space_stack_size + ); + return; + } + + // get the kernel heap size + let heap_max_size = parse_memory_size(&occlum_config.resource_limits.kernel_space_heap_size); + if heap_max_size.is_err() { + println!( + "The kernel_space_heap_size \"{}\" is not correct.", + occlum_config.resource_limits.kernel_space_heap_size + ); + return; + } + + let sgx_enclave_configuration = EnclaveConfiguration { + ProdID: occlum_config.metadata.product_id, + ISVSVN: occlum_config.metadata.version_number, + StackMaxSize: stack_max_size.unwrap() as u64, + HeapMaxSize: heap_max_size.unwrap() as u64, + TCSNum: occlum_config.resource_limits.max_num_of_threads, + TCSPolicy: 1, + DisableDebug: match occlum_config.metadata.debuggable { + true => 0, + false => 1, + }, + MiscSelect: "0".to_string(), + MiscMask: "0xFFFFFFFF".to_string(), + }; + + // Generate the enclave configuration + let enclave_config = serde_xml_rs::to_string(&sgx_enclave_configuration).unwrap(); + debug!("The enclave config:{:?}", enclave_config); + + // Update the output file + let mut enclave_config_file = File::create(enclave_config_file_path) + .expect("Could not open the target Enclave configuration file."); + enclave_config_file + .write_all(enclave_config.as_bytes()) + .expect("Failed to update the Enclave configuration file."); +} + +fn parse_memory_size(mem_str: &str) -> Result { + const UNIT2FACTOR: [(&str, usize); 5] = [ + ("KB", 1024), + ("MB", 1024 * 1024), + ("GB", 1024 * 1024 * 1024), + ("TB", 1024 * 1024 * 1024 * 1024), + ("B", 1), + ]; + + // Extract the unit part of the memory size + let mem_str = mem_str.trim(); + let (mem_unit, unit_factor) = UNIT2FACTOR + .iter() + .position(|(mem_unit, _)| mem_str.ends_with(mem_unit)) + .ok_or_else(|| "No unit") + .map(|unit_i| &UNIT2FACTOR[unit_i])?; + + // Extract the value part of the memory size + let mem_val = match mem_str[0..mem_str.len() - mem_unit.len()] + .trim() + .parse::() + { + Err(_) => { + return Err("No number"); + } + Ok(mem_val) => mem_val, + }; + + Ok(mem_val * unit_factor) +} + +#[derive(Debug, PartialEq, Deserialize)] +struct OcclumConfiguration { + metadata: OcclumMetadata, + resource_limits: OcclumResourceLimits, +} + +#[derive(Debug, PartialEq, Deserialize)] +struct OcclumMetadata { + product_id: u32, + version_number: u32, + debuggable: bool, +} + +#[derive(Debug, PartialEq, Deserialize)] +struct OcclumResourceLimits { + max_num_of_threads: u32, + kernel_space_heap_size: String, + kernel_space_stack_size: String, + user_space_size: String, +} + +#[allow(non_snake_case)] +#[derive(Debug, PartialEq, Serialize)] +struct EnclaveConfiguration { + ProdID: u32, + ISVSVN: u32, + StackMaxSize: u64, + HeapMaxSize: u64, + TCSNum: u32, + TCSPolicy: u32, + DisableDebug: u32, + MiscSelect: String, + MiscMask: String, +} diff --git a/tools/occlum b/tools/occlum index 9d522295..351cd926 100755 --- a/tools/occlum +++ b/tools/occlum @@ -62,7 +62,7 @@ get_conf_default_mmap_size() { get_conf_user_space_size() { cat "$working_dir/Occlum.json" | \ - python -c "import sys, json; print json.load(sys.stdin)['vm']['user_space_size']" + python -c "import sys, json; print json.load(sys.stdin)['resource_limits']['user_space_size']" } get_conf_env() { @@ -128,9 +128,7 @@ cmd_init() { "$occlum_gcc_lib/libgcc_s.so.1" \ "$occlum_gcc_lib/libgomp.so.1" - cp "$occlum_dir"/etc/template/Enclave.xml "$working_dir"/ cp "$occlum_dir"/etc/template/Occlum.json "$working_dir"/ - chmod 644 "$working_dir"/Enclave.xml chmod 644 "$working_dir"/Occlum.json echo "Initialized an Occlum context in $working_dir" @@ -211,11 +209,14 @@ cmd_build() { cd src/libos && \ make clean-builtin && \ make "$context_dir/build/lib/libocclum-libos.so" ONLY_REBUILD_BUILTIN=1 CONTEXT=1 + + $occlum_dir/$build_dir/bin/gen_enclave_conf -i "$working_dir/Occlum.json" -o "$context_dir/build/Enclave.xml" $ENCLAVE_SIGN_TOOL sign \ -key $ENCLAVE_SIGN_KEY \ - -config "$working_dir/Enclave.xml" \ + -config "$context_dir/build/Enclave.xml" \ -enclave "$context_dir/build/lib/libocclum-libos.so" \ -out "$context_dir/build/lib/libocclum-libos.signed.so" + rm -f "$context_dir/build/Enclave.xml" cd "$context_dir" echo "built" > status diff --git a/tools/occlum-build-enclave b/tools/occlum-build-enclave index 72e78a93..2ef86cda 100755 --- a/tools/occlum-build-enclave +++ b/tools/occlum-build-enclave @@ -7,8 +7,7 @@ project_dir="$( cd "$( dirname "$this_dir/../../../" )" >/dev/null 2>&1 && pwd SGX_SDK="${SGX_SDK:-/opt/intel/sgxsdk}" occlum_conf_json_path=$1 -enclave_conf_xml_path=$2 -enclave_key_pem_path=$3 +enclave_key_pem_path=$2 protected_occlum_conf_json_path=`basename $occlum_conf_json_path`".protected" occlum_conf_file_mac= @@ -18,7 +17,7 @@ occlum_user_space_size= report_arg_error() { echo $1 echo "" - echo "Usage: occlum-build-enclave Occlum.json Enclave.xml Enclave.pem" + echo "Usage: occlum-build-enclave Occlum.json Enclave.pem" } protect_occlum_json() { @@ -44,6 +43,11 @@ build_enclave_so() { make } +generate_enclave_config() { + cd $working_dir + "$project_dir/tools/bin/gen_enclave_conf" -i $occlum_conf_json_path -o "enclave.config.xml" +} + sign_enclave_so() { cd $working_dir rm -f libocclum-libos.signed.so @@ -52,7 +56,8 @@ sign_enclave_so() { -key $enclave_key_pem_path \ -enclave $enclave_so_path \ -out "libocclum-libos.signed.so" \ - -config $enclave_conf_xml_path + -config enclave.config.xml + rm -f enclave.config.xml } # =========================================================================== @@ -88,6 +93,6 @@ export OCCLUM_BUILTIN_VM_USER_SPACE_SIZE=`print_occlum_user_space_size` echo "EXPORT => OCCLUM_BUILTIN_VM_USER_SPACE_SIZE = $OCCLUM_BUILTIN_VM_USER_SPACE_SIZE" build_enclave_so - +generate_enclave_config sign_enclave_so echo "SIGN => libocclum-libos.signed.so" diff --git a/tools/occlum-gen-default-occlum-json b/tools/occlum-gen-default-occlum-json index 8f0c55e1..0aa0497a 100755 --- a/tools/occlum-gen-default-occlum-json +++ b/tools/occlum-gen-default-occlum-json @@ -6,7 +6,7 @@ fi cat <