From a7317b0aa9bcd1010e41642f062a0ef6b74c5c34 Mon Sep 17 00:00:00 2001
From: Qi Zheng <huaiqing.zq@antgroup.com>
Date: Tue, 29 Aug 2023 16:12:54 +0800
Subject: [PATCH] [libos] Add disable_log cfg option

---
 src/libos/src/config.rs             | 19 +++++++++++++++++++
 src/libos/src/entry.rs              | 19 ++++++-------------
 tools/gen_internal_conf/src/main.rs | 18 ++++++++++++++++++
 3 files changed, 43 insertions(+), 13 deletions(-)

diff --git a/src/libos/src/config.rs b/src/libos/src/config.rs
index 0eca7c96..c79ec339 100644
--- a/src/libos/src/config.rs
+++ b/src/libos/src/config.rs
@@ -1,5 +1,6 @@
 use super::*;
 use crate::std::untrusted::path::PathEx;
+use crate::util::sgx::allow_debug as sgx_allow_debug;
 use serde::{Deserialize, Serialize};
 use std::collections::HashSet;
 use std::ffi::CString;
@@ -10,6 +11,8 @@ use std::sgxfs::SgxFile;
 
 use crate::util::mem_util::from_user;
 
+use log::{set_max_level, LevelFilter};
+
 lazy_static! {
     pub static ref LIBOS_CONFIG: Config = {
         let config_path =
@@ -200,6 +203,20 @@ impl Config {
         };
         let feature = ConfigFeature::from_input(&input.feature)?;
 
+        if input.disable_log {
+            log::set_max_level(LevelFilter::Off);
+        } else if !sgx_allow_debug() {
+            if log::max_level() != LevelFilter::Off {
+                // Release enclave can only set error level log
+                log::set_max_level(LevelFilter::Error);
+            }
+            eprintln!("Warnning: Occlum Log is enabled for release enclave!");
+            eprintln!(
+                "Uses can disable Occlum Log by setting metadata.disable_log=true \
+                in Occlum.json and rebuild Occlum instance.\n"
+            );
+        }
+
         Ok(Config {
             resource_limits,
             process,
@@ -385,6 +402,8 @@ struct InputConfig {
     #[serde(default)]
     pub env: InputConfigEnv,
     #[serde(default)]
+    pub disable_log: bool,
+    #[serde(default)]
     pub app: Vec<InputConfigApp>,
     #[serde(default)]
     pub feature: InputConfigFeature,
diff --git a/src/libos/src/entry.rs b/src/libos/src/entry.rs
index 778670b5..1f59f787 100644
--- a/src/libos/src/entry.rs
+++ b/src/libos/src/entry.rs
@@ -60,24 +60,17 @@ pub extern "C" fn occlum_ecall_init(
 
     assert!(!instance_dir.is_null());
 
-    let log_level = {
-        let input_log_level = match parse_log_level(log_level) {
-            Err(e) => {
-                eprintln!("invalid log level: {}", e.backtrace());
-                return ecall_errno!(EINVAL);
-            }
-            Ok(log_level) => log_level,
-        };
-        // Use the input log level if and only if the enclave allows debug
-        if sgx_allow_debug() {
-            input_log_level
-        } else {
-            LevelFilter::Off
+    let log_level = match parse_log_level(log_level) {
+        Err(e) => {
+            eprintln!("invalid log level: {}", e.backtrace());
+            return ecall_errno!(EINVAL);
         }
+        Ok(log_level) => log_level,
     };
 
     INIT_ONCE.call_once(|| {
         // Init the log infrastructure first so that log messages will be printed afterwards
+        // The log level may be set to off later if disable_log is true in user configuration
         util::log::init(log_level);
 
         let report = rsgx_self_report();
diff --git a/tools/gen_internal_conf/src/main.rs b/tools/gen_internal_conf/src/main.rs
index 5e324b01..ffb86244 100644
--- a/tools/gen_internal_conf/src/main.rs
+++ b/tools/gen_internal_conf/src/main.rs
@@ -487,6 +487,20 @@ fn main() {
             app_config.unwrap()
         };
 
+        // If the user doesn't provide a value, set it false unless it is release enclave.
+        // If the user provides a value, just use it.
+        let disable_log = {
+            if occlum_config.metadata.disable_log.is_none() {
+                if occlum_config.metadata.debuggable {
+                    false
+                } else {
+                    true
+                }
+            } else {
+                occlum_config.metadata.disable_log.unwrap()
+            }
+        };
+
         let occlum_json_config = InternalOcclumJson {
             resource_limits: InternalResourceLimits {
                 user_space_init_size: config_user_space_init_size.to_string() + "B",
@@ -498,6 +512,7 @@ fn main() {
                 default_mmap_size: occlum_config.process.default_mmap_size,
             },
             env: occlum_config.env,
+            disable_log: disable_log,
             app: app_config,
             feature: occlum_config.feature.clone(),
         };
@@ -728,6 +743,8 @@ struct OcclumMetadata {
     product_id: u32,
     version_number: u32,
     debuggable: bool,
+    #[serde(default)]
+    disable_log: Option<bool>,
     enable_kss: bool,
     family_id: OcclumMetaID,
     ext_prod_id: OcclumMetaID,
@@ -823,6 +840,7 @@ struct InternalOcclumJson {
     resource_limits: InternalResourceLimits,
     process: OcclumProcess,
     env: serde_json::Value,
+    disable_log: bool,
     app: serde_json::Value,
     feature: OcclumFeature,
 }