general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,331 Commits 3 Branches 0 Tags 8.1 MiB
8759a57902
Commit Graph

1331 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
LI Qing
7bc2c336b6 Add mount and umount syscall 2021-11-29 15:11:37 +08:00
zongmin.gu
36918e42bf Check the buffer address before copy the data from the buffer 
This commit fixed an Occlum security issue. The researchers from KU
Leuven (Belgium) and the University of Birmingham (UK) found it and
reported it to Occlum team. Thank you, Jo Van Bulck, Frank Piessens,
Fritz Alder, David Oswald, Jesse Spielman and Sam Thomas.
 2021-11-29 14:14:54 +08:00
Zheng, Qi
580a981ee3 Extract hw mode action common steps to composite_action/hw/ 2021-11-26 17:17:25 +08:00
Zheng, Qi
4373af1cdc Use github.job as the name of the created container 2021-11-26 17:17:25 +08:00
Zheng, Qi
9746cea472 Move sim mode common action to composite_action/sim/ 2021-11-26 17:17:25 +08:00
liuwen
a0eac55b24 add gvisor syscall test for code coverage 2021-11-26 15:40:58 +08:00
Zheng, Qi
3e6323e2a0 Add sysbench demo to github action 2021-11-25 11:40:07 +08:00
Zheng, Qi
94ce37bb9f Add sysbench demo case 2021-11-25 11:40:07 +08:00
LI Qing
fc7ba98ded Add ppoll 2021-11-24 16:52:25 +08:00
LI Qing
b61188889d Update mountfs 2021-11-24 10:50:45 +08:00
Zheng, Qi
821ea843ae Create composite action for occlum container run and src build/install 2021-11-09 09:57:43 +08:00
Hui, Chunyang
17e86e87d0 Fix building CI image for TF serving and Openvino 2021-11-08 19:15:00 +08:00
Hui, Chunyang
edaf2374b0 Support building CI image for different branches 2021-11-08 19:15:00 +08:00
zongmin.gu
a01b35ff5e Bump version to 0.25.0 2021-11-08 19:15:00 +08:00
Hui, Chunyang
56569e2b8e Fix running user application with too many arguments 
Also fix the VM drop process when creating process failure
 2021-11-08 11:30:36 +08:00
Hui, Chunyang
fa69b3d0d1 Try reduce vma count on host to prevent panic because of too much mprotect 2021-11-08 11:29:42 +08:00
Zheng, Qi
4f23cca048 Enable OCCLUM_LOG_LEVEL=trace for code coverage test 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-11-04 13:05:47 +08:00
Zheng, Qi
6b8f24c18b Fix timing issue in test_sendmsg_recvmsg_connectionless 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-11-03 20:33:22 +08:00
Zheng, Qi
28baa5b080 Make sure replacing ':' with '\:' in Makefile targets 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-11-03 14:54:27 +08:00
Zheng, Qi
5c59006d71 Add Linux LTP test for codcov 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-11-03 14:54:27 +08:00
Zheng, Qi
4991aaa516 Update ltp demo with verified syscalls test cases 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-11-03 14:54:27 +08:00
Zheng, Qi
e24a9944e3 Make sure bash is built as PIE 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-11-03 08:12:42 +08:00
Zheng, Qi
774ea33d9a Update bash and fish demo with prebuilt busybox 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-11-01 12:43:45 +08:00
Hui, Chunyang
d9845235d3 Fix the error code and return logic for mmap failure 2021-10-26 17:51:52 +08:00
LI Qing
9f763f84b1 Add the check of pathname in rename syscall 2021-10-22 18:01:25 +08:00
Zheng, Qi
1eb58a5eb3 Add new_fd range check for dup2/dup3 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-22 17:50:48 +08:00
Zheng, Qi
3c9e172550 Add RLIMIT_RTTIME to make it compatibale with latest Linux kernel 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-22 17:50:48 +08:00
Zheng, Qi
a16ba58b31 Set default RLIMIT_NOFILE to 1024 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-22 17:50:48 +08:00
Zheng, Qi
4354148ecf Add linux ltp demo 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-22 17:16:52 +08:00
zongmin.gu
59986df1a5 Bump version to 0.24.2 2021-10-22 17:16:52 +08:00
zongmin.gu
b4d89f6c77 Update CentOS base image 2021-10-22 17:16:52 +08:00
Shuocheng Wang
25006ee673 Add clang dependency to docker file 2021-10-22 17:16:52 +08:00
Zheng, Qi
a825499d47 Update busybox to support new glibc (>2.31) 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-22 17:16:52 +08:00
Zheng, Qi
e2d2cb375c Increase the pytorch demo TCS number to 64 
Also increase ready check delay time to 360s

Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-22 16:42:48 +08:00
LI Qing
8621e09dbb Rewrite the directory entry reference management of unionfs to drop closed INodes 2021-10-20 15:35:28 +08:00
LI Qing
de36ea6b0f Fix the memory leak of dirs in unionfs 2021-10-19 15:40:32 +08:00
Hui, Chunyang
1745825e81 Add support for mprotect PROT_GROWSDOWN 2021-10-18 19:49:28 +08:00
Zheng, Qi
0eb3353b7c Return current break if brk failed 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-18 14:10:19 +08:00
Hui, Chunyang
8dc773cc62 Move stress test to hardware test CI 2021-10-18 13:46:02 +08:00
LI Qing
030b1c7fdf Fix the memory leak in procfs 2021-10-18 13:43:02 +08:00
Hui, Chunyang
16966c0b28 Fix sysinfo and env test case failure in stress test 2021-10-18 13:04:39 +08:00
Zheng, Qi
b79adca20d Update dockerfile to build busybox into toolchain 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-17 16:48:48 +08:00
Zheng, Qi
2d351c9d31 Add occlum busybox prebuild script into toolchain 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-17 16:48:48 +08:00
Hui, Chunyang
bdb7825607 Add support for mremap 2021-10-17 15:58:29 +08:00
Hui, Chunyang
6dd73c64b5 Improve userspace VM management 
Occlum is a single-address-space library OS. Previously, userspace memory are divided for each process.
And all the memory are allocated when the process is created, which leads to a lot of wasted space and
complicated configuration.

In the current implementation, the whole userspace is managed as a memory pool that consists of chunks. There
are two kinds of chunks:
(1) Single VMA chunk: a chunk with only one VMA. Should be owned by exactly one process.
(2) Multi VMA chunk: a chunk with default chunk size and there could be a lot of VMAs in this chunk. Can be used
by different processes.

This design can help to achieve mainly two goals:
(1) Simplify the configuration: Users don't need to configure the process.default_mmap_size anymore. And multiple processes
running in the same Occlum instance can use dramatically different sizes of memory.
(2) Gain better performance: Two-level management(chunks & VMAs) reduces the time for finding, inserting, deleting, and iterating.
 2021-10-17 15:58:29 +08:00
Hui, Chunyang
9d63d396db Add stress test to daily scheduled CI 2021-10-15 11:52:53 +08:00
Hui, Chunyang
d60bdd3771 Add stress test capabilites for make test 2021-10-15 11:52:53 +08:00
Hui, Chunyang
2af05238be Fix SGX SDK version for package related tests 2021-10-09 15:49:28 +08:00
Zheng, Qi
8d85249116 Update bash test in github action 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-08 12:34:38 +08:00
Zheng, Qi
597f8c9080 Update bash demo with bom tool and add musl version 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-08 12:34:38 +08:00