general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,450 Commits 3 Branches 0 Tags 8.1 MiB
9c510dbaf5
Commit Graph

711 Commits

Author SHA1 Message Date
Zheng, Qi
80e2858cee [libos] Support setting hard limit 2023-03-01 09:22:00 +08:00
Zheng, Qi
0bbfec0f24 [libos] Add syscall pwritev and preadv 2023-02-24 20:56:17 +08:00
Zheng, Qi
0f33e93fd5 [libos] Fix size checking bug for shmget 2023-02-24 20:56:17 +08:00
Zheng, Qi
6b86f37bd4 Bump version to 0.29.5 2023-02-24 11:20:00 +08:00
Zheng, Qi
500ca21d52 [libos] Fix bug of sigtimedwait for timeout NULL 2023-02-15 17:07:13 +08:00
Shaowei Song
dbe404f16a [sefs] Make cache size configurable in Occlum.json 2023-02-09 09:09:01 +08:00
Zheng, Qi
386e968ccb [libos] Enable backtrace for memory allocation failure 2023-02-02 10:26:12 +08:00
Hui, Chunyang
6107a32675 Fix mremap lock range when merging connecting chunks 2023-01-31 10:16:28 +08:00
volcano0dr
ea7a51be49 Bump version to 0.29.4 2023-01-16 11:32:43 +08:00
Hui, Chunyang
997c21a45f Fix reserved memory permission for EDMM support 2023-01-14 17:56:26 +08:00
Kun Lai
12cb488f36 [libos] Fix vulnerable nonce in DCAP verifier 
This commit fixed a security issue in the dcap verifier. The issue was caused by the '[in, out]' attributes of pointer parameter qve_report_info in the ocall function occlum_ocall_verify_dcap_quote(). This led to the vulnerability where the protected qve_report_info.nonce field in libos could be arbitrarily rewritten by attacker outside libos.

Signed-off-by: Kun Lai <me@imlk.top>
 2023-01-14 00:12:42 +08:00
Hui, Chunyang
f8825e453e Fix mmap with MAP_FIXED non-atomic behaviour 2023-01-11 16:47:20 +08:00
Hui, Chunyang
fb12642254 Fix brk not reset memory 2023-01-06 22:56:41 +08:00
Hui, Chunyang
0bf4a5a7f7 Fix mprotect and mremap potential failure 2023-01-06 22:56:41 +08:00
Zheng, Qi
7de4a2b3cd [libos] Add sgx_get_key ioctl command 2023-01-03 17:55:23 +08:00
Zheng, Qi
d34d54a821 Add syscall getrlimit and setrlimit support 2022-12-21 23:18:14 +08:00
Shaowei Song
588b458268 [sefs] Configure larger cache size to improve pfs performance 2022-12-12 14:03:59 +08:00
LI Qing
d63b3c561c Improve the usability of occlum start/exec/stop cmd 2022-12-11 19:33:04 +08:00
Zheng, Qi
77ff07f522 Bump to 0.29.3 2022-12-07 11:45:45 +08:00
Zheng, Qi
242e0b63d2 [libos] Fix envs overidden bug 2022-12-05 20:07:32 +08:00
LI Qing
70d3bf690c Print the raw errno if it is not an expected value 2022-12-05 13:57:13 +08:00
Hui, Chunyang
0f789b49bc Fix exit_group not interrupt wait4 2022-11-15 18:01:46 +08:00
Zheng, Qi
ac30c2b787 Bump to 0.29.2 2022-11-08 18:49:23 +08:00
LI Qing
64c75e6d40 Add partial support for '/proc/stat' and '/proc/[pid]/stat' 2022-11-06 20:56:29 +08:00
LI Qing
96166dadc2 Add setpriority and getpriority syscall 2022-10-26 13:00:19 +08:00
volcano0dr
a7da76ca42 Bump to 0.29.1 2022-10-24 14:28:01 +08:00
volcano0dr
c60a19177b Update pal error message 2022-10-19 09:45:27 +08:00
Hui, Chunyang
4c3ca79134 Make vfork stop parent child threads 
When vfork is called and the current process has other running child threads,
for Linux, the other threads remain running. For Occlum, this behavior is
different. All the other threads will be frozen until the vfork returns
or execve is called in the child process.

The reason is that since Occlum doesn't support fork, many applications will
use vfork to replace fork. For multi-threaded applications, if vfork doesn't
stop other child threads, the application will be more likely to fail because
the child process directly uses the VM and the file table of the parent process.
 2022-10-18 21:57:57 +08:00
LI Qing
f71e940cfd [libos] Fix the iterator index when unlock range lock 2022-10-13 17:29:23 +08:00
Zheng, Qi
27ca93c7ab Let the init process can accept the env values 2022-10-11 13:09:35 +08:00
Hui, Chunyang
51eb43eb90 Fix epoll_ctl not waking up epoll_wait 
Co-authored-by: rduan@apache.org
 2022-09-22 15:11:31 +08:00
volcano0dr
52b75e3e06 Add metadata in HNode 2022-09-22 10:56:24 +08:00
volcano0dr
a389dc216c Bump to 0.29.0 2022-09-14 20:05:04 +08:00
volcano0dr
69b35e6429 [deps/rust-sgx-sdk] Upgrade rust-sgx-sdk to 1.1.5 2022-09-14 20:05:04 +08:00
volcano0dr
e13f6871cf Upgrade dependencies for libos 2022-09-07 10:01:34 +08:00
volcano0dr
8fac6d3652 Upgrade dependencies for occlum_exec 2022-09-06 15:38:41 +08:00
Hui, Chunyang
171faccea7 [libos] Fix munmap conflict chunk range and vma range 2022-09-06 12:57:16 +08:00
volcano0dr
e3a17946ac Bump to 0.28.1 2022-08-25 08:33:06 +08:00
Hui, Chunyang
6cb9ca7e44 Add sendmsg/recvmsg support for unix domain socket 2022-08-23 20:37:57 +08:00
Hui, Chunyang
71c4937b45 Fix listening socket epoll_wait not waken by connect 2022-08-23 20:37:57 +08:00
Hui, Chunyang
f87ee7c7a4 Support munmap multiple single VMA chunks with remaining ranges 2022-08-23 16:58:03 +08:00
LI Qing
54de00a3bc Fix the issue when path is suffixed by "/" 2022-08-15 09:21:52 +08:00
LI Qing
54afae9ed5 Fix the path length limit and update sefs 2022-08-15 09:19:09 +08:00
LI Qing
0513a17e81 Skip the inode permission check if uid is root 2022-08-09 09:58:25 +08:00
Hui, Chunyang
d1acb84362 Add support for /proc/self(pid)/maps 2022-08-08 08:40:52 +08:00
Ikko Ashimine
fc0f913940 Fix typo in stream.rs 
avaiable -> available
 2022-07-24 18:53:35 +08:00
dr264275
67ca5444f4 Bump to 0.28.0 
Signed-off-by: dr264275 <dr264275@antgroup.com>
 2022-07-17 17:12:14 +08:00
zhubojun
338dda643b [libos] Add PKU support 2022-07-17 17:12:14 +08:00
Zheng, Qi
526b6e1753 Update QvE ISV SVN threshold value 2022-07-17 17:12:14 +08:00
LI Qing
a2991cc9c0 Add seek support for stdin and stdout 2022-07-15 23:48:27 +08:00
Hui, Chunyang
0b824d3a98 Fix panic when build process VM failed 2022-07-13 16:35:04 +08:00
LI Qing
1dc2b517fc Fix the issue about fsync on hostfs's dir 
There are no sync methods about untrusted dir, so we do nothing.
 2022-07-13 13:42:51 +08:00
LI Qing
98dd3e8af3 Modify hostfs to support mode and some ops for dir 2022-07-06 15:54:15 +08:00
Hui, Chunyang
04e00ddbc5 Refactor exec server status to handle init failure 2022-06-24 19:21:27 +08:00
Hui, Chunyang
5d75584e32 Stop interrupt thread before destroying the enclave when error 2022-06-24 19:21:27 +08:00
LI Qing
6dab561327 Disable DCAP in hyper mode 2022-06-23 10:25:16 +08:00
volcano0dr
fac632122e Bump to 0.27.3 
Signed-off-by: volcano0dr <volcano_dr@163.com>
 2022-06-06 09:32:50 +08:00
ClawSeven
40ad9d1648 [libos] Fix error handling of sendfile 2022-06-01 12:13:10 -07:00
Hui, Chunyang
2cd20d315e Refactor merge_all_single_vma_chunks to reduce iteration 2022-05-18 00:02:20 +08:00
Hui, Chunyang
849e35f01e Remove redundant sort logic for add_range_back_to_free_manager 2022-05-18 00:02:20 +08:00
Hui, Chunyang
70dbf84782 Fix single-VMA chunk range conflict due to mremap locking order 2022-05-17 23:58:00 +08:00
LI Qing
626ea3dc7c [libos] Add status_flags support for stdio 2022-05-16 15:29:26 +08:00
Hui, Chunyang
cd5d9e6d57 Refactor rwlock implementation 
1. Improve readability
2. Ease the restriction on memory ordering for better performance
 2022-05-11 14:57:17 +08:00
Hui, Chunyang
fd950132ce Fix chunk manager munmap range 
When the munmap range is bigger than the Multi-VMA chunk's range, the
bound was wrong and the munmap will misbehave.
 2022-05-10 23:30:29 +08:00
zhubojun
ed96ce55dd [libos] Add support for SHM 2022-04-28 20:05:50 +08:00
ClawSeven
c84c3b7b88 Refine hosts parser 2022-04-27 22:10:54 +08:00
volcano0dr
7a2c5a1f41 Bump to 0.27.2 
Signed-off-by: volcano0dr <volcano_dr@163.com>
 2022-04-25 15:02:41 +08:00
volcano
0182c097dd [hyper mode] Support ms buffer for deep copy hostfile 2022-04-24 17:48:58 +08:00
ClawSeven
036eb08193 Deep copy host file 2022-04-24 10:52:33 +08:00
zongmin.gu
f0ef954398 Bump to 0.27.1 2022-04-07 12:13:55 +08:00
ClawSeven
ffdd4d95a4 Add parser for hostname and hosts 2022-04-06 15:18:08 +08:00
ClawSeven
15932a54b6 Add hosts and hostname file 2022-04-06 15:18:08 +08:00
Hui, Chunyang
3e15eb059c Add support for mmap spans over two chunks with MAP_FIXED 2022-03-30 17:38:37 +08:00
Shaowei Song
8872acaeda [libos] Add ENOENT&ENAMETOOLONG checks for path name 2022-03-28 15:20:16 +08:00
Shaowei Song
5be86d0058 [ci] Do not disable overflow_checks for code coverage build 2022-03-28 15:20:16 +08:00
Shaowei Song
64bdd71a50 [libos] Return error instead of overflow panic in vm 2022-03-24 14:54:43 +08:00
zhubojun
4fab368127 [libos] Add support for UTIME 2022-03-22 17:59:00 +08:00
LI Qing
66d1ebe918 [hyper mode] Add compile support 2022-03-19 15:32:45 +08:00
LI Qing
f611e9c008 [hyper mode] Dismiss the valiadation of QE report 2022-03-19 15:32:45 +08:00
LI Qing
1d1cbb0abf [hyper mode] Add UntrustedSlice 2022-03-19 15:32:45 +08:00
LI Qing
0b7b384241 [hyper mode] Support ms buffer for pal 2022-03-19 15:32:45 +08:00
LI Qing
f52bf0b514 Add support for FLOCK 2022-03-09 16:00:23 +08:00
LI Qing
b44390b883 Refactor range_lock in fs 2022-03-09 16:00:23 +08:00
zongmin.gu
cba8689bf3 Bump to 0.27.0 2022-03-04 11:37:13 +08:00
Hui, Chunyang
e0b47b3a76 Refactor futex wait with timeout 2022-03-04 11:37:13 +08:00
LI Qing
126562a3f7 Fix the wrong SGX exception conversion 2022-02-22 19:27:15 +08:00
Hui, Chunyang
ffaccedf95 Add support for clock_nanosleep 
Also replace nanosleep implementation with clock_nanosleep
 2022-02-22 16:05:36 +08:00
Hui, Chunyang
63db3e340c Fix futex wait timeout with absolute time 2022-02-22 16:05:36 +08:00
zongmin.gu
e0cf6bd0a6 Bump to 0.26.4 2022-02-11 11:10:02 +08:00
Hui, Chunyang
5d38c8e553 Fix vfork child process not close opened files 2022-01-24 14:09:36 +08:00
LI Qing
b40408cb91 [libos] Change ROOT_INODE to ROOT_FS 
Filesystem should be the owner of its root inode
 2022-01-17 11:52:16 +08:00
xiaoli.zhang
6353817af8 Fix incompatible timespec convertion 2022-01-12 18:42:03 +08:00
Hui, Chunyang
1229de1fd1 Fix panic if user input invalid memory arguments 2021-12-30 15:19:36 +08:00
zongmin.gu
9d55882cd5 Bump to 0.26.3 2021-12-29 16:29:35 +08:00
Hui, Chunyang
f65bbdd924 Fix TCGETS/TCSETS using wrong termios type definition 2021-12-24 16:57:27 +08:00
Zheng, Qi
8efde3915c Do not panic but return error for failed dcap ioctl 2021-12-22 08:08:49 +08:00
Hui, Chunyang
8aed759161 Clean clear_ctid when thread exits 2021-12-16 17:37:00 +08:00
Zheng, Qi
61ce53c67a Fix pal log header typo 2021-12-16 17:34:53 +08:00
zongmin.gu
765d019bbf Bump to version 0.26.2 2021-12-14 10:58:09 +08:00
zongmin.gu
101256bf1e Update Rust SGX SDK to enable rust-toolchain nightly-2021-11-01 2021-12-14 10:58:09 +08:00
zongmin.gu
6cff4bc30c Bump to 0.26.1 2021-12-06 19:19:53 +08:00
zongmin.gu
e8f262808b Fix Occlum building warnings 2021-12-06 19:19:53 +08:00
zongmin.gu
39f268891e Update the docker file for SGX SDK 2.15.1 2021-12-06 19:19:53 +08:00
zongmin.gu
8fbb9b4796 Update SGX SDK 2.15.1 2021-12-06 19:19:53 +08:00
Zheng, Qi
7db9d9b955 Add SGX KSS support 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-12-06 15:46:34 +08:00
zongmin.gu
a428ea3409 Bump to 0.26.0 2021-11-29 18:42:15 +08:00
LI Qing
7bc2c336b6 Add mount and umount syscall 2021-11-29 15:11:37 +08:00
zongmin.gu
36918e42bf Check the buffer address before copy the data from the buffer 
This commit fixed an Occlum security issue. The researchers from KU
Leuven (Belgium) and the University of Birmingham (UK) found it and
reported it to Occlum team. Thank you, Jo Van Bulck, Frank Piessens,
Fritz Alder, David Oswald, Jesse Spielman and Sam Thomas.
 2021-11-29 14:14:54 +08:00
LI Qing
fc7ba98ded Add ppoll 2021-11-24 16:52:25 +08:00
LI Qing
b61188889d Update mountfs 2021-11-24 10:50:45 +08:00
zongmin.gu
a01b35ff5e Bump version to 0.25.0 2021-11-08 19:15:00 +08:00
Hui, Chunyang
56569e2b8e Fix running user application with too many arguments 
Also fix the VM drop process when creating process failure
 2021-11-08 11:30:36 +08:00
Hui, Chunyang
fa69b3d0d1 Try reduce vma count on host to prevent panic because of too much mprotect 2021-11-08 11:29:42 +08:00
Hui, Chunyang
d9845235d3 Fix the error code and return logic for mmap failure 2021-10-26 17:51:52 +08:00
LI Qing
9f763f84b1 Add the check of pathname in rename syscall 2021-10-22 18:01:25 +08:00
Zheng, Qi
1eb58a5eb3 Add new_fd range check for dup2/dup3 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-22 17:50:48 +08:00
Zheng, Qi
3c9e172550 Add RLIMIT_RTTIME to make it compatibale with latest Linux kernel 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-22 17:50:48 +08:00
Zheng, Qi
a16ba58b31 Set default RLIMIT_NOFILE to 1024 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-22 17:50:48 +08:00
zongmin.gu
59986df1a5 Bump version to 0.24.2 2021-10-22 17:16:52 +08:00
Hui, Chunyang
1745825e81 Add support for mprotect PROT_GROWSDOWN 2021-10-18 19:49:28 +08:00
Zheng, Qi
0eb3353b7c Return current break if brk failed 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-18 14:10:19 +08:00
LI Qing
030b1c7fdf Fix the memory leak in procfs 2021-10-18 13:43:02 +08:00
Hui, Chunyang
bdb7825607 Add support for mremap 2021-10-17 15:58:29 +08:00
Hui, Chunyang
6dd73c64b5 Improve userspace VM management 
Occlum is a single-address-space library OS. Previously, userspace memory are divided for each process.
And all the memory are allocated when the process is created, which leads to a lot of wasted space and
complicated configuration.

In the current implementation, the whole userspace is managed as a memory pool that consists of chunks. There
are two kinds of chunks:
(1) Single VMA chunk: a chunk with only one VMA. Should be owned by exactly one process.
(2) Multi VMA chunk: a chunk with default chunk size and there could be a lot of VMAs in this chunk. Can be used
by different processes.

This design can help to achieve mainly two goals:
(1) Simplify the configuration: Users don't need to configure the process.default_mmap_size anymore. And multiple processes
running in the same Occlum instance can use dramatically different sizes of memory.
(2) Gain better performance: Two-level management(chunks & VMAs) reduces the time for finding, inserting, deleting, and iterating.
 2021-10-17 15:58:29 +08:00
zongmin.gu
c6d474bb7b Bump version to 0.24.1 2021-10-01 08:29:25 +08:00
LI Qing
a8cd5eadba Fix the type conversion in statfs with TryFrom trait 2021-09-22 15:11:48 +08:00
LI Qing
c9083c787c Fix the return error code of file operations 2021-09-22 15:10:59 +08:00
zongmin.gu
85f9333fbe Bump version to 0.24.0 2021-09-15 14:49:25 +08:00
LI Qing
8f4fbba220 Add file POSIX advisory range lock 2021-09-15 11:15:42 +08:00
LI Qing
d24f89fd9c Add getrandom syscall 2021-09-06 19:20:51 +08:00
LI Qing
85d6977118 Modify the statfs on SEFS or UnionFS with ocall 2021-09-05 16:00:00 +08:00
LI Qing
29eed82a7e Add support for the mode of fallocate 2021-09-01 19:24:22 +08:00
Hui, Chunyang
99688183f0 Add vfork support 2021-08-24 11:24:03 +08:00
Hui, Chunyang
88f04c8df9 Add process group implementation and support set/getpgid, set/getpgrp 2021-08-20 08:34:44 +08:00
zongmin.gu
35229d495e Bump to 0.23.7 2021-08-11 16:13:26 +08:00
zongmin.gu
4e3c9c20c4 Fix exec mode memory leak issue 2021-08-10 12:25:57 +08:00
LI Qing
87c1c9a8b3 Add support for umask 2021-08-09 16:50:53 +08:00
zongmin.gu
7c170807bc Bump to 0.23.6 2021-08-06 12:58:56 +08:00
LI Qing
b390ecaae9 Add creat syscall 2021-08-06 10:40:44 +08:00
LI Qing
c5c18ccd6d Fix the event_monitor when updating host file events 
When no events happen, the state of host file events will not be reset,
so the event_monitor should always update the state after polling files.
 2021-08-06 10:29:25 +08:00
Hui, Chunyang
80a27bc0f9 Reap zombie children when exit 
This can fix memory leakage when parent not wait4 children.
 2021-08-05 17:52:45 +08:00
LI Qing
865e38258b Add support for '/proc/[pid]/stat' 
Many field values are displayed as 0
 2021-08-05 16:10:54 +08:00
LI Qing
28c0d55c88 Re-organize the structure of procfs 2021-08-05 16:10:54 +08:00
Hui, Chunyang
b2b86b796a Add support for /dev/fd 2021-08-03 21:30:15 +08:00
LI Qing
dc37995bf0 Add getdents support for procfs's inode 2021-08-03 20:40:07 +08:00
LI Qing
215e8ffbdf Add support for robust futex syscalls 2021-07-30 10:25:24 +08:00
zongmin.gu
22af91b9e7 Bump version to 0.23.5 2021-07-29 14:09:36 +08:00
zongmin.gu
1e03b34a3f Update Cargo lock file to align resolv-conf change 2021-07-29 14:09:36 +08:00
ClawSeven
d35d98d551 Add resolv-conf parser 2021-07-28 10:52:46 +08:00
Hui, Chunyang
1acfec6b12 Add support for fchdir and support cd for fish 2021-07-28 09:11:19 +08:00