213 lines
8.1 KiB
Plaintext
213 lines
8.1 KiB
Plaintext
enclave {
|
|
from "sgx_backtrace.edl" import *;
|
|
from "sgx_stdio.edl" import *;
|
|
from "sgx_tstdc.edl" import *;
|
|
from "sgx_tstd.edl" import *;
|
|
from "sgx_tprotected_fs.edl" import *;
|
|
from "sgx_net.edl" import *;
|
|
from "sgx_occlum_utils.edl" import *;
|
|
|
|
include "sgx_quote.h"
|
|
include "occlum_edl_types.h"
|
|
|
|
trusted {
|
|
/*
|
|
* Initialize the LibOS according to the specified attributes.
|
|
*
|
|
* @retval On success, return 0; otherwise, return -errno.
|
|
*
|
|
* The possible values of errno are
|
|
* EEXIST - The LibOS has already been initialized.
|
|
* EINVAL - The value of an argument are invalid.
|
|
*/
|
|
public int occlum_ecall_init([in, string] const char* log_level, [in, string] const char* instance_dir);
|
|
|
|
/*
|
|
* Create a new LibOS process to do the task specified by the given
|
|
* arguments.
|
|
*
|
|
* @retval On success, return the thread ID of the
|
|
* newly-created process (pid == tid for a new process). On error,
|
|
* return -errno.
|
|
*
|
|
* The possible values of errno are
|
|
* EAGAIN - The LibOS is not initialized.
|
|
* EINVAL - The value of an argument are invalid.
|
|
* ENOMEM - Not enough memory to create the new process.
|
|
* EACCES - The path of the executable is not accessible.
|
|
*/
|
|
public int occlum_ecall_new_process(
|
|
[in, string] const char* executable_path,
|
|
[user_check] const char** argv,
|
|
[user_check] const char** env,
|
|
[in] const struct occlum_stdio_fds* io_fds);
|
|
|
|
/*
|
|
* Execute the LibOS thread specified by the TID.
|
|
*
|
|
* This API is synchronous: it returns until the LibOS thread
|
|
* terminates.
|
|
*
|
|
* @retval On success, return the exit status of the thread, whose
|
|
* value is always greater than or equal to zero. To unify the two
|
|
* cases of terminating normally and being killed by a signal, the
|
|
* exit status is encoded in the way described in wait(2) man page.
|
|
* This means if the thread exits normally (e.g., returning from the
|
|
* main page or call exit(2) explictly), then the exit status is
|
|
* can be gained by WEXITSTATUS(status). If the thread is killed by a
|
|
* signal, then the signal number is WTERMSIG(status).
|
|
*
|
|
* The possible values of errno are
|
|
* EAGAIN - The LibOS is not initialized.
|
|
* EINVAL - The value of an argument are invalid.
|
|
* ESRCH - Cannot find the LibOS thread.
|
|
*/
|
|
public int occlum_ecall_exec_thread(int libos_tid, int host_tid);
|
|
|
|
/*
|
|
* Send a signal to one or multiple LibOS processes.
|
|
*
|
|
* If pid == -1, send the signal to all processes. If pid > 0, send
|
|
* the signal to the specific process. For the purpose of security,
|
|
* the only allowed signals for now are SIGKILL and SIGTERM.
|
|
*
|
|
* @retval On success, return 0. On error, return -errno.
|
|
*
|
|
* The possible values of errno are
|
|
* EAGAIN - The LibOS is not initialized.
|
|
* EINVAL - The value of an argument are invalid.
|
|
* ESRCH - Cannot find the process specified by pid.
|
|
* EPERM - No permission to send the signal or to the process.
|
|
*/
|
|
public int occlum_ecall_kill(int pid, int sig);
|
|
|
|
|
|
/*
|
|
* Broadcast interrupts to LibOS threads.
|
|
*
|
|
* Interrupts are sent to whichever LibOS threads that have pending
|
|
* events (e.g., signals). By interrupting the execution of these
|
|
* threads, the LibOS is given a chance to handle these events despite
|
|
* of the specific user workloads.
|
|
*
|
|
* @retval On success, return a non-negative value, which is the number
|
|
* of LibOS threads to which interrupts are sent. On error, return
|
|
* -errno.
|
|
*
|
|
* The possible values of errno are
|
|
* EAGAIN - The LibOS is not initialized.
|
|
*/
|
|
public int occlum_ecall_broadcast_interrupts(void);
|
|
};
|
|
|
|
untrusted {
|
|
/*
|
|
* Execute the LibOS thread specified by a TID in a new host OS thread.
|
|
*
|
|
* This API is asynchronous: it immediately returns after successfully
|
|
* creating a new host OS thread that will enter the enclave and execute the
|
|
* the LibOS thread (using occlum_ecall_exec_process).
|
|
*
|
|
* @retval On success, return 0. On error, return -1.
|
|
*/
|
|
int occlum_ocall_exec_thread_async(int libos_tid);
|
|
|
|
int occlum_ocall_thread_getcpuclock([out] struct timespec* ts) propagate_errno;
|
|
|
|
void occlum_ocall_gettimeofday([out] struct timeval* tv);
|
|
void occlum_ocall_clock_gettime(clockid_t clockid, [out] struct timespec* ts);
|
|
void occlum_ocall_clock_getres(clockid_t clockid, [out] struct timespec* res);
|
|
void occlum_ocall_rdtsc([out] uint32_t* low, [out] uint32_t* high);
|
|
|
|
int occlum_ocall_nanosleep(
|
|
[in] const struct timespec* req,
|
|
[out] struct timespec* rem
|
|
) propagate_errno;
|
|
|
|
void occlum_ocall_sync(void);
|
|
|
|
void* occlum_ocall_posix_memalign(size_t alignment, size_t size);
|
|
void occlum_ocall_free([user_check] void* ptr);
|
|
|
|
int occlum_ocall_mprotect([user_check] void* addr, size_t len, int prot);
|
|
|
|
int occlum_ocall_get_numa_topology(
|
|
[out, count=ncpus] uint32_t *numa_buf,
|
|
size_t ncpus
|
|
) propagate_errno;
|
|
void occlum_ocall_sched_yield(void);
|
|
int occlum_ocall_sched_setaffinity(
|
|
int host_tid,
|
|
size_t cpusize,
|
|
[in, size=cpusize] const unsigned char* buf
|
|
) propagate_errno;
|
|
int occlum_ocall_sched_getaffinity(
|
|
size_t cpusize,
|
|
[out, size=cpusize] unsigned char* buf
|
|
) propagate_errno;
|
|
int occlum_ocall_ncores(void);
|
|
|
|
sgx_status_t occlum_ocall_sgx_init_quote(
|
|
[out] sgx_target_info_t* target_info,
|
|
[out] sgx_epid_group_id_t* epid_group_id);
|
|
sgx_status_t occlum_ocall_sgx_get_quote(
|
|
[in, size=sigrl_len] uint8_t* sigrl,
|
|
uint32_t sigrl_len,
|
|
[in] sgx_report_t* report,
|
|
sgx_quote_sign_type_t quote_type,
|
|
[in] sgx_spid_t* spid,
|
|
[in] sgx_quote_nonce_t* nonce,
|
|
[out] sgx_report_t* qe_report,
|
|
[out, size=quote_buf_len] sgx_quote_t* quote_buf,
|
|
uint32_t quote_buf_len);
|
|
|
|
int64_t occlum_ocall_sendmsg(
|
|
int sockfd,
|
|
[in, size=msg_namelen] const void* msg_name,
|
|
socklen_t msg_namelen,
|
|
[in, count=msg_iovlen] const struct iovec* msg_iov,
|
|
size_t msg_iovlen,
|
|
[in, size=msg_controllen] const void* msg_control,
|
|
size_t msg_controllen,
|
|
int flags
|
|
) propagate_errno;
|
|
int64_t occlum_ocall_recvmsg(
|
|
int sockfd,
|
|
[out, size=msg_namelen] void *msg_name,
|
|
socklen_t msg_namelen,
|
|
[out] socklen_t* msg_namelen_recv,
|
|
[in, count=msg_iovlen] struct iovec* msg_iov,
|
|
size_t msg_iovlen,
|
|
[out, size=msg_controllen] void *msg_control,
|
|
size_t msg_controllen,
|
|
[out] size_t* msg_controllen_recv,
|
|
[out] int* msg_flags_recv,
|
|
int flags
|
|
) propagate_errno;
|
|
|
|
int occlum_ocall_eventfd(
|
|
unsigned int initval,
|
|
int flags
|
|
) propagate_errno;
|
|
|
|
int occlum_ocall_poll(
|
|
[in, out, count=nfds] struct pollfd *fds,
|
|
nfds_t nfds,
|
|
[in, out] struct timeval *timeout,
|
|
int efd
|
|
)propagate_errno;
|
|
|
|
void occlum_ocall_print_log(uint32_t level, [in, string] const char* msg);
|
|
void occlum_ocall_flush_log(void);
|
|
|
|
int occlum_ocall_ioctl(
|
|
int fd,
|
|
int request,
|
|
[in, out, size=len] void *arg,
|
|
size_t len
|
|
) propagate_errno;
|
|
|
|
int occlum_ocall_tkill(int tid, int signum) propagate_errno;
|
|
};
|
|
};
|