diff --git a/sgx-lkl-musl b/sgx-lkl-musl index a6360f883..8baabab80 160000 --- a/sgx-lkl-musl +++ b/sgx-lkl-musl @@ -1 +1 @@ -Subproject commit a6360f883fd906b18c1878254547ad72da28d7e6 +Subproject commit 8baabab807fd84a2aa06a0408c2c98de1b8a69e5 diff --git a/src/enclave/enclave_init.c b/src/enclave/enclave_init.c index 6ef0d69e8..1c0c56f71 100644 --- a/src/enclave/enclave_init.c +++ b/src/enclave/enclave_init.c @@ -12,7 +12,7 @@ #include "enclave/lthread_int.h" #include "enclave/wireguard.h" #include "enclave/wireguard_util.h" -#include "shared/env.h" +#include "shared/util.h" extern struct mpmcq __scheduler_queue; @@ -91,7 +91,8 @@ static void init_wireguard() static int startmain(void* args) { - __init_libc(sgxlkl_enclave_state.elf64_stack.envp, + __init_libc( + sgxlkl_enclave_state.elf64_stack.envp, sgxlkl_enclave_state.elf64_stack.argv[0]); __libc_start_init(); a_barrier(); @@ -156,7 +157,7 @@ int __libc_init_enclave(int argc, char** argv) max_lthreads = next_power_of_2(max_lthreads); newmpmcq(&__scheduler_queue, max_lthreads, 0); - + init_ethread_tp(); size_t espins = cfg->espins; diff --git a/src/enclave/enclave_mem.c b/src/enclave/enclave_mem.c index 49cd5faf0..5af20d376 100644 --- a/src/enclave/enclave_mem.c +++ b/src/enclave/enclave_mem.c @@ -36,7 +36,6 @@ static size_t used_pages = 0; // Tracks the number of used pages for the mmap tracing #if DEBUG -extern int sgxlkl_trace_mmap; static size_t mmap_max_allocated = 0; // Maximum amount of memory used thus far #endif @@ -139,7 +138,7 @@ void enclave_mman_init(const void* base, size_t num_pages, int _mmap_files) // Base address for range of pages available to mmap calls mmap_base = (char*)mmap_bitmap + (2 * bitmap_req_pages * PAGE_SIZE); - // Set mmap_end to one less page than we normally would to address + // Set mmap_end to one less page than we normally would to address // https://github.com/lsds/sgx-lkl/issues/742 mmap_end = (char*)mmap_base + (mmap_num_pages - 2) * PAGE_SIZE; @@ -194,7 +193,7 @@ void* enclave_mmap( index_top = addr_to_index(addr) - (pages - 1); #if DEBUG - if (sgxlkl_trace_mmap) + if (sgxlkl_enclave_state.config->trace.mmap) replaced_pages = bitmap_count_set_bits( mmap_bitmap, mmap_num_pages, index_top, pages); #endif @@ -296,7 +295,7 @@ void* enclave_mmap( } #if DEBUG - if (sgxlkl_trace_mmap) + if (sgxlkl_enclave_state.config->trace.mmap) { size_t requested = pages * PAGESIZE; size_t total = mmap_num_pages * PAGESIZE; @@ -354,7 +353,7 @@ long enclave_munmap(void* addr, size_t length) ticket_unlock(&mmaplock); #if DEBUG - if (sgxlkl_trace_mmap) + if (sgxlkl_enclave_state.config->trace.mmap) { size_t requested = pages * PAGESIZE; size_t total = mmap_num_pages * PAGESIZE; diff --git a/src/enclave/enclave_oe.c b/src/enclave/enclave_oe.c index 90f7fdc01..ffb26f035 100644 --- a/src/enclave/enclave_oe.c +++ b/src/enclave/enclave_oe.c @@ -1,7 +1,6 @@ #include #include - #include #include #include @@ -13,12 +12,12 @@ #include "enclave/enclave_util.h" #include "enclave/lthread.h" #include "enclave/lthread_int.h" -#include "shared/env.h" #include "shared/timer_dev.h" +#include "shared/util.h" #define AUXV_ENTRIES 13 -char *at_platform = "x86_64"; +char* at_platform = "x86_64"; sgxlkl_enclave_state_t sgxlkl_enclave_state = {0}; bool sgxlkl_in_sw_debug_mode() diff --git a/src/enclave/enclave_signal.c b/src/enclave/enclave_signal.c index a571b56e9..afe57a7e3 100644 --- a/src/enclave/enclave_signal.c +++ b/src/enclave/enclave_signal.c @@ -5,8 +5,8 @@ #include -#include #include +#include #include #include @@ -16,7 +16,6 @@ #include "enclave/enclave_util.h" #include "enclave/lthread.h" #include "enclave/sgxlkl_t.h" -#include "shared/env.h" #define RDTSC_OPCODE 0x310F @@ -151,7 +150,7 @@ static uint64_t sgxlkl_enclave_signal_handler( opcode); #ifdef DEBUG - if (sgxlkl_trace_signal) + if (sgxlkl_enclave_state.config->trace.signal) { sgxlkl_print_backtrace((void*)oe_ctx->rbp); } diff --git a/src/host_interface/virtio_blkdev.c b/src/host_interface/virtio_blkdev.c index e62c15db2..125298892 100644 --- a/src/host_interface/virtio_blkdev.c +++ b/src/host_interface/virtio_blkdev.c @@ -6,7 +6,7 @@ #include #include #include -#include +#include #include #include #include diff --git a/src/host_interface/virtio_console.c b/src/host_interface/virtio_console.c index ccb15486d..21197f8df 100644 --- a/src/host_interface/virtio_console.c +++ b/src/host_interface/virtio_console.c @@ -8,7 +8,7 @@ #include #include #include -#include +#include #include #include #include diff --git a/src/host_interface/virtio_debug.c b/src/host_interface/virtio_debug.c index 6b596ce0c..1fe564802 100644 --- a/src/host_interface/virtio_debug.c +++ b/src/host_interface/virtio_debug.c @@ -1,7 +1,6 @@ #if DEBUG && VIRTIO_TEST_HOOK #include -#include #include /* Virtio debug module enables different debug options for virtio device diff --git a/src/host_interface/virtio_netdev.c b/src/host_interface/virtio_netdev.c index 467d7b766..1dc2c74b8 100644 --- a/src/host_interface/virtio_netdev.c +++ b/src/host_interface/virtio_netdev.c @@ -24,7 +24,7 @@ #include #include #include -#include +#include #include #include #include diff --git a/src/include/enclave/enclave_util.h b/src/include/enclave/enclave_util.h index 05746d386..1074b7216 100644 --- a/src/include/enclave/enclave_util.h +++ b/src/include/enclave/enclave_util.h @@ -113,16 +113,6 @@ uint64_t next_power_of_2(uint64_t n); #include "openenclave/internal/print.h" -extern int sgxlkl_trace_thread; -extern int sgxlkl_trace_mmap; -extern int sgxlkl_trace_signal; -extern int sgxlkl_trace_disk; -extern int sgxlkl_trace_lkl_syscall; -extern int sgxlkl_trace_internal_syscall; -extern int sgxlkl_trace_ignored_syscall; -extern int sgxlkl_trace_unsupported_syscall; -extern int sgxlkl_trace_redirect_syscall; - #define SGXLKL_ASSERT(EXPR) \ do \ { \ @@ -149,21 +139,22 @@ extern int sgxlkl_trace_redirect_syscall; oe_host_printf(x, ##__VA_ARGS__); \ } #define SGXLKL_TRACE_THREAD(x, ...) \ - if (sgxlkl_trace_thread) \ + if (sgxlkl_enclave_state.config->trace.thread) \ { \ oe_host_printf("[[ THREAD ]] " x, ##__VA_ARGS__); \ } #define SGXLKL_TRACE_MMAP(x, ...) \ - if (sgxlkl_trace_mmap) \ + if (sgxlkl_enclave_state.config->trace.mmap) \ { \ oe_host_printf("[[ MMAP ]] " x, ##__VA_ARGS__); \ } #define SGXLKL_TRACE_SYSCALL(type, x, ...) \ - if ((sgxlkl_trace_lkl_syscall && type == SGXLKL_LKL_SYSCALL)) \ + if ((sgxlkl_enclave_state.config->trace.lkl_syscall && \ + type == SGXLKL_LKL_SYSCALL)) \ { \ oe_host_printf("[[ LKL SYSC ]] " x, ##__VA_ARGS__); \ } \ - else if ((sgxlkl_trace_internal_syscall && \ + else if ((sgxlkl_enclave_state.config->trace.internal_syscall && \ type == SGXLKL_INTERNAL_SYSCALL)) \ { \ oe_host_printf("[[ INT SYSC ]] " x, ##__VA_ARGS__); \ @@ -184,13 +175,13 @@ extern int sgxlkl_trace_redirect_syscall; } #define SGXLKL_TRACE_SIGNAL(x, ...) \ - if (sgxlkl_trace_signal) \ + if (sgxlkl_enclave_state.config->trace.signal) \ { \ oe_host_printf("[[ SIGNAL ]] " x, ##__VA_ARGS__); \ } #define SGXLKL_TRACE_DISK(x, ...) \ - if (sgxlkl_trace_disk) \ + if (sgxlkl_enclave_state.config->trace.disk) \ { \ oe_host_printf("[[ DISK ]] " x, ##__VA_ARGS__); \ } diff --git a/src/include/shared/env.h b/src/include/host/env.h similarity index 60% rename from src/include/shared/env.h rename to src/include/host/env.h index fd24e1c33..0d7d997fc 100644 --- a/src/include/shared/env.h +++ b/src/include/host/env.h @@ -3,8 +3,6 @@ #include "shared/oe_compat.h" -uint64_t hex_to_int(const char* digits, size_t num_digits); - uint64_t size_str_to_uint64(const char* str, uint64_t def, uint64_t max); void size_uint64_to_str(uint64_t size, char* buf, uint64_t len); @@ -15,14 +13,4 @@ char* getenv_str(const char* var, const char* def); int getenv_bool(const char* var, int def); -uint64_t next_pow2(uint64_t x); - -ssize_t hex_to_bytes(const char* hex, uint8_t** result); - -char* bytes_to_hex( - char* str, - size_t str_size, - const void* data, - size_t data_size); - #endif /* _ENV_H */ \ No newline at end of file diff --git a/src/include/host/sgxlkl_params.h b/src/include/host/sgxlkl_params.h index d50584560..3447021ed 100644 --- a/src/include/host/sgxlkl_params.h +++ b/src/include/host/sgxlkl_params.h @@ -51,7 +51,7 @@ #ifndef SGXLKL_RELEASE /* These environment variables do not have config settings, they are * automatically passed through and imported in the enclave */ -extern const char* sgxlkl_auto_passthrough[12]; +extern const char* sgxlkl_auto_passthrough[1]; #endif #endif /* SGXLKL_PARAMS_H */ diff --git a/src/include/shared/oe_compat.h b/src/include/shared/oe_compat.h index fc6163ea1..2ca0262b1 100644 --- a/src/include/shared/oe_compat.h +++ b/src/include/shared/oe_compat.h @@ -3,8 +3,8 @@ #ifdef SGXLKL_ENCLAVE -/* Rewire some libc functions to oecorelibc equivalents, to avoid dependencies on - * sgx-lkl-musl in SGX-LKL kernel space. */ +/* Rewire some libc functions to oecorelibc equivalents, to avoid dependencies + * on sgx-lkl-musl in SGX-LKL kernel space. */ #include #include @@ -19,6 +19,8 @@ #define strlen oe_strlen #define strcmp oe_strcmp #define strtok_r oe_strtok_r +#define snprintf oe_snprintf +#define strtoul oe_strtoul #else @@ -26,6 +28,7 @@ #include #include #include +#include #include #include diff --git a/src/include/shared/util.h b/src/include/shared/util.h new file mode 100644 index 000000000..f7f7658af --- /dev/null +++ b/src/include/shared/util.h @@ -0,0 +1,19 @@ +#ifndef _SHARED_UTIL_H +#define _SHARED_UTIL_H + +#include +#include + +uint64_t hex_to_int(const char* digits, size_t num_digits); + +uint64_t next_pow2(uint64_t x); + +ssize_t hex_to_bytes(const char* hex, uint8_t** result); + +char* bytes_to_hex( + char* str, + size_t str_size, + const void* data, + size_t data_size); + +#endif \ No newline at end of file diff --git a/src/lkl/lkl_util.c b/src/lkl/lkl_util.c index 04152d127..b2fc5d346 100644 --- a/src/lkl/lkl_util.c +++ b/src/lkl/lkl_util.c @@ -111,19 +111,20 @@ long __sgxlkl_log_syscall( int params_len, ...) { + const sgxlkl_trace_config_t* tcfg = &sgxlkl_enclave_state.config->trace; const char* name = NULL; char errmsg[255] = {0}; - if (!sgxlkl_trace_ignored_syscall && type == SGXLKL_IGNORED_SYSCALL) + if (!tcfg->ignored_syscall && type == SGXLKL_IGNORED_SYSCALL) return res; - if (!sgxlkl_trace_unsupported_syscall && type == SGXLKL_UNSUPPORTED_SYSCALL) + if (!tcfg->unsupported_syscall && type == SGXLKL_UNSUPPORTED_SYSCALL) return res; - if (!sgxlkl_trace_lkl_syscall && type == SGXLKL_LKL_SYSCALL) + if (!tcfg->lkl_syscall && type == SGXLKL_LKL_SYSCALL) return res; - if (!sgxlkl_trace_internal_syscall && type == SGXLKL_INTERNAL_SYSCALL) + if (!tcfg->internal_syscall && type == SGXLKL_INTERNAL_SYSCALL) return res; long params[6] = {0}; diff --git a/src/lkl/setup.c b/src/lkl/setup.c index d7b076e7d..1e94abba3 100644 --- a/src/lkl/setup.c +++ b/src/lkl/setup.c @@ -51,9 +51,9 @@ #include "enclave/sgxlkl_t.h" #include "enclave/wireguard.h" #include "enclave/wireguard_util.h" -#include "shared/env.h" #include "shared/sgxlkl_enclave_config.h" #include "shared/timer_dev.h" +#include "shared/util.h" #include "openenclave/corelibc/oestring.h" @@ -79,15 +79,6 @@ int sethostname(const char*, size_t); -int sgxlkl_trace_lkl_syscall = 0; -int sgxlkl_trace_internal_syscall = 0; -int sgxlkl_trace_ignored_syscall = 0; -int sgxlkl_trace_unsupported_syscall = 0; -int sgxlkl_trace_redirect_syscall = 0; -int sgxlkl_trace_mmap = 0; -int sgxlkl_trace_signal = 0; -int sgxlkl_trace_thread = 0; -int sgxlkl_trace_disk = 0; int sgxlkl_use_host_network = 0; int sgxlkl_mtu = 0; @@ -122,7 +113,6 @@ static void lkl_prepare_rootfs(const char* dirname, int perm) { lkl_sys_chmod(dirname, perm); } - } static void lkl_copy_blkdev_nodes(const char* srcdir, const char* dstdir) @@ -469,15 +459,12 @@ static void* lkl_create_crypto_disk_thread(struct lkl_crypt_device* lkl_cd) // As we generate our own key and don't use a simple "password" we use // the minimal kdf settings possible. - struct crypt_pbkdf_type pbkdf = - { + struct crypt_pbkdf_type pbkdf = { .type = "pbkdf2", .hash = "sha256", .iterations = MIN_LUKS2_ITERATIONS, }; - struct crypt_params_luks2 params = - { - .sector_size = SECTOR_SIZE, + struct crypt_params_luks2 params = {.sector_size = SECTOR_SIZE, .pbkdf = &pbkdf, #ifdef ENABLE_INTEGRITY .integrity = "hmac(sha256)" @@ -646,14 +633,17 @@ static void lkl_mount_disk( disk->key[i] = rand(); } - int lkl_trace_lkl_syscall_bak = sgxlkl_trace_lkl_syscall; - int lkl_trace_internal_syscall_bak = sgxlkl_trace_internal_syscall; + const sgxlkl_trace_config_t* tcfg = &sgxlkl_enclave_state.config->trace; + + const int lkl_trace_lkl_syscall_bak = tcfg->lkl_syscall; + const int lkl_trace_internal_syscall_bak = tcfg->internal_syscall; - if ((sgxlkl_trace_lkl_syscall || sgxlkl_trace_internal_syscall) && + if ((tcfg->lkl_syscall || tcfg->internal_syscall) && (disk->roothash || is_encrypted_cfg(disk))) { - sgxlkl_trace_lkl_syscall = 0; - sgxlkl_trace_internal_syscall = 0; + // Check: const-casts acceptable? + *((bool*)&tcfg->lkl_syscall) = 0; + *((bool*)&tcfg->internal_syscall) = 0; SGXLKL_VERBOSE("Disk encryption/integrity enabled: Temporarily " "disabling tracing to reduce noise.\n"); } @@ -696,13 +686,14 @@ static void lkl_mount_disk( dev_str = dev_str_enc; } - if ((lkl_trace_lkl_syscall_bak && !sgxlkl_trace_lkl_syscall) || - (lkl_trace_internal_syscall_bak && !sgxlkl_trace_internal_syscall)) + if ((lkl_trace_lkl_syscall_bak && !tcfg->lkl_syscall) || + (lkl_trace_internal_syscall_bak && !tcfg->internal_syscall)) { SGXLKL_VERBOSE( "Disk encryption/integrity enabled: Re-enabling tracing.\n"); - sgxlkl_trace_lkl_syscall = lkl_trace_lkl_syscall_bak; - sgxlkl_trace_internal_syscall = lkl_trace_internal_syscall_bak; + // Check: const-casts acceptable? + *((bool*)&tcfg->lkl_syscall) = lkl_trace_lkl_syscall_bak; + *((bool*)&tcfg->internal_syscall) = lkl_trace_internal_syscall_bak; } if (disk->create) @@ -855,7 +846,7 @@ void lkl_mount_disks( const char* cwd) { #ifdef DEBUG - if (sgxlkl_trace_disk) + if (sgxlkl_enclave_state.config->trace.disk) crypt_set_debug_level(CRYPT_LOG_DEBUG); #endif @@ -1203,7 +1194,7 @@ static void* lkl_termination_thread(void* args) SGXLKL_ASSERT(false); } - if (getenv_bool("SGXLKL_PRINT_APP_RUNTIME", 0)) + if (sgxlkl_enclave_state.config->trace.print_app_runtime) { struct timespec endtime, runtime; clock_gettime(CLOCK_MONOTONIC, &endtime); @@ -1385,42 +1376,6 @@ void lkl_start_init() // Provide LKL host ops and virtio block device ops lkl_host_ops = sgxlkl_host_ops; - // TODO Make tracing options configurable via SGX-LKL config file. - if (getenv_bool("SGXLKL_TRACE_SYSCALL", 0)) - { - sgxlkl_trace_lkl_syscall = 1; - sgxlkl_trace_internal_syscall = 1; - sgxlkl_trace_ignored_syscall = 1; - sgxlkl_trace_unsupported_syscall = 1; - } - - if (getenv_bool("SGXLKL_TRACE_LKL_SYSCALL", 0)) - sgxlkl_trace_lkl_syscall = 1; - - if (getenv_bool("SGXLKL_TRACE_INTERNAL_SYSCALL", 0)) - sgxlkl_trace_internal_syscall = 1; - - if (getenv_bool("SGXLKL_TRACE_IGNORED_SYSCALL", 0)) - sgxlkl_trace_ignored_syscall = 1; - - if (getenv_bool("SGXLKL_TRACE_UNSUPPORTED_SYSCALL", 0)) - sgxlkl_trace_unsupported_syscall = 1; - - if (getenv_bool("SGXLKL_TRACE_REDIRECT_SYSCALL", 0)) - sgxlkl_trace_redirect_syscall = 1; - - if (getenv_bool("SGXLKL_TRACE_MMAP", 0)) - sgxlkl_trace_mmap = 1; - - if (getenv_bool("SGXLKL_TRACE_SIGNAL", 0)) - sgxlkl_trace_signal = 1; - - if (getenv_bool("SGXLKL_TRACE_THREAD", 0)) - sgxlkl_trace_thread = 1; - - if (getenv_bool("SGXLKL_TRACE_DISK", 0)) - sgxlkl_trace_disk = 1; - if (cfg->hostnet) sgxlkl_use_host_network = 1; diff --git a/src/lkl/syscall-overrides.c b/src/lkl/syscall-overrides.c index c0146eb81..f4e732c93 100644 --- a/src/lkl/syscall-overrides.c +++ b/src/lkl/syscall-overrides.c @@ -204,7 +204,7 @@ void register_lkl_syscall_overrides() #define LKL_SYSCALL_DEFINE6(name, ...) \ real_syscalls[__lkl__NR##name] = lkl_replace_syscall( \ __lkl__NR##name, (lkl_syscall_handler_t)log##name); - if (sgxlkl_trace_lkl_syscall) + if (sgxlkl_enclave_state.config->trace.lkl_syscall) { #include } @@ -219,7 +219,7 @@ void register_lkl_syscall_overrides() // version that does the tracing and exits, otherwise replace them with a // version that silently returns success. #if SGXLKL_ENABLE_SYSCALL_TRACING - if (sgxlkl_trace_ignored_syscall) + if (sgxlkl_enclave_state.config->trace.ignored_syscall) { #define IGNORED_SYSCALL(name, args) \ lkl_replace_syscall( \ @@ -237,7 +237,7 @@ void register_lkl_syscall_overrides() // a version that does the tracing and exits, otherwise replace them with a // version that silently returns failure. #if SGXLKL_ENABLE_SYSCALL_TRACING - if (sgxlkl_trace_unsupported_syscall) + if (sgxlkl_enclave_state.config->trace.unsupported_syscall) { #define UNSUPPORTED_SYSCALL(name, args) \ lkl_replace_syscall( \ @@ -256,7 +256,8 @@ void register_lkl_syscall_overrides() // These are internal - use the trace versions if we are doing internal // syscall tracing. #if SGXLKL_ENABLE_SYSCALL_TRACING - syscall_register_mem_overrides(sgxlkl_trace_internal_syscall); + syscall_register_mem_overrides( + sgxlkl_enclave_state.config->trace.internal_syscall); #else syscall_register_mem_overrides(false); #endif diff --git a/src/main-oe/env.c b/src/main-oe/env.c new file mode 100644 index 000000000..99430ca1c --- /dev/null +++ b/src/main-oe/env.c @@ -0,0 +1,84 @@ +#include "host/env.h" +#include +#include +#include +#include +#include +#include +#include "shared/util.h" + +uint64_t size_str_to_uint64(const char* str, uint64_t def, uint64_t max) +{ + uint64_t r; + char* endptr; + errno = 0; + r = (uint64_t)strtoull(str, &endptr, 10); + if (r == ULONG_MAX && errno == ERANGE) + { + r = def; + } + int m = 1; + switch (*endptr) + { + case 'G': + case 'g': + m *= 1024; + case 'M': + case 'm': + m *= 1024; + case 'K': + case 'k': + m *= 1024; + default: + break; + } + + // Check for potential overflow + if (r > (ULONG_MAX / m)) + return max; + r *= m; + + return (r > max) ? max : r; +} + +void size_uint64_to_str(uint64_t size, char* buf, uint64_t len) +{ + int i = 0; + double bytes = size; + const char* units[] = {"B", "KB", "MB", "GB", "TB", "PB"}; + while (bytes > 1024.0) + { + bytes /= 1024.0; + i++; + } + snprintf(buf, len, "%.*f %s", i, bytes, units[i]); +} + +uint64_t getenv_uint64(const char* var, uint64_t def, uint64_t max) +{ + char* val; + if (!(val = getenv(var))) + return def; + + return size_str_to_uint64(val, def, max); +} + +char* getenv_str(const char* var, const char* def) +{ + char* val = getenv(var); + // Duplicate default value as it might not be allocated on the heap and to + // make API consistent, i.e. the memory pointed to by the return value + // should be freeable. + return (val != NULL) ? strdup(val) : ((def != NULL) ? strdup(def) : NULL); +} + +int getenv_bool(const char* var, int def) +{ + char* val = getenv(var); + if (val == NULL) + return def; + if (def) + return (strncmp(val, "0", 1) != 0); + else + return (strncmp(val, "1", 1) == 0); +} diff --git a/src/main-oe/serialize_enclave_config.c b/src/main-oe/serialize_enclave_config.c index 2943c2913..d39cb4d40 100644 --- a/src/main-oe/serialize_enclave_config.c +++ b/src/main-oe/serialize_enclave_config.c @@ -5,9 +5,10 @@ #include #include "enclave/wireguard.h" +#include "host/env.h" #include "host/sgxlkl_util.h" -#include "shared/env.h" #include "shared/sgxlkl_enclave_config.h" +#include "shared/util.h" #include "host/serialize_enclave_config.h" @@ -268,6 +269,70 @@ static json_obj_t* encode_io(char* key, const sgxlkl_io_config_t* io) return r; } +#ifndef SGXLKL_RELEASE +static bool get_config_env( + const char* name, + const sgxlkl_enclave_config_t* config) +{ + size_t name_len = strlen(name); + for (size_t i = 0; i < config->num_env; i++) + { + const char* setting = config->env[i]; + if (strncmp(name, setting, name_len) == 0 && setting[name_len] == '=') + return strcmp(setting + name_len, "1") == 0; + } + for (size_t i = 0; i < config->num_host_import_env; i++) + { + const char* import_name = config->host_import_env[i]; + if (strncmp(name, import_name, name_len) == 0) + return getenv_bool(name, 0); + } + return false; +} + +static json_obj_t* encode_tracing_options( + char* key, + const sgxlkl_enclave_config_t* config) +{ + _Static_assert( + sizeof(sgxlkl_trace_config_t) == 11, + "sgxlkl_trace_config_t size has changed"); + + json_obj_t* r = create_json_objects(key, 10); + r->objects[0] = encode_boolean( + "print_app_runtime", + get_config_env("SGXLKL_PRINT_APP_RUNTIME", config)); + r->objects[1] = encode_boolean( + "syscall", + ((get_config_env("SGXLKL_TRACE_SYSCALL", config) || + get_config_env("SGXLKL_TRACE_LKL_SYSCALL", config)))); + r->objects[2] = encode_boolean( + "internal_syscall", + ((get_config_env("SGXLKL_TRACE_SYSCALL", config) || + get_config_env("SGXLKL_TRACE_INTERNAL_SYSCALL", config)))); + r->objects[3] = encode_boolean( + "ignored_syscall", + ((get_config_env("SGXLKL_TRACE_SYSCALL", config) || + get_config_env("SGXLKL_TRACE_IGNORED_SYSCALL", config)))); + r->objects[4] = encode_boolean( + "unsupported_syscall", + ((get_config_env("SGXLKL_TRACE_SYSCALL", config) || + get_config_env("SGXLKL_TRACE_UNSUPPORTED_SYSCALL", config)))); + r->objects[5] = encode_boolean( + "redirect_syscall", + get_config_env("SGXLKL_TRACE_REDIRECT_SYSCALL", config)); + r->objects[6] = + encode_boolean("mmap", get_config_env("SGXLKL_TRACE_MMAP", config)); + r->objects[7] = + encode_boolean("signal", get_config_env("SGXLKL_TRACE_SIGNAL", config)); + r->objects[8] = + encode_boolean("thread", get_config_env("SGXLKL_TRACE_THREAD", config)); + r->objects[9] = + encode_boolean("disk", get_config_env("SGXLKL_TRACE_DISK", config)); + return r; +} +#endif + static void print_to_buffer( char** buffer, size_t* buffer_size, @@ -449,7 +514,7 @@ void serialize_enclave_config( // Catch modifications to sgxlkl_enclave_config_t early. If this fails, // the code above/below needs adjusting for the added/removed settings. _Static_assert( - sizeof(sgxlkl_enclave_config_t) == 464, + sizeof(sgxlkl_enclave_config_t) == 472, "sgxlkl_enclave_config_t size has changed"); #define FPFBOOL(N) root->objects[cnt++] = encode_boolean(#N, config->N) @@ -514,6 +579,10 @@ void serialize_enclave_config( root->objects[cnt++] = encode_io("io", &config->io); +#ifndef SGXLKL_RELEASE + root->objects[cnt++] = encode_tracing_options("trace", config); +#endif + root->size = cnt; sort_json(root); diff --git a/src/main-oe/sgxlkl_host_config.c b/src/main-oe/sgxlkl_host_config.c index e3f1b1d23..ab63b9752 100644 --- a/src/main-oe/sgxlkl_host_config.c +++ b/src/main-oe/sgxlkl_host_config.c @@ -8,10 +8,10 @@ #include +#include "host/env.h" #include "host/sgxlkl_host_config.h" #include "host/sgxlkl_params.h" #include "host/sgxlkl_util.h" -#include "shared/env.h" #define FAIL sgxlkl_host_fail diff --git a/src/main-oe/sgxlkl_params.c b/src/main-oe/sgxlkl_params.c index 246e17d7a..14c3a2428 100644 --- a/src/main-oe/sgxlkl_params.c +++ b/src/main-oe/sgxlkl_params.c @@ -1,14 +1,3 @@ #include "host/sgxlkl_params.h" -const char* sgxlkl_auto_passthrough[12] = {"SGXLKL_DEBUGMOUNT", - "SGXLKL_PRINT_APP_RUNTIME", - "SGXLKL_TRACE_HOST_SYSCALL", - "SGXLKL_TRACE_INTERNAL_SYSCALL", - "SGXLKL_TRACE_LKL_SYSCALL", - "SGXLKL_TRACE_IGNORED_SYSCALL", - "SGXLKL_TRACE_UNSUPPORTED_SYSCALL", - "SGXLKL_TRACE_REDIRECT_SYSCALL", - "SGXLKL_TRACE_MMAP", - "SGXLKL_TRACE_SYSCALL", - "SGXLKL_TRACE_THREAD", - "SGXLKL_TRACE_SIGNAL"}; \ No newline at end of file +const char* sgxlkl_auto_passthrough[1] = {"SGXLKL_DEBUGMOUNT"}; \ No newline at end of file diff --git a/src/main-oe/sgxlkl_run_oe.c b/src/main-oe/sgxlkl_run_oe.c index d38414fad..0c2d89dad 100644 --- a/src/main-oe/sgxlkl_run_oe.c +++ b/src/main-oe/sgxlkl_run_oe.c @@ -28,13 +28,13 @@ #include #include +#include "host/env.h" #include "host/host_state.h" #include "host/serialize_enclave_config.h" #include "host/sgxlkl_host_config.h" #include "host/sgxlkl_params.h" #include "host/sgxlkl_util.h" #include "host/vio_host_event_channel.h" -#include "shared/env.h" #include "shared/sgxlkl_enclave_config.h" #include "lkl/linux/virtio_net.h" diff --git a/src/shared/sgxlkl_enclave_config.c b/src/shared/sgxlkl_enclave_config.c index df49bfea4..f751d87e3 100644 --- a/src/shared/sgxlkl_enclave_config.c +++ b/src/shared/sgxlkl_enclave_config.c @@ -10,9 +10,9 @@ #include #include -#include #include #include +#include #define CHECKMEM(C) \ if (!C) \ @@ -431,6 +431,21 @@ static json_result_t json_read_callback( JBOOL("io.block", io->block); JBOOL("io.network", io->network); +#ifndef SGXLKL_RELEASE + sgxlkl_trace_config_t* trace = &cfg->trace; + JBOOL("trace.print_app_runtime", trace->print_app_runtime); + JBOOL("trace.mmap", trace->mmap); + JBOOL("trace.signal", trace->signal); + JBOOL("trace.thread", trace->thread); + JBOOL("trace.disk", trace->disk); + JBOOL("trace.syscall", trace->syscall); + JBOOL("trace.lkl_syscall", trace->lkl_syscall); + JBOOL("trace.internal_syscall", trace->internal_syscall); + JBOOL("trace.ignored_syscall", trace->ignored_syscall); + JBOOL("trace.unsupported_syscall", trace->unsupported_syscall); + JBOOL("trace.redirect_syscall", trace->redirect_syscall); +#endif + FAIL( "Invalid unknown json element '%s'; refusing to run with this " "enclave config.\n", @@ -481,7 +496,7 @@ void sgxlkl_read_enclave_config( // Catch modifications to sgxlkl_enclave_config_t early. If this fails, // the code above/below needs adjusting for the added/removed settings. _Static_assert( - sizeof(sgxlkl_enclave_config_t) == 464, + sizeof(sgxlkl_enclave_config_t) == 472, "sgxlkl_enclave_config_t size has changed"); if (!from) diff --git a/src/shared/env.c b/src/shared/util.c similarity index 50% rename from src/shared/env.c rename to src/shared/util.c index 75203309e..0e4143faa 100644 --- a/src/shared/env.c +++ b/src/shared/util.c @@ -1,10 +1,9 @@ +#ifndef SGXLKL_ENCLAVE #include -#include -#include -#include -#include -#include -#include "shared/env.h" +#endif + +#include +#include uint64_t hex_to_int(const char* digits, size_t num_digits) { @@ -23,82 +22,6 @@ uint64_t hex_to_int(const char* digits, size_t num_digits) return r; } -uint64_t size_str_to_uint64(const char* str, uint64_t def, uint64_t max) -{ - uint64_t r; - char* endptr; - errno = 0; - r = (uint64_t)strtoull(str, &endptr, 10); - if (r == ULONG_MAX && errno == ERANGE) - { - r = def; - } - int m = 1; - switch (*endptr) - { - case 'G': - case 'g': - m *= 1024; - case 'M': - case 'm': - m *= 1024; - case 'K': - case 'k': - m *= 1024; - default: - break; - } - - // Check for potential overflow - if (r > (ULONG_MAX / m)) - return max; - r *= m; - - return (r > max) ? max : r; -} - -void size_uint64_to_str(uint64_t size, char* buf, uint64_t len) -{ - int i = 0; - double bytes = size; - const char* units[] = {"B", "KB", "MB", "GB", "TB", "PB"}; - while (bytes > 1024.0) - { - bytes /= 1024.0; - i++; - } - snprintf(buf, len, "%.*f %s", i, bytes, units[i]); -} - -uint64_t getenv_uint64(const char* var, uint64_t def, uint64_t max) -{ - char* val; - if (!(val = getenv(var))) - return def; - - return size_str_to_uint64(val, def, max); -} - -char* getenv_str(const char* var, const char* def) -{ - char* val = getenv(var); - // Duplicate default value as it might not be allocated on the heap and to - // make API consistent, i.e. the memory pointed to by the return value - // should be freeable. - return (val != NULL) ? strdup(val) : ((def != NULL) ? strdup(def) : NULL); -} - -int getenv_bool(const char* var, int def) -{ - char* val = getenv(var); - if (val == NULL) - return def; - if (def) - return (strncmp(val, "0", 1) != 0); - else - return (strncmp(val, "1", 1) == 0); -} - uint64_t next_pow2(uint64_t x) { uint64_t n = 1; @@ -122,10 +45,12 @@ ssize_t hex_to_bytes(const char* hex, uint8_t** result) } len /= 2; - bytes = malloc(2*len); + bytes = malloc(2 * len); if (!bytes) { +#ifndef SGXLKL_ENCLAVE errno = ENOMEM; +#endif return -1; } @@ -137,7 +62,9 @@ ssize_t hex_to_bytes(const char* hex, uint8_t** result) if (endp != &buf[2]) { free(bytes); +#ifndef SGXLKL_ENCLAVE errno = EINVAL; +#endif return -1; } hex++; @@ -152,7 +79,9 @@ ssize_t hex_to_bytes(const char* hex, uint8_t** result) if (endp != &buf[2]) { free(bytes); +#ifndef SGXLKL_ENCLAVE errno = EINVAL; +#endif return -1; } } @@ -186,4 +115,4 @@ char* bytes_to_hex( *s = '\0'; return str; -} +} \ No newline at end of file diff --git a/tests/basic/eeid-config/Makefile b/tests/basic/eeid-config/Makefile index 7efc8772f..e076f4d56 100644 --- a/tests/basic/eeid-config/Makefile +++ b/tests/basic/eeid-config/Makefile @@ -25,14 +25,16 @@ run: run-hw run-gdb: run-hw-gdb +CONFIGS=--host-config host-config.json --enclave-config enclave_config.json + run-hw: ${SGXLKL_ROOTFS} - $(SGXLKL_ENV) $(SGXLKL_STARTER) $(SGXLKL_HW_PARAMS) --enclave-config enclave_config.json $(SGXLKL_ROOTFS) + $(SGXLKL_ENV) $(SGXLKL_STARTER) $(SGXLKL_HW_PARAMS) $(CONFIGS) $(SGXLKL_ROOTFS) run-hw-gdb: ${SGXLKL_ROOTFS} - $(SGXLKL_ENV) $(SGXLKL_GDB) --args $(SGXLKL_STARTER) $(SGXLKL_HW_PARAMS) --enclave-config enclave_config.json $(SGXLKL_ROOTFS) + $(SGXLKL_ENV) $(SGXLKL_GDB) --args $(SGXLKL_STARTER) $(SGXLKL_HW_PARAMS) $(CONFIGS) $(SGXLKL_ROOTFS) run-sw: ${SGXLKL_ROOTFS} - $(SGXLKL_ENV) $(SGXLKL_STARTER) $(SGXLKL_SW_PARAMS) --enclave-config enclave_config.json $(SGXLKL_ROOTFS) + $(SGXLKL_ENV) $(SGXLKL_STARTER) $(SGXLKL_SW_PARAMS) $(CONFIGS) $(SGXLKL_ROOTFS) clean: rm -f $(SGXLKL_ROOTFS) $(PROG) diff --git a/tests/basic/eeid-config/host-config.json b/tests/basic/eeid-config/host-config.json new file mode 100644 index 000000000..d7c094d85 --- /dev/null +++ b/tests/basic/eeid-config/host-config.json @@ -0,0 +1,5 @@ +{ + "root": { + "image_path": "sgx-lkl-rootfs.img" + } +} \ No newline at end of file diff --git a/tools/schemas/enclave-config.schema.json b/tools/schemas/enclave-config.schema.json index 3be375a95..59c6d8eeb 100644 --- a/tools/schemas/enclave-config.schema.json +++ b/tools/schemas/enclave-config.schema.json @@ -314,6 +314,66 @@ } } }, + "sgxlkl_trace_config_t": { + "type": "object", + "properties": { + "print_app_runtime": { + "type": "boolean", + "description": "Print total runtime of the application excluding the enclave and SGX-LKL startup/shutdown time.", + "default": false + }, + "mmap": { + "type": "boolean", + "description": "Trace in-enclave mmap/munmap operations.", + "default": false + }, + "signal": { + "type": "boolean", + "description": "Trace signal handling.", + "default": false + }, + "thread": { + "type": "boolean", + "description": "Trace in-enclave user level thread scheduling.", + "default": false + }, + "disk": { + "type": "boolean", + "description": "Trace in-enclave disk setup.", + "default": false + }, + "syscall": { + "type": "boolean", + "description": "Trace all system calls.", + "default": false + }, + "lkl_syscall": { + "type": "boolean", + "description": "Trace in-enclave system calls handled by LKL.", + "default": false + }, + "internal_syscall": { + "type": "boolean", + "description": "Trace in-enclave system calls not handled by LKL (in particular mmap/mremap/munmap and futex).", + "default": false + }, + "ignored_syscall": { + "type": "boolean", + "description": "Trace ignored system calls.", + "default": false + }, + "unsupported_syscall": { + "type": "boolean", + "description": "Trace unsupported system calls.", + "default": false + }, + "redirect_syscall": { + "type": "boolean", + "description": "Trace redirected system calls.", + "default": false + } + } + }, "sgxlkl_enclave_config_t": { "type": "object", "properties": { @@ -541,10 +601,14 @@ "io": { "$ref": "#/definitions/sgxlkl_io_config_t", "description": "I/O configuration." + }, + "trace": { + "$ref": "#/definitions/sgxlkl_trace_config_t", + "description": "Tracing configuration (debug only)." } } } }, "$ref": "#/definitions/sgxlkl_enclave_config_t", "description": "SGX-LKL enclave configuration." -} +} \ No newline at end of file