From 28ece2d14b3cc0393435aa6359f5fe4a77dfee22 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Sun, 19 Jul 2020 15:44:50 +0000 Subject: [PATCH 01/22] Fix dependency in Makefile for Java sample --- samples/languages/java/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/samples/languages/java/Makefile b/samples/languages/java/Makefile index b2c30736b..2232e5d0f 100644 --- a/samples/languages/java/Makefile +++ b/samples/languages/java/Makefile @@ -34,10 +34,10 @@ $(DISK_IMAGE): $(PROG) run: run-hw -run-hw: $(ROOT_FS) +run-hw: $(DISK_IMG) @echo "sgx-lkl-java --hw-debug ${DISK_IMAGE} HelloWorld" @${SGXLKL_ENV} ${SGXLKL_JAVA_RUN} --hw-debug ${DISK_IMAGE} HelloWorld -run-sw: $(ROOT_FS) +run-sw: $(DISK_IMG) @echo "sgx-lkl-java --sw-debug ${DISK_IMAGE} HelloWorld" @${SGXLKL_ENV} ${SGXLKL_JAVA_RUN} --sw-debug ${DISK_IMAGE} HelloWorld From 2c6ee45bc1e607d7b39f2ca68fae46679bb842f6 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Sun, 19 Jul 2020 15:45:22 +0000 Subject: [PATCH 02/22] Output thread struct address in backtraces --- src/sched/lthread.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sched/lthread.c b/src/sched/lthread.c index f968d072e..28eeb4f38 100644 --- a/src/sched/lthread.c +++ b/src/sched/lthread.c @@ -1102,7 +1102,7 @@ void lthread_dump_all_threads(void) int tid = lt->tid; char* funcname = lt->funcname; sgxlkl_info("-------------------------------------------------------------\n"); - sgxlkl_info("%s%i: tid=%i [%s]\n", lt == lthread_self() ? "*" : "", i, tid, funcname); + sgxlkl_info("%s%i: tid=%i (%p) [%s]\n", lt == lthread_self() ? "*" : "", i, tid, lt, funcname); sgxlkl_print_backtrace(lt == lthread_self() ? __builtin_frame_address(0) : lt->ctx.ebp); lt_queue = lt_queue->next; From adb6119ac6d6664a38e79dfbd5b52d670324ae21 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Sun, 19 Jul 2020 15:46:06 +0000 Subject: [PATCH 03/22] Move dumping of mount table to correct location --- src/lkl/setup.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lkl/setup.c b/src/lkl/setup.c index 75525a584..3943d4afc 100644 --- a/src/lkl/setup.c +++ b/src/lkl/setup.c @@ -1320,10 +1320,6 @@ static void* lkl_termination_thread(void* args) } } -#ifdef DEBUG - display_mount_table(); -#endif - /* Unmount root. * We are calling umount with the MNT_DETACH flag for the root * file system, otherwise the call fails to unmount the file @@ -1336,6 +1332,10 @@ static void* lkl_termination_thread(void* args) if (res < 0) sgxlkl_warn("Could not unmount root disk, %s\n", lkl_strerror(res)); +#ifdef DEBUG + display_mount_table(); +#endif + SGXLKL_VERBOSE("calling lkl_virtio_netdev_remove()\n"); lkl_virtio_netdev_remove(); From 1d3b40826ab46c5e9e96e194892e992979ffe642 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Sun, 19 Jul 2020 17:10:45 +0000 Subject: [PATCH 04/22] Add Java DaCapo benchmark sample --- .../java/dacapo-benchmark/Dockerfile | 7 ++++ .../languages/java/dacapo-benchmark/README.md | 38 +++++++++++++++++++ .../java-dacapo-enclave_config.json | 24 ++++++++++++ .../java-dacapo-host_config.json | 6 +++ .../languages/java/{ => helloworld}/Makefile | 0 .../languages/java/{ => helloworld}/README.md | 0 .../java/{ => helloworld}/app/HelloWorld.java | 0 7 files changed, 75 insertions(+) create mode 100644 samples/languages/java/dacapo-benchmark/Dockerfile create mode 100644 samples/languages/java/dacapo-benchmark/README.md create mode 100644 samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json create mode 100644 samples/languages/java/dacapo-benchmark/java-dacapo-host_config.json rename samples/languages/java/{ => helloworld}/Makefile (100%) rename samples/languages/java/{ => helloworld}/README.md (100%) rename samples/languages/java/{ => helloworld}/app/HelloWorld.java (100%) diff --git a/samples/languages/java/dacapo-benchmark/Dockerfile b/samples/languages/java/dacapo-benchmark/Dockerfile new file mode 100644 index 000000000..888539efd --- /dev/null +++ b/samples/languages/java/dacapo-benchmark/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine:3.10 + +RUN apk add --no-cache \ + wget openjdk8-jre + +RUN mkdir /dacapo \ + && wget "https://sourceforge.net/projects/dacapobench/files/latest/download" -O /dacapo/dacapo-9.12-MR1-bach.jar diff --git a/samples/languages/java/dacapo-benchmark/README.md b/samples/languages/java/dacapo-benchmark/README.md new file mode 100644 index 000000000..b3127f906 --- /dev/null +++ b/samples/languages/java/dacapo-benchmark/README.md @@ -0,0 +1,38 @@ +Running the Java DaCapo benchmark suite with SGX-LKL +==================================================== + +**Note that this is work-in-progress.** + +1. Build a Docker container with the DaCapo benchmark jar: +``` +$ docker build -t java-dacapo . +``` + +2. Convert the container to an SGX-LKL root file system image: +``` +$ sgx-lkl-disk create --docker=java-dacapo --size=500M java-dacapo.img +``` + +3. Edit `java-dacapo-enclave_config.json` to choose which benchmark to run. The full list of benchmarks is: +``` +avrora batik eclipse fop h2 jython luindex lusearch lusearch-fix pmd sunflow tomcat tradebeans tradesoap xalan +``` + +By default, the benchmark `avrora` is run. The enclave size is chosen to be a generous 8 GiB. + +4. Run the benchmark with SGX-LKL: +``` +$ SGXLKL_MMAP_FILES=Shared sgx-lkl-run-oe --sw-debug --host-config=java-dacapo-host_config.json --enclave-config=java-dacapo-enclave_config.json +``` + +Notes +----- + +- Currently the follwing benchmarks are passing/failing: + + - PASSING: avrora fop h2 (sw only) luindex (sw only) pmd (sw only) sunflow xalan (sw only) + - FAILING: batik (headless JRE?) eclipse (headless JRE?) jython lusearch-fix tomcat (networking issue) tradebeans (networking issue) tradesoap (networking issue) + +- When running multiple benchmarks in sequence, ensure that the root file system image has not been corrupted after a failed benchmark runs. + +- You can add `-verbose:gc` to the java parameters to output GC activity. diff --git a/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json b/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json new file mode 100644 index 000000000..af3f80adf --- /dev/null +++ b/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json @@ -0,0 +1,24 @@ +{ + "args": [ + "/usr/bin/java", + "-Xms2000k" + "-XX:InitialCodeCacheSize=2000k", + "-XX:ReservedCodeCacheSize=4000K", + "-XX:CompressedClassSpaceSize=4000K", + "-XX:+UseCompressedClassPointers", + "-XX:+PerfDisableSharedMem", + "-XX:+UseMembar", + "-Dsun.zip.disableMemoryMapping=true", + "-jar", + "/dacapo/dacapo-9.12-MR1-bach.jar", + "xalan" + ], + "env": [ + "LD_LIBRARY_PATH=/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/server:/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64:/usr/lib/jvm/java-1.8-openjdk/jre/../lib/amd64:/usr/lib/jvm/java-1.8-openjdk/lib/amd64/jli" + ], + "ethreads": "8", + "image_sizes": { + "num_heap_pages": 2097152 + }, + "verbose": true +} \ No newline at end of file diff --git a/samples/languages/java/dacapo-benchmark/java-dacapo-host_config.json b/samples/languages/java/dacapo-benchmark/java-dacapo-host_config.json new file mode 100644 index 000000000..050ca70c4 --- /dev/null +++ b/samples/languages/java/dacapo-benchmark/java-dacapo-host_config.json @@ -0,0 +1,6 @@ +{ + "verbose": true, + "root": { + "image_path": "java-dacapo.img" + } +} \ No newline at end of file diff --git a/samples/languages/java/Makefile b/samples/languages/java/helloworld/Makefile similarity index 100% rename from samples/languages/java/Makefile rename to samples/languages/java/helloworld/Makefile diff --git a/samples/languages/java/README.md b/samples/languages/java/helloworld/README.md similarity index 100% rename from samples/languages/java/README.md rename to samples/languages/java/helloworld/README.md diff --git a/samples/languages/java/app/HelloWorld.java b/samples/languages/java/helloworld/app/HelloWorld.java similarity index 100% rename from samples/languages/java/app/HelloWorld.java rename to samples/languages/java/helloworld/app/HelloWorld.java From 6b4ce95211ff9367bc9cc875b59d0937c9996ea5 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Sun, 19 Jul 2020 17:17:24 +0000 Subject: [PATCH 05/22] Run first DaCapo benchmark by default --- .../java/dacapo-benchmark/java-dacapo-enclave_config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json b/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json index af3f80adf..7a787dec6 100644 --- a/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json +++ b/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json @@ -11,7 +11,7 @@ "-Dsun.zip.disableMemoryMapping=true", "-jar", "/dacapo/dacapo-9.12-MR1-bach.jar", - "xalan" + "avrora" ], "env": [ "LD_LIBRARY_PATH=/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/server:/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64:/usr/lib/jvm/java-1.8-openjdk/jre/../lib/amd64:/usr/lib/jvm/java-1.8-openjdk/lib/amd64/jli" From f5f5d04c3dc4821d200baee3794547383d89b0e6 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Sun, 19 Jul 2020 19:25:24 +0000 Subject: [PATCH 06/22] Debugging DaCapo benchmark h2 --- samples/languages/java/dacapo-benchmark/Dockerfile | 2 +- .../java/dacapo-benchmark/java-dacapo-enclave_config.json | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/samples/languages/java/dacapo-benchmark/Dockerfile b/samples/languages/java/dacapo-benchmark/Dockerfile index 888539efd..68ff4fbc8 100644 --- a/samples/languages/java/dacapo-benchmark/Dockerfile +++ b/samples/languages/java/dacapo-benchmark/Dockerfile @@ -1,7 +1,7 @@ FROM alpine:3.10 RUN apk add --no-cache \ - wget openjdk8-jre + wget openjdk8-dbg RUN mkdir /dacapo \ && wget "https://sourceforge.net/projects/dacapobench/files/latest/download" -O /dacapo/dacapo-9.12-MR1-bach.jar diff --git a/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json b/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json index 7a787dec6..c129c8b82 100644 --- a/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json +++ b/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json @@ -11,14 +11,14 @@ "-Dsun.zip.disableMemoryMapping=true", "-jar", "/dacapo/dacapo-9.12-MR1-bach.jar", - "avrora" + "h2" ], "env": [ "LD_LIBRARY_PATH=/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/server:/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64:/usr/lib/jvm/java-1.8-openjdk/jre/../lib/amd64:/usr/lib/jvm/java-1.8-openjdk/lib/amd64/jli" ], - "ethreads": "8", + "ethreads": "4", "image_sizes": { - "num_heap_pages": 2097152 + "num_heap_pages": 262144 }, "verbose": true } \ No newline at end of file From 7368de33bbe198698821ce04c670e5123401c5a0 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Wed, 22 Jul 2020 20:48:38 +0000 Subject: [PATCH 07/22] Fix bug to correctly report segfault address in signal handler --- .gitmodules | 2 +- openenclave | 2 +- src/enclave/enclave_signal.c | 23 +++++++++++++++++++---- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/.gitmodules b/.gitmodules index 92f007d4e..5b1f0beb6 100644 --- a/.gitmodules +++ b/.gitmodules @@ -11,5 +11,5 @@ branch = oe_port [submodule "openenclave"] path = openenclave - url = https://github.com/openenclave/openenclave.git + url = https://github.com/lsds/openenclave.git branch = feature/sgx-lkl-support diff --git a/openenclave b/openenclave index 5d7f968ed..6554471aa 160000 --- a/openenclave +++ b/openenclave @@ -1 +1 @@ -Subproject commit 5d7f968ed0e608314cba97e0fef4094a2838da7c +Subproject commit 6554471aa423f1b097ce4a7514fac39a245f275f diff --git a/src/enclave/enclave_signal.c b/src/enclave/enclave_signal.c index a571b56e9..566f171bc 100644 --- a/src/enclave/enclave_signal.c +++ b/src/enclave/enclave_signal.c @@ -130,9 +130,10 @@ static uint64_t sgxlkl_enclave_signal_handler( { SGXLKL_TRACE_SIGNAL( "Exception SIGILL (illegal instruction) received (code=%d " - "address=0x%lx opcode=0x%x)\n", + "address=0x%lx rip=0x%lx opcode=0x%x)\n", exception_record->code, exception_record->address, + exception_record->context->rip, opcode); _sgxlkl_illegal_instr_hook(opcode, exception_record->context); @@ -144,10 +145,12 @@ static uint64_t sgxlkl_enclave_signal_handler( if (ret != -1) { SGXLKL_TRACE_SIGNAL( - "Exception %s received (code=%d address=0x%lx opcode=0x%x)\n", + "Exception %s received (code=%d address=0x%lx rip=0x%lx " + "opcode=0x%x)\n", trap_info.description, exception_record->code, exception_record->address, + exception_record->context->rip, opcode); #ifdef DEBUG @@ -180,13 +183,14 @@ static uint64_t sgxlkl_enclave_signal_handler( "Exception %s received before LKL initialisation/after LKL " "shutdown (lt->tid=%i [%s] " "code=%i " - "addr=0x%lx opcode=0x%x " + "addr=0x%lx rip=0x%lx opcode=0x%x " "ret=%i)\n", trap_info.description, lt ? lt->tid : -1, lt ? lt->funcname : "(?)", exception_record->code, (void*)exception_record->address, + exception_record->context->rip, opcode, ret); } @@ -196,7 +200,18 @@ static uint64_t sgxlkl_enclave_signal_handler( info.si_errno = 0; info.si_code = exception_record->code; - info.si_addr = (void*)exception_record->address; + + // Return faulting address for segfaults. This code should be + // generalised to handle all types of exceptions. + if (exception_record->code == OE_EXCEPTION_PAGE_FAULT) + { + info.si_addr = (void*)exception_record->address; + } + else + { + info.si_addr = (void*)exception_record->context->rip; + } + info.si_signo = trap_info.signo; /** From d5d745ee43ba4ee63ce21d40a2589da68e97c53b Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Wed, 22 Jul 2020 20:49:41 +0000 Subject: [PATCH 08/22] Improve mmap logging --- src/enclave/enclave_mem.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/enclave/enclave_mem.c b/src/enclave/enclave_mem.c index c5b31d034..73faba78d 100644 --- a/src/enclave/enclave_mem.c +++ b/src/enclave/enclave_mem.c @@ -415,13 +415,15 @@ void* enclave_mmap( char* rv = ret == MAP_FAILED ? " (FAILED)" : ""; SGXLKL_TRACE_MMAP( "mmap stats: TOTAL: %8zuKB, USED: %8zuKB, MAX USED: %8zuKB, FREE: " - "%8zuKB, ALLOCATED: %6zuKB (addr = %p, ret = %p) %s%s\n", + "%8zuKB, ALLOCATED: %6zuKB (addr=%p len=%lu prot=%i ret=%p) %s%s\n", total / 1024, used / 1024, mmap_max_allocated / 1024, free / 1024, requested / 1024, addr, + length, + prot, ret, mfixed, rv); @@ -468,13 +470,14 @@ int enclave_munmap(void* addr, size_t length) size_t used = total - free; SGXLKL_TRACE_MMAP( "munmap stats: TOTAL: %8zuKB, USED: %8zuKB, MAX USED: %8zuKB, " - "FREE: %8zuKB, FREED: %6zuKB (addr = %p)\n", + "FREE: %8zuKB, FREED: %6zuKB (addr=%p len=%lu)\n", total / 1024, used / 1024, mmap_max_allocated / 1024, free / 1024, requested / 1024, - addr); + addr, + length); } #endif From fbaa03c1202791c36b7dfaf0fdf5124bef8fa8f2 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Wed, 22 Jul 2020 20:50:42 +0000 Subject: [PATCH 09/22] Pass through SGXLKL_TRACE_SIGNAL correctly --- src/include/host/sgxlkl_params.h | 2 +- src/main-oe/sgxlkl_params.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/include/host/sgxlkl_params.h b/src/include/host/sgxlkl_params.h index f07679734..d50584560 100644 --- a/src/include/host/sgxlkl_params.h +++ b/src/include/host/sgxlkl_params.h @@ -51,7 +51,7 @@ #ifndef SGXLKL_RELEASE /* These environment variables do not have config settings, they are * automatically passed through and imported in the enclave */ -extern const char* sgxlkl_auto_passthrough[11]; +extern const char* sgxlkl_auto_passthrough[12]; #endif #endif /* SGXLKL_PARAMS_H */ diff --git a/src/main-oe/sgxlkl_params.c b/src/main-oe/sgxlkl_params.c index a9175ddf5..246e17d7a 100644 --- a/src/main-oe/sgxlkl_params.c +++ b/src/main-oe/sgxlkl_params.c @@ -1,6 +1,6 @@ #include "host/sgxlkl_params.h" -const char* sgxlkl_auto_passthrough[11] = {"SGXLKL_DEBUGMOUNT", +const char* sgxlkl_auto_passthrough[12] = {"SGXLKL_DEBUGMOUNT", "SGXLKL_PRINT_APP_RUNTIME", "SGXLKL_TRACE_HOST_SYSCALL", "SGXLKL_TRACE_INTERNAL_SYSCALL", @@ -10,4 +10,5 @@ const char* sgxlkl_auto_passthrough[11] = {"SGXLKL_DEBUGMOUNT", "SGXLKL_TRACE_REDIRECT_SYSCALL", "SGXLKL_TRACE_MMAP", "SGXLKL_TRACE_SYSCALL", - "SGXLKL_TRACE_THREAD"}; \ No newline at end of file + "SGXLKL_TRACE_THREAD", + "SGXLKL_TRACE_SIGNAL"}; \ No newline at end of file From 18d3f1ce28165455a1650bcb8ad96a235cdd41a8 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Wed, 22 Jul 2020 20:51:29 +0000 Subject: [PATCH 10/22] Update Java DaCapo benchmark sample --- .../java/dacapo-benchmark/Dockerfile | 2 +- .../languages/java/dacapo-benchmark/README.md | 20 +++++++++++----- .../java-dacapo-enclave_config.json | 23 ++++++++++++------- .../java-dacapo-host_config.json | 5 +++- 4 files changed, 34 insertions(+), 16 deletions(-) diff --git a/samples/languages/java/dacapo-benchmark/Dockerfile b/samples/languages/java/dacapo-benchmark/Dockerfile index 68ff4fbc8..aa3d3ccf9 100644 --- a/samples/languages/java/dacapo-benchmark/Dockerfile +++ b/samples/languages/java/dacapo-benchmark/Dockerfile @@ -1,7 +1,7 @@ FROM alpine:3.10 RUN apk add --no-cache \ - wget openjdk8-dbg + wget fontconfig ttf-dejavu openjdk8-jre RUN mkdir /dacapo \ && wget "https://sourceforge.net/projects/dacapobench/files/latest/download" -O /dacapo/dacapo-9.12-MR1-bach.jar diff --git a/samples/languages/java/dacapo-benchmark/README.md b/samples/languages/java/dacapo-benchmark/README.md index b3127f906..dfb467f40 100644 --- a/samples/languages/java/dacapo-benchmark/README.md +++ b/samples/languages/java/dacapo-benchmark/README.md @@ -18,11 +18,11 @@ $ sgx-lkl-disk create --docker=java-dacapo --size=500M java-dacapo.img avrora batik eclipse fop h2 jython luindex lusearch lusearch-fix pmd sunflow tomcat tradebeans tradesoap xalan ``` -By default, the benchmark `avrora` is run. The enclave size is chosen to be a generous 8 GiB. +By default, the benchmark `h2` is run. The enclave size is 2 GiB. 4. Run the benchmark with SGX-LKL: ``` -$ SGXLKL_MMAP_FILES=Shared sgx-lkl-run-oe --sw-debug --host-config=java-dacapo-host_config.json --enclave-config=java-dacapo-enclave_config.json +$ sgx-lkl-run-oe --hw-debug --host-config=java-dacapo-host_config.json --enclave-config=java-dacapo-enclave_config.json ``` Notes @@ -30,9 +30,17 @@ Notes - Currently the follwing benchmarks are passing/failing: - - PASSING: avrora fop h2 (sw only) luindex (sw only) pmd (sw only) sunflow xalan (sw only) - - FAILING: batik (headless JRE?) eclipse (headless JRE?) jython lusearch-fix tomcat (networking issue) tradebeans (networking issue) tradesoap (networking issue) + - PASSING: avrora fop h2 luindex pmd sunflow xalan + - FAILING: batik (doesn't work with OpenJDK) eclipse (doesn't work with OpenJDK) jython (illegal instruction) lusearch-fix (segfault) tomcat (networking issue) tradebeans (networking issue) tradesoap (networking issue) -- When running multiple benchmarks in sequence, ensure that the root file system image has not been corrupted after a failed benchmark runs. +- When running multiple benchmarks in sequence, ensure that the root file system image has not been corrupted after a failed benchmark run. -- You can add `-verbose:gc` to the java parameters to output GC activity. +- You can add `-verbose:gc` to the java parameters to output GC activity. Other verbose JVM Hotspot options are: +``` + "-verbose:class", + "-verbose:jni", + "-verbose:gc", + "-XX:+PrintCompilation", + "-XX:+PrintGCDetails", + "-Xcomp" +``` diff --git a/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json b/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json index c129c8b82..4bfd2a2b3 100644 --- a/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json +++ b/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json @@ -1,11 +1,12 @@ { + "args": [ "/usr/bin/java", - "-Xms2000k" - "-XX:InitialCodeCacheSize=2000k", - "-XX:ReservedCodeCacheSize=4000K", - "-XX:CompressedClassSpaceSize=4000K", - "-XX:+UseCompressedClassPointers", + "-XX:InitialCodeCacheSize=80000k", + "-XX:ReservedCodeCacheSize=80000K", + "-Xms50000k", + "-Xmx700m", + "-XX:CompressedClassSpaceSize=20000K", "-XX:+PerfDisableSharedMem", "-XX:+UseMembar", "-Dsun.zip.disableMemoryMapping=true", @@ -13,12 +14,18 @@ "/dacapo/dacapo-9.12-MR1-bach.jar", "h2" ], + "env": [ - "LD_LIBRARY_PATH=/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/server:/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64:/usr/lib/jvm/java-1.8-openjdk/jre/../lib/amd64:/usr/lib/jvm/java-1.8-openjdk/lib/amd64/jli" + "LD_LIBRARY_PATH=/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/server:/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64:/usr/lib/jvm/java-1.8-openjdk/jre/../lib/amd64:/usr/lib/jvm/java-1.8-openjdk/lib/amd64/jli:/usr/lib:/lib", ], - "ethreads": "4", + + "ethreads": "8", + "image_sizes": { - "num_heap_pages": 262144 + "num_heap_pages": 524288 }, + + "mmap_files": "shared", + "verbose": true } \ No newline at end of file diff --git a/samples/languages/java/dacapo-benchmark/java-dacapo-host_config.json b/samples/languages/java/dacapo-benchmark/java-dacapo-host_config.json index 050ca70c4..cff42807d 100644 --- a/samples/languages/java/dacapo-benchmark/java-dacapo-host_config.json +++ b/samples/languages/java/dacapo-benchmark/java-dacapo-host_config.json @@ -1,6 +1,9 @@ { "verbose": true, + "root": { "image_path": "java-dacapo.img" - } + }, + + "tap_device": "sgxlkl_tap0" } \ No newline at end of file From dbb7ed9e2639922c5dd289a9f7a0ad88a135631b Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Wed, 22 Jul 2020 20:52:16 +0000 Subject: [PATCH 11/22] Add Java DaCapo benchmark test to CI to check correct signal handling --- .../java/dacapo-benchmark/Dockerfile | 7 +++++ .../languages/java/dacapo-benchmark/Makefile | 29 +++++++++++++++++ .../java-dacapo-enclave_config.json | 31 +++++++++++++++++++ .../java-dacapo-host_config.json | 9 ++++++ 4 files changed, 76 insertions(+) create mode 100644 tests/languages/java/dacapo-benchmark/Dockerfile create mode 100644 tests/languages/java/dacapo-benchmark/Makefile create mode 100644 tests/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json create mode 100644 tests/languages/java/dacapo-benchmark/java-dacapo-host_config.json diff --git a/tests/languages/java/dacapo-benchmark/Dockerfile b/tests/languages/java/dacapo-benchmark/Dockerfile new file mode 100644 index 000000000..aa3d3ccf9 --- /dev/null +++ b/tests/languages/java/dacapo-benchmark/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine:3.10 + +RUN apk add --no-cache \ + wget fontconfig ttf-dejavu openjdk8-jre + +RUN mkdir /dacapo \ + && wget "https://sourceforge.net/projects/dacapobench/files/latest/download" -O /dacapo/dacapo-9.12-MR1-bach.jar diff --git a/tests/languages/java/dacapo-benchmark/Makefile b/tests/languages/java/dacapo-benchmark/Makefile new file mode 100644 index 000000000..357ad506a --- /dev/null +++ b/tests/languages/java/dacapo-benchmark/Makefile @@ -0,0 +1,29 @@ +include ../../../common.mk + +DISK_IMAGE=java-dacapo.img +IMAGE_SIZE=750M + +ifeq ($(SGXLKL_VERBOSE),) +SGXLKL_ENV=\ + SGXLKL_TAP=sgxlkl_tap0 SGXLKL_VERBOSE=1 SGXLKL_KERNEL_VERBOSE=1 SGXLKL_TRACE_LKL_SYSCALL=0 SGXLKL_TRACE_SIGNAL=0 +else +SGXLKL_ENV= +endif + +.DELETE_ON_ERROR: +.PHONY: run run-hw run-sw clean + +$(DISK_IMAGE): $(PROG_SRC) + ${SGXLKL_DISK_TOOL} create --size=${IMAGE_SIZE} --docker=Dockerfile ${DISK_IMAGE} + +run: run-hw run-sw + +run-hw: $(DISK_IMAGE) + sgx-lkl-run-oe --hw-debug + ${SGXLKL_ENV} ${SGXLKL_STARTER} --hw-debug --host-config=java-dacapo-host_config.json --enclave-config=java-dacapo-enclave_config.json + +run-sw: $(DISK_IMAGE) + ${SGXLKL_ENV} ${SGXLKL_STARTER} --sw-debug --host-config=java-dacapo-host_config.json --enclave-config=java-dacapo-enclave_config.json + +clean: + rm -f $(DISK_IMAGE) diff --git a/tests/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json b/tests/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json new file mode 100644 index 000000000..4bfd2a2b3 --- /dev/null +++ b/tests/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json @@ -0,0 +1,31 @@ +{ + + "args": [ + "/usr/bin/java", + "-XX:InitialCodeCacheSize=80000k", + "-XX:ReservedCodeCacheSize=80000K", + "-Xms50000k", + "-Xmx700m", + "-XX:CompressedClassSpaceSize=20000K", + "-XX:+PerfDisableSharedMem", + "-XX:+UseMembar", + "-Dsun.zip.disableMemoryMapping=true", + "-jar", + "/dacapo/dacapo-9.12-MR1-bach.jar", + "h2" + ], + + "env": [ + "LD_LIBRARY_PATH=/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/server:/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64:/usr/lib/jvm/java-1.8-openjdk/jre/../lib/amd64:/usr/lib/jvm/java-1.8-openjdk/lib/amd64/jli:/usr/lib:/lib", + ], + + "ethreads": "8", + + "image_sizes": { + "num_heap_pages": 524288 + }, + + "mmap_files": "shared", + + "verbose": true +} \ No newline at end of file diff --git a/tests/languages/java/dacapo-benchmark/java-dacapo-host_config.json b/tests/languages/java/dacapo-benchmark/java-dacapo-host_config.json new file mode 100644 index 000000000..cff42807d --- /dev/null +++ b/tests/languages/java/dacapo-benchmark/java-dacapo-host_config.json @@ -0,0 +1,9 @@ +{ + "verbose": true, + + "root": { + "image_path": "java-dacapo.img" + }, + + "tap_device": "sgxlkl_tap0" +} \ No newline at end of file From 30d52f4a0f140d9b4bd73a2375ae18f3566b7ad9 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Thu, 23 Jul 2020 06:39:46 +0000 Subject: [PATCH 12/22] Fix spurious line in Makefile --- tests/languages/java/dacapo-benchmark/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/languages/java/dacapo-benchmark/Makefile b/tests/languages/java/dacapo-benchmark/Makefile index 357ad506a..edae9a81b 100644 --- a/tests/languages/java/dacapo-benchmark/Makefile +++ b/tests/languages/java/dacapo-benchmark/Makefile @@ -19,7 +19,6 @@ $(DISK_IMAGE): $(PROG_SRC) run: run-hw run-sw run-hw: $(DISK_IMAGE) - sgx-lkl-run-oe --hw-debug ${SGXLKL_ENV} ${SGXLKL_STARTER} --hw-debug --host-config=java-dacapo-host_config.json --enclave-config=java-dacapo-enclave_config.json run-sw: $(DISK_IMAGE) From 30a553e799ed4707bed2fd423302bee55ef23a04 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Mon, 27 Jul 2020 11:38:17 +0000 Subject: [PATCH 13/22] Revert OE changes --- openenclave | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openenclave b/openenclave index 6554471aa..5d7f968ed 160000 --- a/openenclave +++ b/openenclave @@ -1 +1 @@ -Subproject commit 6554471aa423f1b097ce4a7514fac39a245f275f +Subproject commit 5d7f968ed0e608314cba97e0fef4094a2838da7c From c6af984a4c20b9db9c4ba70e5fb9147042dc0d9b Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Mon, 27 Jul 2020 16:16:37 +0000 Subject: [PATCH 14/22] Document limitations of in-enclave signal handling --- docs/Incompatibilities.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/Incompatibilities.md b/docs/Incompatibilities.md index a04d27a25..3e8a7cd4f 100644 --- a/docs/Incompatibilities.md +++ b/docs/Incompatibilities.md @@ -110,6 +110,12 @@ All of the Linux clocks are driven from the monotonic counter, so anything depen Additionally, the time exposed in the enclave is untrusted. The enclave may communicate with an external trusted time source but that can give only a lower bound on the current time: a malicious host could cause the enclave to sleep for an unbounded amount of time. +### Limited signal handling + +With SGX1, signals such as `SIGSEGV` must be reported by the untrusted host and cannot be independently validated by the enclave. +In addition, the address that resulted in a page fault cannot be obtained at all, and an application signal handler inside the enclave therefore always reports the faulting address as 0x0. +(The enclave configuration setting `unsafe_host_signals` can be used to control if SGX-LKL exposes untrusted signals from the host to the enclave.) + Summary of security implications -------------------------------- From 7518776b4dc93742da4587a9677e1af2a0d9671e Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Mon, 27 Jul 2020 16:17:44 +0000 Subject: [PATCH 15/22] Add enclave_config option "unsafe_host_signals" --- src/include/host/sgxlkl_params.h | 1 + src/main-oe/serialize_enclave_config.c | 1 + src/main-oe/sgxlkl_run_oe.c | 7 ++++++- src/shared/sgxlkl_enclave_config.c | 1 + tools/schemas/enclave-config.schema.json | 5 +++++ 5 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/include/host/sgxlkl_params.h b/src/include/host/sgxlkl_params.h index d50584560..e35cac992 100644 --- a/src/include/host/sgxlkl_params.h +++ b/src/include/host/sgxlkl_params.h @@ -47,6 +47,7 @@ #define SGXLKL_ENABLE_SWIOTLB "SGXLKL_ENABLE_SWIOTLB" #define SGXLKL_HD_OVERLAY "SGXLKL_HD_OVERLAY" #define SGXLKL_HOST_IMPORT_ENV "SGXLKL_HOST_IMPORT_ENV" +#define SGXLKL_UNSAFE_HOST_SIGNALS "SGXLKL_UNSAFE_HOST_SIGNALS" #ifndef SGXLKL_RELEASE /* These environment variables do not have config settings, they are diff --git a/src/main-oe/serialize_enclave_config.c b/src/main-oe/serialize_enclave_config.c index f185bf571..267da3ae4 100644 --- a/src/main-oe/serialize_enclave_config.c +++ b/src/main-oe/serialize_enclave_config.c @@ -487,6 +487,7 @@ void serialize_enclave_config( FPFU64(ethreads); root->objects[cnt++] = encode_clock_res("clock_res", config->clock_res); + FPFBOOL(unsafe_host_signals); FPFBOOL(fsgsbase); FPFBOOL(verbose); FPFBOOL(kernel_verbose); diff --git a/src/main-oe/sgxlkl_run_oe.c b/src/main-oe/sgxlkl_run_oe.c index cc313bc7c..9718305ad 100755 --- a/src/main-oe/sgxlkl_run_oe.c +++ b/src/main-oe/sgxlkl_run_oe.c @@ -841,7 +841,7 @@ void set_tls(bool have_enclave_config) assert(econf->mode == SW_DEBUG_MODE); if (have_enclave_config && econf->fsgsbase != 0) sgxlkl_host_warn("disabling fsgsbase in sw-debug mode, despite it " - "being enabled in enclave config."); + "being enabled in enclave config.\n"); econf->fsgsbase = 0; } @@ -1169,6 +1169,8 @@ static void sgxlkl_sw_mode_signal_handler( case SIGTRAP: oe_code = OE_EXCEPTION_BREAKPOINT; break; + default: + sgxlkl_host_fail("Unknown signal received by host\n"); } oe_exception_record.code = oe_code; @@ -1459,6 +1461,9 @@ void override_enclave_config( if (sgxlkl_config_overridden(SGXLKL_ESLEEP)) econf->esleep = sgxlkl_config_uint64(SGXLKL_ESLEEP); + if (sgxlkl_config_overridden(SGXLKL_UNSAFE_HOST_SIGNALS)) + econf->unsafe_host_signals = sgxlkl_config_bool(SGXLKL_UNSAFE_HOST_SIGNALS); + if (sgxlkl_config_overridden(SGXLKL_VERBOSE)) econf->verbose = sgxlkl_config_bool(SGXLKL_VERBOSE); diff --git a/src/shared/sgxlkl_enclave_config.c b/src/shared/sgxlkl_enclave_config.c index df49bfea4..5f75cc225 100644 --- a/src/shared/sgxlkl_enclave_config.c +++ b/src/shared/sgxlkl_enclave_config.c @@ -373,6 +373,7 @@ static json_result_t json_read_callback( JPATHT("mode", JSON_TYPE_STRING, { cfg->mode = string_to_sgxlkl_enclave_mode_t(un->string); }); + JBOOL("unsafe_host_signals", cfg->unsafe_host_signals); JBOOL("fsgsbase", cfg->fsgsbase); JBOOL("verbose", cfg->verbose); JBOOL("kernel_verbose", cfg->kernel_verbose); diff --git a/tools/schemas/enclave-config.schema.json b/tools/schemas/enclave-config.schema.json index 75d309974..7741bb9cd 100644 --- a/tools/schemas/enclave-config.schema.json +++ b/tools/schemas/enclave-config.schema.json @@ -452,6 +452,11 @@ "description": "", "default": true }, + "unsafe_host_signals": { + "type": "boolean", + "default": false, + "description": "Whether to expose signals (e.g., SIGSEGV) from the host, which cannot be validated by SGX1 enclaves." + }, "verbose": { "type": "boolean", "description": "", From a65be49da6a5fbc0b1c6c07b2441639345376b4f Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Mon, 27 Jul 2020 16:18:15 +0000 Subject: [PATCH 16/22] Update signal handling to return dummy fault address in hw mode --- openenclave | 2 +- src/enclave/enclave_signal.c | 27 ++++++++++++++++++++++++--- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/openenclave b/openenclave index 5d7f968ed..d1acce246 160000 --- a/openenclave +++ b/openenclave @@ -1 +1 @@ -Subproject commit 5d7f968ed0e608314cba97e0fef4094a2838da7c +Subproject commit d1acce246fa8b70e152b5f7b150f271692447d23 diff --git a/src/enclave/enclave_signal.c b/src/enclave/enclave_signal.c index 566f171bc..6be60f884 100644 --- a/src/enclave/enclave_signal.c +++ b/src/enclave/enclave_signal.c @@ -140,6 +140,23 @@ static uint64_t sgxlkl_enclave_signal_handler( return OE_EXCEPTION_CONTINUE_EXECUTION; } + /** + * Only expose #PF to application signal handler if we permit unsafe host + * signals with SGX1. + * + * With SGX1, there is otherwise no way for the enclave to check if an + * in-enclave page fault has actually occured. (For other types of + * exceptions, EXITINFO contains trusted execption information inside the + * enclave.) + */ + if (exception_record->code == OE_EXCEPTION_PAGE_FAULT && + !sgxlkl_enclave_state.config->unsafe_host_signals) + { + sgxlkl_fail( + "Page fault exception received, but unsafe host signals " + "are not permitted. Aborting enclave.\n"); + } + memset(&trap_info, 0, sizeof(trap_info)); ret = get_trap_details(exception_record->code, &trap_info); if (ret != -1) @@ -201,11 +218,15 @@ static uint64_t sgxlkl_enclave_signal_handler( info.si_errno = 0; info.si_code = exception_record->code; - // Return faulting address for segfaults. This code should be - // generalised to handle all types of exceptions. + // Return the faulting address for segfaults. if (exception_record->code == OE_EXCEPTION_PAGE_FAULT) { - info.si_addr = (void*)exception_record->address; + /** + * With SGX1, we cannot obtain the actual address that resulted + * in the page fault inside the enclave. As a workaround, we + * report it as 0x0 to the application signal handler. + */ + info.si_addr = (void*) (sgxlkl_enclave_state.config->mode == SW_DEBUG_MODE ? exception_record->address : 0x0); } else { From 09b5a1f74a0021d41c4953e04556b62fb6ddb575 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Mon, 27 Jul 2020 16:19:23 +0000 Subject: [PATCH 17/22] Update Java DaCapo benchmark sample --- samples/languages/java/dacapo-benchmark/README.md | 10 ++++++---- .../dacapo-benchmark/java-dacapo-enclave_config.json | 4 +++- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/samples/languages/java/dacapo-benchmark/README.md b/samples/languages/java/dacapo-benchmark/README.md index dfb467f40..9d2b15aa5 100644 --- a/samples/languages/java/dacapo-benchmark/README.md +++ b/samples/languages/java/dacapo-benchmark/README.md @@ -18,7 +18,7 @@ $ sgx-lkl-disk create --docker=java-dacapo --size=500M java-dacapo.img avrora batik eclipse fop h2 jython luindex lusearch lusearch-fix pmd sunflow tomcat tradebeans tradesoap xalan ``` -By default, the benchmark `h2` is run. The enclave size is 2 GiB. +By default, the benchmark `avrora` is run. The enclave size is 2 GiB. 4. Run the benchmark with SGX-LKL: ``` @@ -28,10 +28,12 @@ $ sgx-lkl-run-oe --hw-debug --host-config=java-dacapo-host_config.json --enclave Notes ----- -- Currently the follwing benchmarks are passing/failing: +- Currently the following benchmarks are passing/failing: - - PASSING: avrora fop h2 luindex pmd sunflow xalan - - FAILING: batik (doesn't work with OpenJDK) eclipse (doesn't work with OpenJDK) jython (illegal instruction) lusearch-fix (segfault) tomcat (networking issue) tradebeans (networking issue) tradesoap (networking issue) + - PASSING: avrora fop h2 [sw only] luindex pmd sunflow xalan + - FAILING: batik [OpenJDK unsupported] eclipse [OpenJDK unsupported] jython [illegal instruction] lusearch-fix [segfault] tomcat [networking issue] tradebeans [networking issue] tradesoap [networking issue] + +Some of the benchmarks are affected by the fact that, with SGX1, signal handling support inside SGX enclaves is limited, as documented [here](https://github.com/lsds/sgx-lkl/blob/oe_port/docs/Incompatibilities.md). - When running multiple benchmarks in sequence, ensure that the root file system image has not been corrupted after a failed benchmark run. diff --git a/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json b/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json index 4bfd2a2b3..b4f257dee 100644 --- a/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json +++ b/samples/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json @@ -12,7 +12,7 @@ "-Dsun.zip.disableMemoryMapping=true", "-jar", "/dacapo/dacapo-9.12-MR1-bach.jar", - "h2" + "avrora" ], "env": [ @@ -27,5 +27,7 @@ "mmap_files": "shared", + "unsafe_host_signals": true, + "verbose": true } \ No newline at end of file From 1c9e0896c378ba3ddfb34c0857fa4cc8fb118d6f Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Mon, 27 Jul 2020 16:23:18 +0000 Subject: [PATCH 18/22] Update Java DaCapo test --- .../java/dacapo-benchmark/java-dacapo-enclave_config.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json b/tests/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json index 4bfd2a2b3..b4f257dee 100644 --- a/tests/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json +++ b/tests/languages/java/dacapo-benchmark/java-dacapo-enclave_config.json @@ -12,7 +12,7 @@ "-Dsun.zip.disableMemoryMapping=true", "-jar", "/dacapo/dacapo-9.12-MR1-bach.jar", - "h2" + "avrora" ], "env": [ @@ -27,5 +27,7 @@ "mmap_files": "shared", + "unsafe_host_signals": true, + "verbose": true } \ No newline at end of file From 9dd5458d70c456110d8ea58f7df1cc20222ea393 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Mon, 27 Jul 2020 16:31:15 +0000 Subject: [PATCH 19/22] Point to previous OE branch --- .gitmodules | 2 +- openenclave | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitmodules b/.gitmodules index 5b1f0beb6..92f007d4e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -11,5 +11,5 @@ branch = oe_port [submodule "openenclave"] path = openenclave - url = https://github.com/lsds/openenclave.git + url = https://github.com/openenclave/openenclave.git branch = feature/sgx-lkl-support diff --git a/openenclave b/openenclave index d1acce246..5d7f968ed 160000 --- a/openenclave +++ b/openenclave @@ -1 +1 @@ -Subproject commit d1acce246fa8b70e152b5f7b150f271692447d23 +Subproject commit 5d7f968ed0e608314cba97e0fef4094a2838da7c From fdb138194f339956e497446cd3f4ba1426dd35f6 Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Mon, 27 Jul 2020 16:54:24 +0000 Subject: [PATCH 20/22] Set default for unsafe_host_signals to true Otherwise a bunch of tests get broken. --- tools/schemas/enclave-config.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/schemas/enclave-config.schema.json b/tools/schemas/enclave-config.schema.json index 7741bb9cd..da61ecdad 100644 --- a/tools/schemas/enclave-config.schema.json +++ b/tools/schemas/enclave-config.schema.json @@ -454,7 +454,7 @@ }, "unsafe_host_signals": { "type": "boolean", - "default": false, + "default": true, "description": "Whether to expose signals (e.g., SIGSEGV) from the host, which cannot be validated by SGX1 enclaves." }, "verbose": { From 4a2993accad42bb19d363adb622f8b683a1b90cd Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Mon, 27 Jul 2020 17:20:24 +0000 Subject: [PATCH 21/22] Update enclave config ref file in test --- tests/tools/sgx-lkl-cfg/create/enclave-config-complete-ref.json | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/tools/sgx-lkl-cfg/create/enclave-config-complete-ref.json b/tests/tools/sgx-lkl-cfg/create/enclave-config-complete-ref.json index 3e64bafa2..437caa14c 100644 --- a/tests/tools/sgx-lkl-cfg/create/enclave-config-complete-ref.json +++ b/tests/tools/sgx-lkl-cfg/create/enclave-config-complete-ref.json @@ -71,6 +71,7 @@ "mmap_files": "none", "oe_heap_pagecount": 8192, "fsgsbase": true, + "unsafe_host_signals": true, "verbose": false, "kernel_verbose": false, "kernel_cmd": "mem=32M", From 066e154ae8bbd4b7cc45126418cfff127e37cecc Mon Sep 17 00:00:00 2001 From: Peter Pietzuch Date: Mon, 27 Jul 2020 19:50:09 +0000 Subject: [PATCH 22/22] Address review comments --- samples/languages/java/dacapo-benchmark/Dockerfile | 2 +- src/enclave/enclave_signal.c | 4 ++-- tests/languages/java/dacapo-benchmark/Dockerfile | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/samples/languages/java/dacapo-benchmark/Dockerfile b/samples/languages/java/dacapo-benchmark/Dockerfile index aa3d3ccf9..cd11ad6ed 100644 --- a/samples/languages/java/dacapo-benchmark/Dockerfile +++ b/samples/languages/java/dacapo-benchmark/Dockerfile @@ -4,4 +4,4 @@ RUN apk add --no-cache \ wget fontconfig ttf-dejavu openjdk8-jre RUN mkdir /dacapo \ - && wget "https://sourceforge.net/projects/dacapobench/files/latest/download" -O /dacapo/dacapo-9.12-MR1-bach.jar + && wget "https://downloads.sourceforge.net/project/dacapobench/9.12-bach-MR1/dacapo-9.12-MR1-bach.jar" -O /dacapo/dacapo-9.12-MR1-bach.jar diff --git a/src/enclave/enclave_signal.c b/src/enclave/enclave_signal.c index 6be60f884..0f121b022 100644 --- a/src/enclave/enclave_signal.c +++ b/src/enclave/enclave_signal.c @@ -145,8 +145,8 @@ static uint64_t sgxlkl_enclave_signal_handler( * signals with SGX1. * * With SGX1, there is otherwise no way for the enclave to check if an - * in-enclave page fault has actually occured. (For other types of - * exceptions, EXITINFO contains trusted execption information inside the + * in-enclave page fault has actually ocurred. (For other types of + * exceptions, EXITINFO contains trusted exception information inside the * enclave.) */ if (exception_record->code == OE_EXCEPTION_PAGE_FAULT && diff --git a/tests/languages/java/dacapo-benchmark/Dockerfile b/tests/languages/java/dacapo-benchmark/Dockerfile index aa3d3ccf9..cd11ad6ed 100644 --- a/tests/languages/java/dacapo-benchmark/Dockerfile +++ b/tests/languages/java/dacapo-benchmark/Dockerfile @@ -4,4 +4,4 @@ RUN apk add --no-cache \ wget fontconfig ttf-dejavu openjdk8-jre RUN mkdir /dacapo \ - && wget "https://sourceforge.net/projects/dacapobench/files/latest/download" -O /dacapo/dacapo-9.12-MR1-bach.jar + && wget "https://downloads.sourceforge.net/project/dacapobench/9.12-bach-MR1/dacapo-9.12-MR1-bach.jar" -O /dacapo/dacapo-9.12-MR1-bach.jar