release v0.4beta

Release of Graphene SGX:
Supporting native Linux application in Intel SGX enclaves.
Most applications are supported. Some features may still be buggy.

Improving portability of Graphene:
Eliminating GCC-ism of the host-generic code.
Easier to port to non-Posix platform (e.g., Windows without Cygwin).

LibOS/.packed/glibc.sha384

@@ -1 +1 @@
-build/crt1.o build/crti.o build/crtn.o build/ld-linux-x86-64.so.2 build/libc.so.6 build/libdl.so.2 build/liblibos.so.1 build/libm.so.6 build/libpthread.so.0 build/libutil.so.1
+glibc-build/crt1.o glibc-build/crti.o glibc-build/crtn.o glibc-build/ld-linux-x86-64.so.2 glibc-build/libc.so.6 glibc-build/libdl.so.2 glibc-build/liblibos.so.1 glibc-build/libm.so.6 glibc-build/libpthread.so.0 glibc-build/libutil.so.1

LibOS/Makefile

@@ -1,18 +1,16 @@
 SYS ?= $(shell gcc -dumpmachine)
 export SYS
 
+export DEBUG
+
 GLIBC_SRC = glibc-2.19
 SHIM_DIR = shim
-BUILD_DIR = build
+BUILD_DIR = glibc-build
 GLIBC_TARGET = $(addprefix $(BUILD_DIR)/,libc.so.6 ld-linux-x86-64.so.2 libpthread.so.0 libm.so.6 libdl.so.2 libutil.so.1 crt1.o crti.o crtn.o liblibos.so.1)
 
 all: $(GLIBC_TARGET)
 	$(MAKE) -C $(SHIM_DIR) all
 
-debug: DEBUG=debug
-debug: $(GLIBC_TARGET)
-	$(MAKE) -C $(SHIM_DIR) debug
-
 install:
 	[ -d ../Runtime ] || mkdir -p ../Runtime
 	[ -f ../Runtime/libsysdb.so ] || ln -sf ../LibOS/shim/src/libsysdb.so ../Runtime/libsysdb.so
@@ -23,7 +21,11 @@ $(GLIBC_TARGET): $(BUILD_DIR)/Makefile
 	cd $(BUILD_DIR) && $(MAKE)
 
 $(BUILD_DIR)/Makefile: $(GLIBC_SRC)/configure
-	./buildglibc.py --quiet $(DEBUG)
+ifeq ($(DEBUG),1)
+	./buildglibc.py --quiet --debug
+else
+	./buildglibc.py --quiet
+endif
 
 $(GLIBC_SRC)/configure:
 	[ -f $(GLIBC_SRC).tar.gz ] || \

LibOS/buildglibc.py

@@ -27,7 +27,7 @@ def appendText(filename, text) :
 glibc = "glibc-2.19"
 glibcParent = "" # glibc parent directory
 glibcDir = ""    # glibc dir (ex. glibc-2.19)
-buildDir = "build"
+buildDir = "glibc-build"
 installDir = os.path.dirname(home) + '/Runtime/'
 do_install = False
 commandStr = ""
@@ -38,7 +38,7 @@ def appendText(filename, text) :
 for arg in sys.argv[1:]:
     if arg == '--quiet' or arg == '-q':
         quiet = True
-    if arg == 'debug':
+    if arg == '--debug':
         debug_flags = "-g"
     if arg == 'install':
         do_install = True

LibOS/shim/src/.packed/shim.sha384

@@ -1 +1 @@
-bookkeep/shim_handle.o bookkeep/shim_signal.o bookkeep/shim_thread.o bookkeep/shim_vma.o elf/shim_rtld.o fs/chroot/fs.o fs/dev/fs.o fs/pipe/fs.o fs/proc/fs.o fs/proc/info.o fs/proc/ipc-thread.o fs/proc/thread.o fs/shim_dcache.o fs/shim_fs_hash.o fs/shim_fs.o fs/shim_namei.o fs/socket/fs.o fs/str/fs.o ipc/shim_ipc_child.o ipc/shim_ipc_helper.o ipc/shim_ipc.o ipc/shim_ipc_pid.o ipc/shim_ipc_sysv.o libsysdb.a libsysdb_debug.so libsysdb.so shim_async.o shim_checkpoint.o shim_debug.o shim_init.o shim_malloc.o shim_parser.o shim_random.o shim_syscalls.o shim_table.o start.o syscallas.o sys/shim_access.o sys/shim_alarm.o sys/shim_benchmark.o sys/shim_brk.o sys/shim_clone.o sys/shim_dup.o sys/shim_epoll.o sys/shim_exec.o sys/shim_exit.o sys/shim_fcntl.o sys/shim_fork.o sys/shim_fs.o sys/shim_futex.o sys/shim_getcwd.o sys/shim_getpid.o sys/shim_getrlimit.o sys/shim_ioctl.o sys/shim_migrate.o sys/shim_mmap.o sys/shim_msgget.o sys/shim_open.o sys/shim_pipe.o sys/shim_poll.o sys/shim_sandbox.o sys/shim_sched.o sys/shim_semget.o sys/shim_sigaction.o sys/shim_sleep.o sys/shim_socket.o sys/shim_stat.o sys/shim_time.o sys/shim_uname.o sys/shim_vfork.o sys/shim_wait.o sys/shim_wrappers.o utils/md5.o utils/printf.o utils/strobjs.o 83034d6b1a614018afb9f84143540b32f186d868019d4d40844ef972deb7aaaf05ad2d81c9c35932d3dd98a37b75079f
+bookkeep/shim_handle.o bookkeep/shim_signal.o bookkeep/shim_thread.o bookkeep/shim_vma.o elf/shim_rtld.o fs/chroot/fs.o fs/dev/fs.o fs/pipe/fs.o fs/proc/fs.o fs/proc/info.o fs/proc/ipc-thread.o fs/proc/thread.o fs/shim_dcache.o fs/shim_fs_hash.o fs/shim_fs.o fs/shim_namei.o fs/socket/fs.o fs/str/fs.o ipc/shim_ipc_child.o ipc/shim_ipc_helper.o ipc/shim_ipc.o ipc/shim_ipc_pid.o ipc/shim_ipc_sysv.o libsysdb.a libsysdb_debug.so libsysdb.so shim_async.o shim_checkpoint.o shim_debug.o shim_init.o shim_malloc.o shim_parser.o shim_random.o shim_syscalls.o shim_table.o start.o syscallas.o sys/shim_access.o sys/shim_alarm.o sys/shim_benchmark.o sys/shim_brk.o sys/shim_clone.o sys/shim_dup.o sys/shim_epoll.o sys/shim_exec.o sys/shim_exit.o sys/shim_fcntl.o sys/shim_fork.o sys/shim_fs.o sys/shim_futex.o sys/shim_getcwd.o sys/shim_getpid.o sys/shim_getrlimit.o sys/shim_ioctl.o sys/shim_migrate.o sys/shim_mmap.o sys/shim_msgget.o sys/shim_open.o sys/shim_pipe.o sys/shim_poll.o sys/shim_sandbox.o sys/shim_sched.o sys/shim_semget.o sys/shim_sigaction.o sys/shim_sleep.o sys/shim_socket.o sys/shim_stat.o sys/shim_time.o sys/shim_uname.o sys/shim_vfork.o sys/shim_wait.o sys/shim_wrappers.o utils/md5.o utils/printf.o utils/strobjs.o 1e360b5c25155fe56c120120f88f25eec00ff96007893eceafd124a56de5e12dcf3e63852b58221cd289daf93e8d4cd3

LibOS/shim/src/Makefile

@@ -48,10 +48,11 @@ headers = ../include/*.h ../../../Pal/lib/*.h ../../../Pal/include/pal/*.h
 
 all: $(shim_target)
 
-debug: debug = debug
-debug: CC = gcc -gdwarf-2 -g3
-debug: CFLAGS += -DDEBUG
-debug: $(shim_target)
+ifeq ($(DEBUG),1)
+CC += -gdwarf-2 -g3
+CFLAGS += -DDEBUG
+endif
+export DEBUG
 
 ifeq ($(PROFILING), 1)
 CFLAGS += -DPROFILE

LibOS/shim/src/bookkeep/shim_signal.c

@@ -306,8 +306,6 @@ static void quit_upcall (PAL_PTR event, PAL_NUM arg, PAL_CONTEXT * context)
     DkExceptionReturn(event);
 }
 
-bool ask_for_checkpoint = false;
-
 static void suspend_upcall (PAL_PTR event, PAL_NUM arg, PAL_CONTEXT * context)
 {
     if (IS_INTERNAL_TID(get_cur_tid()))

LibOS/shim/src/bookkeep/shim_vma.c

@@ -1167,8 +1167,8 @@ BEGIN_RS_FUNC(vma)
 
     unlock(vma_list_lock);
 
-    debug ("vma: %p-%p flags %x prot %p\n", vma->addr, vma->addr +
-           vma->length, vma->flags, vma->prot);
+    debug("vma: %p-%p flags %x prot %p\n", vma->addr, vma->addr + vma->length,
+          vma->flags, vma->prot);
 
     if (!(vma->flags & VMA_UNMAPPED)) {
         if (vma->file) {

LibOS/shim/src/fs/chroot/fs.c

@@ -67,11 +67,12 @@ static int chroot_mount (const char * uri, const char * root,
 {
     enum shim_file_type type;
 
-    if (!memcmp(uri, "file:", 5)) {
+    if (strpartcmp_static(uri, "file:")) {
         type = FILE_UNKNOWN;
         uri += 5;
-    } else if (!memcmp(uri, "dev:", 4)) {
-        type = memcmp(uri + 4, "tty", 3) ? FILE_DEV : FILE_TTY;
+    } else if (strpartcmp_static(uri, "dev:")) {
+        type = strpartcmp_static(uri + static_strlen("dev"), "tty") ?
+               FILE_DEV : FILE_TTY;
         uri += 4;
     } else
         return -EINVAL;
@@ -104,48 +105,42 @@ static inline int concat_uri (char * buffer, int size, int type,
                               const char * root, int root_len,
                               const char * trim, int trim_len)
 {
-    int len = 0;
+    char * tmp = NULL;
 
     switch (type) {
         case FILE_UNKNOWN:
         case FILE_REGULAR:
-            if (size < 7 + root_len + trim_len)
-                return -ENAMETOOLONG;
-            memcpy(buffer, "file:", 6);
-            len += 5;
+            tmp = strcpy_static(buffer, "file:", size);
             break;
 
         case FILE_DIR:
-            if (size < 6 + root_len + trim_len)
-                return -ENAMETOOLONG;
-            memcpy(buffer, "dir:", 5);
-            len += 4;
+            tmp = strcpy_static(buffer, "dir:", size);
             break;
 
         case FILE_DEV:
         case FILE_TTY:
-            if (size < 6 + root_len + trim_len)
-                return -ENAMETOOLONG;
-            memcpy(buffer, "dev:", 5);
-            len += 4;
+            tmp = strcpy_static(buffer, "dev:", size);
             break;
 
         default:
             return -EINVAL;
     }
 
+    if (!tmp || tmp + root_len + trim_len + 2 > buffer + size)
+        return -ENAMETOOLONG;
+
     if (root_len) {
-        memcpy(buffer + len, root, root_len + 1);
-        len += root_len;
+        memcpy(tmp, root, root_len + 1);
+        tmp += root_len;
     }
 
     if (trim_len) {
-        buffer[len++] = '/';
-        memcpy(buffer + len, trim, trim_len + 1);
-        len += trim_len;
+        *(tmp++) = '/';
+        memcpy(tmp, trim, trim_len + 1);
+        tmp += trim_len;
     }
 
-    return len;
+    return tmp - buffer;
 }
 
 /* simply just create data, sometimes it is individually called when the
@@ -672,7 +667,7 @@ static int map_write (struct shim_handle * hdl, const void * buf,
     if (file->marker + count > file->size) {
         file->size = file->marker + count;
 
-        ret = DkStreamWrite(hdl->pal_handle, file->marker, count, buf, NULL);
+        ret = DkStreamWrite(hdl->pal_handle, file->marker, count, (void *) buf, NULL);
 
         if (!ret) {
             ret = -PAL_ERRNO;
@@ -771,7 +766,7 @@ static int chroot_write (struct shim_handle * hdl, const void * buf,
         lock(hdl->lock);
     }
 
-    ret = DkStreamWrite(hdl->pal_handle, file->marker, count, buf, NULL) ? :
+    ret = DkStreamWrite(hdl->pal_handle, file->marker, count, (void *) buf, NULL) ? :
           -PAL_ERRNO;
 
     if (ret > 0)
@@ -905,7 +900,7 @@ static int chroot_readdir (struct shim_dentry * dent,
 
     chroot_update_ino(dent);
 
-    assert(!memcmp(qstrgetstr(&data->host_uri), "dir:", 4));
+    assert(strpartcmp_static(qstrgetstr(&data->host_uri), "dir:"));
 
     PAL_HANDLE pal_hdl = DkStreamOpen(qstrgetstr(&data->host_uri),
                                       PAL_ACCESS_RDONLY, 0, 0, 0);

LibOS/shim/src/fs/dev/fs.c

@@ -152,7 +152,7 @@ static int dev_random_hstat (struct shim_handle * hdl, struct stat * stat)
 
 static int search_dev_driver (const char * name, struct shim_dev_ops * ops)
 {
-    if (!memcmp(name, "null", 5) || !memcmp(name, "tty", 4)) {
+    if (strcmp_static(name, "null") || strcmp_static(name, "tty")) {
         if (ops)
             ops->read   = &dev_null_read;
 null_dev:
@@ -166,13 +166,13 @@ static int search_dev_driver (const char * name, struct shim_dev_ops * ops)
         return 0;
     }
 
-    if (!memcmp(name, "zero", 5)) {
+    if (strcmp_static(name, "zero")) {
         if (ops)
             ops->read   = &dev_zero_read;
         goto null_dev;
     }
 
-    if (!memcmp(name, "random", 7)) {
+    if (strcmp_static(name, "random")) {
         if (ops)
             ops->read   = &dev_random_read;
 random_dev:
@@ -184,14 +184,14 @@ static int search_dev_driver (const char * name, struct shim_dev_ops * ops)
         return 0;
     }
 
-    if (!memcmp(name, "urandom", 8)) {
+    if (strcmp_static(name, "urandom")) {
         if (ops)
             ops->read   = &dev_urandom_read;
         goto random_dev;
     }
 
-    if (!memcmp(name, "stdin", 6) || !memcmp(name, "stdout", 7) ||
-        !memcmp(name, "stderr", 7))
+    if (strcmp_static(name, "stdin") || strcmp_static(name, "stdout") ||
+        strcmp_static(name, "stderr"))
         return -EISLINK;
 
     return -ENOENT;
@@ -426,13 +426,18 @@ static int dev_follow_link (struct shim_dentry * dent, struct shim_qstr * link)
 {
     const char * name = qstrgetstr(&dent->rel_path);
 
-    if (!memcmp(name, "stdin", 6))
-        qstrsetstr(link, "/proc/self/0", 13);
-    else if (!memcmp(name, "stdout", 7))
-        qstrsetstr(link, "/proc/self/1", 13);
-    else if (!memcmp(name, "stderr", 7))
-        qstrsetstr(link, "/proc/self/2", 13);
-    else if (!memcmp(name, "null", 5) || !memcmp(name, "zero", 5))
+    if (strcmp_static(name, "stdin")) {
+        qstrsetstr(link, "/proc/self/0", static_strlen("/proc/self/0"));
+        return 0;
+    } else if (strcmp_static(name, "stdout")) {
+        qstrsetstr(link, "/proc/self/1", static_strlen("/proc/self/1"));
+        return 0;
+    } else if (strcmp_static(name, "stderr")) {
+        qstrsetstr(link, "/proc/self/2", static_strlen("/proc/self/2"));
+        return 0;
+    }
+
+    if (strcmp_static(name, "null") || strcmp_static(name, "zero"))
         return -ENOTLINK;
 
     return -ENOENT;

LibOS/shim/src/fs/pipe/fs.c

@@ -65,7 +65,7 @@ static int pipe_write (struct shim_handle * hdl, const void * buf,
     if (!count)
         return 0;
 
-    int bytes = DkStreamWrite(hdl->pal_handle, 0, count, buf, NULL);
+    int bytes = DkStreamWrite(hdl->pal_handle, 0, count, (void *) buf, NULL);
 
     if (!bytes)
         return -PAL_ERRNO;

LibOS/shim/src/fs/proc/thread.c

@@ -33,8 +33,10 @@ static int parse_thread_name (const char * name,
     if (*p == '/')
         p++;
 
-    if (!memcmp(p, "self", 4) && (!*(p + 4) || *(p + 4) == '/')) {
-        p += 4;
+    if (strpartcmp_static(p, "self")) {
+        p += static_strlen("self");
+        if (*p && *p != '/')
+            return -ENOENT;
         pid = get_cur_tid();
     } else {
         for ( ; *p && *p != '/' ; p++) {
@@ -89,17 +91,17 @@ static int find_thread_link (const char * name, struct shim_qstr * link,
 
     lock(thread->lock);
 
-    if (next_len == 4 && !memcmp(next, "root", next_len)) {
+    if (next_len == static_strlen("root") && !memcmp(next, "root", next_len)) {
         dent = thread->root;
         get_dentry(dent);
     }
 
-    if (next_len == 3 && !memcmp(next, "cwd", next_len)) {
+    if (next_len == static_strlen("cwd") && !memcmp(next, "cwd", next_len)) {
         dent = thread->cwd;
         get_dentry(dent);
     }
 
-    if (next_len == 3 && !memcmp(next, "exe", next_len)) {
+    if (next_len == static_strlen("exe") && !memcmp(next, "exe", next_len)) {
         struct shim_handle * exec = thread->exec;
         if (!exec->dentry) {
             unlock(thread->lock);

LibOS/shim/src/fs/shim_dcache.c

@@ -50,10 +50,10 @@ static struct shim_dcache_stats dcache_stats;
 
 long get_dcache_stats (const char * name)
 {
-    if (memcmp(name, "memsize", 8) == 0)
+    if (strcmp_static(name, "memsize"))
         return dcache_stats.memsize;
 
-    if (memcmp(name, "nentries", 9) == 0)
+    if (strcmp_static(name, "nentries"))
         return dcache_stats.nentries;
 
     return 0;

LibOS/shim/src/fs/shim_fs.c

@@ -94,25 +94,11 @@ static bool mount_migrated = false;
 
 static int __mount_root (void)
 {
-    const char * root_type = "chroot", * root_uri = "file:";
     int ret;
-
-    if (root_config) {
-        char t[CONFIG_MAX], u[CONFIG_MAX];
-
-        if (get_config(root_config, "fs.mount.root.type", t, CONFIG_MAX) > 0)
-            root_type = t;
-        if (get_config(root_config, "fs.mount.root.uri",  u, CONFIG_MAX) > 0)
-            root_uri  = u;
-    }
-
-    debug("mounting as %s filesystem: from %s to root\n", root_type, root_uri);
-
-    if ((ret = mount_fs(root_type, root_uri, "/")) < 0) {
-        debug("mounting root filesystem failed( %e)\n", ret);
+    if ((ret = mount_fs("chroot", "file:", "/")) < 0) {
+        debug("mounting root filesystem failed (%e)\n", ret);
         return ret;
     }
-
     return 0;
 }
 
@@ -154,9 +140,9 @@ static int __mount_one_other (const char * key, int keylen)
     char * uri = NULL;
     int ret;
 
-    memcpy(k, "fs.mount.other.", 15);
-    memcpy(k + 15, key, keylen);
-    char * kp = k + 15 + keylen;
+    memcpy(k, "fs.mount.", 9);
+    memcpy(k + 9, key, keylen);
+    char * kp = k + 9 + keylen;
 
     memcpy(kp, ".path", 6);
     if (get_config(root_config, k, p, CONFIG_MAX) <= 0)
@@ -189,7 +175,7 @@ static int __mount_others (void)
     int nkeys, keybuf_size = CONFIG_MAX;
     char * keybuf = __alloca(keybuf_size);
 
-    while ((nkeys = get_config_entries(root_config, "fs.mount.other", keybuf,
+    while ((nkeys = get_config_entries(root_config, "fs.mount", keybuf,
                                        keybuf_size)) == -ENAMETOOLONG) {
         keybuf = __alloca(keybuf_size);
         keybuf_size *= 2;

LibOS/shim/src/fs/socket/fs.c

@@ -122,7 +122,7 @@ static int socket_write (struct shim_handle * hdl, const void * buf,
     if (!count)
         return 0;
 
-    int bytes = DkStreamWrite(hdl->pal_handle, 0, count, buf, NULL);
+    int bytes = DkStreamWrite(hdl->pal_handle, 0, count, (void *) buf, NULL);
 
     if (!bytes) {
         int err;

LibOS/shim/src/ipc/shim_ipc_nsimpl.h

@@ -884,7 +884,7 @@ static int connect_owner (IDTYPE idx, struct shim_ipc_port ** portptr,
                                              0, 0, 0, 0);
 
         if (!pal_handle) {
-            ret = -PAL_ERRNO;
+            ret = -PAL_ERRNO ? : -EACCES;
             goto out;
         }