clearlinux/graphene
2
0
Fork 0
mirror of https://github.com/clearlinux/graphene.git synced 2026-06-28 00:46:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Pal] Rework manifest loading

Browse Source 
This is a major refactor of the way manifests are loaded and handled,
which will be followed by a complete rework of the loader code (which
will include e.g. centralized config).

Changes/fixes:
- Huge part of manifest handling was refactored and untangled.
- Starting without a manifest is now disallowed. This was actually
  accidentally broken for some time and no one complained. It also makes
  little sense in practice and in Graphene's overall design, e.g. it
  conflicts with protected argv.
- Now we only allow starting by giving the executable, not manifest (the
  magic resolution logic was removed).
- Now manifests are sent over pipes between parent and children, instead
  of children finding and loading them on their own. This is a
  preparation for the upcoming centralized manifests change.
- Previously manifests were parsed 2 times on Linux and 3 times on
  Linux-SGX (by untrusted PAL, trusted PAL and LibOS). This is now
  fixed.
- The common `pal_main()` now requires that the backend-specific PAL
  loader loads the manifest before calling it. SGX code already has to
  do it (for proper initialization), so let's unify this interface for
  all PALs.
- Fix for a PAL crash when manifest size was divisible by page size
  (sic!). NULL termination was missing, but most of the time the padding
  to page size saved Graphene from crashing.
This commit is contained in:
Michał Kowalczyk
2020-12-03 01:53:01 +01:00
parent cffd457698
commit d53729b201
62 changed files with 652 additions and 887 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Examples/python-simple/README.md
+4 -4
View File
@@ -42,14 +42,14 @@ Here's an example of running Python scripts under Graphene:
Without SGX:
```
./pal_loader python.manifest scripts/helloworld.py
./pal_loader python.manifest scripts/fibonacci.py
./pal_loader ./python scripts/helloworld.py
./pal_loader ./python scripts/fibonacci.py
```
With SGX:
```
SGX=1 ./pal_loader python.manifest scripts/helloworld.py
SGX=1 ./pal_loader python.manifest scripts/fibonacci.py
SGX=1 ./pal_loader ./python scripts/helloworld.py
SGX=1 ./pal_loader ./python scripts/fibonacci.py
```
You can also manually run included tests:
Examples/python-simple/run-tests.sh
+4 -4
View File
@@ -4,23 +4,23 @@ set -e
# === hellworld ===
echo -e "\n\nRunning helloworld.py:"
./pal_loader python.manifest scripts/helloworld.py > OUTPUT
./pal_loader ./python scripts/helloworld.py > OUTPUT
grep -q "Hello World" OUTPUT && echo "[ Success 1/3 ]"
rm OUTPUT
# === fibonacci ===
echo -e "\n\nRunning fibonacci.py:"
./pal_loader python.manifest scripts/fibonacci.py > OUTPUT
./pal_loader ./python scripts/fibonacci.py > OUTPUT
grep -q "fib2 55" OUTPUT && echo "[ Success 2/3 ]"
rm OUTPUT
# === web server and client (on port 8005) ===
echo -e "\n\nRunning HTTP server dummy-web-server.py in the background:"
./pal_loader python.manifest scripts/dummy-web-server.py 8005 & echo $! > server.PID
./pal_loader ./python scripts/dummy-web-server.py 8005 & echo $! > server.PID
sleep 30 # Graphene-SGX takes a lot of time to initialize
echo -e "\n\nRunning HTTP client test-http.py:"
./pal_loader python.manifest scripts/test-http.py localhost 8005 > OUTPUT1
./pal_loader ./python scripts/test-http.py localhost 8005 > OUTPUT1
wget -q http://localhost:8005/ -O OUTPUT2
echo >> OUTPUT2 # include newline since wget doesn't add it
# check if all lines from OUTPUT2 are included in OUTPUT1