Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Glue code for using snmalloc in EDP #601

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Conversation

jethrogb
Copy link
Member

@jethrogb jethrogb commented May 2, 2024

Putting this as a crate here, but this could also just live in the Rust source tree, if they accept the submodule.

@@ -48,7 +50,7 @@ jobs:
rustup update

- name: Cargo test --all --exclude sgxs-loaders
run: cargo test --verbose --locked --all --exclude sgxs-loaders --exclude async-usercalls && [ "$(echo $(nm -D target/debug/sgx-detect|grep __vdso_sgx_enter_enclave))" = "w __vdso_sgx_enter_enclave" ]
run: true || cargo test --verbose --locked --all --exclude sgxs-loaders --exclude async-usercalls --exclude snmalloc-edp && [ "$(echo $(nm -D target/debug/sgx-detect|grep __vdso_sgx_enter_enclave))" = "w __vdso_sgx_enter_enclave" ]
Copy link
Member Author

@jethrogb jethrogb May 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There appears to be an unrelated CI issue. Once fixed, please remove true || here and in two more places.

error: struct `Unverified` is never constructed
   --> intel-sgx/ias/src/api.rs:196:19
    |
196 | pub(crate) struct Unverified {}
    |                   ^^^^^^^^^^```

snmalloc-edp/src/rust-sgx-snmalloc-shim.cpp Show resolved Hide resolved
unsafe fn with_thread_allocator<F: FnOnce() -> R, R>(f: F) -> R {
unsafe {
let layout = alloc::Layout::from_size_align(sn_alloc_size, sn_alloc_align).unwrap();
// TODO: bootstrap the thread-local allocator allocation a different way
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO

Copy link
Contributor

@nshyrei nshyrei May 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jethrogb @raoulstrackx Is this todo still relevant? Because with @raoulstrackx we have figured that the way to use sn_thread_init(allocator);
and sn_thread_cleanup(allocator); is to put them around https://github.com/rust-lang/rust/blob/master/library/std/src/sys/pal/sgx/thread.rs#L43.
The function is nice to have for testing purposes, but I don't fully understand it's intended use case in rust-stdlib.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

put them around https://github.com/rust-lang/rust/blob/master/library/std/src/sys/pal/sgx/thread.rs#L43.

That is not right. That code is only run for additional threads besides the main thread. It should be somewhere in entry.

Is this todo still relevant?

Yes you still need to allocate memory for the thread allocator.


namespace snmalloc {
void register_clean_up() {
// TODO: not sure what this is supposed to do
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO

Copy link
Contributor

@nshyrei nshyrei May 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't found what register_clean_up is supposed to do exactly. The search in snmalloc repository gives me this https://github.com/search?q=repo%3Amicrosoft%2Fsnmalloc%20register_clean_up&type=code, where the first match looks like this

inline void register_clean_up()
 {
   error("Critical Error: This should never be called.");
 }

which matches the current change in the PR.
cc @raoulstrackx


static inline uint64_t get_entropy64() {
long long unsigned int result = 0;
while (_rdrand64_step(&result) != 1)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should probably be a bounded loop that aborts after some number of tries

#define SNMALLOC_SGX
#define SNMALLOC_USE_SMALL_CHUNKS
#define SNMALLOC_MEMORY_PROVIDER PALEdpSgx
#define OPEN_ENCLAVE
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this really needed?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps not, the impact in snmalloc/ds_core/mitigations.h should be investigated.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like these mitigations are applied only to checked builds i.e. when SNMALLOC_CHECK_CLIENT is set. So it is disabled by default.

#define SNMALLOC_MEMORY_PROVIDER PALEdpSgx
#define OPEN_ENCLAVE
// needed for openenclave header:
#define OE_OK 0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this really needed?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is needed if OPEN_ENCLAVE is defined.

run: |
git submodule update --init --recursive
detect_cxx_include_path() {
for path in $(clang++-12 -print-search-dirs|sed -n 's/^libraries:\s*=//p'|tr : ' '); do
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should use CXX_x86_64_fortanix_unknown_sgx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants