diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d9e63fc9..1d0c6656 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,7 +16,9 @@ env: CARGO_INCREMENTAL: 0 CARGO_NET_RETRY: 10 CFLAGS_x86_64_fortanix_unknown_sgx: "-isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening" + # CXXFLAGS is set below CC_x86_64_fortanix_unknown_sgx: clang-11 + CXX_x86_64_fortanix_unknown_sgx: clang++-11 jobs: test: @@ -48,7 +50,7 @@ jobs: rustup update - name: Cargo test --all --exclude sgxs-loaders - run: cargo test --verbose --locked --all --exclude sgxs-loaders --exclude async-usercalls && [ "$(echo $(nm -D target/debug/sgx-detect|grep __vdso_sgx_enter_enclave))" = "w __vdso_sgx_enter_enclave" ] + run: cargo test --verbose --locked --all --exclude sgxs-loaders --exclude async-usercalls --exclude snmalloc-edp && [ "$(echo $(nm -D target/debug/sgx-detect|grep __vdso_sgx_enter_enclave))" = "w __vdso_sgx_enter_enclave" ] - name: cargo test -p async-usercalls --target x86_64-fortanix-unknown-sgx --no-run run: cargo +nightly test --verbose --locked -p async-usercalls --target x86_64-fortanix-unknown-sgx --no-run @@ -96,6 +98,24 @@ jobs: - name: Build em-app, get-certificate for x86_64-fortanix-unknown-sgx run: cargo build --verbose --locked -p em-app -p get-certificate --target=x86_64-fortanix-unknown-sgx + - name: Build snmalloc-edp + run: | + git submodule update --init --recursive + detect_cxx_include_path() { + for path in $(clang++-12 -print-search-dirs|sed -n 's/^libraries:\s*=//p'|tr : ' '); do + num_component="$(basename "$path")" + if [[ "$num_component" =~ ^[0-9]+(\.[0-9]+)*$ ]]; then + if [[ "$(basename "$(dirname "$path")")" == 'x86_64-linux-gnu' ]]; then + echo $num_component + return + fi + fi + done + exit 1 + } + export CXXFLAGS_x86_64_fortanix_unknown_sgx="-cxx-isystem/usr/include/c++/$(detect_cxx_include_path) -cxx-isystem/usr/include/x86_64-linux-gnu/c++/$(detect_cxx_include_path) $CFLAGS_x86_64_fortanix_unknown_sgx" + cargo test --no-run --verbose --locked -p snmalloc-edp --target=x86_64-fortanix-unknown-sgx + - name: Generate API docs run: ./doc/generate-api-docs.sh diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..905063cd --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "snmalloc-edp/snmalloc"] + path = snmalloc-edp/snmalloc + url = https://github.com/microsoft/snmalloc diff --git a/Cargo.lock b/Cargo.lock index e33c816c..c4c3d4bf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -420,9 +420,9 @@ dependencies = [ [[package]] name = "cmake" -version = "0.1.44" +version = "0.1.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e56268c17a6248366d66d4a47a3381369d068cce8409bb1716ed77ea32163bb" +checksum = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130" dependencies = [ "cc", ] @@ -724,7 +724,7 @@ dependencies = [ "anyhow", "cargo_toml", "clap", - "elf", + "elf 0.0.10", "env_logger 0.9.0", "log 0.4.21", "nitro-cli", @@ -785,6 +785,12 @@ dependencies = [ "byteorder 0.5.3", ] +[[package]] +name = "elf" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4445909572dbd556c457c849c4ca58623d84b27c8fff1e74b0b4227d8b90d17b" + [[package]] name = "em-app" version = "0.4.0" @@ -3366,6 +3372,15 @@ version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1ecab6c735a6bb4139c0caafd0cc3635748bbb3acf4550e8138122099251f309" +[[package]] +name = "snmalloc-edp" +version = "0.1.0" +dependencies = [ + "cc", + "cmake", + "elf 0.7.4", +] + [[package]] name = "socket2" version = "0.4.2" diff --git a/Cargo.toml b/Cargo.toml index 069a108c..0d1e379f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -33,6 +33,7 @@ members = [ "intel-sgx/sgxs", "ipc-queue", "rs-libc", + "snmalloc-edp", ] exclude = [ "examples/backtrace_panic", diff --git a/intel-sgx/ias/src/api.rs b/intel-sgx/ias/src/api.rs index b1efc72b..debbd402 100644 --- a/intel-sgx/ias/src/api.rs +++ b/intel-sgx/ias/src/api.rs @@ -193,7 +193,7 @@ pub struct VerifiedSig {} impl VerificationType for VerifiedSig {} #[derive(Clone, Debug, Eq, PartialEq, Hash)] -pub(crate) struct Unverified {} +pub enum Unverified {} impl VerificationType for Unverified {} trait SafeToDeserializeInto {} diff --git a/snmalloc-edp/CMakeLists.txt b/snmalloc-edp/CMakeLists.txt new file mode 100644 index 00000000..b87eee49 --- /dev/null +++ b/snmalloc-edp/CMakeLists.txt @@ -0,0 +1,10 @@ +cmake_minimum_required(VERSION 3.14) +set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY) +project(snmalloc-edp CXX) +set(CMAKE_CXX_STANDARD 20) +set(CMAKE_CXX_STANDARD_REQUIRED True) +set(SNMALLOC_HEADER_ONLY_LIBRARY ON) +add_subdirectory(snmalloc EXCLUDE_FROM_ALL) +add_library(snmalloc-edp src/rust-sgx-snmalloc-shim.cpp) +target_link_libraries(snmalloc-edp PRIVATE snmalloc_lib) +target_compile_options(snmalloc-edp PRIVATE -nostdlib -ffreestanding -fno-exceptions -mrdrnd -fPIC) diff --git a/snmalloc-edp/Cargo.toml b/snmalloc-edp/Cargo.toml new file mode 100644 index 00000000..05bb72df --- /dev/null +++ b/snmalloc-edp/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "snmalloc-edp" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +build = "build.rs" + +[build-dependencies] +cc = "1.0.86" +cmake = "0.1.50" +elf = "0.7" diff --git a/snmalloc-edp/build.rs b/snmalloc-edp/build.rs new file mode 100644 index 00000000..6e891726 --- /dev/null +++ b/snmalloc-edp/build.rs @@ -0,0 +1,68 @@ +use std::fs::{DirEntry, File}; +use std::path::{Path, PathBuf}; + +fn files_in_dir(p: &Path) -> impl Iterator { + p.read_dir().unwrap().map(|e| e.unwrap()).filter(|e| e.file_type().unwrap().is_file()) +} + +fn main() { + let out_dir = PathBuf::from(std::env::var_os("OUT_DIR").unwrap()); + + // # Use CMake to build the shim + let mut dst = cmake::build("."); + dst.push("build"); + println!("cargo:rustc-link-search=native={}", dst.display()); + + // ideally, the cmake crate would have a way to output this + println!("cargo:rerun-if-changed=CMakeLists.txt"); + println!("cargo:rerun-if-changed=src/rust-sgx-snmalloc-shim.cpp"); + + // # Extract the static library archive into a temporary directory + let mut objs = out_dir.clone(); + objs.push("objs"); + std::fs::create_dir_all(&objs).unwrap(); + // clear existing files in the temp dir + for file in files_in_dir(&objs) { + std::fs::remove_file(file.path()).unwrap(); + } + + dst.push("libsnmalloc-edp.a"); + + let mut ar = cc::Build::new().get_archiver(); + ar.args(&["x", "--output"]); + ar.arg(&objs); + ar.arg(dst); + assert!(ar.status().unwrap().success()); + + // # Read the symbols from the shim ELF object + let f = files_in_dir(&objs).next().unwrap(); + let mut elf = elf::ElfStream::::open_stream(File::open(f.path()).unwrap()).unwrap(); + let (symtab, strtab) = elf.symbol_table().unwrap().unwrap(); + let mut sn_alloc_size = None; + let mut sn_alloc_align = None; + for sym in symtab { + match strtab.get(sym.st_name as _).unwrap() { + "sn_alloc_size" => assert!(sn_alloc_size.replace(sym).is_none()), + "sn_alloc_align" => assert!(sn_alloc_align.replace(sym).is_none()), + _ => {} + } + } + let sn_alloc_size = sn_alloc_size.expect("sn_alloc_size"); + let sn_alloc_align = sn_alloc_align.expect("sn_alloc_align"); + + let mut get_u64_at_symbol = |sym: elf::symbol::Symbol| { + assert_eq!(sym.st_size, 8); + let (data, _) = elf.section_data(&elf.section_headers()[sym.st_shndx as usize].clone()).unwrap(); + let data: &[u8; 8] = data.split_at(8).0.try_into().unwrap(); + u64::from_le_bytes(*data) + }; + + let sn_alloc_size = get_u64_at_symbol(sn_alloc_size); + let sn_alloc_align = get_u64_at_symbol(sn_alloc_align); + + // # Write the type + let contents = format!("#[repr(align({}), C)] pub struct Alloc {{ _0: [u8; {}] }}", sn_alloc_align, sn_alloc_size); + let mut alloc_type_rs = out_dir.clone(); + alloc_type_rs.push("alloc-type.rs"); + std::fs::write(alloc_type_rs, contents).unwrap(); +} diff --git a/snmalloc-edp/snmalloc b/snmalloc-edp/snmalloc new file mode 160000 index 00000000..dc126888 --- /dev/null +++ b/snmalloc-edp/snmalloc @@ -0,0 +1 @@ +Subproject commit dc1268886a5d49d38a54e5d1402b5924a71fee0b diff --git a/snmalloc-edp/src/lib.rs b/snmalloc-edp/src/lib.rs new file mode 100644 index 00000000..912a49cc --- /dev/null +++ b/snmalloc-edp/src/lib.rs @@ -0,0 +1,15 @@ +#![no_std] + +include!(concat!(env!("OUT_DIR"), "/alloc-type.rs")); + +#[link(name = "snmalloc-edp", kind = "static")] +extern { + pub fn sn_global_init(); + pub fn sn_thread_init(allocator: *mut Alloc); + pub fn sn_thread_cleanup(allocator: *mut Alloc); + + pub fn sn_rust_alloc(alignment: usize, size: usize) -> *mut u8; + pub fn sn_rust_alloc_zeroed(alignment: usize, size: usize) -> *mut u8; + pub fn sn_rust_dealloc(ptr: *mut u8, alignment: usize, size: usize); + pub fn sn_rust_realloc(ptr: *mut u8, alignment: usize, old_size: usize, new_size: usize) -> *mut u8; +} diff --git a/snmalloc-edp/src/rust-sgx-snmalloc-shim.cpp b/snmalloc-edp/src/rust-sgx-snmalloc-shim.cpp new file mode 100644 index 00000000..349c3371 --- /dev/null +++ b/snmalloc-edp/src/rust-sgx-snmalloc-shim.cpp @@ -0,0 +1,191 @@ +// Copyright (c) Microsoft Corporation. +// Copyright (c) Open Enclave SDK contributors. +// Copyright (c) 2020 SchrodingerZhu +// Copyright (c) Fortanix, Inc. +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE + +#include +#include + +/***************************************************/ +/*** Imported symbols needed by snmalloc SGX PAL ***/ +/***************************************************/ + +// from entry.S +extern "C" size_t get_tcs_addr(); + +// from Rust std +extern "C" void __rust_print_err(const char *m, size_t s); +extern "C" [[noreturn]] void __rust_abort(); + +/*******************************************************/ +/*** Standard C functions needed by snmalloc SGX PAL ***/ +/*******************************************************/ + +// definition needs to match GNU header +extern "C" [[noreturn]] void abort() __THROW { + __rust_abort(); +} + +// definition needs to match GNU header +extern "C" inline int * __attribute_const__ __errno_location (void) __THROW { + static int errno; + return &errno; +} + +extern "C" { + static size_t HEAP_BASE; + static size_t HEAP_SIZE; +}; + +/***********************************/ +/*** snmalloc SGX PAL definition ***/ +/***********************************/ + +#define SNMALLOC_PROVIDE_OWN_CONFIG +#define SNMALLOC_SGX +#define SNMALLOC_USE_SMALL_CHUNKS +#define SNMALLOC_MEMORY_PROVIDER PALEdpSgx +#define OPEN_ENCLAVE +// needed for openenclave header: +#define OE_OK 0 + +#include "../snmalloc/src/snmalloc/pal/pal_noalloc.h" + +namespace snmalloc { +void register_clean_up() { + // TODO: not sure what this is supposed to do + abort(); +} + +class EdpErrorHandler { + public: + static void print_stack_trace() {} + + [[noreturn]] static void error(const char *const str) { + __rust_print_err(str, strlen(str)); + abort(); + } + static constexpr size_t address_bits = Aal::address_bits; + static constexpr size_t page_size = Aal::smallest_page_size; +}; + +using EdpBasePAL = PALNoAlloc; + +class PALEdpSgx : public EdpBasePAL { + public: + const static size_t RAND_NUM_GEN_MAX_RETRIES = 64; + using ThreadIdentity = size_t; + static constexpr uint64_t pal_features = EdpBasePAL::pal_features | Entropy; + + template + static void zero(void *p, size_t size) noexcept { + memset(p, 0, size); + } + + static inline uint64_t get_entropy64() { + for (size_t retry_count = 0; retry_count < RAND_NUM_GEN_MAX_RETRIES; retry_count++) { + long long unsigned int result; + if (_rdrand64_step(&result) == 1) { + return result; + } + } + EdpErrorHandler::error("no entropy available"); + } + + static inline ThreadIdentity get_tid() noexcept { + return (size_t)get_tcs_addr(); + } +}; +} // namespace snmalloc + +/**************************************/ +/*** Instantiation of the allocator ***/ +/**************************************/ + +#include "../snmalloc/src/snmalloc/backend/fixedglobalconfig.h" +#include "../snmalloc/src/snmalloc/snmalloc_core.h" + +using namespace snmalloc; + +using Globals = FixedRangeConfig; +using Alloc = LocalAllocator; + +/// Do global initialization for snmalloc. Should be called exactly once prior +/// to any other snmalloc function calls. +// TODO: this function shouldn't need the addresses passed in, these can be +// obtained from the HEAP_* symbols +extern "C" void sn_global_init() { + Globals::init(nullptr, (void *)HEAP_BASE, HEAP_SIZE); +} + +/// Construct a thread-local allocator object in place +extern "C" void sn_thread_init(Alloc* allocator) { + new(allocator) Alloc(); + allocator->init(); +} + +/// Destruct a thread-local allocator object in place +extern "C" void sn_thread_cleanup(Alloc* allocator) { + allocator->teardown(); + allocator->~Alloc(); +} + +extern "C" size_t sn_alloc_size = sizeof(Alloc); +extern "C" size_t sn_alloc_align = alignof(Alloc); + +/// Return a pointer to a thread-local allocator object of size +/// `sn_alloc_size` and alignment `sn_alloc_align`. +extern "C" Alloc* __rust_get_thread_allocator(); + +/******************************************************/ +/*** Rust-compatible shims for the global allocator ***/ +/******************************************************/ + +extern "C" void *sn_rust_alloc(size_t alignment, size_t size) { + return __rust_get_thread_allocator()->alloc(aligned_size(alignment, size)); +} + +extern "C" void *sn_rust_alloc_zeroed(size_t alignment, size_t size) { + return __rust_get_thread_allocator()->alloc( + aligned_size(alignment, size)); +} + +extern "C" void sn_rust_dealloc(void *ptr, size_t alignment, size_t size) { + __rust_get_thread_allocator()->dealloc(ptr, aligned_size(alignment, size)); +} + +extern "C" void *sn_rust_realloc(void *ptr, size_t alignment, size_t old_size, + size_t new_size) { + size_t aligned_old_size = aligned_size(alignment, old_size), + aligned_new_size = aligned_size(alignment, new_size); + if (size_to_sizeclass_full(aligned_old_size).raw() == + size_to_sizeclass_full(aligned_new_size).raw()) + return ptr; + Alloc* allocator = __rust_get_thread_allocator(); + void *p = allocator->alloc(aligned_new_size); + if (p) { + std::memcpy(p, ptr, old_size < new_size ? old_size : new_size); + allocator->dealloc(ptr, aligned_old_size); + } + return p; +} diff --git a/snmalloc-edp/tests/global_alloc.rs b/snmalloc-edp/tests/global_alloc.rs new file mode 100644 index 00000000..03830442 --- /dev/null +++ b/snmalloc-edp/tests/global_alloc.rs @@ -0,0 +1,108 @@ +use std::{alloc::{self, GlobalAlloc}, cell::Cell, ptr}; + +use snmalloc_edp::*; + +thread_local! { + static THREAD_ALLOC: Cell<*mut Alloc> = const { Cell::new(ptr::null_mut()) }; +} + +#[no_mangle] +pub fn __rust_get_thread_allocator() -> *mut Alloc { + THREAD_ALLOC.get() +} + +struct System; + +unsafe impl alloc::GlobalAlloc for System { + #[inline] + unsafe fn alloc(&self, layout: alloc::Layout) -> *mut u8 { + // SAFETY: the caller must uphold the safety contract for `malloc` + sn_rust_alloc(layout.align(), layout.size()) + } + + #[inline] + unsafe fn alloc_zeroed(&self, layout: alloc::Layout) -> *mut u8 { + // SAFETY: the caller must uphold the safety contract for `malloc` + sn_rust_alloc_zeroed(layout.align(), layout.size()) + } + + #[inline] + unsafe fn dealloc(&self, ptr: *mut u8, layout: alloc::Layout) { + // SAFETY: the caller must uphold the safety contract for `malloc` + sn_rust_dealloc(ptr, layout.align(), layout.size()) + } + + #[inline] + unsafe fn realloc(&self, ptr: *mut u8, layout: alloc::Layout, new_size: usize) -> *mut u8 { + // SAFETY: the caller must uphold the safety contract for `malloc` + sn_rust_realloc(ptr, layout.align(), layout.size(), new_size) + } +} + +// SAFETY: this should only be called once per thread, and the global +// allocator shouldn't be used outside of this function +unsafe fn with_thread_allocator R, R>(f: F) -> R { + unsafe { + let mut allocator = std::mem::MaybeUninit::::uninit(); + sn_thread_init(allocator.as_mut_ptr()); + THREAD_ALLOC.set(allocator.as_mut_ptr()); + + let r = f(); + + THREAD_ALLOC.set(ptr::null_mut()); + sn_thread_cleanup(allocator.as_mut_ptr()); + + r + } +} + +#[test] +fn test() { + unsafe { + #[allow(dead_code)] + #[derive(Copy, Clone)] + #[repr(align(0x1000))] + struct Page([u8; 0x1000]); + + // allocate a dummy heap + let _heap = (*Box::into_raw(vec![Page([0; 4096]); 100].into_boxed_slice())).as_mut_ptr_range(); + + sn_global_init(); + } + + type AllocTestType = [u64; 20]; + + let barrier = std::sync::Barrier::new(2); + + std::thread::scope(|s| { + let (tx, rx) = std::sync::mpsc::sync_channel(0); + let barrier = &barrier; + s.spawn(move || { + unsafe { + with_thread_allocator(|| { + let p1 = System.alloc(alloc::Layout::new::()); + barrier.wait(); + let p2 = System.alloc(alloc::Layout::new::()); + tx.send((p1 as usize, p2 as usize)).unwrap(); + }) + }; + }); + + let (p1, p2) = unsafe { + with_thread_allocator(|| { + let p1 = System.alloc(alloc::Layout::new::()); + barrier.wait(); + let p2 = System.alloc(alloc::Layout::new::()); + (p1 as usize, p2 as usize) + }) + }; + let (p3, p4) = rx.recv().unwrap(); + assert_ne!(p1, p2); + assert_ne!(p1, p3); + assert_ne!(p1, p4); + assert_ne!(p2, p3); + assert_ne!(p2, p4); + assert_ne!(p3, p4); + }) + +}