Skip to content

sgx: resurrect and bring module structure on par with wamr #876

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
csegarragonz merged 38 commits into from
Sep 6, 2024
Merged

sgx: resurrect and bring module structure on par with wamr #876

csegarragonz merged 38 commits into from
Sep 6, 2024

Conversation

@csegarragonz
Copy link
Collaborator

@csegarragonz csegarragonz commented Aug 1, 2024
edited
Loading

This PR introduces one notable change, and works around two delicate subtleties.

First, we restrict the use of WAMR + SGX to SGX v2 only. This is to ensure we can use SGX's dynamic memory management features. This means that, to run in HW mode, we need:

  • An Intel IceLake server (or greater)
  • A host kernel > 6.0 (EDMM was upstreamed with the in-kernel SGX driver then).

Second, this PR addresses two gritty issues that arise when transferring a lot of data in-out of the enclave.

  1. Transferring via an [out] buffer in an OCall is limited to the size of the untrusted app's stack, so we must, sometimes, use an [in] buffer in an ECall, as these use the heap of the enclave (which can now grow dynamically with EDMM).
  2. Transferring big data in, usually involves malloc-ing data inside the WASM module (via wasm_runtime_module_malloc in WAMR), which in turn can call the memory.grow opcode, which may invalidate native pointers to WASM offsets. We must be careful with that.

closes #681

@csegarragonz csegarragonz marked this pull request as draft August 1, 2024 17:26
@csegarragonz csegarragonz marked this pull request as ready for review August 21, 2024 11:56
@csegarragonz csegarragonz force-pushed the sgx-fixes branch 3 times, most recently from 8c84955 to f73cce0 Compare August 21, 2024 16:22
@csegarragonz
sgx: resurrect and bring module structure on par with wamr
3eacd65
@csegarragonz
gha: run tests on sgx hw mode
f638e9a
@csegarragonz
gha: more fixes to sgx-hw
7690ed4
@csegarragonz
sgx: word-count/driver working
d5dba35
@csegarragonz
sgx: add s3 support
964bb66
@csegarragonz
sgx: better management of enclaves
223ce28
@csegarragonz
more wip
4562e18
@csegarragonz
mman: single-threaded memory-management for enclave
62b0dc1
@csegarragonz
enclave: use min/max sizes not init
c77edad
@csegarragonz
nit: run clang format
38a149b
@csegarragonz
sgx: fix execution in hw mode, restrict to sgx v2 only
8b925b1
@csegarragonz
wamr: bump commit tag to include fixes to use edmm
4951305
@csegarragonz
nits: run clang-format
9520439
@csegarragonz
tests: fix failing tests
dd2cdd1
@csegarragonz
gha: update sgx_hw file
7088844
@csegarragonz
gha: more sgx-hw fixes
8105815
@csegarragonz
gha: more sgx-hw fixes
0c91811
@csegarragonz
sgx: wip to fix stack overrun in ocalls
5ccbae7
@csegarragonz
sgx: fix ecall/ocall with large buffers and memory invalidation
fea71f7
@csegarragonz
milestone: word-count working for few files
13b2b97
@csegarragonz
milestone: word-count working with all the files
74e2329
@csegarragonz
nits: run clang format
3058350
@csegarragonz
wamr: add comment right by malloc
f907f6e
@csegarragonz
docs(sgx): update
91baf56
@csegarragonz csegarragonz merged commit 6cfd4e0 into main Sep 6, 2024
@csegarragonz csegarragonz deleted the sgx-fixes branch September 6, 2024 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@csegarragonz