From 62217e095bd1a2b7b6006ea59e4e8957163dad99 Mon Sep 17 00:00:00 2001 From: "jack.wxz" Date: Wed, 3 Jun 2020 07:51:12 +0000 Subject: [PATCH] rune/libenclave: Use unified pal api interface Use unified API symbols starting with 'pal_'. Signed-off-by: jack.wxz Signed-off-by: Tianjia Zhang --- rune/libcontainer/nsenter/loader.c | 39 ++++--------------- rune/libcontainer/nsenter/loader.go | 4 +- .../internal/runtime/enclave_runtime.go | 14 +++---- .../internal/runtime/pal/api_linux.go | 7 +++- rune/libenclave/internal/runtime/pal/pal.go | 1 - .../internal/runtime/pal/pal_linux.go | 22 ----------- 6 files changed, 21 insertions(+), 66 deletions(-) diff --git a/rune/libcontainer/nsenter/loader.c b/rune/libcontainer/nsenter/loader.c index ec97ff2..147670c 100644 --- a/rune/libcontainer/nsenter/loader.c +++ b/rune/libcontainer/nsenter/loader.c @@ -28,16 +28,14 @@ struct pal_stdio_fds { int stdin, stdout, stderr; }; -int *pal_version; + +int (*fptr_pal_get_version)(void); int (*fptr_pal_init)(const struct pal_attr_t *attr); int (*fptr_pal_exec)(const char *path, const char * const argv[], const struct pal_stdio_fds *stdio, int *exit_code); int (*fptr_pal_kill)(int sig, int pid); int (*fptr_pal_destroy)(void); -#define PAL_SO_PREFIX "liberpal-" -#define PAL_SO_SUFFIX ".so" - int is_enclave(void) { const char *env; @@ -49,8 +47,7 @@ int is_enclave(void) int load_enclave_runtime(void) { - const char *file, *basename, *suffix, *name; - int namelen; + const char *file; const char *rootfs; void *dl; @@ -61,24 +58,6 @@ int load_enclave_runtime(void) } write_log(DEBUG, "_LIBCONTAINER_PAL_PATH = %s", file); - /* fetch basename */ - basename = strrchr(file, '/'); - if (basename) - basename += 1; /* skip '/' */ - else - basename = file; - - /* check prefix and suffix */ - if (strncmp(basename, PAL_SO_PREFIX, sizeof(PAL_SO_PREFIX) - 1) != 0) - return -ESRCH; - suffix = basename + strlen(basename) - sizeof(PAL_SO_SUFFIX) + 1; - if (strncmp(suffix, PAL_SO_SUFFIX, sizeof(PAL_SO_SUFFIX) - 1) != 0) - return -ESRCH; - - /* pal name */ - name = basename + sizeof(PAL_SO_PREFIX) - 1; - namelen = strlen(name) - sizeof(PAL_SO_SUFFIX) + 1; - /* dlopen */ rootfs = getenv("_LIBCONTAINER_PAL_ROOTFS"); if (rootfs && *rootfs != '\0') { @@ -86,7 +65,7 @@ int load_enclave_runtime(void) char ldpath[BUFSIZ]; const char *env_ldpath; - if (basename == file) { + if (*file != '/') { write_log(DEBUG, "_LIBCONTAINER_PAL_PATH must be a absolute path"); return -ENOSPC; } @@ -116,17 +95,13 @@ int load_enclave_runtime(void) return -ENOEXEC; } - pal_version = dlsym(dl, "pal_version"); - write_log(DEBUG, "dlsym(%s) = %p", "pal_version", pal_version); - #define DLSYM(fn) \ do { \ - char fname[64]; \ - snprintf(fname, sizeof(fname), "%.*s_pal_%s", namelen, name, #fn); \ - fptr_pal_ ## fn = dlsym(dl, fname); \ - write_log(DEBUG, "dlsym(%s) = %p", fname, fptr_pal_ ## fn); \ + fptr_pal_ ## fn = dlsym(dl, "pal_" #fn); \ + write_log(DEBUG, "dlsym(%s) = %p", "pal_" #fn, fptr_pal_ ## fn); \ } while (0) + DLSYM(get_version); DLSYM(init); DLSYM(exec); DLSYM(kill); diff --git a/rune/libcontainer/nsenter/loader.go b/rune/libcontainer/nsenter/loader.go index a9fbf7c..6d3c2ca 100644 --- a/rune/libcontainer/nsenter/loader.go +++ b/rune/libcontainer/nsenter/loader.go @@ -17,7 +17,7 @@ struct pal_stdio_fds { int stdin, stdout, stderr; }; -extern int *pal_version; +extern int (*fptr_pal_get_version)(void); extern int (*fptr_pal_init)(const struct pal_attr_t *attr); extern int (*fptr_pal_exec)(const char *path, const char * const argv[], const struct pal_stdio_fds *stdio, int *exit_code); @@ -31,7 +31,7 @@ import ( ) func SymAddrPalVersion() unsafe.Pointer { - return unsafe.Pointer(C.pal_version) + return unsafe.Pointer(C.fptr_pal_get_version) } func SymAddrPalInit() unsafe.Pointer { diff --git a/rune/libenclave/internal/runtime/enclave_runtime.go b/rune/libenclave/internal/runtime/enclave_runtime.go index 68ea84a..c106a1d 100644 --- a/rune/libenclave/internal/runtime/enclave_runtime.go +++ b/rune/libenclave/internal/runtime/enclave_runtime.go @@ -10,7 +10,6 @@ import ( ) type EnclaveRuntime interface { - Name() string Load(path string) error Init(args string, logLevel string) error Attest() error @@ -43,9 +42,8 @@ func StartInitialization(config *configs.InitEnclaveConfig, logLevel string) (*E if err != nil { return nil, err } - name := runtime.Name() - logrus.Infof("Initializing enclave runtime %s", name) + logrus.Infof("Initializing enclave runtime") err = runtime.Init(config.Args, logLevel) if err != nil { return nil, err @@ -58,13 +56,13 @@ func StartInitialization(config *configs.InitEnclaveConfig, logLevel string) (*E } func (rt *EnclaveRuntimeWrapper) LaunchAttestation() error { - logrus.Debugf("attesting enclave runtime %s", rt.runtime.Name()) + logrus.Debugf("attesting enclave runtime") return rt.runtime.Attest() } func (rt *EnclaveRuntimeWrapper) ExecutePayload(cmd []string, envp []string, stdio [3]*os.File) (int32, error) { - logrus.Debugf("enclave runtime %s executing payload with commandline %s", rt.runtime.Name(), cmd) + logrus.Debugf("enclave runtime %s executing payload with commandline", cmd) // The executable may not exist in container at all according // to the design of enclave runtime, such as Occlum, which uses @@ -78,16 +76,16 @@ func (rt *EnclaveRuntimeWrapper) ExecutePayload(cmd []string, envp []string, std func (rt *EnclaveRuntimeWrapper) KillPayload(sig int, pid int) error { if pid != -1 { - logrus.Debugf("enclave runtime %s killing payload %d with signal %d", rt.runtime.Name(), pid, sig) + logrus.Debugf("enclave runtime killing payload %d with signal %d", pid, sig) } else { - logrus.Debugf("enclave runtime %s killing all payloads with signal %d", rt.runtime.Name(), sig) + logrus.Debugf("enclave runtime killing all payloads with signal %d", sig) } return rt.runtime.Kill(sig, pid) } func (rt *EnclaveRuntimeWrapper) DestroyInstance() error { - logrus.Debugf("Destroying enclave runtime %s", rt.runtime.Name()) + logrus.Debugf("Destroying enclave runtime") return rt.runtime.Destroy() } diff --git a/rune/libenclave/internal/runtime/pal/api_linux.go b/rune/libenclave/internal/runtime/pal/api_linux.go index 648b5c3..aaf6ccb 100644 --- a/rune/libenclave/internal/runtime/pal/api_linux.go +++ b/rune/libenclave/internal/runtime/pal/api_linux.go @@ -3,6 +3,11 @@ package enclave_runtime_pal // import "github.com/opencontainers/runc/libenclave /* #include +static int palGetVersion(void *sym) +{ + return ((int (*)(void))sym)(); +} + static int palInitV1(void *sym, const char *args, const char *log_level) { typedef struct { @@ -65,7 +70,7 @@ func (pal *enclaveRuntimePalApiV1) get_version() uint32 { logrus.Debugf("pal get_version() called") sym := nsenter.SymAddrPalVersion() if sym != nil { - return *(*uint32)(sym) + return uint32(C.palGetVersion(sym)) } else { return palApiVersion } diff --git a/rune/libenclave/internal/runtime/pal/pal.go b/rune/libenclave/internal/runtime/pal/pal.go index a52e9cc..0e90cd7 100644 --- a/rune/libenclave/internal/runtime/pal/pal.go +++ b/rune/libenclave/internal/runtime/pal/pal.go @@ -5,7 +5,6 @@ import ( ) type enclaveRuntimePal struct { - name string version uint32 } diff --git a/rune/libenclave/internal/runtime/pal/pal_linux.go b/rune/libenclave/internal/runtime/pal/pal_linux.go index bc159f5..8bb3a4d 100644 --- a/rune/libenclave/internal/runtime/pal/pal_linux.go +++ b/rune/libenclave/internal/runtime/pal/pal_linux.go @@ -3,27 +3,9 @@ package enclave_runtime_pal // import "github.com/opencontainers/runc/libenclave import ( "fmt" "os" - "path" - "strings" -) - -const ( - palPrefix = "liberpal-" - palSuffix = ".so" ) func (pal *enclaveRuntimePal) Load(palPath string) (err error) { - bp := path.Base(palPath) - if !strings.HasPrefix(bp, palPrefix) { - return fmt.Errorf("not found pal prefix pattern in pal %s\n", palPath) - } - if !strings.HasSuffix(bp, palSuffix) { - return fmt.Errorf("not found pal suffix pattern in pal %s\n", palPath) - } - palName := strings.TrimSuffix(strings.TrimPrefix(bp, palPrefix), palSuffix) - - pal.name = palName - if err = pal.getPalApiVersion(); err != nil { return err } @@ -40,10 +22,6 @@ func (pal *enclaveRuntimePal) getPalApiVersion() error { return nil } -func (pal *enclaveRuntimePal) Name() string { - return fmt.Sprintf("%s (API version %d)", pal.name, pal.version) -} - func (pal *enclaveRuntimePal) Init(args string, logLevel string) error { api := &enclaveRuntimePalApiV1{} return api.init(args, logLevel) -- GitLab