release v0.4beta

Release of Graphene SGX:
Supporting native Linux application in Intel SGX enclaves.
Most applications are supported. Some features may still be buggy.

Improving portability of Graphene:
Eliminating GCC-ism of the host-generic code.
Easier to port to non-Posix platform (e.g., Windows without Cygwin).

Author: chiache

LibOS/.packed/glibc.sha384

@@ -1 +1 @@
-build/crt1.o build/crti.o build/crtn.o build/ld-linux-x86-64.so.2 build/libc.so.6 build/libdl.so.2 build/liblibos.so.1 build/libm.so.6 build/libpthread.so.0 build/libutil.so.1
+glibc-build/crt1.o glibc-build/crti.o glibc-build/crtn.o glibc-build/ld-linux-x86-64.so.2 glibc-build/libc.so.6 glibc-build/libdl.so.2 glibc-build/liblibos.so.1 glibc-build/libm.so.6 glibc-build/libpthread.so.0 glibc-build/libutil.so.1

LibOS/.packed/glibc.tar.gz

@@ -1,18 +1,16 @@
 SYS ?= $(shell gcc -dumpmachine)
 export SYS
 
+export DEBUG
+
 GLIBC_SRC = glibc-2.19
 SHIM_DIR = shim
-BUILD_DIR = build
+BUILD_DIR = glibc-build
 GLIBC_TARGET = $(addprefix $(BUILD_DIR)/,libc.so.6 ld-linux-x86-64.so.2 libpthread.so.0 libm.so.6 libdl.so.2 libutil.so.1 crt1.o crti.o crtn.o liblibos.so.1)
 
 all: $(GLIBC_TARGET)
 	$(MAKE) -C $(SHIM_DIR) all
 
-debug: DEBUG=debug
-debug: $(GLIBC_TARGET)
-	$(MAKE) -C $(SHIM_DIR) debug
-
 install:
 	[ -d ../Runtime ] || mkdir -p ../Runtime
 	[ -f ../Runtime/libsysdb.so ] || ln -sf ../LibOS/shim/src/libsysdb.so ../Runtime/libsysdb.so
@@ -23,7 +21,11 @@ $(GLIBC_TARGET): $(BUILD_DIR)/Makefile
 	cd $(BUILD_DIR) && $(MAKE)
 
 $(BUILD_DIR)/Makefile: $(GLIBC_SRC)/configure
-	./buildglibc.py --quiet $(DEBUG)
+ifeq ($(DEBUG),1)
+	./buildglibc.py --quiet --debug
+else
+	./buildglibc.py --quiet
+endif
 
 $(GLIBC_SRC)/configure:
 	[ -f $(GLIBC_SRC).tar.gz ] || \

LibOS/Makefile

@@ -27,7 +27,7 @@ def appendText(filename, text) :
 glibc = "glibc-2.19"
 glibcParent = "" # glibc parent directory
 glibcDir = ""    # glibc dir (ex. glibc-2.19)
-buildDir = "build"
+buildDir = "glibc-build"
 installDir = os.path.dirname(home) + '/Runtime/'
 do_install = False
 commandStr = ""
@@ -38,7 +38,7 @@ def appendText(filename, text) :
 for arg in sys.argv[1:]:
     if arg == '--quiet' or arg == '-q':
         quiet = True
-    if arg == 'debug':
+    if arg == '--debug':
         debug_flags = "-g"
     if arg == 'install':
         do_install = True

LibOS/buildglibc.py

@@ -1 +1 @@
-bookkeep/shim_handle.o bookkeep/shim_signal.o bookkeep/shim_thread.o bookkeep/shim_vma.o elf/shim_rtld.o fs/chroot/fs.o fs/dev/fs.o fs/pipe/fs.o fs/proc/fs.o fs/proc/info.o fs/proc/ipc-thread.o fs/proc/thread.o fs/shim_dcache.o fs/shim_fs_hash.o fs/shim_fs.o fs/shim_namei.o fs/socket/fs.o fs/str/fs.o ipc/shim_ipc_child.o ipc/shim_ipc_helper.o ipc/shim_ipc.o ipc/shim_ipc_pid.o ipc/shim_ipc_sysv.o libsysdb.a libsysdb_debug.so libsysdb.so shim_async.o shim_checkpoint.o shim_debug.o shim_init.o shim_malloc.o shim_parser.o shim_random.o shim_syscalls.o shim_table.o start.o syscallas.o sys/shim_access.o sys/shim_alarm.o sys/shim_benchmark.o sys/shim_brk.o sys/shim_clone.o sys/shim_dup.o sys/shim_epoll.o sys/shim_exec.o sys/shim_exit.o sys/shim_fcntl.o sys/shim_fork.o sys/shim_fs.o sys/shim_futex.o sys/shim_getcwd.o sys/shim_getpid.o sys/shim_getrlimit.o sys/shim_ioctl.o sys/shim_migrate.o sys/shim_mmap.o sys/shim_msgget.o sys/shim_open.o sys/shim_pipe.o sys/shim_poll.o sys/shim_sandbox.o sys/shim_sched.o sys/shim_semget.o sys/shim_sigaction.o sys/shim_sleep.o sys/shim_socket.o sys/shim_stat.o sys/shim_time.o sys/shim_uname.o sys/shim_vfork.o sys/shim_wait.o sys/shim_wrappers.o utils/md5.o utils/printf.o utils/strobjs.o 83034d6b1a614018afb9f84143540b32f186d868019d4d40844ef972deb7aaaf05ad2d81c9c35932d3dd98a37b75079f
+bookkeep/shim_handle.o bookkeep/shim_signal.o bookkeep/shim_thread.o bookkeep/shim_vma.o elf/shim_rtld.o fs/chroot/fs.o fs/dev/fs.o fs/pipe/fs.o fs/proc/fs.o fs/proc/info.o fs/proc/ipc-thread.o fs/proc/thread.o fs/shim_dcache.o fs/shim_fs_hash.o fs/shim_fs.o fs/shim_namei.o fs/socket/fs.o fs/str/fs.o ipc/shim_ipc_child.o ipc/shim_ipc_helper.o ipc/shim_ipc.o ipc/shim_ipc_pid.o ipc/shim_ipc_sysv.o libsysdb.a libsysdb_debug.so libsysdb.so shim_async.o shim_checkpoint.o shim_debug.o shim_init.o shim_malloc.o shim_parser.o shim_random.o shim_syscalls.o shim_table.o start.o syscallas.o sys/shim_access.o sys/shim_alarm.o sys/shim_benchmark.o sys/shim_brk.o sys/shim_clone.o sys/shim_dup.o sys/shim_epoll.o sys/shim_exec.o sys/shim_exit.o sys/shim_fcntl.o sys/shim_fork.o sys/shim_fs.o sys/shim_futex.o sys/shim_getcwd.o sys/shim_getpid.o sys/shim_getrlimit.o sys/shim_ioctl.o sys/shim_migrate.o sys/shim_mmap.o sys/shim_msgget.o sys/shim_open.o sys/shim_pipe.o sys/shim_poll.o sys/shim_sandbox.o sys/shim_sched.o sys/shim_semget.o sys/shim_sigaction.o sys/shim_sleep.o sys/shim_socket.o sys/shim_stat.o sys/shim_time.o sys/shim_uname.o sys/shim_vfork.o sys/shim_wait.o sys/shim_wrappers.o utils/md5.o utils/printf.o utils/strobjs.o 1e360b5c25155fe56c120120f88f25eec00ff96007893eceafd124a56de5e12dcf3e63852b58221cd289daf93e8d4cd3

LibOS/shim/src/.packed/shim.sha384

@@ -48,10 +48,11 @@ headers = ../include/*.h ../../../Pal/lib/*.h ../../../Pal/include/pal/*.h
 
 all: $(shim_target)
 
-debug: debug = debug
-debug: CC = gcc -gdwarf-2 -g3
-debug: CFLAGS += -DDEBUG
-debug: $(shim_target)
+ifeq ($(DEBUG),1)
+CC += -gdwarf-2 -g3
+CFLAGS += -DDEBUG
+endif
+export DEBUG
 
 ifeq ($(PROFILING), 1)
 CFLAGS += -DPROFILE

LibOS/shim/src/.packed/shim.tar.gz

@@ -306,8 +306,6 @@ static void quit_upcall (PAL_PTR event, PAL_NUM arg, PAL_CONTEXT * context)
     DkExceptionReturn(event);
 }
 
-bool ask_for_checkpoint = false;
-
 static void suspend_upcall (PAL_PTR event, PAL_NUM arg, PAL_CONTEXT * context)
 {
     if (IS_INTERNAL_TID(get_cur_tid()))

LibOS/shim/src/Makefile

@@ -1167,8 +1167,8 @@ BEGIN_RS_FUNC(vma)
 
     unlock(vma_list_lock);
 
-    debug ("vma: %p-%p flags %x prot %p\n", vma->addr, vma->addr +
-           vma->length, vma->flags, vma->prot);
+    debug("vma: %p-%p flags %x prot %p\n", vma->addr, vma->addr + vma->length,
+          vma->flags, vma->prot);
 
     if (!(vma->flags & VMA_UNMAPPED)) {
         if (vma->file) {

LibOS/shim/src/bookkeep/shim_signal.c

@@ -67,11 +67,12 @@ static int chroot_mount (const char * uri, const char * root,
 {
     enum shim_file_type type;
 
-    if (!memcmp(uri, "file:", 5)) {
+    if (strpartcmp_static(uri, "file:")) {
         type = FILE_UNKNOWN;
         uri += 5;
-    } else if (!memcmp(uri, "dev:", 4)) {
-        type = memcmp(uri + 4, "tty", 3) ? FILE_DEV : FILE_TTY;
+    } else if (strpartcmp_static(uri, "dev:")) {
+        type = strpartcmp_static(uri + static_strlen("dev"), "tty") ?
+               FILE_DEV : FILE_TTY;
         uri += 4;
     } else
         return -EINVAL;
@@ -104,48 +105,42 @@ static inline int concat_uri (char * buffer, int size, int type,
                               const char * root, int root_len,
                               const char * trim, int trim_len)
 {
-    int len = 0;
+    char * tmp = NULL;
 
     switch (type) {
         case FILE_UNKNOWN:
         case FILE_REGULAR:
-            if (size < 7 + root_len + trim_len)
-                return -ENAMETOOLONG;
-            memcpy(buffer, "file:", 6);
-            len += 5;
+            tmp = strcpy_static(buffer, "file:", size);
             break;
 
         case FILE_DIR:
-            if (size < 6 + root_len + trim_len)
-                return -ENAMETOOLONG;
-            memcpy(buffer, "dir:", 5);
-            len += 4;
+            tmp = strcpy_static(buffer, "dir:", size);
             break;
 
         case FILE_DEV:
         case FILE_TTY:
-            if (size < 6 + root_len + trim_len)
-                return -ENAMETOOLONG;
-            memcpy(buffer, "dev:", 5);
-            len += 4;
+            tmp = strcpy_static(buffer, "dev:", size);
             break;
 
         default:
             return -EINVAL;
     }
 
+    if (!tmp || tmp + root_len + trim_len + 2 > buffer + size)
+        return -ENAMETOOLONG;
+
     if (root_len) {
-        memcpy(buffer + len, root, root_len + 1);
-        len += root_len;
+        memcpy(tmp, root, root_len + 1);
+        tmp += root_len;
     }
 
     if (trim_len) {
-        buffer[len++] = '/';
-        memcpy(buffer + len, trim, trim_len + 1);
-        len += trim_len;
+        *(tmp++) = '/';
+        memcpy(tmp, trim, trim_len + 1);
+        tmp += trim_len;
     }
 
-    return len;
+    return tmp - buffer;
 }
 
 /* simply just create data, sometimes it is individually called when the
@@ -672,7 +667,7 @@ static int map_write (struct shim_handle * hdl, const void * buf,
     if (file->marker + count > file->size) {
         file->size = file->marker + count;
 
-        ret = DkStreamWrite(hdl->pal_handle, file->marker, count, buf, NULL);
+        ret = DkStreamWrite(hdl->pal_handle, file->marker, count, (void *) buf, NULL);
 
         if (!ret) {
             ret = -PAL_ERRNO;
@@ -771,7 +766,7 @@ static int chroot_write (struct shim_handle * hdl, const void * buf,
         lock(hdl->lock);
     }
 
-    ret = DkStreamWrite(hdl->pal_handle, file->marker, count, buf, NULL) ? :
+    ret = DkStreamWrite(hdl->pal_handle, file->marker, count, (void *) buf, NULL) ? :
           -PAL_ERRNO;
 
     if (ret > 0)
@@ -905,7 +900,7 @@ static int chroot_readdir (struct shim_dentry * dent,
 
     chroot_update_ino(dent);
 
-    assert(!memcmp(qstrgetstr(&data->host_uri), "dir:", 4));
+    assert(strpartcmp_static(qstrgetstr(&data->host_uri), "dir:"));
 
     PAL_HANDLE pal_hdl = DkStreamOpen(qstrgetstr(&data->host_uri),
                                       PAL_ACCESS_RDONLY, 0, 0, 0);