sgx: resurrect and bring module structure on par with wamr #876

csegarragonz · 2024-08-01T09:45:24Z

This PR introduces one notable change, and works around two delicate subtleties.

First, we restrict the use of WAMR + SGX to SGX v2 only. This is to ensure we can use SGX's dynamic memory management features. This means that, to run in HW mode, we need:

An Intel IceLake server (or greater)
A host kernel > 6.0 (EDMM was upstreamed with the in-kernel SGX driver then).

Second, this PR addresses two gritty issues that arise when transferring a lot of data in-out of the enclave.

Transferring via an [out] buffer in an OCall is limited to the size of the untrusted app's stack, so we must, sometimes, use an [in] buffer in an ECall, as these use the heap of the enclave (which can now grow dynamically with EDMM).
Transferring big data in, usually involves malloc-ing data inside the WASM module (via wasm_runtime_module_malloc in WAMR), which in turn can call the memory.grow opcode, which may invalidate native pointers to WASM offsets. We must be careful with that.

closes #681

csegarragonz marked this pull request as draft August 1, 2024 17:26

csegarragonz marked this pull request as ready for review August 21, 2024 11:56

csegarragonz force-pushed the sgx-fixes branch 3 times, most recently from 8c84955 to f73cce0 Compare August 21, 2024 16:22

csegarragonz force-pushed the sgx-fixes branch from 2840649 to 89134bd Compare September 4, 2024 17:02

csegarragonz added 24 commits September 5, 2024 09:03

sgx: resurrect and bring module structure on par with wamr

3eacd65

gha: run tests on sgx hw mode

f638e9a

gha: more fixes to sgx-hw

7690ed4

sgx: word-count/driver working

d5dba35

sgx: add s3 support

964bb66

sgx: better management of enclaves

223ce28

more wip

4562e18

mman: single-threaded memory-management for enclave

62b0dc1

enclave: use min/max sizes not init

c77edad

nit: run clang format

38a149b

sgx: fix execution in hw mode, restrict to sgx v2 only

8b925b1

wamr: bump commit tag to include fixes to use edmm

4951305

nits: run clang-format

9520439

tests: fix failing tests

dd2cdd1

gha: update sgx_hw file

7088844

gha: more sgx-hw fixes

8105815

gha: more sgx-hw fixes

0c91811

sgx: wip to fix stack overrun in ocalls

5ccbae7

sgx: fix ecall/ocall with large buffers and memory invalidation

fea71f7

milestone: word-count working for few files

13b2b97

milestone: word-count working with all the files

74e2329

nits: run clang format

3058350

wamr: add comment right by malloc

f907f6e

docs(sgx): update

91baf56

csegarragonz added 6 commits September 5, 2024 09:03

sgx: update

070da07

gha: more fixes

f02778b

gha: add --env flag for sgx-hw

1f02474

gha(sgx): dry-run working locally

a2928ec

tests: silent very long comparisons

b2f67ec

gha(sgx): add newline escapes

302db94

csegarragonz force-pushed the sgx-fixes branch from a810bfa to 302db94 Compare September 5, 2024 09:03

csegarragonz added 5 commits September 5, 2024 09:55

tests: fix unused variable

7313977

gha(sgx): bump faasmctl version

8c4032c

nits: self-review

c66846b

sgx: fix tests for simulation mode

047e0fb

cpp: fix s3 printing error

2cb0528

csegarragonz force-pushed the sgx-fixes branch from 004e98b to 2cb0528 Compare September 5, 2024 16:06

tests: relax the size of the key

14308af

csegarragonz force-pushed the sgx-fixes branch from 1b12dc8 to 14308af Compare September 6, 2024 07:30

csegarragonz added 2 commits September 6, 2024 11:06

gha: skip test and add timeout

1e9e43e

nits: fixes after merge to main

38f9014

csegarragonz merged commit 6cfd4e0 into main Sep 6, 2024
21 checks passed

csegarragonz deleted the sgx-fixes branch September 6, 2024 13:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

sgx: resurrect and bring module structure on par with wamr #876

sgx: resurrect and bring module structure on par with wamr #876

sgx: resurrect and bring module structure on par with wamr #876

sgx: resurrect and bring module structure on par with wamr #876

Conversation