Implement enclave memory management #436
Conversation
sgx_trts/src/sync/remutex.rs
Outdated
| use core::sync::atomic::{AtomicBool, AtomicUsize, Ordering}; | ||
| use sgx_types::marker::ContiguousMemory; | ||
|
|
||
| pub struct ReentrantMutex<T: ?Sized> { |
There was a problem hiding this comment.
Suggest name change to SpinReentrantMutex
sgx_trts/src/sync/remutex.rs
Outdated
| } | ||
| } | ||
|
|
||
| pub struct ReentrantMutexGuard<'a, T: 'a + ?Sized> { |
There was a problem hiding this comment.
pub struct SpinReentrantMutexGuard<'a, T: 'a + ?Sized> {
lock: &'a SpinReentrantMutex<T>,
}
sgx_trts/src/sync/remutex.rs
Outdated
| } | ||
|
|
||
| #[inline] | ||
| fn acquire_lock(&self) { |
There was a problem hiding this comment.
fn acquire_lock(&self) {
while self
.lock
.compare_exchange_weak(false, true, Ordering::Acquire, Ordering::Relaxed)
.is_err()
{
while self.is_locked() {
spin_loop();
}
}
}
ClawSeven
force-pushed
the
emm-dev
branch
4 times, most recently
from
e9588a9
to
60caea5
Compare
ClawSeven
force-pushed
the
emm-dev
branch
2 times, most recently
from
059718f
to
c88e2bb
Compare
sgx_trts/src/emm/page.rs
Outdated
| use sgx_types::marker::ContiguousMemory; | ||
|
|
||
| bitflags! { |
There was a problem hiding this comment.
Please use impl_bitflags! instead of bitflags!.
sgx_trts/src/emm/init.rs
Outdated
| if #[cfg(not(any(feature = "sim", feature = "hyper")))] { | ||
| pub use hw::*; | ||
| } else { | ||
| pub use sw::*; |
| // Free block for allocating memory with exact size | ||
| #[repr(C)] | ||
| #[derive(Debug)] | ||
| struct BlockFree { |
There was a problem hiding this comment.
struct Payload {
ptr: Option<NonNull<u8>>,
}
union BlockPtr {
link: Link,
payload: Payload,
}
struct Block {
size: usize,
ptr: BlockPtr
}
There was a problem hiding this comment.
Here we use From trait to refactor code.
| } | ||
|
|
||
| let mut cursor_next = cursor.peek_next(); | ||
| while !cursor_next.is_null() { |
There was a problem hiding this comment.
Why do we need to traverse the linked list twice?
sgx_trts/src/emm/alloc.rs
Outdated
| for block in &mut exact_blocks { | ||
| block.write(SinglyLinkedList::new(BlockFreeAda::new())); | ||
| } | ||
| unsafe { transmute(exact_blocks) } |
There was a problem hiding this comment.
unsafe { MaybeUninit::array_assume_init(exact_blocks)}
sgx_trts/src/emm/bitmap.rs
Outdated
| }; | ||
| } | ||
|
|
||
| #[repr(C)] |
|
|
||
| #[repr(C)] | ||
| #[derive(Debug)] | ||
| pub struct BitArray { |
There was a problem hiding this comment.
pub struct BitArray<'a> {
bits: usize,
data: Box<[u8], &'a dyn Allocator>,
}
There was a problem hiding this comment.
Excellent! I wasn't previously aware of the unsafe impl<A> Allocator for &A implementation.
sgx_trts/src/emm/ema.rs
Outdated
| impl Ema { | ||
| /// Initialize Emanode with null eaccept map, | ||
| /// and start address must be page aligned | ||
| pub fn new( |
There was a problem hiding this comment.
Initially, I contemplated utilizing the Clone trait, but upon deeper analysis, I've come to realize that its semantics diverge from our implementation. The inherent implication of the default Clone is that it performs a "field-by-field clone using the default allocator." In contrast, within the context of our split() function, our objective is to "clone all fields, excluding the bitmap, utilizing the inner allocator." This distinction in behavior necessitates a more tailored approach to suit our specific cloning needs.
There was a problem hiding this comment.
If we were to implement the Clone trait according to our specific semantics, there's a heightened risk that developers might inadvertently misuse the clone() method.
sgx_trts/src/emm/ema.rs
Outdated
| } | ||
| } | ||
|
|
||
| pub fn new_options(options: &EmaOptions) -> OsResult<Self> { |
There was a problem hiding this comment.
new_options rename to new
| /// Split current bit array at specified position, return a new allocated bit array | ||
| /// corresponding to the bits at the range of [pos, end). | ||
| /// And the current bit array manages the bits at the range of [0, pos). | ||
| pub fn split(&mut self, pos: usize) -> OsResult<BitArray> { |
There was a problem hiding this comment.
There is a waste of memory
There was a problem hiding this comment.
Yes, it is a temporary but convenient solution.
|
@ClawSeven
|
Is upgrading Intel SGX SDK to 2.21 to enable EDMM? |
Thanks a lot for your reply, we are using SGX2 on 3rd Gen Xeon Scalable Processor with MKTME, and we will need large dynamic heap allocations. We are now using v1.1.6 with Intel SGX SDK 2.21. We are trying to upgrade to v2.0.0 with support to the later Rust toolchain. |
The second issue has an easy fix, essentially, all problems are due to the alignment checks in dereference of raw pointers. We just need to use I also fixed the first issue. |
|
@yangfh2004 , Hi, thanks for your two issue.
|
|
@yangfh2004 Btw, I have tested the |
|
@ClawSeven Hi, our team is using your emm branch, which works OK. But we want to request some supports to the simulation mode (SW mode) so that we can build and run our enclave without sgx drivers. Do you have a chance to add SW supports to your branch? Thanks |
|
@yangfh2004 Hello, I'm pleased to know that the EDMM feature has been integrated into your project. Unfortunately, the simulation mode (SW mode) for EDMM is not on our current roadmap, primarily because Intel does not offer support for EDMM in SW mode, and I am currently at full capacity, preventing me from undertaking the implementation of this feature. However, conceptually speaking, I believe the SW mode could be relatively straightforward to implement using system calls like mmap and munmap. |
No description provided.