Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove redundant sgx.nonpie_binary manifest option #1187

Merged
merged 1 commit into from
Feb 27, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion CI-Examples/bash/manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ fs.mounts = [

sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.nonpie_binary = true
sgx.enclave_size = "512M"
sgx.max_threads = 4

Expand Down
1 change: 0 additions & 1 deletion CI-Examples/blender/blender.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ fs.mounts = [

sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.nonpie_binary = true
sys.stack.size = "8M"
sgx.enclave_size = "2048M"
sgx.max_threads = 64
Expand Down
1 change: 0 additions & 1 deletion CI-Examples/helloworld/helloworld.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ fs.mounts = [

sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.nonpie_binary = true

sgx.trusted_files = [
"file:{{ gramine.libos }}",
Expand Down
1 change: 0 additions & 1 deletion CI-Examples/lighttpd/lighttpd.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ fs.mounts = [

sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.nonpie_binary = true
sgx.enclave_size = "256M"
sgx.max_threads = 3

Expand Down
1 change: 0 additions & 1 deletion CI-Examples/memcached/memcached.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ fs.mounts = [

sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.nonpie_binary = true
sgx.max_threads = 16

# Memcached does not fail explicitly when enclave memory is exhausted. Instead, Memcached goes into
Expand Down
1 change: 0 additions & 1 deletion CI-Examples/nginx/nginx.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ fs.mounts = [

sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.nonpie_binary = true
sgx.enclave_size = "512M"
sgx.max_threads = 4

Expand Down
1 change: 0 additions & 1 deletion CI-Examples/python/python.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ sys.enable_extra_runtime_domain_names_conf = true

sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.nonpie_binary = true
sgx.enclave_size = "1G"
sgx.max_threads = 32

Expand Down
9 changes: 0 additions & 9 deletions CI-Examples/redis/redis-server.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -87,15 +87,6 @@ sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
# specifying '8' allows to run a maximum of 6 Redis threads which is enough.
sgx.max_threads = 8

# Redis executable is typically a PIE (Position Independent Executable) on most
# modern OS distros (e.g., Ubuntu 18.04). However, on some OS distros (notably,
# CentOS), Redis executable is built as non-PIE. We mark Redis as a non-PIE
# binary unconditionally -- this makes it work on CentOS and doesn't hurt on
# Ubuntu. (Note that non-SGX Gramine correctly distinguishes between PIE and
# non-PIE binaries, but for SGX we need to prearrange enclave memory layout,
# hence the below option.)
sgx.nonpie_binary = true

############################# SGX: TRUSTED FILES ###############################

# Specify all files used by Redis and its dependencies (including all libraries
Expand Down
1 change: 0 additions & 1 deletion CI-Examples/rust/rust-hyper-http-server.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ fs.mounts = [

sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.nonpie_binary = true

sgx.trusted_files = [
"file:{{ gramine.libos }}",
Expand Down
12 changes: 5 additions & 7 deletions Documentation/devel/onboarding.rst
Original file line number Diff line number Diff line change
Expand Up @@ -261,13 +261,11 @@ fine on native Linux but fails under Gramine::
Try to identify the system call in Gramine that goes wrong (e.g., returns
an error code whereas it was supposed to finish successfully).

- Analyze the manifest file carefully. If at least one of the binaries
spawned during app execution is non-PIE, then set ``sgx.nonpie_binary =
true``. If you suspect problems with environment variables, see if it works
with ``loader.insecure__use_host_env = true``. If you observe that memory
addresses change constantly and hinder your debugging, set
``loader.insecure__disable_aslr = true``. But don't use the last two
options in production; use them only for debugging and analysis!
- Analyze the manifest file carefully. If you suspect problems with
environment variables, see if it works with ``loader.insecure__use_host_env
= true``. If you observe that memory addresses change constantly and hinder
your debugging, set ``loader.insecure__disable_aslr = true``. But don't use
these two options in production; use them only for debugging and analysis!

- Analyze FS mount points (``fs.mounts``) in the manifest file carefully.
Check for duplicate mount points -- remember that a duplicate mount point's
Expand Down
11 changes: 0 additions & 11 deletions Documentation/manifest-syntax.rst
Original file line number Diff line number Diff line change
Expand Up @@ -529,17 +529,6 @@ your system, such ``bash -c ls`` SGX workload will fail. Note this does not
apply to the enclaves with :term:`EDMM` enabled, where memory is not reserved
upfront and is allocated on demand.

Non-PIE binaries
^^^^^^^^^^^^^^^^

::

sgx.nonpie_binary = [true|false]
(Default: false)

This setting tells Gramine whether to use a specially crafted memory layout,
which is required to support non-relocatable binaries (non-PIE).

Number of threads
^^^^^^^^^^^^^^^^^

Expand Down
5 changes: 1 addition & 4 deletions libos/src/libos_rtld.c
Original file line number Diff line number Diff line change
Expand Up @@ -849,10 +849,7 @@ int load_elf_object(struct libos_handle* file, struct link_map** out_map) {

struct link_map* map = map_elf_object(file, &ehdr);
if (!map) {
log_error("Failed to map %s. This may be caused by the binary being non-PIE, in which "
"case Gramine requires a specially-crafted memory layout. You can enable it "
"by adding 'sgx.nonpie_binary = true' to the manifest.",
fname);
log_error("Failed to map %s.", fname);
return -EINVAL;
}

Expand Down
1 change: 0 additions & 1 deletion libos/test/abi/x86_64/manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.max_threads = 4
Expand Down
1 change: 0 additions & 1 deletion libos/test/abi/x86_64/stack_arg.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.max_threads = 4
Expand Down
1 change: 0 additions & 1 deletion libos/test/abi/x86_64/stack_env.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.max_threads = 4
Expand Down
1 change: 0 additions & 1 deletion libos/test/fs/manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ fs.mounts = [

fs.insecure__keys.default = "ffeeddccbbaa99887766554433221100"

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.max_threads = 16
Expand Down
1 change: 0 additions & 1 deletion libos/test/ltp/manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ fs.mounts = [

sys.brk.max_size = "32M"
sys.stack.size = "4M"
sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/argv_from_file.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/argv_from_manifest.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/attestation.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ fs.mounts = [

fs.insecure__keys.default = "ffeeddccbbaa99887766554433221100"

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ fs.mounts = [

sgx.insecure__protected_files_key = "ffeeddccbbaa99887766554433221100"

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/bootstrap_cpp.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ fs.mounts = [
]

sgx.max_threads = 8
sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/debug_log_file.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/debug_log_inline.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/device_passthrough.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ fs.mounts = [
{ path = "/dev/host-zero", uri = "dev:/dev/zero" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/env_from_file.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/env_from_host.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/env_passthrough.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/host_root_fs.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ fs.mounts = [
{ type = "tmpfs", path = "/etc" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ fs.mounts = [
sys.enable_extra_runtime_domain_names_conf = true

sgx.debug = true
sgx.nonpie_binary = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

sgx.trusted_files = [
Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/init_fail.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ fs.mounts = [
{ path = "/test", uri = "file:I_DONT_EXIST" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/init_fail2.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/large_mmap.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ fs.mounts = [
]

sgx.enclave_size = "8G"
sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ fs.mounts = [
]

sgx.max_threads = 16
sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/multi_pthread.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ fs.mounts = [
# app runs with 4 parallel threads + Gramine has couple internal threads
sgx.max_threads = 8

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.enable_stats = true
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ fs.mounts = [
sgx.thread_num = 8
sgx.insecure__rpc_thread_num = 8

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.enable_stats = true
Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/openmp.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ fs.mounts = [
]

sgx.max_threads = 32
sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ fs.mounts = [
]

sgx.max_threads = 16
sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/sysfs_common.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/toml_parsing.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ fs.mount.entrypoint.uri = "file:{{ binary_dir }}/{{ entrypoint }}"
# the manifest option below added only so that this feature has any test coverage
libos.check_invalid_pointers = false

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion libos/test/regression/uid_gid.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ fs.mounts = [
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
]

sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion pal/regression/Bootstrap6.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ loader.entrypoint = "file:{{ binary_dir }}/{{ entrypoint }}"
loader.log_level = "debug"

sgx.enclave_size = "8192M"
sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
1 change: 0 additions & 1 deletion pal/regression/Bootstrap7.manifest.template
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
loader.entrypoint = "file:{{ binary_dir }}/{{ entrypoint }}"

sgx.trusted_files = [ "file:{{ binary_dir }}/{{ entrypoint }}" ]
sgx.nonpie_binary = true
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

Expand Down
Loading