Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SGX target to rustc #56067

Merged
merged 2 commits into from
Nov 22, 2018
Merged

Add SGX target to rustc #56067

merged 2 commits into from
Nov 22, 2018

Conversation

jethrogb
Copy link
Contributor

This adds the x86_64-fortanix-unknown-sgx target specification to the Rust compiler. See #56066 for more details about this target.

@rust-highfive
Copy link
Collaborator

r? @varkor

(rust_highfive has picked a reviewer for you, use r? to override)

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Nov 19, 2018
eddyb
eddyb reviewed Nov 19, 2018
View reviewed changes
src/librustc_target/spec/mod.rs

/// If set, have the linker export exactly these symbols, instead of using
/// the usual logic to figure this out from the crate itself.
pub override_export_symbols: Option<Vec<String>>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @alexcrichton

@rust-highfive
Copy link
Collaborator

The job x86_64-gnu-llvm-5.0 of your PR failed on Travis (raw log). Through arcane magic we have determined that the following fragments from the build log may contain information about the problem.

Click to expand the log. 
travis_time:end:223d7a20:start=1542627430317675274,finish=1542627431507590461,duration=1189915187
$ git checkout -qf FETCH_HEAD
travis_fold:end:git.checkout

Encrypted environment variables have been removed for security reasons.
See https://docs.travis-ci.com/user/pull-requests/#Pull-Requests-and-Security-Restrictions
$ export SCCACHE_BUCKET=rust-lang-ci-sccache2
$ export SCCACHE_REGION=us-west-1
Setting environment variables from .travis.yml
$ export IMAGE=x86_64-gnu-llvm-5.0
---

[00:04:00] travis_fold:start:tidy
travis_time:start:tidy
tidy check
[00:04:00] tidy error: /checkout/src/librustc_target/spec/x86_64_fortanix_unknown_sgx.rs:53: line longer than 100 chars
[00:04:01] some tidy checks failed
[00:04:01] 
[00:04:01] 
[00:04:01] command did not execute successfully: "/checkout/obj/build/x86_64-unknown-linux-gnu/stage0-tools-bin/tidy" "/checkout/src" "/checkout/obj/build/x86_64-unknown-linux-gnu/stage0/bin/cargo" "--no-vendor" "--quiet"
[00:04:01] 
[00:04:01] 
[00:04:01] failed to run: /checkout/obj/build/bootstrap/debug/bootstrap test src/tools/tidy
[00:04:01] Build completed unsuccessfully in 0:00:48
[00:04:01] Build completed unsuccessfully in 0:00:48
[00:04:01] make: *** [tidy] Error 1
[00:04:01] Makefile:79: recipe for target 'tidy' failed
The command "stamp sh -x -c "$RUN_SCRIPT"" exited with 2.
travis_time:start:2d0415f8
$ date && (curl -fs --head https://google.com | grep ^Date: | sed 's/Date: //g' || true)
Mon Nov 19 11:41:23 UTC 2018
---
travis_time:end:1611597f:start=1542627683678904239,finish=1542627683685386557,duration=6482318
travis_fold:end:after_failure.3
travis_fold:start:after_failure.4
travis_time:start:072791f9
$ ln -s . checkout && for CORE in obj/cores/core.*; do EXE=$(echo $CORE | sed 's|obj/cores/core\.[0-9]*\.!checkout!\(.*\)|\1|;y|!|/|'); if [ -f "$EXE" ]; then printf travis_fold":start:crashlog\n\033[31;1m%s\033[0m\n" "$CORE"; gdb --batch -q -c "$CORE" "$EXE" -iex 'set auto-load off' -iex 'dir src/' -iex 'set sysroot .' -ex bt -ex q; echo travis_fold":"end:crashlog; fi; done || true
travis_fold:end:after_failure.4
travis_fold:start:after_failure.5
travis_time:start:00aec950
travis_time:start:00aec950
$ cat ./obj/build/x86_64-unknown-linux-gnu/native/asan/build/lib/asan/clang_rt.asan-dynamic-i386.vers || true
cat: ./obj/build/x86_64-unknown-linux-gnu/native/asan/build/lib/asan/clang_rt.asan-dynamic-i386.vers: No such file or directory
travis_fold:end:after_failure.5
travis_fold:start:after_failure.6
travis_time:start:036aa68e
$ dmesg | grep -i kill

I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact @TimNN. (Feature Requests)

@varkor
Copy link
Member

varkor commented Nov 19, 2018

r? @alexcrichton

@rust-highfive rust-highfive assigned alexcrichton and unassigned varkor Nov 19, 2018
@rust-highfive
Copy link
Collaborator

The job x86_64-gnu-llvm-5.0 of your PR failed on Travis (raw log). Through arcane magic we have determined that the following fragments from the build log may contain information about the problem.

Click to expand the log. 
travis_time:end:0257a024:start=1542636252705167678,finish=1542636255002626963,duration=2297459285
$ git checkout -qf FETCH_HEAD
travis_fold:end:git.checkout

Encrypted environment variables have been removed for security reasons.
See https://docs.travis-ci.com/user/pull-requests/#Pull-Requests-and-Security-Restrictions
$ export SCCACHE_BUCKET=rust-lang-ci-sccache2
$ export SCCACHE_REGION=us-west-1
Setting environment variables from .travis.yml
$ export IMAGE=x86_64-gnu-llvm-5.0
---
[00:50:06] .................................................................................................... 100/5036
[00:50:09] .................................................................................................... 200/5036
[00:50:12] .............................ii............................................ii...................ii.. 300/5036
[00:50:14] ..............................................................................................iii... 400/5036
[00:50:17] .....iiiiiiii.iii............................iii...........................................i........ 500/5036
[00:50:24] .................................................................................................... 700/5036
[00:50:30] ..................................................................................i...........i..... 800/5036
[00:50:34] .................................................................................................... 900/5036
[00:50:37] .iiiii..................ii.iiii..................................................................... 1000/5036
---
[00:51:12] .................................................................................................... 2200/5036
[00:51:16] .................................................................................................... 2300/5036
[00:51:20] .................................................................................................... 2400/5036
[00:51:24] .................................................................................................... 2500/5036
[00:51:27] .....................................................................................iiiiiiiii...... 2600/5036
[00:51:34] ...................................................ii............................................... 2800/5036
[00:51:37] .................................................................................................... 2900/5036
[00:51:40] .................................................................................................... 3000/5036
[00:51:44] ..............................................i..................................................... 3100/5036
---
travis_time:start:test_codegen
Check compiletest suite=codegen mode=codegen (x86_64-unknown-linux-gnu -> x86_64-unknown-linux-gnu)
[01:05:08] 
[01:05:08] running 116 tests
[01:05:11] i..ii...iii..iiii.....i...i.........i..iii...........i.....i.....ii...i..i.ii..............i...ii..i 100/116
[01:05:12] i.i....iiii.....
[01:05:12] 
[01:05:12]  finished in 3.504
[01:05:12] travis_fold:end:test_codegen

---
travis_time:start:test_debuginfo
Check compiletest suite=debuginfo mode=debuginfo-both (x86_64-unknown-linux-gnu -> x86_64-unknown-linux-gnu)
[01:05:26] 
[01:05:26] running 118 tests
[01:05:52] .iiiii...i.....i..i...i..i.i..i.i..i.....i..i....i..........iiii.........i.i....i...i.......ii.i.i.i 100/118
[01:05:56] ......iii.i.....ii
[01:05:56] 
[01:05:56]  finished in 29.423
[01:05:56] travis_fold:end:test_debuginfo

---
[01:32:09]     Finished release [optimized] target(s) in 12.78s
[01:32:09]      Running build/x86_64-unknown-linux-gnu/stage1-rustc/x86_64-unknown-linux-gnu/release/deps/rustc_target-b8bb72a2a6360a41
[01:32:09] 
[01:32:09] running 105 tests
[01:32:09] ...........................................................................................F........ 100/105
[01:32:09] failures:
[01:32:09] 
[01:32:09] 
[01:32:09] ---- spec::test_json_encode_decode::x86_64_fortanix_unknown_sgx stdout ----
[01:32:09] thread 'spec::test_json_encode_decode::x86_64_fortanix_unknown_sgx' panicked at 'assertion failed: `(left == right)`
[01:32:09]   left: `Target { llvm_target: "x86_64-unknown-linux-gnu", target_endian: "little", target_pointer_width: "64", target_c_int_width: "32", target_os: "unknown", target_env: "sgx", target_vendor: "fortanix", arch: "x86_64", data_layout: "e-m:e-i64:64-f80:128-n8:16:32:64-S128", linker_flavor: Gcc, options: TargetOptions { is_builtin: false, linker: None, lld_flavor: Ld, pre_link_args: {Gcc: ["-Wl,--as-needed", "-Wl,-z,noexecstack", "-m64", "-fuse-ld=gold", "-nostdlib", "-shared", "-Wl,-e,sgx_entry", "-Wl,-Bstatic", "-Wl,--gc-sections", "-Wl,-z,text", "-Wl,-z,norelro", "-Wl,--rosegment", "-Wl,--no-undefined", "-Wl,--error-unresolved-symbols", "-Wl,--no-undefined-version", "-Wl,-Bsymbolic", "-Wl,--export-dynamic"]}, pre_link_args_crt: {}, pre_link_objects_exe: [], pre_link_objects_exe_crt: [], pre_link_objects_dll: [], late_link_args: {}, post_link_objects: ["libm.a"], post_link_objects_crt: [], post_link_args: {}, link_env: [], asm_args: [], cpu: "x86-64", features: "", dynamic_linking: false, only_cdylib: false, executables: true, relocation_model: "pic", code_model: None, tls_model: "global-dynamic", disable_redzone: false, eliminate_frame_pointer: true, function_sections: true, dll_prefix: "lib", dll_suffix: ".so", exe_suffix: "", staticlib_prefix: "lib", staticlib_suffix: ".a", target_family: None, abi_return_struct_as_int: false, is_like_osx: false, is_like_solaris: false, is_like_windows: false, is_like_msvc: false, is_like_android: false, is_like_emscripten: false, linker_is_gnu: true, allows_weak_linkage: true, has_rpath: false, no_default_libraries: true, position_independent_executables: true, needs_plt: false, relro_level: None, archive_format: "gnu", allow_asm: true, custom_unwind_resume: false, has_elf_tls: false, obj_is_bitcode: false, no_integrated_as: false, min_atomic_width: None, max_atomic_width: Some(64), atomic_cas: true, panic_strategy: Abort, abi_blacklist: [], crt_static_allows_dylibs: false, crt_static_default: false, crt_static_respected: false, stack_probes: false, min_global_align: None, default_codegen_units: None, trap_unreachable: true, requires_lto: false, singlethread: false, no_builtins: false, i128_lowering: false, codegen_backend: "llvm", default_hidden_visibility: false, embed_bitcode: false, emit_debug_gdb_scripts: true, requires_uwtable: false, simd_types_indirect: true, override_export_symbols: Some(["sgx_entry", "HEAP_BASE", "HEAP_SIZE", "RELA", "RELACOUNT", "ENCLAVE_SIZE", "CFGDATA_BASE", "DEBUG"]) } }`,
[01:32:09]  right: `Target { llvm_target: "x86_64-unknown-linux-gnu", target_endian: "little", target_pointer_width: "64", target_c_int_width: "32", target_os: "unknown", target_env: "sgx", target_vendor: "fortanix", arch: "x86_64", data_layout: "e-m:e-i64:64-f80:128-n8:16:32:64-S128", linker_flavor: Gcc, options: TargetOptions { is_builtin: false, linker: None, lld_flavor: Ld, pre_link_args: {Gcc: ["-Wl,--as-needed", "-Wl,-z,noexecstack", "-m64", "-fuse-ld=gold", "-nostdlib", "-shared", "-Wl,-e,sgx_entry", "-Wl,-Bstatic", "-Wl,--gc-sections", "-Wl,-z,text", "-Wl,-z,norelro", "-Wl,--rosegment", "-Wl,--no-undefined", "-Wl,--error-unresolved-symbols", "-Wl,--no-undefined-version", "-Wl,-Bsymbolic", "-Wl,--export-dynamic"]}, pre_link_args_crt: {}, pre_link_objects_exe: [], pre_link_objects_exe_crt: [], pre_link_objects_dll: [], late_link_args: {}, post_link_objects: ["libm.a"], post_link_objects_crt: [], post_link_args: {}, link_env: [], asm_args: [], cpu: "x86-64", features: "", dynamic_linking: false, only_cdylib: false, executables: true, relocation_model: "pic", code_model: None, tls_model: "global-dynamic", disable_redzone: false, eliminate_frame_pointer: true, function_sections: true, dll_prefix: "lib", dll_suffix: ".so", exe_suffix: "", staticlib_prefix: "lib", staticlib_suffix: ".a", target_family: None, abi_return_struct_as_int: false, is_like_osx: false, is_like_solaris: false, is_like_windows: false, is_like_msvc: false, is_like_android: false, is_like_emscripten: false, linker_is_gnu: true, allows_weak_linkage: true, has_rpath: false, no_default_libraries: true, position_independent_executables: true, needs_plt: false, relro_level: None, archive_format: "gnu", allow_asm: true, custom_unwind_resume: false, has_elf_tls: false, obj_is_bitcode: false, no_integrated_as: false, min_atomic_width: None, max_atomic_width: Some(64), atomic_cas: true, panic_strategy: Abort, abi_blacklist: [], crt_static_allows_dylibs: false, crt_static_default: false, crt_static_respected: false, stack_probes: false, min_global_align: None, default_codegen_units: None, trap_unreachable: true, requires_lto: false, singlethread: false, no_builtins: false, i128_lowering: false, codegen_backend: "llvm", default_hidden_visibility: false, embed_bitcode: false, emit_debug_gdb_scripts: true, requires_uwtable: false, simd_types_indirect: true, override_export_symbols: None } }`', librustc_target/spec/mod.rs:289:1
[01:32:09] 
[01:32:09] 
[01:32:09] failures:
[01:32:09] failures:
[01:32:09]     spec::test_json_encode_decode::x86_64_fortanix_unknown_sgx
[01:32:09] test result: FAILED. 104 passed; 1 failed; 0 ignored; 0 measured; 0 filtered out
[01:32:09] 
[01:32:09] error: test failed, to rerun pass '--lib'
[01:32:09] 
[01:32:09] 
[01:32:09] 
[01:32:09] command did not execute successfully: "/checkout/obj/build/x86_64-unknown-linux-gnu/stage0/bin/cargo" "test" "--target" "x86_64-unknown-linux-gnu" "-j" "4" "--release" "--locked" "--color" "always" "--features" "" "--manifest-path" "/checkout/src/rustc/Cargo.toml" "-p" "rustc_target" "--" "--quiet"
[01:32:09] 
[01:32:09] 
[01:32:09] failed to run: /checkout/obj/build/bootstrap/debug/bootstrap test
[01:32:09] Build completed unsuccessfully in 0:45:43
[01:32:09] Build completed unsuccessfully in 0:45:43
[01:32:09] make: *** [check] Error 1
[01:32:09] Makefile:58: recipe for target 'check' failed
The command "stamp sh -x -c "$RUN_SCRIPT"" exited with 2.
travis_time:start:2e1e28c1
$ date && (curl -fs --head https://google.com | grep ^Date: | sed 's/Date: //g' || true)
Mon Nov 19 15:36:33 UTC 2018
---
travis_time:end:0f63f2e0:start=1542641796705156203,finish=1542641796711232853,duration=6076650
travis_fold:end:after_failure.3
travis_fold:start:after_failure.4
travis_time:start:07491e99
$ ln -s . checkout && for CORE in obj/cores/core.*; do EXE=$(echo $CORE | sed 's|obj/cores/core\.[0-9]*\.!checkou

I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact @TimNN. (Feature Requests)

alexcrichton
alexcrichton reviewed Nov 19, 2018
View reviewed changes
src/librustc_codegen_ssa/back/linker.rs Outdated
if level.is_below_threshold(export_threshold) {
symbols.push(symbol.symbol_name(tcx).to_string());
if let Some(ref exports) = tcx.sess.target.target.options.override_export_symbols {
exports.clone()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this use a return to avoid the indentation of all the following lines?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Certainly. The indentation actually bothered me a lot too.

@alexcrichton
Copy link
Member

Looks good to me! Just one minor stylistic nit and otherwise r=me

@jethrogb
Copy link
Contributor Author

Done

@alexcrichton
Copy link
Member

@bors: r+

@bors
Copy link
Contributor

bors commented Nov 19, 2018

📌 Commit b0ccc35bf4ccd2eda00eccf5f37d28ab920520bb has been approved by alexcrichton

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Nov 19, 2018
@jethrogb jethrogb mentioned this pull request Nov 19, 2018
Merged
@alexcrichton
Copy link
Member

@bors: r-

reqeusted to work with the libm change!

@bors bors added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels Nov 20, 2018
@jethrogb
Copy link
Contributor Author

Updated to remove libm.a

@alexcrichton
Copy link
Member

@bors: r+ rollup

@bors
Copy link
Contributor

bors commented Nov 21, 2018

📌 Commit 9e2e575 has been approved by alexcrichton

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Nov 21, 2018
GuillaumeGomez added a commit to GuillaumeGomez/rust that referenced this pull request Nov 22, 2018
@GuillaumeGomez
Rollup merge of rust-lang#56067 - jethrogb:jb/sgx-target-spec, r=alex…
b473157 
…crichton

Add SGX target to rustc

This adds the `x86_64-fortanix-unknown-sgx` target specification to the Rust compiler. See rust-lang#56066 for more details about this target.
@GuillaumeGomez GuillaumeGomez mentioned this pull request Nov 22, 2018
Merged
bors added a commit that referenced this pull request Nov 22, 2018
@bors
Auto merge of #56155 - GuillaumeGomez:rollup, r=GuillaumeGomez
93fa2d7 
Rollup of 11 pull requests

Successful merges:

 - #55367 (lint if a private item has doctests)
 - #55485 (Return &T / &mut T in ManuallyDrop Deref(Mut) impl)
 - #55784 (Clarifying documentation for collections::hash_map::Entry::or_insert)
 - #55961 (Fix VecDeque pretty-printer)
 - #55980 (Suggest on closure args count mismatching with pipe span)
 - #56002 (fix #55972: Erroneous self arguments on bare functions emit subpar compilation error)
 - #56063 (Update any.rs documentation using keyword dyn)
 - #56067 (Add SGX target to rustc)
 - #56078 (Fix error message for `-C panic=xxx`.)
 - #56106 (Remove some incorrect doc comments)
 - #56126 (core/benches/num: Add `from_str/from_str_radix()` benchmarks)

Failed merges:

r? @ghost
@bors bors merged commit 9e2e575 into rust-lang:master Nov 22, 2018
bors added a commit that referenced this pull request Dec 7, 2018
@bors
Auto merge of #56066 - jethrogb:jb/sgx-target, r=alexcrichton
15a2607 
Add SGX target to std and dependencies

This PR adds tier 3 `std` support for the `x86_64-fortanix-unknown-sgx` target.

### Background

Intel Software Guard Extensions (SGX) is an instruction set extension for x86 that allows executing code in fully-isolated *secure enclaves*. These enclaves reside in the address space of a regular user process, but access to the enclave's address space from outside (by e.g. the OS or a hypervisor) is blocked.

From within such enclaves, there is no access to the operating system or hardware peripherals. In order to communicate with the outside world, enclaves require an untrusted “helper” program that runs as a normal user process.

SGX is **not** a sandboxing technology: code inside SGX has full access to all memory belonging to the process it is running in.

### Overview

The Fortanix SGX ABI (compiler target `x86_64-fortanix-unknown-sgx`) is an interface for Intel SGX enclaves. It is a small yet functional interface suitable for writing larger enclaves. In contrast to other enclave interfaces, this interface is primarly designed for running entire applications in an enclave. The interface has been under development since early 2016 and builds on Fortanix's significant experience running enclaves in production.

Also unlike other enclave interfaces, this is the only implementation of an enclave interface that is nearly pure-Rust (except for the entry point code).

A description of the ABI may be found at https://docs.rs/fortanix-sgx-abi/ and https://github.com/fortanix/rust-sgx/blob/master/doc/FORTANIX-SGX-ABI.md.

The following parts of `std` are not supported and most operations will error when used:

* `std::fs`
* `std::process`
* `std::net::UdpSocket`

### Future plans

A separate PR (#56067) will add the SGX target to the rust compiler. In the very near future, I expect to upgrade this target to tier 2.

This PR is just the initial support to make things mostly work. There will be more work coming in the future, for example to add interfaces to the native SGX primitives, implement unwinding, optimize usercalls.

UDP and some form of filesystem support may be added in the future, but process support seems unlikely given the platform's constraints.

### Testing build

1. Install [Xargo](https://github.com/japaric/xargo): `cargo install xargo`
2. Create a new Cargo project, for example: `cargo new --bin sgxtest`.
3. Put the following in a file `Xargo.toml` next to your `Cargo.toml`:

```toml
[target.x86_64-fortanix-unknown-sgx.dependencies.std]
git = "https://github.com/jethrogb/rust"
branch = "jb/sgx-target"
```

NB. This can be quite slow. Instead, you can have a local checkout of that branch and use `path = "/path/to/rust/src/libstd"` instead. Don't forget to checkout the submodules too!

4. Build:

```sh
xargo build --target x86_64-fortanix-unknown-sgx
```

### Testing execution

Execution is currently only supported on x86-64 Linux, but support for Windows is planned.

1. Install pre-requisites. In order to test execution, you'll need to have a CPU with Intel SGX support. SGX support needs to be enabled in the BIOS. You'll also need to install the SGX driver and Platform Software (PSW) from [Intel](https://01.org/intel-software-guard-extensions).

2. Install toolchain, executor:
```sh
cargo install sgxs-tools --version 0.6.0-rc1
cargo install fortanix-sgx-tools --version 0.1.0-rc1
```

3. Start the enclave:

```sh
ftxsgx-elf2sgxs target/x86_64-fortanix-unknown-sgx/debug/sgxtest --heap-size 0x20000 --ssaframesize 1 --stack-size 0x20000 --threads 1 --debug
sgxs-append -i target/x86_64-fortanix-unknown-sgx/debug/sgxtest.sgxs
ftxsgx-runner target/x86_64-fortanix-unknown-sgx/debug/sgxtest.sgxs
```
@workingjubilee workingjubilee added the O-SGX Target: SGX label Jul 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexcrichton alexcrichton alexcrichton left review comments

@eddyb eddyb eddyb left review comments

Assignees

@alexcrichton alexcrichton

Labels
O-SGX Target: SGX S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@jethrogb @rust-highfive @varkor @alexcrichton @bors @eddyb @workingjubilee