This is an automated email from the ASF dual-hosted git repository. shaojunwang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-java-tee-sdk.git
commit 99505b0a90da0438d40b8fb94dc857976a5c6844 Author: cengfeng.lzy <[email protected]> AuthorDate: Thu Aug 18 16:15:02 2022 +0800 Support memory setting at runtime Summary: The GC memory settings (-Xmx, -Xms, -Xmn) can be speficied at enclave isolate creation time. Reviewers: lei.yul, jeffery.wsj, sanhong.lsh Issue: https://aone.alibaba-inc.com/task/44179518 CR: https://code.aone.alibaba-inc.com/java-tee/JavaEnclave/codereview/9812184 --- .../enclave/EnclaveEntry.java | 51 ++++++++++++++++++++++ .../enclave/EnclaveTestHelper.java | 2 + ...nfidentialcomputing_enclave_EnclaveTestHelper.h | 10 ++++- .../test/resources/native/enc_invoke_entry_test.c | 21 ++++++++- sdk/enclave/src/test/resources/native/main_c.c | 30 +++++++++++++ 5 files changed, 112 insertions(+), 2 deletions(-) diff --git a/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/EnclaveEntry.java b/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/EnclaveEntry.java index c46e835..f87524c 100644 --- a/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/EnclaveEntry.java +++ b/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/EnclaveEntry.java @@ -5,11 +5,32 @@ import com.alibaba.confidentialcomputing.enclave.c.EnclaveEnvironment.EncData; import com.alibaba.confidentialcomputing.enclave.framework.LoadServiceInvoker; import com.alibaba.confidentialcomputing.enclave.framework.ServiceMethodInvoker; import com.alibaba.confidentialcomputing.enclave.framework.UnloadServiceInvoker; +import com.oracle.svm.core.IsolateArgumentParser; +import com.oracle.svm.core.SubstrateGCOptions; +import com.oracle.svm.core.SubstrateOptions; +import com.oracle.svm.core.annotate.Uninterruptible; +import com.oracle.svm.core.c.CGlobalData; +import com.oracle.svm.core.c.CGlobalDataFactory; +import com.oracle.svm.core.c.function.CEntryPointActions; +import com.oracle.svm.core.c.function.CEntryPointCreateIsolateParameters; +import com.oracle.svm.core.c.function.CEntryPointNativeFunctions; import com.oracle.svm.core.c.function.CEntryPointOptions; +import com.oracle.svm.core.headers.LibC; +import org.graalvm.compiler.hotspot.replacements.Log; +import org.graalvm.nativeimage.CurrentIsolate; import org.graalvm.nativeimage.ImageSingletons; import org.graalvm.nativeimage.Isolate; +import org.graalvm.nativeimage.PinnedObject; +import org.graalvm.nativeimage.StackValue; +import org.graalvm.nativeimage.UnmanagedMemory; import org.graalvm.nativeimage.c.function.CEntryPoint; +import org.graalvm.nativeimage.c.function.CFunction; +import org.graalvm.nativeimage.c.struct.SizeOf; +import org.graalvm.nativeimage.c.type.CCharPointer; +import org.graalvm.nativeimage.c.type.CCharPointerPointer; import org.graalvm.nativeimage.c.type.CTypeConversion; +import org.graalvm.word.UnsignedWord; +import org.graalvm.word.WordFactory; /** * This class defines the entry points for native image (shared library) deployed in TEE enclave. @@ -21,6 +42,36 @@ public class EnclaveEntry { return callBackMethods; } + @Uninterruptible(reason = "Thread state not set up yet.", calleeMustBe = false) + @CEntryPointOptions(prologue = CEntryPointOptions.NoPrologue.class, epilogue = CEntryPointOptions.NoEpilogue.class) + @CEntryPoint(name = "create_isolate_with_params") + public static int createIsolateWithParams(int argc, CCharPointerPointer argv, CEntryPointNativeFunctions.IsolatePointer isolatePr, CEntryPointNativeFunctions.IsolateThreadPointer thread) { + CEntryPointCreateIsolateParameters args = StackValue.get(CEntryPointCreateIsolateParameters.class); + args.setVersion(4); + args.setArgc(argc); + args.setArgv(argv); + args.setIgnoreUnrecognizedArguments(false); + args.setExitWhenArgumentParsingFails(true); + int result = CEntryPointActions.enterCreateIsolate(args); + if (result != 0) { + return result; + } else { + if (isolatePr.isNonNull()) { + isolatePr.write(CurrentIsolate.getIsolate()); + } + if (thread.isNonNull()) { + thread.write(CurrentIsolate.getCurrentThread()); + } + int Xmx = IsolateArgumentParser.getIntOptionValue(IsolateArgumentParser.getOptionIndex(SubstrateGCOptions.MaxHeapSize)); + SubstrateGCOptions.MaxHeapSize.update((long) Xmx); + int Xms = IsolateArgumentParser.getIntOptionValue(IsolateArgumentParser.getOptionIndex(SubstrateGCOptions.MinHeapSize)); + SubstrateGCOptions.MaxHeapSize.update((long) Xms); + int Xmn = IsolateArgumentParser.getIntOptionValue(IsolateArgumentParser.getOptionIndex(SubstrateGCOptions.MaxNewSize)); + SubstrateGCOptions.MaxHeapSize.update((long) Xmn); + return CEntryPointActions.leave(); + } + } + @SuppressWarnings("unused") // Align with head define file enc_exported_symbol.h if it changes. @CEntryPoint(name = "java_loadservice_invoke") diff --git a/sdk/enclave/src/test/java/com/alibaba/confidentialcomputing/enclave/EnclaveTestHelper.java b/sdk/enclave/src/test/java/com/alibaba/confidentialcomputing/enclave/EnclaveTestHelper.java index 76f98cc..705769c 100644 --- a/sdk/enclave/src/test/java/com/alibaba/confidentialcomputing/enclave/EnclaveTestHelper.java +++ b/sdk/enclave/src/test/java/com/alibaba/confidentialcomputing/enclave/EnclaveTestHelper.java @@ -39,6 +39,8 @@ public class EnclaveTestHelper { public static native void createIsolate(); + public static native void createIsolate(String... argv); + public static native void destroyIsolate(); public static boolean isInNativeImage() { diff --git a/sdk/enclave/src/test/resources/native/com_alibaba_confidentialcomputing_enclave_EnclaveTestHelper.h b/sdk/enclave/src/test/resources/native/com_alibaba_confidentialcomputing_enclave_EnclaveTestHelper.h index 18b564b..cb437d5 100644 --- a/sdk/enclave/src/test/resources/native/com_alibaba_confidentialcomputing_enclave_EnclaveTestHelper.h +++ b/sdk/enclave/src/test/resources/native/com_alibaba_confidentialcomputing_enclave_EnclaveTestHelper.h @@ -36,9 +36,17 @@ JNIEXPORT jbyteArray JNICALL Java_com_alibaba_confidentialcomputing_enclave_Encl * Method: createIsolate * Signature: ()V */ -JNIEXPORT void JNICALL Java_com_alibaba_confidentialcomputing_enclave_EnclaveTestHelper_createIsolate +JNIEXPORT void JNICALL Java_com_alibaba_confidentialcomputing_enclave_EnclaveTestHelper_createIsolate__ (JNIEnv *, jclass); +/* + * Class: com_alibaba_confidentialcomputing_enclave_EnclaveTestHelper + * Method: createIsolate + * Signature: ([Ljava/lang/String;)V + */ +JNIEXPORT void JNICALL Java_com_alibaba_confidentialcomputing_enclave_EnclaveTestHelper_createIsolate___3Ljava_lang_String_2 + (JNIEnv *, jclass, jobjectArray); + /* * Class: com_alibaba_confidentialcomputing_enclave_EnclaveTestHelper * Method: destroyIsolate diff --git a/sdk/enclave/src/test/resources/native/enc_invoke_entry_test.c b/sdk/enclave/src/test/resources/native/enc_invoke_entry_test.c index 840a3bc..5907cf5 100644 --- a/sdk/enclave/src/test/resources/native/enc_invoke_entry_test.c +++ b/sdk/enclave/src/test/resources/native/enc_invoke_entry_test.c @@ -79,13 +79,32 @@ jboolean isCopy; return retVal; } -JNIEXPORT void JNICALL Java_com_alibaba_confidentialcomputing_enclave_EnclaveTestHelper_createIsolate +JNIEXPORT void JNICALL Java_com_alibaba_confidentialcomputing_enclave_EnclaveTestHelper_createIsolate__ (JNIEnv *env, jclass clazz){ if (graal_create_isolate(NULL, &isolate, &thread) != 0) { fprintf(stderr, "error on isolate creation or attach\n"); } } +JNIEXPORT void JNICALL Java_com_alibaba_confidentialcomputing_enclave_EnclaveTestHelper_createIsolate___3Ljava_lang_String_2 + (JNIEnv *env, jclass clazz, jobjectArray argv){ + int size = (*env)->GetArrayLength(env, argv); + char** parameters = (char **)malloc(size * sizeof(char*)); + jstring* jstr_array = (jstring *)malloc(size * sizeof(jstring)); + jstring jstr; + for(int i = 0 ; i < size ; i++){ + jstr = (*env)->GetObjectArrayElement(env, argv, i); + jstr_array[i] = jstr; + parameters[i] = (*env)->GetStringUTFChars(env, jstr, 0); + } + if (create_isolate_with_params(size, parameters, &isolate, &thread) != 0){ + fprintf(stderr, "error on creating isolate with parameters\n"); + } + for( int i=0; i < size; i++){ + (*env)->ReleaseStringUTFChars(env, jstr_array[i], parameters[i]); + } +} + JNIEXPORT void JNICALL Java_com_alibaba_confidentialcomputing_enclave_EnclaveTestHelper_destroyIsolate (JNIEnv *env, jclass clazz){ //graal_tear_down_isolate(thread); diff --git a/sdk/enclave/src/test/resources/native/main_c.c b/sdk/enclave/src/test/resources/native/main_c.c new file mode 100644 index 0000000..3c94adc --- /dev/null +++ b/sdk/enclave/src/test/resources/native/main_c.c @@ -0,0 +1,30 @@ +#include <stdlib.h> +#include <string.h> +#include "enc_environment.h" +#ifdef MUSL +#include "libmusl_svmenclavesdk.h" +#else +#include "libsvm_enclave_sdk.h" +#endif + +long physical_page_size(){ + return 4096; +} + +long physical_page_number(){ + return 24576; +} + +long virtual_page_size(){ + return 4096; +} + +int main(int argc, char** argv){ + graal_isolatethread_t *thread = NULL; + graal_isolate_t *isolate = NULL; + int size = 2; + char** parameters = (char **)malloc(size * sizeof(char*)); + parameters[0] = NULL; + parameters[1] = "-Xmx100m"; + return create_isolate_with_params(size, parameters, &isolate, &thread); +} \ No newline at end of file --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
