This is an automated email from the ASF dual-hosted git repository. shaojunwang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-java-tee-sdk.git
commit 477828e702c0b0c9a9f2249b35c6789d620c28e8 Author: jeffery.wsj <[email protected]> AuthorDate: Mon Jul 25 10:31:03 2022 +0800 [sdk] Fix JavaEnclave enclave's services garbage collection Summary: 1. Fix enclave's services garbage collection bug 2. Add enclave's services garbage collection test ut 3. Refactor JavaEnclave remote attestation tet ut Test Plan: all tests pass Reviewers: lei.yul, cengfeng.lzy, sanhong.lsh Issue: https://aone.alibaba-inc.com/task/43527253 CR: https://code.aone.alibaba-inc.com/java-tee/JavaEnclave/codereview/9502079 --- .../native-image/serialization-config.json | 3 + .../host/AbstractEnclave.java | 2 +- .../host/BaseEnclaveServicesRecycler.java | 2 +- .../host/EnclaveServicesRecycler.java | 4 +- .../test/common/EnclaveServiceStatistic.java | 8 + .../test/enclave/EnclaveServiceStatisticImpl.java | 19 +++ test/enclave/src/main/resources/tee_sdk_svm.conf | 2 +- .../enclave/TestEnclaveServiceStatisticImpl.java | 12 ++ .../test/host/TestJavaEnclaveService.java | 165 +++++++++------------ 9 files changed, 113 insertions(+), 104 deletions(-) diff --git a/sdk/enclave/src/main/resources/META-INF/native-image/serialization-config.json b/sdk/enclave/src/main/resources/META-INF/native-image/serialization-config.json index 0ad2b7e..eeea449 100644 --- a/sdk/enclave/src/main/resources/META-INF/native-image/serialization-config.json +++ b/sdk/enclave/src/main/resources/META-INF/native-image/serialization-config.json @@ -23,6 +23,9 @@ { "name":"java.lang.Throwable" }, + { + "name":"java.lang.Error" + }, { "name":"java.lang.Exception" }, diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/AbstractEnclave.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/AbstractEnclave.java index 8b7bfe8..87af3ed 100644 --- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/AbstractEnclave.java +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/AbstractEnclave.java @@ -168,7 +168,7 @@ abstract class AbstractEnclave implements Enclave { T proxy = (T) Proxy.newProxyInstance(service.getClassLoader(), serviceInterface, handler); serviceProxies.add(proxy); // Register proxy handler for enclave's corresponding service gc recycling. - enclaveContext.getEnclaveServicesRecycler().registerProxyHandler(handler); + enclaveContext.getEnclaveServicesRecycler().registerProxyHandler(proxy, handler); } return serviceProxies.iterator(); } diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/BaseEnclaveServicesRecycler.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/BaseEnclaveServicesRecycler.java index 0b51196..957539e 100644 --- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/BaseEnclaveServicesRecycler.java +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/BaseEnclaveServicesRecycler.java @@ -10,7 +10,7 @@ class BaseEnclaveServicesRecycler { void enqueueProxyHandler(ProxyEnclaveInvocationHandler handler) { } - void registerProxyHandler(ProxyEnclaveInvocationHandler handler) { + void registerProxyHandler(Object obj, ProxyEnclaveInvocationHandler handler) { } void interruptServiceRecycler() { diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveServicesRecycler.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveServicesRecycler.java index 13de12b..711c0b7 100644 --- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveServicesRecycler.java +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveServicesRecycler.java @@ -50,8 +50,8 @@ class EnclaveServicesRecycler extends BaseEnclaveServicesRecycler { // register service's proxy handler when it's created. @Override - void registerProxyHandler(ProxyEnclaveInvocationHandler handler) { - cleaner.register(handler, handler); + void registerProxyHandler(Object obj, ProxyEnclaveInvocationHandler handler) { + cleaner.register(obj, handler); } // interrupt enclave services' recycler thread exit. diff --git a/test/common/src/main/java/com/alibaba/confidentialcomputing/test/common/EnclaveServiceStatistic.java b/test/common/src/main/java/com/alibaba/confidentialcomputing/test/common/EnclaveServiceStatistic.java new file mode 100644 index 0000000..871be2f --- /dev/null +++ b/test/common/src/main/java/com/alibaba/confidentialcomputing/test/common/EnclaveServiceStatistic.java @@ -0,0 +1,8 @@ +package com.alibaba.confidentialcomputing.test.common; + +import com.alibaba.confidentialcomputing.common.annotations.EnclaveService; + +@EnclaveService +public interface EnclaveServiceStatistic { + int getEnclaveServiceCount() throws Exception; +} diff --git a/test/enclave/src/main/java/com/alibaba/confidentialcomputing/test/enclave/EnclaveServiceStatisticImpl.java b/test/enclave/src/main/java/com/alibaba/confidentialcomputing/test/enclave/EnclaveServiceStatisticImpl.java new file mode 100644 index 0000000..b304753 --- /dev/null +++ b/test/enclave/src/main/java/com/alibaba/confidentialcomputing/test/enclave/EnclaveServiceStatisticImpl.java @@ -0,0 +1,19 @@ +package com.alibaba.confidentialcomputing.test.enclave; + +import com.alibaba.confidentialcomputing.test.common.EnclaveServiceStatistic; +import com.google.auto.service.AutoService; + +import java.lang.reflect.Method; + +@AutoService(EnclaveServiceStatistic.class) +public class EnclaveServiceStatisticImpl implements EnclaveServiceStatistic { + @Override + public int getEnclaveServiceCount() throws Exception { + Method getInstance = Class.forName("com.alibaba.confidentialcomputing.enclave.framework.EnclaveContext").getMethod("getInstance"); + getInstance.setAccessible(true); + Method servicesSize = Class.forName("com.alibaba.confidentialcomputing.enclave.framework.EnclaveContext").getMethod("servicesSize"); + servicesSize.setAccessible(true); + Object enclaveContext = getInstance.invoke(null); + return (int) servicesSize.invoke(enclaveContext); + } +} diff --git a/test/enclave/src/main/resources/tee_sdk_svm.conf b/test/enclave/src/main/resources/tee_sdk_svm.conf index 59ff1d8..3f18b9f 100644 --- a/test/enclave/src/main/resources/tee_sdk_svm.conf +++ b/test/enclave/src/main/resources/tee_sdk_svm.conf @@ -3,7 +3,7 @@ <ProdID>0</ProdID> <ISVSVN>0</ISVSVN> <StackMaxSize>0x101000</StackMaxSize> - <HeapMaxSize>0x1000000</HeapMaxSize> + <HeapMaxSize>0x20000000</HeapMaxSize> <TCSNum>10</TCSNum> <TCSPolicy>1</TCSPolicy> <DisableDebug>0</DisableDebug> diff --git a/test/enclave/src/test/java/com/alibaba/confidentialcomputing/test/enclave/TestEnclaveServiceStatisticImpl.java b/test/enclave/src/test/java/com/alibaba/confidentialcomputing/test/enclave/TestEnclaveServiceStatisticImpl.java new file mode 100644 index 0000000..8503c62 --- /dev/null +++ b/test/enclave/src/test/java/com/alibaba/confidentialcomputing/test/enclave/TestEnclaveServiceStatisticImpl.java @@ -0,0 +1,12 @@ +package com.alibaba.confidentialcomputing.test.enclave; + +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +public class TestEnclaveServiceStatisticImpl { + @Test + public void testEnclaveServiceStatisticImpl() throws Exception { + assertEquals(0, new EnclaveServiceStatisticImpl().getEnclaveServiceCount()); + } +} diff --git a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestJavaEnclaveService.java b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestJavaEnclaveService.java index d589c65..e01cbfc 100644 --- a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestJavaEnclaveService.java +++ b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestJavaEnclaveService.java @@ -9,10 +9,7 @@ import com.alibaba.confidentialcomputing.host.exception.EnclaveCreatingException import com.alibaba.confidentialcomputing.host.exception.EnclaveDestroyingException; import com.alibaba.confidentialcomputing.host.exception.RemoteAttestationException; import com.alibaba.confidentialcomputing.host.exception.ServicesLoadingException; -import com.alibaba.confidentialcomputing.test.common.EnclaveException; -import com.alibaba.confidentialcomputing.test.common.JavaEnclaveException; -import com.alibaba.confidentialcomputing.test.common.ReflectionCallService; -import com.alibaba.confidentialcomputing.test.common.SayHelloService; +import com.alibaba.confidentialcomputing.test.common.*; import org.junit.jupiter.api.Test; @@ -23,28 +20,6 @@ public class TestJavaEnclaveService { EnclaveCreatingException, ServicesLoadingException, EnclaveDestroyingException, RemoteAttestationException, IOException { Enclave enclave = EnclaveFactory.create(type); assertNotNull(enclave); - byte[] userData = new byte[64]; - new Random().nextBytes(userData); - if (type == EnclaveType.TEE_SDK) { - TeeSdkAttestationReport report = (TeeSdkAttestationReport) RemoteAttestation.generateAttestationReport(enclave, userData); - assertEquals(report.getEnclaveType(), EnclaveType.TEE_SDK); - assertNotNull(report.getQuote()); - assertEquals(0, RemoteAttestation.verifyAttestationReport(report)); - assertNotNull(report.getMeasurementEnclave()); - assertNotNull(report.getMeasurementSigner()); - assertNotNull(report.getUserData()); - assertArrayEquals(userData, report.getUserData()); - } - if (type == EnclaveType.EMBEDDED_LIB_OS) { - EmbeddedLibOSAttestationReport report = (EmbeddedLibOSAttestationReport) RemoteAttestation.generateAttestationReport(enclave, userData); - assertEquals(report.getEnclaveType(), EnclaveType.EMBEDDED_LIB_OS); - assertNotNull(report.getQuote()); - assertEquals(0, RemoteAttestation.verifyAttestationReport(report)); - assertNotNull(report.getMeasurementEnclave()); - assertNotNull(report.getMeasurementSigner()); - assertNotNull(report.getUserData()); - assertArrayEquals(userData, report.getUserData()); - } Iterator<SayHelloService> userServices = enclave.load(SayHelloService.class); assertNotNull(userServices); assertTrue(userServices.hasNext()); @@ -55,31 +30,9 @@ public class TestJavaEnclaveService { return result; } - private void reflectionCallService(EnclaveType type) throws EnclaveCreatingException, ServicesLoadingException, EnclaveDestroyingException, RemoteAttestationException { + private void reflectionCallService(EnclaveType type) throws EnclaveCreatingException, ServicesLoadingException, EnclaveDestroyingException { Enclave enclave = EnclaveFactory.create(type); assertNotNull(enclave); - byte[] userData = new byte[64]; - new Random().nextBytes(userData); - if (type == EnclaveType.TEE_SDK) { - TeeSdkAttestationReport report = (TeeSdkAttestationReport) RemoteAttestation.generateAttestationReport(enclave, userData); - assertEquals(report.getEnclaveType(), EnclaveType.TEE_SDK); - assertNotNull(report.getQuote()); - assertEquals(0, RemoteAttestation.verifyAttestationReport(report)); - assertNotNull(report.getMeasurementEnclave()); - assertNotNull(report.getMeasurementSigner()); - assertNotNull(report.getUserData()); - assertArrayEquals(userData, report.getUserData()); - } - if (type == EnclaveType.EMBEDDED_LIB_OS) { - EmbeddedLibOSAttestationReport report = (EmbeddedLibOSAttestationReport) RemoteAttestation.generateAttestationReport(enclave, userData); - assertEquals(report.getEnclaveType(), EnclaveType.EMBEDDED_LIB_OS); - assertNotNull(report.getQuote()); - assertEquals(0, RemoteAttestation.verifyAttestationReport(report)); - assertNotNull(report.getMeasurementEnclave()); - assertNotNull(report.getMeasurementSigner()); - assertNotNull(report.getUserData()); - assertArrayEquals(userData, report.getUserData()); - } Iterator<ReflectionCallService> userServices = enclave.load(ReflectionCallService.class); assertNotNull(userServices); assertTrue(userServices.hasNext()); @@ -89,31 +42,9 @@ public class TestJavaEnclaveService { enclave.destroy(); } - private void javaEnclaveException(EnclaveType type) throws EnclaveCreatingException, ServicesLoadingException, EnclaveDestroyingException, RemoteAttestationException { + private void javaEnclaveException(EnclaveType type) throws EnclaveCreatingException, ServicesLoadingException, EnclaveDestroyingException { Enclave enclave = EnclaveFactory.create(type); assertNotNull(enclave); - byte[] userData = new byte[64]; - new Random().nextBytes(userData); - if (type == EnclaveType.TEE_SDK) { - TeeSdkAttestationReport report = (TeeSdkAttestationReport) RemoteAttestation.generateAttestationReport(enclave, userData); - assertEquals(report.getEnclaveType(), EnclaveType.TEE_SDK); - assertNotNull(report.getQuote()); - assertEquals(0, RemoteAttestation.verifyAttestationReport(report)); - assertNotNull(report.getMeasurementEnclave()); - assertNotNull(report.getMeasurementSigner()); - assertNotNull(report.getUserData()); - assertArrayEquals(userData, report.getUserData()); - } - if (type == EnclaveType.EMBEDDED_LIB_OS) { - EmbeddedLibOSAttestationReport report = (EmbeddedLibOSAttestationReport) RemoteAttestation.generateAttestationReport(enclave, userData); - assertEquals(report.getEnclaveType(), EnclaveType.EMBEDDED_LIB_OS); - assertNotNull(report.getQuote()); - assertEquals(0, RemoteAttestation.verifyAttestationReport(report)); - assertNotNull(report.getMeasurementEnclave()); - assertNotNull(report.getMeasurementSigner()); - assertNotNull(report.getUserData()); - assertArrayEquals(userData, report.getUserData()); - } Iterator<EnclaveException> userServices = enclave.load(EnclaveException.class); assertNotNull(userServices); assertTrue(userServices.hasNext()); @@ -122,39 +53,75 @@ public class TestJavaEnclaveService { enclave.destroy(); } - @Test - public void testSayHelloService() { - try { - assertEquals("Hello World", sayHelloService(EnclaveType.MOCK_IN_JVM, "Hello World")); - assertEquals("Hello World", sayHelloService(EnclaveType.MOCK_IN_SVM, "Hello World")); - assertEquals("Hello World", sayHelloService(EnclaveType.TEE_SDK, "Hello World")); - assertEquals("Hello World", sayHelloService(EnclaveType.EMBEDDED_LIB_OS, "Hello World")); - } catch (Exception e) { - e.printStackTrace(); + private void remoteAttestation(EnclaveType type) throws EnclaveCreatingException, RemoteAttestationException, EnclaveDestroyingException { + Enclave enclave = EnclaveFactory.create(type); + assertNotNull(enclave); + byte[] userData = new byte[64]; + new Random().nextBytes(userData); + + SGXAttestationReport report = (SGXAttestationReport) RemoteAttestation.generateAttestationReport(enclave, userData); + assertEquals(report.getEnclaveType(), type); + assertNotNull(report.getQuote()); + assertEquals(0, RemoteAttestation.verifyAttestationReport(report)); + assertNotNull(report.getMeasurementEnclave()); + assertNotNull(report.getMeasurementSigner()); + assertNotNull(report.getUserData()); + assertArrayEquals(userData, report.getUserData()); + enclave.destroy(); + } + + private void enclaveServiceGC(EnclaveType type) throws Exception { + int count = 10001; + Enclave enclave = EnclaveFactory.create(type); + assertNotNull(enclave); + for (int i = 0x0; i < count; i++) { + Iterator<EnclaveServiceStatistic> userServices = enclave.load(EnclaveServiceStatistic.class); + assertNotNull(userServices); + assertTrue(userServices.hasNext()); } + System.gc(); + Thread.sleep(2000); + System.gc(); + Thread.sleep(2000); + Iterator<EnclaveServiceStatistic> userServices = enclave.load(EnclaveServiceStatistic.class); + assertEquals(1, userServices.next().getEnclaveServiceCount()); + enclave.destroy(); } @Test - public void testReflectionCallService() { - try { - reflectionCallService(EnclaveType.MOCK_IN_JVM); - reflectionCallService(EnclaveType.MOCK_IN_SVM); - reflectionCallService(EnclaveType.TEE_SDK); - reflectionCallService(EnclaveType.EMBEDDED_LIB_OS); - } catch (Exception e) { - e.printStackTrace(); - } + public void testSayHelloService() throws Exception { + assertEquals("Hello World", sayHelloService(EnclaveType.MOCK_IN_JVM, "Hello World")); + assertEquals("Hello World", sayHelloService(EnclaveType.MOCK_IN_SVM, "Hello World")); + assertEquals("Hello World", sayHelloService(EnclaveType.TEE_SDK, "Hello World")); + assertEquals("Hello World", sayHelloService(EnclaveType.EMBEDDED_LIB_OS, "Hello World")); } @Test - public void testJavaEnclaveException() { - try { - javaEnclaveException(EnclaveType.MOCK_IN_JVM); - javaEnclaveException(EnclaveType.MOCK_IN_SVM); - javaEnclaveException(EnclaveType.TEE_SDK); - javaEnclaveException(EnclaveType.EMBEDDED_LIB_OS); - } catch (Exception e) { - e.printStackTrace(); - } + public void testReflectionCallService() throws Exception { + reflectionCallService(EnclaveType.MOCK_IN_JVM); + reflectionCallService(EnclaveType.MOCK_IN_SVM); + reflectionCallService(EnclaveType.TEE_SDK); + reflectionCallService(EnclaveType.EMBEDDED_LIB_OS); + } + + @Test + public void testJavaEnclaveException() throws Exception { + javaEnclaveException(EnclaveType.MOCK_IN_JVM); + javaEnclaveException(EnclaveType.MOCK_IN_SVM); + javaEnclaveException(EnclaveType.TEE_SDK); + javaEnclaveException(EnclaveType.EMBEDDED_LIB_OS); + } + + @Test + public void testRemoteAttestation() throws Exception { + remoteAttestation(EnclaveType.TEE_SDK); + remoteAttestation(EnclaveType.EMBEDDED_LIB_OS); + } + + @Test + public void testEnclaveServiceGC() throws Exception { + enclaveServiceGC(EnclaveType.MOCK_IN_SVM); + enclaveServiceGC(EnclaveType.TEE_SDK); + enclaveServiceGC(EnclaveType.EMBEDDED_LIB_OS); } } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
