This PR integrates an Intel SGX feature called Intel Protection File System Library (IPFS)
into the runtime to create, operate and delete files inside the enclave, while guaranteeing
the confidentiality and integrity of the data persisted. IPFS can be referred to here:
https://www.intel.com/content/www/us/en/developer/articles/technical/overview-of-intel-protected-file-system-library-using-software-guard-extensions.html
Introduce a cmake variable `WAMR_BUILD_SGX_IPFS`, when enabled, the files interaction
API of WASI will leverage IPFS, instead of the regular POSIX OCALLs. The implementation
has been written with light changes to sgx platform layer, so all the security aspects
WAMR relies on are conserved.
In addition to this integration, the following changes have been made:
- The CI workflow has been adapted to test the compilation of the runtime and sample
with the flag `WAMR_BUILD_SGX_IPFS` set to true
- Introduction of a new sample that demonstrates the interaction of the files (called `file`),
- Documentation of this new feature
Implement more socket APIs, refer to #1336 and below PRs:
- Implement wasi_addr_resolve function (#1319)
- Fix socket-api byte order issue when host/network order are the same (#1327)
- Enhance sock_addr_local syscall (#1320)
- Implement sock_addr_remote syscall (#1360)
- Add support for IPv6 in WAMR (#1411)
- Implement ns lookup allowlist (#1420)
- Implement sock_send_to and sock_recv_from system calls (#1457)
- Added http downloader and multicast socket options (#1467)
- Fix `bind()` calls to receive the correct size of `sockaddr` structure (#1490)
- Assert on correct parameters (#1505)
- Copy only received bytes from socket recv buffer into the app buffer (#1497)
Co-authored-by: Marcin Kolny <mkolny@amazon.com>
Co-authored-by: Marcin Kolny <marcin.kolny@gmail.com>
Co-authored-by: Callum Macmillan <callumimacmillan@gmail.com>
Add aot relocation for ".rodata.str" symbol to support more cases
Fix some coding style issues
Fix aot block/value stack destroy issue
Refine classic/fast interpreter codes
Clear compile warning of libc_builtin_wrapper.c in 32-bit platform
Implement Berkeley Socket API for Intel SGX
- bring Berkeley socket API in Intel SGX enclaves,
- adapt the documentation of the socket API to mention Intel SGX enclaves,
- adapt _iwasm_ in the mini-product _linux-sgx_ to support the same option as the one for _linux_,
- tested on the socket sample as provided by WAMR (the TCP client/server).
Refer to [Networking API design](https://github.com/WebAssembly/WASI/issues/370)
and [feat(socket): berkeley socket API v2](https://github.com/WebAssembly/WASI/pull/459):
- Support the socket API of synchronous mode, including `socket/bind/listen/accept/send/recv/close/shutdown`,
the asynchronous mode isn't supported yet.
- Support adding `--addr-pool=<pool1,pool2,..>` argument for command line to identify the valid ip address range
- Add socket-api sample and update the document
Implement pthread_cond_broadcast wrapper for lib-pthread
- support pthread_cond_broadcast wrapper for posix/linux-sgx/windows
- update document for building multi-thread wasm app with emcc
Refactor LLVM Orc JIT to actually enable the lazy compilation and speedup
the launching process:
https://llvm.org/docs/ORCv2.html#laziness
Main modifications:
- Create LLVM module for each wasm function, wrap it with thread safe module
so that the modules can be compiled parallelly
- Lookup function from aot module instance's func_ptrs but not directly call the
function to decouple the module relationship
- Compile the function when it is first called and hasn't been compiled
- Create threads to pre-compile the WASM functions parallelly when loading
- Set Lazy JIT as default, update document and build/test scripts
Also implement native stack overflow check with hardware trap for 64-bit platforms
Refine classic interpreter and fast interpreter to improve performance
Update document
Update all links accordingly. Also update links to other repositories
whose branches have renamed.
The references to repositories whose branches have not renamed should be
referencing specific commits anyway, so reference those specific commits
by hash.
* Missing SGX SDK Include fixed
* Update shared_platform.cmake
* CMakeFile remove stdlib from untrusted part
* Added two times in function description zero as possible return value
* Update shared_platform.cmake
Co-authored-by: Joshua Heinemann <heineman@ibr.cs.tu-bs.de>
Co-authored-by: wenyongh <wenyong.huang@intel.com>
* Diasble AOT in SGX build by default, as it requires SGX SDKv2.8 or later.
* Update bh_platform.c
Co-authored-by: daomingq <daomingq@users.noreply.github.com>
Co-authored-by: wenyongh <wenyong.huang@intel.com>
* Implement memory profiler, optimize memory usage, modify code indent
* Implement memory.grow and limit heap space base offset to 1G; modify iwasm build type to Release and 64 bit by default
* Add a new extension library: connection
* Fix bug of reading magic number and version in big endian platform
* Re-org platform APIs: move most platform APIs from iwasm to shared-lib
* Enhance wasm loader to fix some security issues
* Fix issue about illegal load of EXC_RETURN into PC on stm32 board
* Updates that let a restricted version of the interpreter run in SGX
* Enable native/app address validation and conversion for wasm app
* Remove wasm_application_exectue_* APIs from wasm_export.h which makes confused
* Refine binary size and fix several minor issues
Optimize interpreter LOAD/STORE opcodes to decrease the binary size
Fix issues when using iwasm library: _bh_log undefined, bh_memory.h not found
Remove unused _stdin/_stdout/_stderr global variables resolve in libc wrapper
Add macros of global heap size, stack size, heap size for Zephyr main.c
Clear compile warning of wasm_application.c
* Add more strict security checks for libc wrapper API's
* Use one libc wrapper copy for sgx and other platforms; remove bh_printf macro for other platform header files
* Enhance security of libc strcpy/sprintf wrapper function
* Fix issue of call native for x86_64/arm/mips, add module inst parameter for native wrapper functions
* Remove get_module_inst() and fix issue of call native
* Refine wgl lib: remove module_inst parameter from widget functions; move function index check to runtime instantiate
* Refine interpreter call native process, refine memory boudary check
* Fix issues of invokeNative function of arm/mips/general version
* Add a switch to build simple sample without gui support
* Add BUILD_TARGET setting in makefile to replace cpu compiler flags in source code
* Re-org shared lib header files, remove unused info; fix compile issues of vxworks
* Add build target general
* Remove unused files
* Update license header
* test push
* Restore file
* Sync up with internal/feature
* Sync up with internal/feature
* Rename build_wamr_app to build_wasm_app
* Fix small issues of README
* Enhance malformed wasm file checking
Fix issue of print hex int and implement utf8 string check
Fix wasi file read/write right issue
Fix minor issue of build wasm app doc
* Sync up with internal/feature
* Sync up with internal/feature: fix interpreter arm issue, fix read leb issue
* Sync up with internal/feature
* Fix bug of config.h and rename wasi config.h to ssp_config.h
* Sync up with internal/feature
* Import wamr aot
* update document
* update document
* Update document, disable WASI in 32bit
* update document
* remove files
* update document
* Update document
* update document
* update document
* update samples
* Sync up with internal repo
