This is an automated email from the ASF dual-hosted git repository. shaojunwang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-java-tee-sdk.git
commit 61f8fabeec2489e72cf804c96b2e003b9f0e8891 Author: cengfeng.lzy <[email protected]> AuthorDate: Wed Jun 29 21:26:31 2022 +0800 [Enc] Disable incompatible features in GraalVM 22.1.0 Summary: Disable incompatible features in GraalVM 22.1.0 Test Plan: all tests pass Reviewers: lei.yul, jeffery.wsj, sanhong.lsh Issue: https://aone.alibaba-inc.com/task/42907958 CR: https://code.aone.alibaba-inc.com/java-tee/JavaEnclave/codereview/9216553 --- .../confidentialcomputing/enclave/EnclaveFeature.java | 15 +++++++++++++++ .../confidentialcomputing/enclave/EnclaveOptions.java | 12 +++++++++++- .../confidentialcomputing/enclave/ConfigMemTest.java | 2 +- .../confidentialcomputing/enclave/NativeImageTest.java | 2 +- test/enclave/pom.xml | 6 +----- 5 files changed, 29 insertions(+), 8 deletions(-) diff --git a/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/EnclaveFeature.java b/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/EnclaveFeature.java index b30d6d5..151e696 100644 --- a/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/EnclaveFeature.java +++ b/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/EnclaveFeature.java @@ -10,6 +10,7 @@ import com.oracle.svm.core.annotate.AutomaticFeature; import com.oracle.svm.core.c.libc.TemporaryBuildDirectoryProvider; import com.oracle.svm.core.jdk.resources.NativeImageResourceFileSystemUtil; import com.oracle.svm.core.util.VMError; +import com.oracle.svm.hosted.FeatureHandler; import com.oracle.svm.hosted.FeatureImpl; import com.oracle.svm.hosted.ImageClassLoader; import com.oracle.svm.hosted.NativeImageGenerator; @@ -56,6 +57,20 @@ public class EnclaveFeature implements Feature { return Arrays.asList(ReflectionFeature.class, SerializationFeature.class, ServiceLoaderFeature.class); } + /** + * {@code com.oracle.svm.core.cpufeature.RuntimeCPUFeatureCheckFeature} is introduced since GraalVM 22.1.0. It is not + * compatible with TEE SDK, so we have to disable it. + * + */ + @Override + public void afterRegistration(AfterRegistrationAccess access) { + if (EnclaveOptions.RunInEnclave.getValue()) { + FeatureImpl.AfterRegistrationAccessImpl a = (FeatureImpl.AfterRegistrationAccessImpl) access; + FeatureHandler featureHandler = a.getFeatureHandler(); + EnclavePlatFormSettings.disableFeatures(featureHandler, "com.oracle.svm.core.cpufeature.RuntimeCPUFeatureCheckFeature"); + } + } + @Override public void duringSetup(DuringSetupAccess access) { ImageSingletons.add(ServiceMethodInvoker.class, new ServiceMethodInvoker()); diff --git a/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/EnclaveOptions.java b/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/EnclaveOptions.java index 03e872d..980b96a 100644 --- a/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/EnclaveOptions.java +++ b/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/EnclaveOptions.java @@ -1,7 +1,10 @@ package com.alibaba.confidentialcomputing.enclave; +import com.oracle.svm.core.SubstrateOptions; import com.oracle.svm.core.option.HostedOptionKey; +import org.graalvm.collections.EconomicMap; import org.graalvm.compiler.options.Option; +import org.graalvm.compiler.options.OptionKey; import org.graalvm.compiler.options.OptionType; public class EnclaveOptions { @@ -11,5 +14,12 @@ public class EnclaveOptions { @Option(help = "Enable enclave features.", type = OptionType.User) // - public static final HostedOptionKey<Boolean> RunInEnclave = new HostedOptionKey<>(true); + public static final HostedOptionKey<Boolean> RunInEnclave = new HostedOptionKey<>(false) { + @Override + protected void onValueUpdate(EconomicMap<OptionKey<?>, Object> values, Boolean oldValue, Boolean newValue) { + if (newValue) { + SubstrateOptions.AllowVMInternalThreads.update(values, false); + } + } + }; } diff --git a/sdk/enclave/src/test/java/com/alibaba/confidentialcomputing/enclave/ConfigMemTest.java b/sdk/enclave/src/test/java/com/alibaba/confidentialcomputing/enclave/ConfigMemTest.java index 97229b9..ad10024 100644 --- a/sdk/enclave/src/test/java/com/alibaba/confidentialcomputing/enclave/ConfigMemTest.java +++ b/sdk/enclave/src/test/java/com/alibaba/confidentialcomputing/enclave/ConfigMemTest.java @@ -37,7 +37,7 @@ public class ConfigMemTest { "-DHEAP_PAGES=24000"); } - /*@Override +/* @Override public List<String> extraSVMOptions() { return List.of("--debug-attach:7788"); }*/ diff --git a/sdk/enclave/src/test/java/com/alibaba/confidentialcomputing/enclave/NativeImageTest.java b/sdk/enclave/src/test/java/com/alibaba/confidentialcomputing/enclave/NativeImageTest.java index 89b5817..67c3492 100644 --- a/sdk/enclave/src/test/java/com/alibaba/confidentialcomputing/enclave/NativeImageTest.java +++ b/sdk/enclave/src/test/java/com/alibaba/confidentialcomputing/enclave/NativeImageTest.java @@ -167,7 +167,7 @@ public abstract class NativeImageTest implements NativeImageTestable { } command.add("--no-fallback"); command.add("-H:Path=" + SVM_OUT); - command.add("-H:+AllowIncompleteClasspath"); + command.add("-H:+RunInEnclave"); command.add("-H:+ReportExceptionStackTraces"); command.add("-H:Name=lib" + SVM_ENCLAVE_LIB); command.add("-H:-DeleteLocalSymbols"); diff --git a/test/enclave/pom.xml b/test/enclave/pom.xml index 165d78a..9300bd2 100644 --- a/test/enclave/pom.xml +++ b/test/enclave/pom.xml @@ -34,7 +34,6 @@ <configuration> <buildArgs> <buildArg>--no-fallback</buildArg> - <buildArg>-H:-RunInEnclave</buildArg> </buildArgs> </configuration> <phase>test</phase> @@ -49,9 +48,7 @@ <buildArgs> <buildArg>--shared</buildArg> <buildArg>--no-fallback</buildArg> - <buildArg>--allow-incomplete-classpath</buildArg> <buildArg>-H:Path=svm-output</buildArg> - <buildArg>-H:-RunInEnclave</buildArg> <buildArg>-H:ReflectionConfigurationFiles=${project.basedir}/target/native/agent-output/test/reflect-config.json</buildArg> </buildArgs> </configuration> @@ -67,9 +64,8 @@ <buildArgs> <buildArg>--shared</buildArg> <buildArg>--no-fallback</buildArg> - <buildArg>--allow-incomplete-classpath</buildArg> <buildArg>-H:Path=svm-output</buildArg> - <buildArg>-H:-RunInEnclave</buildArg> + <buildArg>-H:+RunInEnclave</buildArg> <buildArg>-H:ReflectionConfigurationFiles=${project.basedir}/target/native/agent-output/test/reflect-config.json</buildArg> </buildArgs> </configuration> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
