From dd9d90c52c78ab852ccd049c6d17df1eaa60ff80 Mon Sep 17 00:00:00 2001 From: Kailun Qin Date: Tue, 13 Aug 2024 08:48:40 -0400 Subject: [PATCH] squash! [LibOS] Add support for timerfd system calls !TODO: use below commit msg: [LibOS] Add support for timerfd system calls This commit adds support for system calls that create and operate on a timer that delivers timer expiration notifications via a file descriptor, specifically: `timerfd_create()`, `timerfd_settime()` and `timerfd_gettime()`. The timerfd object is associated with a dummy eventfd created on the host to trigger notifications (e.g., in epoll). The object is created inside Gramine, with all its operations resolved entirely inside Gramine (note that the time source in Gramine SGX is still untrusted). The emulation is currently implemented at the level of a single process. All timerfds created in the parent process are marked as invalid in child processes. In multi-process applications, Gramine does not exit immediately after fork; it only exits if the application attempts to use timerfds in the child. Therefore, inter-process timing signals via timerfds are not allowed. LibOS regression tests are also added. Signed-off-by: Kailun Qin --- Documentation/devel/features.md | 8 ++++---- libos/src/sys/libos_timerfd.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Documentation/devel/features.md b/Documentation/devel/features.md index 265ea6a4ae..df2bd60060 100644 --- a/Documentation/devel/features.md +++ b/Documentation/devel/features.md @@ -2881,10 +2881,10 @@ of Service (DoS) attacks. `TFD_TIMER_CANCEL_ON_SET` is silently ignored because "discontinuous changes of time" in Gramine (via e.g., `settimeofday()`). `TFD_IOC_SET_TICKS` is not supported. -The emulation is currently implemented at the level of a single process. The emulation *may* work -for multi-process applications, e.g., if the child process inherits the timerfd object but doesn't -use it. However, all timerfds created in the parent process are marked as invalid in child -processes, i.e. inter-process timing signals via timerfds are not allowed. +The emulation is currently implemented at the level of a single process. All timerfds created in the +parent process are marked as invalid in child processes. In multi-process applications, Gramine does +not exit immediately after fork; it only exits if the application attempts to use timerfds in the +child. Therefore, inter-process timing signals via timerfds are not allowed. Gramine does *not* currently implement the POSIX per-process timer: `timer_create()`, etc. Gramine could implement it in the future, if need arises. diff --git a/libos/src/sys/libos_timerfd.c b/libos/src/sys/libos_timerfd.c index beed54149a..8e7aa6f50d 100644 --- a/libos/src/sys/libos_timerfd.c +++ b/libos/src/sys/libos_timerfd.c @@ -12,10 +12,10 @@ * the host. Since the host is used purely for notifications, a malicious host can only induce * Denial of Service (DoS) attacks. * - * The emulation is currently implemented at the level of a single process. The emulation *may* work - * for multi-process applications, e.g., if the child process inherits the timerfd object but - * doesn't use it. However, all timerfds created in the parent process are marked as invalid in - * child processes, i.e. inter-process timing signals via timerfds are not allowed. + * The emulation is currently implemented at the level of a single process. All timerfds created in + * the parent process are marked as invalid in child processes. In multi-process applications, + * Gramine does not exit immediately after fork; it only exits if the application attempts to use + * timerfds in the child. Therefore, inter-process timing signals via timerfds are not allowed. * * The host's eventfd object is "dummy" and used purely for notifications -- to unblock blocking * read/select/poll/epoll system calls. The read notify logic is already hardened, by