Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[LibOS] Add fadvise64 syscall implementation #699

Merged
merged 1 commit into from
Jul 5, 2022

Conversation

kailun-qin
Copy link
Contributor

@kailun-qin kailun-qin commented Jun 29, 2022

The original requirement is from #511.

In Gramine's threat model, fadvise64() is not required to do anything meaningful. Thus, only do sanity checks and simply implement all the others as no-op.


This change is Reviewable

Copy link
Contributor

@boryspoplawski boryspoplawski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 3 files at r1, all commit messages.
Reviewable status: all files reviewed, 8 unresolved discussions, not enough approvals from maintainers (3 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @kailun-qin)


-- commits line 5 at r1:
What do you mean by "threat model"? We are not required to do anything because of that syscall semantics (which we emulate).


-- commits line 11 at r1:
I would recommend reading point 7 from https://gramine.readthedocs.io/en/stable/devel/onboarding.html#fixing-a-bug (or the whole document). This commit is should be just squashed into the previous one it serves no purpose.


libos/include/shim_table.h line 162 at r1 (raw file):

                                     unsigned long* user_mask_ptr);
long libos_syscall_set_tid_address(int* tidptr);
long libos_syscall_fadvise64(int fd, loff_t offset, loff_t len, int advice);

Wrong signature (type of len): https://elixir.bootlin.com/linux/latest/source/mm/fadvise.c#L212


libos/src/sys/shim_open.c line 644 at r1 (raw file):

    int ret;

    if (offset < 0) {

Why this check? This is not required by the kernel from what I can see.


libos/src/sys/shim_open.c line 647 at r1 (raw file):

        return -EINVAL;
    }
    if (len < 0) {

If you fix the signature this check won't be needed.


libos/src/sys/shim_open.c line 650 at r1 (raw file):

        return -EINVAL;
    }
    if (!fadvise_advice_valid(advice)) {

What's the point of having this as a separate function? Both functions (caller and callee) are small and this doesn't improve readability - just inline it


libos/src/sys/shim_open.c line 658 at r1 (raw file):

        return -EBADF;
    }
    if (handle->type == TYPE_PIPE) {

We need to check if it's really a file, not that it's not a pipe.


libos/src/sys/shim_open.c line 662 at r1 (raw file):

        goto out;
    }
    // In Gramine's threat model, it is not required to do anything meaningful with fadvise,

ditto (this comment makes no sense to me, as in commit message)

Copy link
Contributor Author

@kailun-qin kailun-qin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: all files reviewed, 8 unresolved discussions, not enough approvals from maintainers (3 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @boryspoplawski)


-- commits line 5 at r1:

Previously, boryspoplawski (Borys Popławski) wrote…

What do you mean by "threat model"? We are not required to do anything because of that syscall semantics (which we emulate).

The wording is a copy-paste from the initial issue. I can guess the intention but I think it's fine to just remove it to avoid any confusions.


-- commits line 11 at r1:

Previously, boryspoplawski (Borys Popławski) wrote…

I would recommend reading point 7 from https://gramine.readthedocs.io/en/stable/devel/onboarding.html#fixing-a-bug (or the whole document). This commit is should be just squashed into the previous one it serves no purpose.

Got it, thanks.


libos/include/shim_table.h line 162 at r1 (raw file):

Previously, boryspoplawski (Borys Popławski) wrote…

Wrong signature (type of len): https://elixir.bootlin.com/linux/latest/source/mm/fadvise.c#L212

I just followed https://elixir.bootlin.com/linux/latest/source/mm/fadvise.c#L205, also the posix_fadvise signature in manpage. WDYT?


libos/src/sys/shim_open.c line 644 at r1 (raw file):

Previously, boryspoplawski (Borys Popławski) wrote…

Why this check? This is not required by the kernel from what I can see.

Yep indeed. Fixed.


libos/src/sys/shim_open.c line 647 at r1 (raw file):

Previously, boryspoplawski (Borys Popławski) wrote…

If you fix the signature this check won't be needed.

I'll leave it for now and let you confirm the signature.


libos/src/sys/shim_open.c line 650 at r1 (raw file):

Previously, boryspoplawski (Borys Popławski) wrote…

What's the point of having this as a separate function? Both functions (caller and callee) are small and this doesn't improve readability - just inline it

Done.


libos/src/sys/shim_open.c line 658 at r1 (raw file):

Previously, boryspoplawski (Borys Popławski) wrote…

We need to check if it's really a file, not that it's not a pipe.

Well, the intention was to check whether its a pipe, if so then -ESPIPE. (similar check for fallocate:

if (handle->type == TYPE_PIPE) {
, also see https://elixir.bootlin.com/linux/latest/source/mm/fadvise.c#L43)


libos/src/sys/shim_open.c line 662 at r1 (raw file):

Previously, boryspoplawski (Borys Popławski) wrote…

ditto (this comment makes no sense to me, as in commit message)

Done.

Copy link
Contributor

@boryspoplawski boryspoplawski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 1 files at r2, all commit messages.
Reviewable status: all files reviewed, 3 unresolved discussions, not enough approvals from maintainers (3 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " and "squash! " found in commit messages' one-liners (waiting on @boryspoplawski and @kailun-qin)


-- commits line 24 at r2:
For the next time please also put what you want to do with the new message (append, replaces, etc).


libos/include/shim_table.h line 162 at r1 (raw file):

Previously, kailun-qin (Kailun Qin) wrote…

I just followed https://elixir.bootlin.com/linux/latest/source/mm/fadvise.c#L205, also the posix_fadvise signature in manpage. WDYT?

fadvise64_64 is a different syscall (mainly used in 32bit arch, afaik). posix_fadvise is a lib C function signature, not syscall's.


libos/src/sys/shim_open.c line 658 at r1 (raw file):

Previously, kailun-qin (Kailun Qin) wrote…

Well, the intention was to check whether its a pipe, if so then -ESPIPE. (similar check for fallocate:

if (handle->type == TYPE_PIPE) {
, also see https://elixir.bootlin.com/linux/latest/source/mm/fadvise.c#L43)

This is weird, but indeed Linux kernel does return 0, e.g. for sockets...

Copy link

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 3 files at r1, 1 of 1 files at r2, all commit messages.
Reviewable status: all files reviewed, 6 unresolved discussions, not enough approvals from maintainers (3 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " and "squash! " found in commit messages' one-liners (waiting on @boryspoplawski and @kailun-qin)


-- commits line 5 at r1:

Previously, kailun-qin (Kailun Qin) wrote…

The wording is a copy-paste from the initial issue. I can guess the intention but I think it's fine to just remove it to avoid any confusions.

Yes, the "threat model" was only about Linux-SGX PAL. There we have Intel SGX which distrusts the kernel, and since the kernel manages files access, the threat model does not consider "kernel does not perform any access-to-files optimizations".

Yes, we can just remove the part In Gramine's thread model.


libos/include/shim_table.h line 162 at r1 (raw file):

Previously, boryspoplawski (Borys Popławski) wrote…

fadvise64_64 is a different syscall (mainly used in 32bit arch, afaik). posix_fadvise is a lib C function signature, not syscall's.

@kailun-qin But your link refers to another system call called fadvise64_64. So I agree with Borys.


libos/src/sys/shim_open.c line 647 at r1 (raw file):

Previously, kailun-qin (Kailun Qin) wrote…

I'll leave it for now and let you confirm the signature.

+1 to Borys, not needed


libos/src/sys/shim_open.c line 628 at r2 (raw file):

}

long libos_syscall_fadvise64(int fd, loff_t offset, loff_t len, int advice) {

loff_t len -> size_t len


libos/src/sys/shim_open.c line 650 at r2 (raw file):

    if (!handle) {
        return -EBADF;
    }

Please add empty lines between separate code snippets (like different checks), otherwise it is hard to read.


libos/src/sys/shim_open.c line 655 at r2 (raw file):

        goto out;
    }
    // It is not required to do anything meaningful with fadvise, so just make it a no-op here.

First, we prefer to use /* */. Second, the sentence looks weird, I suggest a simple:

/* currently just a no-op */

Copy link
Contributor Author

@kailun-qin kailun-qin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: all files reviewed, 6 unresolved discussions, not enough approvals from maintainers (3 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " and "squash! " found in commit messages' one-liners (waiting on @boryspoplawski and @dimakuv)


libos/include/shim_table.h line 162 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

@kailun-qin But your link refers to another system call called fadvise64_64. So I agree with Borys.

Done.


libos/src/sys/shim_open.c line 647 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

+1 to Borys, not needed

Done.


libos/src/sys/shim_open.c line 628 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

loff_t len -> size_t len

Done.


libos/src/sys/shim_open.c line 650 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please add empty lines between separate code snippets (like different checks), otherwise it is hard to read.

Done.


libos/src/sys/shim_open.c line 655 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

First, we prefer to use /* */. Second, the sentence looks weird, I suggest a simple:

/* currently just a no-op */

Done.

boryspoplawski
boryspoplawski previously approved these changes Jun 30, 2022
Copy link
Contributor

@boryspoplawski boryspoplawski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 2 of 2 files at r3, all commit messages.
Reviewable status: all files reviewed, 4 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: ITL), "fixup! " found in commit messages' one-liners (waiting on @boryspoplawski and @dimakuv)

@boryspoplawski
Copy link
Contributor

Jenkins, test this please

dimakuv
dimakuv previously approved these changes Jun 30, 2022
Copy link

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 3 files at r1, 2 of 2 files at r3, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion, not enough approvals from maintainers (1 more required), "fixup! " found in commit messages' one-liners (waiting on @boryspoplawski)

Copy link
Member

@mkow mkow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 3 files at r1, 2 of 2 files at r3, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions, "fixup! " found in commit messages' one-liners (waiting on @boryspoplawski and @kailun-qin)


-- commits line 24 at r3:

Thus, only do sanity checks and simply implement all the others as no-op.

All the others what? I don't understand this sentence.

Copy link
Contributor Author

@kailun-qin kailun-qin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: all files reviewed, 2 unresolved discussions, "fixup! " found in commit messages' one-liners (waiting on @boryspoplawski and @mkow)


-- commits line 24 at r3:

Previously, mkow (Michał Kowalczyk) wrote…

Thus, only do sanity checks and simply implement all the others as no-op.

All the others what? I don't understand this sentence.

Currently, we only implement sanity checks infadvise64and the core logic is just a no-op (returning 0 directly). Please feel free to rephrase the commit message you think is more appropriate. Thanks!

`fadvise64()` is not required to do anything meaningful. Thus, we only
implement sanity checks and have the core logic as a no-op (returning
success immediately).

Signed-off-by: Kailun Qin <kailun.qin@intel.com>
@dimakuv dimakuv dismissed stale reviews from boryspoplawski and themself via 43b182e July 5, 2022 06:58
@dimakuv dimakuv force-pushed the kailun-qin/add-fadvise64 branch from 07eeea2 to 43b182e Compare July 5, 2022 06:58
Copy link

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 6 of 6 files at r4, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions, not enough approvals from maintainers (1 more required), not enough approvals from different teams (1 more required, approved so far: Intel) (waiting on @boryspoplawski and @mkow)


-- commits line 11 at r1:

Previously, kailun-qin (Kailun Qin) wrote…

Got it, thanks.

Done.


-- commits line 24 at r3:

Previously, kailun-qin (Kailun Qin) wrote…

Currently, we only implement sanity checks infadvise64and the core logic is just a no-op (returning 0 directly). Please feel free to rephrase the commit message you think is more appropriate. Thanks!

Done. I rephrased during the final rebase.

@dimakuv
Copy link

dimakuv commented Jul 5, 2022

Jenkins, test this please

Copy link
Member

@mkow mkow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 6 files at r4, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @boryspoplawski)

Copy link
Contributor

@boryspoplawski boryspoplawski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 6 files at r4, all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

@mkow mkow merged commit 43b182e into gramineproject:master Jul 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants