search

apache / incubator-teaclave-sgx-sdk

Apache Teaclave (incubating) SGX SDK helps developers to write Intel SGX applications in the Rust programming language, and also known as Rust SGX SDK.
https://teaclave.apache.org
Apache License 2.0
1.17k stars 261 forks source link

1.1.4 enclave linker error undefined reference to `__assert_fail' without release #373

Open celaus opened 2 years ago

celaus commented 2 years ago

Hi,

it looks like something changed between 1.1.3 and 1.1.4 that keeps ring (and I assume other dependencies with a debug_assert) from building. Here is the log output, note that I commented out the release flag in the enclave's build file (cargo build #--release). At the end of the log you'll find the corresponding linker error:

root@c7e07849f3a4:~/sgx/samplecode/tls/tlsclient# make
make -C ./enclave/
make[1]: Entering directory '/root/sgx/samplecode/tls/tlsclient/enclave'
cargo build #--release
warning: Patch `sgx_backtrace v1.1.4 (/root/sgx/sgx_backtrace)` was not used in the crate graph.
Patch `sgx_cov v1.1.4 (/root/sgx/sgx_cov)` was not used in the crate graph.
Patch `sgx_crypto_helper v1.1.4 (/root/sgx/sgx_crypto_helper)` was not used in the crate graph.
Patch `sgx_rand v1.1.4 (/root/sgx/sgx_rand)` was not used in the crate graph.
Patch `sgx_rand_derive v1.1.4 (/root/sgx/sgx_rand_derive)` was not used in the crate graph.
Patch `sgx_serialize v1.1.4 (/root/sgx/sgx_serialize)` was not used in the crate graph.
Patch `sgx_serialize_derive v1.1.4 (/root/sgx/sgx_serialize_derive)` was not used in the crate graph.
Patch `sgx_serialize_derive_internals v1.1.4 (/root/sgx/sgx_serialize_derive_internals)` was not used in the crate graph.
Patch `sgx_tcrypto v1.1.4 (/root/sgx/sgx_tcrypto)` was not used in the crate graph.
Patch `sgx_tcrypto_helper v1.1.4 (/root/sgx/sgx_tcrypto_helper)` was not used in the crate graph.
Patch `sgx_tdh v1.1.4 (/root/sgx/sgx_tdh)` was not used in the crate graph.
Patch `sgx_tkey_exchange v1.1.4 (/root/sgx/sgx_tkey_exchange)` was not used in the crate graph.
Patch `sgx_tse v1.1.4 (/root/sgx/sgx_tse)` was not used in the crate graph.
Patch `sgx_tseal v1.1.4 (/root/sgx/sgx_tseal)` was not used in the crate graph.
Patch `sgx_tunittest v1.1.4 (/root/sgx/sgx_tunittest)` was not used in the crate graph.
Check that the patched package version and available features are compatible
with the dependency requirements. If the patch has a different version from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not enabled.
warning: unnecessary `unsafe` block
   --> /root/sgx/sgx_tstd/src/sys_common/wtf8.rs:828:9
    |
828 |         unsafe {
    |         ^^^^^^ unnecessary `unsafe` block
    |
    = note: `#[warn(unused_unsafe)]` on by default

warning: `sgx_tstd` (lib) generated 1 warning
    Finished dev [unoptimized + debuginfo] target(s) in 0.03s
cp ./target/debug/libtlsclient.a ../lib/libenclave.a
make[1]: Leaving directory '/root/sgx/samplecode/tls/tlsclient/enclave'
CC   <=  enclave/Enclave_t.c
/usr/bin/ld: ./lib/libenclave.a(aes_nohw.o): in function `aes_nohw_to_batch':
/root/.cargo/git/checkouts/ring-sgx-f3f2b49526f918ea/844efe2/crypto/fipsmodule/aes/aes_nohw.c:479: undefined reference to `__assert_fail'
/usr/bin/ld: ./lib/libenclave.a(aes_nohw.o): in function `aes_nohw_from_batch':
/root/.cargo/git/checkouts/ring-sgx-f3f2b49526f918ea/844efe2/crypto/fipsmodule/aes/aes_nohw.c:496: undefined reference to `__assert_fail'
/usr/bin/ld: ./lib/libenclave.a(limbs.o): in function `limbs_add':
/root/.cargo/git/checkouts/ring-sgx-f3f2b49526f918ea/844efe2/crypto/limbs/limbs.inl:118: undefined reference to `__assert_fail'
/usr/bin/ld: ./lib/libenclave.a(limbs.o): in function `limbs_sub':
/root/.cargo/git/checkouts/ring-sgx-f3f2b49526f918ea/844efe2/crypto/limbs/limbs.inl:129: undefined reference to `__assert_fail'
/usr/bin/ld: ./lib/libenclave.a(limbs.o): in function `LIMBS_less_than':
/root/.cargo/git/checkouts/ring-sgx-f3f2b49526f918ea/844efe2/crypto/limbs/limbs.c:71: undefined reference to `__assert_fail'
/usr/bin/ld: ./lib/libenclave.a(limbs.o):/root/.cargo/git/checkouts/ring-sgx-f3f2b49526f918ea/844efe2/crypto/limbs/limbs.c:84: more undefined references to `__assert_fail' follow
collect2: error: ld returned 1 exit status
Makefile:141: recipe for target 'enclave/enclave.so' failed
make: *** [enclave/enclave.so] Error 1

Whereas the same thing works in 1.1.3 (here it's just cargo build):

root@ad3bd7ac0824:~/sgx/samplecode/tls/tlsclient# make
make -C ./enclave/
make[1]: Entering directory '/root/sgx/samplecode/tls/tlsclient/enclave'
cargo build
    Updating git repository `https://github.com/apache/teaclave-sgx-sdk.git`
warning: Patch `sgx_backtrace v1.1.3 (/root/sgx/sgx_backtrace)` was not used in the crate graph.
Patch `sgx_cov v1.1.3 (/root/sgx/sgx_cov)` was not used in the crate graph.
Patch `sgx_crypto_helper v1.1.3 (/root/sgx/sgx_crypto_helper)` was not used in the crate graph.
Patch `sgx_rand v1.1.3 (/root/sgx/sgx_rand)` was not used in the crate graph.
Patch `sgx_rand_derive v1.1.3 (/root/sgx/sgx_rand_derive)` was not used in the crate graph.
Patch `sgx_serialize v1.1.3 (/root/sgx/sgx_serialize)` was not used in the crate graph.
Patch `sgx_serialize_derive v1.1.3 (/root/sgx/sgx_serialize_derive)` was not used in the crate graph.
Patch `sgx_serialize_derive_internals v1.1.3 (/root/sgx/sgx_serialize_derive_internals)` was not used in the crate graph.
Patch `sgx_tcrypto v1.1.3 (/root/sgx/sgx_tcrypto)` was not used in the crate graph.
Patch `sgx_tcrypto_helper v1.1.3 (/root/sgx/sgx_tcrypto_helper)` was not used in the crate graph.
Patch `sgx_tdh v1.1.3 (/root/sgx/sgx_tdh)` was not used in the crate graph.
Patch `sgx_tkey_exchange v1.1.3 (/root/sgx/sgx_tkey_exchange)` was not used in the crate graph.
Patch `sgx_tse v1.1.3 (/root/sgx/sgx_tse)` was not used in the crate graph.
Patch `sgx_tseal v1.1.3 (/root/sgx/sgx_tseal)` was not used in the crate graph.
Patch `sgx_tunittest v1.1.3 (/root/sgx/sgx_tunittest)` was not used in the crate graph.
Check that the patched package version and available features are compatible
with the dependency requirements. If the patch has a different version from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not enabled.
   Compiling sgx_tstd v1.1.3 (/root/sgx/sgx_tstd)
   Compiling sgx_unwind v0.1.1 (/root/sgx/sgx_unwind)
   Compiling sgx_libc v1.1.3 (/root/sgx/sgx_libc)
   Compiling sgx_backtrace_sys v1.1.3 (/root/sgx/sgx_backtrace_sys)
   Compiling ring v0.16.19 (https://github.com/mesalock-linux/ring-sgx?tag=v0.16.5#844efe27)
   Compiling log v0.4.14 (https://github.com/mesalock-linux/log-sgx#2ca9039a)
   Compiling lazy_static v1.4.0
   Compiling sgx_trts v1.1.3 (/root/sgx/sgx_trts)
   Compiling sgx_tprotected_fs v1.1.3 (/root/sgx/sgx_tprotected_fs)
   Compiling base64 v0.13.0 (https://github.com/mesalock-linux/rust-base64-sgx#dc7389e1)
   Compiling webpki v0.21.4 (https://github.com/mesalock-linux/webpki?branch=mesalock_sgx#8dbe6fbe)
   Compiling sct v0.6.0 (https://github.com/mesalock-linux/sct.rs?branch=mesalock_sgx#c4d859cc)
   Compiling rustls v0.19.0 (https://github.com/mesalock-linux/rustls?branch=mesalock_sgx#95b5e79d)
   Compiling tlsclient v1.0.0 (/root/sgx/samplecode/tls/tlsclient/enclave)
    Finished dev [unoptimized + debuginfo] target(s) in 20.45s
cp ./target/debug/libtlsclient.a ../lib/libenclave.a
make[1]: Leaving directory '/root/sgx/samplecode/tls/tlsclient/enclave'
CC   <=  enclave/Enclave_t.c
LINK =>  enclave/enclave.so
mkdir -p bin
<!-- Please refer to User's Guide for the explanation of each field -->
<EnclaveConfiguration>
    <ProdID>0</ProdID>
    <ISVSVN>0</ISVSVN>
    <StackMaxSize>0x40000</StackMaxSize>
    <HeapMaxSize>0x100000</HeapMaxSize>
    <TCSNum>1</TCSNum>
    <TCSPolicy>1</TCSPolicy>
    <DisableDebug>0</DisableDebug>
    <MiscSelect>0</MiscSelect>
    <MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>
tcs_num 1, tcs_max_num 1, tcs_min_pool 1
The required memory is 4157440B.
The required memory is 0x3f7000, 4060 KB.
Succeed.
SIGN =>  bin/enclave.signed.so

Can you check what happened?

dingelish commented 2 years ago

@celaus which rustc are you using? i just tested against nightly-2021-11-01 and didn't reproduce.

$ rustc --version rustc 1.58.0-nightly (ff0e14829 2021-10-31)

celaus commented 2 years ago

I was using the respective docker images for each compile:

$ sudo docker run -ti -v (pwd):/root/sgx --device /dev/isgx  baiduxlab/sgx-rust:1804-1.1.4 bash
root@23e62148b04d:~# rustc --version
rustc 1.58.0-nightly (ff0e14829 2021-10-31)

and 

$ sudo docker run -ti -v (pwd):/root/sgx --device /dev/isgx  baiduxlab/sgx-rust:1804-1.1.3 bash
root@e8f1676b3dde:~# rustc --version
rustc 1.49.0-nightly (ffa2e7ae8 2020-10-24)
root@e8f1676b3dde:~#
dingelish commented 2 years ago

@celaus reproduced. thanks! looks like the newer compiler somehow does not include __assert_fail's implementation in generated static libraries. to this end, you can export CFLAGS="-DRING_CORE_NOSTDLIBINC=1" to let Ring build without the __assert_fail dependency.