search

fortanix / rust-sgx

The Fortanix Rust Enclave Development Platform
https://edp.fortanix.com
Mozilla Public License 2.0
433 stars 98 forks source link

[BUG]: "I/O ctl failed" in sgx-detect #565

Open ndokmai opened 7 months ago

ndokmai commented 7 months ago

Describe the bug: sgx-detect reports the following error:

$ sgx-detect --verbose Detecting SGX, this may take a minute... ✔ SGX instruction set ✔ CPU support ✔ CPU configuration ✔ Enclave attributes ✔ Enclave Page Cache SGX features ✔ SGX2 ✔ EXINFO ✘ ENCLV ✘ OVERSUB ✔ KSS Total EPC size: 127.2GiB (no integrity protection) ✔ Flexible launch control ✔ CPU support ? CPU configuration ✔ Able to launch production mode enclave ✘ SGX system software ✔ SGX kernel device (/dev/sgx_enclave) ✔ libsgx_enclave_common ✔ AESM service ✘ Able to launch enclaves ✘ Debug mode ✔ Production mode

🕮 SGX system software > Able to launch enclaves > Debug mode The enclave could not be launched.

debug: failed to load report enclave debug: cause: Failed to call ECREATE. debug: cause: I/O ctl failed. debug: cause: Input/output error (os error 5)

Running the test on the most recent commit of sgxs-loaders also produces similar results:

$ git clone https://github.com/fortanix/rust-sgx.git $ cd rust-sgx/intel-sgx/sgxs-loaders/ $ RUST_BACKTRACE=1 cargo test sgxdevice

Running tests/loaders.rs (/home/nd549/rust-sgx/target/debug/deps/loaders-2b03394f05fc64eb)

running 1 test test sgxdevice ... FAILED

failures:

---- sgxdevice stdout ---- thread 'sgxdevice' panicked at intel-sgx/sgxs-loaders/tests/loaders.rs:30:5: error getting report: Create(Io(Os { code: 5, kind: Uncategorized, message: "Input/output error" }))

0: failure::backtrace::internal::InternalBacktrace::new at /home/nd549/.cargo/registry/src/index.crates.io-6f17d22bba15001f/failure-0.1.8/src/backtrace/internal.rs:46:44 1: failure::backtrace::Backtrace::new at /home/nd549/.cargo/registry/src/index.crates.io-6f17d22bba15001f/failure-0.1.8/src/backtrace/mod.rs:121:35 2: <failure::error::error_impl::ErrorImpl as core::convert::From>::from at /home/nd549/.cargo/registry/src/index.crates.io-6f17d22bba15001f/failure-0.1.8/src/error/error_impl.rs:19:17 3: <failure::error::Error as core::convert::From>::from at /home/nd549/.cargo/registry/src/index.crates.io-6f17d22bba15001f/failure-0.1.8/src/error/mod.rs:36:18 4: <core::result::Result<T,F> as core::ops::try_trait::FromResidual<core::result::Result<core::convert::Infallible,E>>>::from_residual at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/result.rs:1964:27 5: sgxs_loaders::generic::Device::load at src/generic.rs:109:27 6: ::load at src/isgx/mod.rs:497:9 7: enclave_runner::loader::EnclaveBuilder::load at /home/nd549/rust-sgx/intel-sgx/enclave-runner/src/loader.rs:321:23 8: enclave_runner::loader::EnclaveBuilder::build_library at /home/nd549/rust-sgx/intel-sgx/enclave-runner/src/loader.rs:351:9 9: report_test::ReportBuilder::build at /home/nd549/rust-sgx/intel-sgx/report-test/src/lib.rs:76:13 10: report_test::report at /home/nd549/rust-sgx/intel-sgx/report-test/src/lib.rs:87:5 11: loaders::sgxdevice at tests/loaders.rs:30:5 12: loaders::sgxdevice::{{closure}} at tests/loaders.rs:28:15 13: core::ops::function::FnOnce::call_once at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/ops/function.rs:250:5 14: core::ops::function::FnOnce::call_once at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/ops/function.rs:250:5 test::__rust_begin_short_backtrace at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/test/src/lib.rs:621:18 15: test::run_test_in_process::{{closure}} at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/test/src/lib.rs:644:60 <core::panic::unwind_safe::AssertUnwindSafe as core::ops::function::FnOnce<()>>::call_once at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/panic/unwind_safe.rs:272:9 std::panicking::try::do_call at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panicking.rs:552:40 std::panicking::try at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panicking.rs:516:19 std::panic::catch_unwind at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panic.rs:146:14 test::run_test_in_process at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/test/src/lib.rs:644:27 test::run_test::{{closure}} at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/test/src/lib.rs:567:43 16: test::run_test::{{closure}} at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/test/src/lib.rs:595:41 std::sys_common::backtrace::__rust_begin_short_backtrace at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/sys_common/backtrace.rs:155:18 17: std::thread::Builder::spawnunchecked::{{closure}}::{{closure}} at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/thread/mod.rs:528:17 <core::panic::unwind_safe::AssertUnwindSafe as core::ops::function::FnOnce<()>>::call_once at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/panic/unwind_safe.rs:272:9 std::panicking::try::do_call at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panicking.rs:552:40 std::panicking::try at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panicking.rs:516:19 std::panic::catch_unwind at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panic.rs:146:14 std::thread::Builder::spawnunchecked::{{closure}} at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/thread/mod.rs:527:30 core::ops::function::FnOnce::call_once{{vtable.shim}} at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/ops/function.rs:250:5 18: <alloc::boxed::Box<F,A> as core::ops::function::FnOnce>::call_once at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/alloc/src/boxed.rs:2016:9 <alloc::boxed::Box<F,A> as core::ops::function::FnOnce>::call_once at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/alloc/src/boxed.rs:2016:9 std::sys::pal::unix::thread::Thread::new::thread_start at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/sys/pal/unix/thread.rs:108:17 19: 20:

failed to load report enclave stack backtrace: 0: rust_begin_unwind at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panicking.rs:645:5 1: core::panicking::panic_fmt at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/panicking.rs:72:14 2: core::result::unwrap_failed at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/result.rs:1654:5 3: core::result::Result<T,E>::expect at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/result.rs:1034:23 4: loaders::sgxdevice at ./tests/loaders.rs:30:5 5: loaders::sgxdevice::{{closure}} at ./tests/loaders.rs:28:15 6: core::ops::function::FnOnce::call_once at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/ops/function.rs:250:5 7: core::ops::function::FnOnce::call_once at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/ops/function.rs:250:5 note: Some details are omitted, run with RUST_BACKTRACE=full for a verbose backtrace.

failures: sgxdevice

test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 2 filtered out; finished in 0.16s

error: test failed, to rerun pass --test loaders

Upon trying to debug the loader, I found that the error Create(Io(Os { code: 5, kind: Uncategorized, message: "Input/output error" })) originated from this specific line

https://github.com/fortanix/rust-sgx/blob/e2f677b28e2a934bc3b3d20cc201962f0bf556b3/intel-sgx/sgxs-loaders/src/isgx/mod.rs#L202C1-L202C70

To Reproduce: See above.

Expected behavior: ECREATE is expected to be successful in running an application.

Reproducibility:

Environment:

Severity:

Related Issue This feels similar to this issue #526 but updating the kernel didn't fix it.

Additional context: I don't have any issues running sample applications in SGX with Gramine or the Intel SGX SDK, which suggests that the SGX kernel device is working properly.

mrdgo commented 4 months ago

I have the same problem. It is specifically not #526. Also I can easily run the SampleEnclave from the SGX-SDK.

Any updates on this?

Reproducibility

Always

Environment

jethrogb commented 4 months ago

Can you please post the output of running the program with strace -etrace=ioctl

mrdgo commented 4 months ago

Can you please post the output of running the program with strace -etrace=ioctl

user@host $ strace -etrace=ioctl sgx-detect
ioctl(1, TCGETS, {c_iflag=ICRNL|IXON|IUTF8, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0
ioctl(2, TCGETS, {c_iflag=ICRNL|IXON|IUTF8, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0
Detecting SGX, this may take a minute...
ioctl(3, FIONBIO, [1])                  = 0
ioctl(3, FIONBIO, [0])                  = 0
ioctl(4, FIONBIO, [1])                  = 0
ioctl(6, FIONBIO, [1])                  = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2368758, si_uid=21621, si_status=0, si_utime=0, si_stime=0} ---
ioctl(6, FIONBIO, [0])                  = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2368759, si_uid=21621, si_status=127, si_utime=0, si_stime=0} ---
ioctl(5, FIONBIO, [1])                  = 0
ioctl(7, FIONBIO, [1])                  = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2368765, si_uid=21621, si_status=3, si_utime=0, si_stime=0} ---
ioctl(7, FIONBIO, [0])                  = 0
ioctl(5, FIONBIO, [1])                  = 0
ioctl(7, FIONBIO, [1])                  = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2368766, si_uid=21621, si_status=0, si_utime=0, si_stime=0} ---
ioctl(7, FIONBIO, [0])                  = 0
ioctl(4, FIONBIO, [1])                  = 0
ioctl(4, FIONBIO, [0])                  = 0
ioctl(4, SGX_IOC_ENCLAVE_CREATE, 0x7ffd270be000) = 0
ioctl(4, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(4, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(4, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(4, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(4, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(4, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(4, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(4, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(4, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(4, SGX_IOC_ENCLAVE_INIT, 0x7ffd270c15e0) = 0
ioctl(4, FIONBIO, [1])                  = 0
ioctl(4, FIONBIO, [0])                  = 0
ioctl(4, SGX_IOC_ENCLAVE_CREATE, 0x7ffd270be000) = 0
ioctl(4, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(4, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(4, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(4, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(4, SGX_IOC_ENCLAVE_INIT, 0x7ffd270c15e0) = 0
ioctl(5, FIONBIO, [1])                  = 0
ioctl(5, FIONBIO, [0])                  = 0
ioctl(5, SGX_IOC_ENCLAVE_CREATE, 0x7ffd270be000) = -1 EIO (Input/output error)
ioctl(5, FIONBIO, [1])                  = 0
ioctl(5, FIONBIO, [0])                  = 0
ioctl(5, SGX_IOC_ENCLAVE_CREATE, 0x7ffd270bcf68) = -1 EIO (Input/output error)
ioctl(5, FIONBIO, [1])                  = 0
ioctl(5, FIONBIO, [0])                  = 0
ioctl(5, SGX_IOC_ENCLAVE_CREATE, 0x7ffd270be000) = 0
ioctl(5, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(5, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(5, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(5, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(5, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(5, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(5, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(5, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(5, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(5, SGX_IOC_ENCLAVE_INIT, 0x7ffd270c15e0) = 0
ioctl(5, FIONBIO, [1])                  = 0
ioctl(5, FIONBIO, [0])                  = 0
ioctl(5, SGX_IOC_ENCLAVE_CREATE, 0x7ffd270be000) = 0
ioctl(5, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(5, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(5, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(5, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(5, SGX_IOC_ENCLAVE_INIT, 0x7ffd270c15e0) = 0
ioctl(6, FIONBIO, [1])                  = 0
ioctl(6, FIONBIO, [0])                  = 0
ioctl(6, SGX_IOC_ENCLAVE_CREATE, 0x7ffd270be000) = -1 EIO (Input/output error)
ioctl(6, FIONBIO, [1])                  = 0
ioctl(6, FIONBIO, [0])                  = 0
ioctl(6, SGX_IOC_ENCLAVE_CREATE, 0x7ffd270bcf68) = -1 EIO (Input/output error)
ioctl(6, FIONBIO, [1])                  = 0
ioctl(6, FIONBIO, [0])                  = 0
ioctl(6, SGX_IOC_ENCLAVE_CREATE, 0x7ffd270be000) = 0
ioctl(6, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(6, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(6, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(6, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(6, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(6, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(6, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(6, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(6, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(6, SGX_IOC_ENCLAVE_INIT, 0x7ffd270c15e0) = 0
ioctl(6, FIONBIO, [1])                  = 0
ioctl(6, FIONBIO, [0])                  = 0
ioctl(6, SGX_IOC_ENCLAVE_CREATE, 0x7ffd270be000) = 0
ioctl(6, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(6, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(6, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(6, SGX_IOC_ENCLAVE_ADD_PAGES, 0x7ffd270bdf08) = 0
ioctl(6, SGX_IOC_ENCLAVE_INIT, 0x7ffd270c15e0) = 0
✔  SGX instruction set
  ✔  CPU support
  ✔  CPU configuration
  ✔  Enclave attributes
  ✔  Enclave Page Cache
  SGX features
    ✔  SGX2  ✔  EXINFO  ✘  ENCLV  ✘  OVERSUB  ✔  KSS  
    Total EPC size: 2.0GiB (no integrity protection)
✔  Flexible launch control
  ✔  CPU support
  ? CPU configuration
  ✔  Able to launch production mode enclave
✘  SGX system software
  ✔  SGX kernel device (/dev/sgx_enclave)
  ✔  libsgx_enclave_common
  ✔  AESM service
  ✘  Able to launch enclaves
    ✘  Debug mode
    ✔  Production mode

🕮  SGX system software > Able to launch enclaves > Debug mode
The enclave could not be launched.

(run with `--verbose` for more details)

More information: https://edp.fortanix.com/docs/installation/help/#run-enclave-debug
+++ exited with 0 +++
jethrogb commented 4 months ago

Is the problem just with sgx-detect and the unit tests? Are you able to run e.g. hello world?

jethrogb commented 4 months ago

I think the problem is in generate_dummy_signature we always create a dummy signature with attributes based on xgetbv(0) even though ssaframesize for the enclave may be set to a value lower than needed for that xfrm. If attributes are not explicitly specified, we then copy those attributes from the dummy signature to the ECREATE call.

Instead, in generate_dummy_signature, we should call read_meas once and cache the result for later use, and then come up with an xfrm that matches the ssaframesize in the first measurement in the SGXS.

mrdgo commented 4 months ago

I get the same error when I follow the lines from the readme: 

# Install EDP components
rustup target add x86_64-fortanix-unknown-sgx --toolchain nightly
cargo install fortanix-sgx-tools sgxs-tools
echo >> ~/.cargo/config -e '[target.x86_64-fortanix-unknown-sgx]\nrunner = "ftxsgx-runner-cargo"'

# Run your enclave!
cargo new --bin hello-world
cd hello-world
cargo run --target x86_64-fortanix-unknown-sgx

the last command yields:

Error: Create(Io(Os { code: 5, kind: Uncategorized, message: "Input/output error" }))

While loading SGX enclave
ERROR: while running "ftxsgx-runner" "target/x86_64-fortanix-unknown-sgx/debug/hello-world.sgxs" got exit status: 1

Edit: with strace

root@103139b6faf0# strace -etrace=ioctl cargo run --target x86_64-fortanix-unknown-sgx
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TIOCGWINSZ, {ws_row=49, ws_col=190, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(2, TIOCGWINSZ, {ws_row=49, ws_col=190, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(2, TIOCGWINSZ, {ws_row=49, ws_col=190, ws_xpixel=0, ws_ypixel=0}) = 0
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.02s
     Running `ftxsgx-runner-cargo target/x86_64-fortanix-unknown-sgx/debug/hello-world`
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
Error: Create(Io(Os { code: 5, kind: Uncategorized, message: "Input/output error" }))

While loading SGX enclave
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=393, si_uid=0, si_status=1, si_utime=1, si_stime=1} ---
ERROR: while running "ftxsgx-runner" "target/x86_64-fortanix-unknown-sgx/debug/hello-world.sgxs" got exit status: 1
+++ exited with 1 +++
mrdgo commented 4 months ago

It doesn't really look like ecreate fails in the second log. Any other ideas?

jethrogb commented 4 months ago

From the error message in the second log, clearly ECREATE fails. To see it in strace, you need to run with -f. I'm fairly certain the problem I outlined before is the issue.

mrdgo commented 4 months ago

Ran with -f:

root@103139b6faf0:/ftx/hello-world# strace -etrace=ioctl -f cargo run --target x86_64-fortanix-unknown-sgx
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TIOCGWINSZ, {ws_row=50, ws_col=190, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(2, TIOCGWINSZ, {ws_row=50, ws_col=190, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(2, TIOCGWINSZ, {ws_row=50, ws_col=190, ws_xpixel=0, ws_ypixel=0}) = 0
strace: Process 19 attached
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.02s
[pid    19] --- SIGUSR1 {si_signo=SIGUSR1, si_code=SI_TKILL, si_pid=18, si_uid=0} ---
[pid    19] +++ exited with 0 +++
     Running `ftxsgx-runner-cargo target/x86_64-fortanix-unknown-sgx/debug/hello-world`
strace: Process 20 attached
[pid    20] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
strace: Process 21 attached
[pid    21] ioctl(4, FIONBIO, [1])      = 0
[pid    21] ioctl(4, FIONBIO, [0])      = 0
[pid    21] ioctl(5, _IOC(_IOC_WRITE, 0xa4, 0, 0x8), 0x7fff78959000) = -1 EIO (Input/output error)
Error: Create(Io(Os { code: 5, kind: Uncategorized, message: "Input/output error" }))

While loading SGX enclave
[pid    21] +++ exited with 1 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=1, si_utime=2, si_stime=9} ---
ERROR: while running "ftxsgx-runner" "target/x86_64-fortanix-unknown-sgx/debug/hello-world.sgxs" got exit status: 1
+++ exited with 1 +++

I don't know, what that ioctl_write does. But if ioctl(5, _IOC(_IOC_WRITE, 0xa4, 0, 0x8), 0x7fff78959000) == ECREATE, I agree.

mrdgo commented 1 month ago

@raoulstrackx - didn't we meet in Switzerland, last year? On Pascal's workshop at CSF?

raoulstrackx commented 1 month ago

Yes I was there :)