Nginx unable to run
gmatesunny opened this issue · comments
If I keep the enclave.signed.so at same directory as nginx binary, it results in segmentation fault.
roshan@bolt:~/talos/src/nginx-1.11.0/install/sbin$ pwd
roshan@bolt:~/talos/src/nginx-1.11.0/install/sbin$ pwd
/home/roshan/talos/src/nginx-1.11.0/install/sbin
roshan@bolt:~/talos/src/nginx-1.11.0/install/sbin$ ls -a
. .. enclave.signed.so nginx
roshan@bolt:~/talos/src/nginx-1.11.0/install/sbin$ ./nginx
Segmentation fault
This is some change I modified in the "nginx-1.11.0/objs/Makefile":
--- nginx-1.11.0/objs/Makefile 2018-03-12 01:40:28.899019963 -0700
+++ nginx-1.11.0-std/objs/Makefile 2018-03-12 01:41:58.831507135 -0700
@@ -9,7 +9,7 @@
-I src/event \
-I src/event/modules \
-I src/os/unix \
- -I /home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl/include \
+ -I /home/administrator/nginx_talos_release/TaLoS/src/libressl-2.4.1/include \
-I objs \
-I src/http \
-I src/http/modules
@@ -76,7 +76,6 @@
src/os/unix/ngx_linux.h \
src/event/ngx_event_openssl.h \
src/core/ngx_regex.h \
- /home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl/include/openssl/ssl.h \
objs/ngx_auto_config.h
@@ -84,7 +83,7 @@
-I src/event \
-I src/event/modules \
-I src/os/unix \
- -I /home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl/include \
+ -I /home/administrator/nginx_talos_release/TaLoS/src/libressl-2.4.1/include \
-I objs
@@ -345,7 +344,7 @@
objs/src/http/modules/ngx_http_upstream_keepalive_module.o \
objs/src/http/modules/ngx_http_upstream_zone_module.o \
objs/ngx_modules.o \
- -ldl -lpthread -lcrypt -lpcre /home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl/lib/libssl.a /home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl/lib/libcrypto.a -ldl -lz \
+ -ldl -lpthread -lcrypt -lpcre /home/administrator/nginx_talos_release/TaLoS/src/libressl-2.4.1/lib/libssl.a /home/administrator/nginx_talos_release/TaLoS/src/libressl-2.4.1/lib/libcrypto.a -L /home/administrator/nginx_talos_release/intel/sgxsdk/sdk_libs -lsgx_urts_sim -lsgx_uae_service_sim -ldl -lz \
-Wl,-E
@@ -1171,75 +1170,69 @@
src/http/modules/ngx_http_upstream_zone_module.c
-/home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl/include/openssl/ssl.h: objs/Makefile
- cd /home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1/ \
- && if [ -f Makefile ]; then $(MAKE) clean; fi \
- && ./config --prefix=/home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl no-shared \
- && $(MAKE) \
- && $(MAKE) install_sw LIBDIR=lib
manpage: objs/nginx.8
Hope it helps you.
Where did you place enclave.signed.so ? Could you tell the path of it ? In my system I created a link here:
/home/roshan/talos/src/nginx-1.11.0/enclave.signed.so that points to the /home/roshan/talos/src/libressl-2.4.1/crypto/enclave.signed.so
My system is the same yours. However, I only test in sgx simulator mode (-lsgx_urts_sim -lsgx_uae_service_sim).
I tried to see what causes segmentation fault and this is the output:
roshan@bolt:/talos/src/nginx-1.11.0$ gdb ./install/sbin/nginx16.5) 7.11.1
GNU gdb (Ubuntu 7.11.1-0ubuntu1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/.
Find the GDB manual and other documentation resources online at:
http://www.gnu.org/software/gdb/documentation/.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./install/sbin/nginx...done.
(gdb) run
Starting program: /home/roshan/talos/src/nginx-1.11.0/install/sbin/nginx
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff72f5895 in _create_enclave(bool, int, _se_file_t&, _le_prd_css_file_t*, unsigned char () [1024], int, unsigned long*, _sgx_misc_attribute_t*) ()
from /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so
(gdb)
(gdb) bt
#0 0x00007ffff72f5895 in _create_enclave(bool, int, _se_file_t&, _le_prd_css_file_t*, unsigned char () [1024], int, unsigned long*, _sgx_misc_attribute_t*)
() from /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so
#1 0x00007ffff72f648e in sgx_create_enclave ()
from /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so
#2 0x000000000048b734 in initialize_enclave () at enclaveshim_ecalls.c:185
#3 0x000000000048bc19 in initialize_library () at enclaveshim_ecalls.c:351
#4 0x000000000049086d in OPENSSL_add_all_algorithms_noconf ()
at enclaveshim_ecalls.c:2844
#5 0x00007ffff72f0a89 in init_openssl() ()
from /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so
#6 0x00007ffff7de76ba in call_init (l=, argc=argc@entry=1,
argv=argv@entry=0x7fffffffdc38, env=env@entry=0x7fffffffdc48)
at dl-init.c:72
#7 0x00007ffff7de77cb in call_init (env=0x7fffffffdc48, argv=0x7fffffffdc38,
argc=1, l=) at dl-init.c:30
#8 _dl_init (main_map=0x7ffff7ffe168, argc=1, argv=0x7fffffffdc38,
env=0x7fffffffdc48) at dl-init.c:120
#9 0x00007ffff7dd7c6a in _dl_start_user () from /lib64/ld-linux-x86-64.so.2
#10 0x0000000000000001 in ?? ()
#11 0x00007fffffffe018 in ?? ()
#12 0x0000000000000000 in ?? ()
This time I did static linking and it's for simulation libraries.
And report from valgrind
roshan@bolt:~/talos/src/nginx-1.11.0$ valgrind --leak-check=full ./install/sbin/nginx
==20830== Memcheck, a memory error detector
==20830== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==20830== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==20830== Command: ./install/sbin/nginx
==20830==
==20830== Invalid read of size 8
==20830== at 0x570E895: _create_enclave(bool, int, _se_file_t&, _le_prd_css_file_t*, unsigned char () [1024], int, unsigned long*, _sgx_misc_attribute_t*) (in /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so)
==20830== by 0x570F48D: sgx_create_enclave (in /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so)
==20830== by 0x48B733: initialize_enclave (enclaveshim_ecalls.c:185)
==20830== by 0x48BC18: initialize_library (enclaveshim_ecalls.c:351)
==20830== by 0x49086C: OPENSSL_add_all_algorithms_noconf (enclaveshim_ecalls.c:2844)
==20830== by 0x5709A88: init_openssl() (in /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so)
==20830== by 0x40106B9: call_init.part.0 (dl-init.c:72)
==20830== by 0x40107CA: call_init (dl-init.c:30)
==20830== by 0x40107CA: _dl_init (dl-init.c:120)
==20830== by 0x4000C69: ??? (in /lib/x86_64-linux-gnu/ld-2.23.so)
==20830== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==20830==
==20830==
==20830== Process terminating with default action of signal 11 (SIGSEGV)
==20830== Access not within mapped region at address 0x0
==20830== at 0x570E895: _create_enclave(bool, int, _se_file_t&, _le_prd_css_file_t*, unsigned char () [1024], int, unsigned long*, _sgx_misc_attribute_t*) (in /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so)
==20830== by 0x570F48D: sgx_create_enclave (in /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so)
==20830== by 0x48B733: initialize_enclave (enclaveshim_ecalls.c:185)
==20830== by 0x48BC18: initialize_library (enclaveshim_ecalls.c:351)
==20830== by 0x49086C: OPENSSL_add_all_algorithms_noconf (enclaveshim_ecalls.c:2844)
==20830== by 0x5709A88: init_openssl() (in /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so)
==20830== by 0x40106B9: call_init.part.0 (dl-init.c:72)
==20830== by 0x40107CA: call_init (dl-init.c:30)
==20830== by 0x40107CA: _dl_init (dl-init.c:120)
==20830== by 0x4000C69: ??? (in /lib/x86_64-linux-gnu/ld-2.23.so)
==20830== If you believe this happened as a result of a stack
==20830== overflow in your program's main thread (unlikely but
==20830== possible), you can try to increase the size of the
==20830== main thread stack using the --main-stacksize= flag.
==20830== The main thread stack size used in this run was 8388608.
==20830==
==20830== HEAP SUMMARY:
==20830== in use at exit: 73,602 bytes in 10 blocks
==20830== total heap usage: 82 allocs, 72 frees, 91,815 bytes allocated
I was able to solve the problem by downgrading to sgxsdk version 1.9.
Please add this information in readme.md and also there is typo for ssh instead of ssl in readme.md
@tiepnv-viosoft : Thanks, your makefile does help me.