Bugfies:

- Fix #34
- Reserving syscall numbers above 300
- Implement sendmmsg and recvmmsg.
- Proper usage of PAL_STRERROR in PAL
- Remove DEBUG_MUTEX

.gitignore

@@ -1,2 +1 @@
 /Runtime/
-*~

LibOS/shim/include/glibc-version.h

@@ -1,6 +1,6 @@
 /* update the file whenever changes made to glibc.
    pick whatever random value. */
 
-#define GLIBC_VERSION      0xf200364c
+#define GLIBC_VERSION      (20170114)
 
 int register_library (const char * name, unsigned long load_address);

LibOS/shim/include/shim_table.h

@@ -9,6 +9,11 @@
 
 #ifdef IN_SHIM
 
+typedef void (*shim_fp)(void);
+
+extern shim_fp shim_table[];
+
+/* syscall entries */
 long __shim_read (long, long , long);
 long __shim_write (long, long, long);
 long __shim_open (long, long , long);
@@ -301,6 +306,18 @@ long __shim_pwritev (long, long, long, long, long);
 long __shim_rt_tgsigqueueinfo (long, long, long, long);
 long __shim_perf_event_open (long, long, long, long, long);
 long __shim_recvmmsg (long, long, long, long, long);
+long __shim_fanotify_init (long, long);
+long __shim_fanotify_mark (long, long, long, long, long);
+long __shim_prlimit64 (long, long, long, long);
+long __shim_name_to_handle_at (long, long, long, long, long);
+long __shim_open_by_handle_at (long, long, long);
+long __shim_clock_adjtime (long, long);
+long __shim_syncfs (long);
+long __shim_sendmmsg (long, long, long, long);
+long __shim_setns (long, long);
+long __shim_getcpu (long, long, long);
+
+/* libos call entries */
 long __shim_sandbox_create (long, long, long);
 long __shim_sandbox_attach (long);
 long __shim_sandbox_current (void);
@@ -310,9 +327,7 @@ long __shim_send_rpc (long, long, long);
 long __shim_recv_rpc (long, long, long);
 long __shim_checkpoint(long);
 
-typedef void (*shim_fp)(void);
-extern shim_fp shim_table [SHIM_NSYSCALLS];
-
+/* syscall implementation */
 size_t shim_do_read (int fd, void * buf, size_t count);
 size_t shim_do_write (int fd, const void * buf, size_t count);
 int shim_do_open (const char * file, int flags, mode_t mode);
@@ -476,6 +491,11 @@ int shim_do_accept4 (int sockfd, struct sockaddr * addr, socklen_t * addrlen,
 int shim_do_dup3 (int oldfd, int newfd, int flags);
 int shim_do_epoll_create1 (int flags);
 int shim_do_pipe2 (int * fildes, int flags);
+int shim_do_recvmmsg (int sockfd, struct mmsghdr * msg, int vlen, int flags,
+                      struct __kernel_timespec * timeout);
+int shim_do_sendmmsg (int sockfd, struct mmsghdr * msg, int vlen, int flags);
+
+/* libos call implementation */
 long shim_do_sandbox_create (int flags, const char * fs_sb,
                              struct net_sb * net_sb);
 int shim_do_sandbox_attach (unsigned int sbid);
@@ -488,6 +508,7 @@ int shim_do_checkpoint(const char * filename);
 
 #endif /* ! IN_SHIM */
 
+/* syscall wrappers */
 size_t shim_read (int fd, void * buf, size_t count);
 size_t shim_write (int fd, const void * buf, size_t count);
 int shim_open (const char * file, int flags, mode_t mode);
@@ -841,8 +862,11 @@ int shim_pwritev (unsigned long fd, const struct iovec * vec,
 int shim_rt_tgsigqueueinfo (pid_t tgid, pid_t pid, int sig, siginfo_t * uinfo);
 int shim_perf_event_open (struct perf_event_attr * attr_uptr, pid_t pid,
                           int cpu, int group_fd, int flags);
-int shim_recvmmsg (int fd, struct mmsghdr * msg, int vlen, int flags,
+int shim_recvmmsg (int sockfd, struct mmsghdr * msg, int vlen, int flags,
                    struct __kernel_timespec * timeout);
+int shim_sendmmsg (int sockfd, struct mmsghdr * msg, int vlen, int flags);
+
+/* libos call wrappers */
 long shim_sandbox_create (int flags, const char * fs_sb, struct net_sb * net_sb);
 int shim_sandbox_attach (unsigned int sbid);
 long shim_sandbox_current (void);

LibOS/shim/include/shim_types.h

@@ -21,6 +21,7 @@
 #include <linux/futex.h>
 #include <linux/aio_abi.h>
 #include <linux/perf_event.h>
+#include <linux/timex.h>
 
 #include <asm/posix_types.h>
 #include <asm/statfs.h>
@@ -182,8 +183,11 @@ struct __kernel_rusage {
 };
 
 struct __kernel_rlimit {
-    unsigned long    rlim_cur;
-    unsigned long    rlim_max;
+    unsigned long rlim_cur, rlim_max;
+};
+
+struct __kernel_rlimit64 {
+    uint64_t rlim_cur, rlim_max;
 };
 
 /* linux/eventpoll.h
@@ -387,6 +391,10 @@ typedef struct {
   __kernel_cpu_mask __bits[__CPU_SETSIZE / __NCPUBITS];
 } __kernel_cpu_set_t;
 
+struct getcpu_cache {
+    unsigned long blob[128 / sizeof(long)];
+};
+
 # undef __CPU_SETSIZE
 # undef __NCPUBITS
 
@@ -420,6 +428,12 @@ struct linux_dirent_tail {
     unsigned char       d_type;
 };
 
+struct linux_file_handle {
+    unsigned int handle_bytes;
+    int handle_type;
+    unsigned char f_handle[0];
+};
+
 struct __kernel_addrinfo
 {
   int ai_flags;                 /* Input flags.  */

LibOS/shim/include/shim_unistd.h

@@ -10,9 +10,9 @@
 #include <unistd.h>
 #endif
 
-#define __NR_sandbox_create     303
-#define __NR_sandbox_attach     304
-#define __NR_sandbox_current    305
+#define __NR_sandbox_create     (LIBOS_SYSCALL_BASE + 1)
+#define __NR_sandbox_attach     (LIBOS_SYSCALL_BASE + 2)
+#define __NR_sandbox_current    (LIBOS_SYSCALL_BASE + 3)
 
 #define SANDBOX_RPC      0x001
 #define SANDBOX_FS       0x002
@@ -36,15 +36,15 @@ long sandbox_create (int flags, const char * fs_sb, struct net_sb * net_sb);
 int sandbox_attach (unsigned int sbid);
 long sandbox_current (void);
 
-#define __NR_msgpersist         306
+#define __NR_msgpersist         (LIBOS_SYSCALL_BASE + 4)
 
 #define MSGPERSIST_STORE    0
 #define MSGPERSIST_LOAD     1
 int msgpersist (int msqid, int cmd);
 
-#define __NR_benchmark_rpc      307
-#define __NR_send_rpc           308
-#define __NR_recv_rpc           309
+#define __NR_benchmark_rpc      (LIBOS_SYSCALL_BASE + 5)
+#define __NR_send_rpc           (LIBOS_SYSCALL_BASE + 6)
+#define __NR_recv_rpc           (LIBOS_SYSCALL_BASE + 7)
 
 int benchmark_rpc (pid_t pid, int times, const void * buf, size_t size);
 
@@ -58,7 +58,7 @@ struct nameinfo {
      size_t servlen;
 };
 
-#define __NR_checkpoint         310
+#define __NR_checkpoint         (LIBOS_SYSCALL_BASE + 8)
 
 int checkpoint (const char * filename);
 

LibOS/shim/include/shim_unistd_defs.h

@@ -4,6 +4,7 @@
 #ifndef _SHIM_UNISTD_DEFS_H_
 #define _SHIM_UNISTD_DEFS_H_
 
-#define SHIM_NSYSCALLS          311
+#define LIBOS_SYSCALL_BASE      (340)
+#define LIBOS_SYSCALL_BOUND     (380)
 
 #endif

LibOS/shim/src/shim_parser.c

@@ -74,7 +74,7 @@ struct parser_table {
     int slow;
     int stop;
     void (*parser[6]) (const char *, va_list *);
-} syscall_parser_table[SHIM_NSYSCALLS] = {
+} syscall_parser_table[LIBOS_SYSCALL_BOUND] = {
     { .slow = 1, .parser = { NULL } }, /* read */
     { .slow = 1, .parser = { NULL } }, /* write */
     { .slow = 1,                       /* open */
@@ -389,7 +389,9 @@ struct parser_table {
     { .slow = 0, .parser = { NULL } }, /* rt_tgsigqueueinfo */
     { .slow = 0, .parser = { NULL } }, /* perf_event_open */
     { .slow = 0, .parser = { NULL } }, /* recvmmsg */
-    { .slow = 0, .parser = { NULL } },
+
+    [LIBOS_SYSCALL_BASE] =  { .slow = 0, .parser = { NULL } },
+
     { .slow = 1, .parser = { NULL } }, /* checkpoint */
     { .slow = 1, .parser = { NULL } }, /* restore */
     { .slow = 1, .parser = { NULL } }, /* sandbox_create */
@@ -874,8 +876,11 @@ static void parse_sockaddr (const char * type, va_list *ap)
             unsigned short * ip = (void *) &a->sin6_addr.s6_addr;
             PRINTF("{family=INET,ip=[%x:%x:%x:%x:%x:%x:%x:%x],"
                    "port=htons(%u)}",
-                   ip[0], ip[1], ip[2], ip[3], ip[4], ip[5], ip[6],
-                   ip[7], __ntohs(a->sin6_port));
+                   __ntohs(ip[0]), __ntohs(ip[1]),
+                   __ntohs(ip[2]), __ntohs(ip[3]),
+                   __ntohs(ip[4]), __ntohs(ip[5]),
+                   __ntohs(ip[6]), __ntohs(ip[7]),
+                   __ntohs(a->sin6_port));
             break;
         }
 

LibOS/shim/src/shim_syscalls.c

@@ -1144,9 +1144,41 @@ SHIM_SYSCALL_PASSTHROUGH (perf_event_open, 5, int, struct perf_event_attr *,
                           attr_uptr, pid_t, pid, int, cpu, int, group_fd,
                           int, flags)
 
-SHIM_SYSCALL_PASSTHROUGH (recvmmsg, 5, int, int, fd, struct mmsghdr *, msg,
-                          int, vlen, int, flags, struct __kernel_timespec *,
-                          timeout)
+DEFINE_SHIM_SYSCALL (recvmmsg, 5, shim_do_recvmmsg, int, int, fd,
+                     struct mmsghdr *, msg, int, vlen, int, flags,
+                     struct __kernel_timespec *, timeout)
+
+SHIM_SYSCALL_PASSTHROUGH (fanotify_init, 2, int, int, flags, int, event_f_flags)
+
+SHIM_SYSCALL_PASSTHROUGH (fanotify_mark, 5, int, int, fanotify_fd, int, flags,
+                          unsigned long, mask, int, fd, const char  *, pathname)
+
+SHIM_SYSCALL_PASSTHROUGH (prlimit64, 4, int, pid_t, pid, int, resource,
+                          const struct __kernel_rlimit64 *, new_rlim,
+                          struct __kernel_rlimit64 *, old_rlim)
+
+SHIM_SYSCALL_PASSTHROUGH (name_to_handle_at, 5, int, int, dfd,
+                          const char *, name,
+                          struct linux_file_handle *, handle, int *, mnt_id,
+                          int, flag)
+
+SHIM_SYSCALL_PASSTHROUGH (open_by_handle_at, 3, int, int, mountdirfd,
+                          struct linux_file_handle *, handle, int, flags)
+
+SHIM_SYSCALL_PASSTHROUGH (clock_adjtime, 2, int, clockid_t, which_clock,
+                          struct timex *, tx)
+
+SHIM_SYSCALL_PASSTHROUGH (syncfs, 1, int, int, fd)
+
+DEFINE_SHIM_SYSCALL (sendmmsg, 4, shim_do_sendmmsg, int, int, fd,
+                     struct mmsghdr *, msg, int, vlen, int, flags)
+
+SHIM_SYSCALL_PASSTHROUGH (setns, 2, int, int, fd, int, nstype)
+
+SHIM_SYSCALL_PASSTHROUGH (getcpu, 3, int, unsigned *, cpu, unsigned *, node,
+                          struct getcpu_cache *, cache)
+
+/* libos calls */
 
 DEFINE_SHIM_SYSCALL (sandbox_create, 3, shim_do_sandbox_create, long,
                      int, flags, const char *, fs_sb, struct net_sb *, net_sb)
@@ -1170,34 +1202,3 @@ DEFINE_SHIM_SYSCALL (recv_rpc, 3, shim_do_recv_rpc, size_t, pid_t *, pid,
 
 DEFINE_SHIM_SYSCALL (checkpoint, 1, shim_do_checkpoint, int,
                      const char *, filename)
-
-/*
-SHIM_SYSCALL_PASSTHROUGH (fanotify_init, 2, int, int, flags, int, event_f_flags)
-
-SHIM_SYSCALL_PASSTHROUGH (fanotify_mark, 5, int, int, fanotify_fd, int, flags,
-                          unsigned long, mask, int, fd, const char  *, pathname)
-
-SHIM_SYSCALL_PASSTHROUGH (prlimit64, 4, int, pid_t, pid, int, resource,
-                          const struct rlimit64 *, new_rlim, struct rlimit64 *,
-                          old_rlim)
-
-SHIM_SYSCALL_PASSTHROUGH (name_to_handle_at, 5, int, int, dfd, const char *,
-                          name, struct file_handle *, handle, int *, mnt_id,
-                          int, flag)
-
-SHIM_SYSCALL_PASSTHROUGH (open_by_handle_at, 3, int, int, mountdirfd,
-                          struct file_handle *, handle, int, flags)
-
-SHIM_SYSCALL_PASSTHROUGH (clock_adjtime, 2, int, clockid_t, which_clock,
-                          struct timex *, tx)
-
-SHIM_SYSCALL_PASSTHROUGH (syncfs, 1, int, int, fd)
-
-SHIM_SYSCALL_PASSTHROUGH (sendmmsg, 4, int, int, fd, struct mmsghdr *, msg,
-                          int, vlen, int, flags)
-
-SHIM_SYSCALL_PASSTHROUGH (setns, 2, int, int, fd, int, nstype)
-
-SHIM_SYSCALL_PASSTHROUGH (getcpu, 3, int, unsigned *, cpu, unsigned *, node,
-                          struct getcpu_cache *, cache)
-*/

LibOS/shim/src/shim_table.c

@@ -30,7 +30,7 @@ void debug_unsupp (int num){
     debug ("Unsupported system call %d\n", num);
 }
 
-shim_fp shim_table [SHIM_NSYSCALLS] = {
+shim_fp shim_table [LIBOS_SYSCALL_BOUND] = {
     (shim_fp) __shim_read,
     (shim_fp) __shim_write,
     (shim_fp) __shim_open,
@@ -331,9 +331,19 @@ shim_fp shim_table [SHIM_NSYSCALLS] = {
     (shim_fp) __shim_rt_tgsigqueueinfo,
     (shim_fp) __shim_perf_event_open,
     (shim_fp) __shim_recvmmsg,
-    (shim_fp) NULL,
-    (shim_fp) NULL,
-    (shim_fp) NULL,
+    (shim_fp) __shim_fanotify_init,
+    (shim_fp) __shim_fanotify_mark,
+    (shim_fp) __shim_prlimit64,
+    (shim_fp) __shim_name_to_handle_at,
+    (shim_fp) __shim_open_by_handle_at,
+    (shim_fp) __shim_clock_adjtime,
+    (shim_fp) __shim_syncfs,
+    (shim_fp) __shim_sendmmsg,
+    (shim_fp) __shim_setns,
+    (shim_fp) __shim_getcpu,
+
+    [LIBOS_SYSCALL_BASE] = (shim_fp) NULL,
+
     (shim_fp) __shim_sandbox_create,    /* 303 */
     (shim_fp) __shim_sandbox_attach,    /* 304 */
     (shim_fp) __shim_sandbox_current,   /* 305 */

LibOS/shim/src/sys/shim_socket.c

@@ -203,7 +203,8 @@ static int inet_translate_addr (int domain, char * uri, int count,
     if (domain == AF_INET) {
         unsigned char * ad = (unsigned char *) &addr->addr.v4.s_addr;
         int bytes = snprintf(uri, count, "%u.%u.%u.%u:%u",
-                             ad[0], ad[1], ad[2], ad[3], addr->ext_port);
+                             ad[0], ad[1], ad[2], ad[3],
+                             addr->ext_port);
         return bytes == count ? -ENAMETOOLONG : bytes;
     }
 
@@ -211,8 +212,11 @@ static int inet_translate_addr (int domain, char * uri, int count,
         unsigned short * ad = (void *) &addr->addr.v6.s6_addr;
         int bytes = snprintf(uri, count,
                              "[%04x:%04x:%x:%04x:%04x:%04x:%04x:%04x]:%u",
-                             ad[0], ad[1], ad[2], ad[3],
-                             ad[4], ad[5], ad[6], ad[7], addr->ext_port);
+                             __ntohs(ad[0]), __ntohs(ad[1]),
+                             __ntohs(ad[2]), __ntohs(ad[3]),
+                             __ntohs(ad[4]), __ntohs(ad[5]),
+                             __ntohs(ad[6]), __ntohs(ad[7]),
+                             addr->ext_port);
         return bytes == count ? -ENAMETOOLONG : bytes;
     }
 
@@ -1101,6 +1105,25 @@ ssize_t shim_do_sendmsg (int sockfd, struct msghdr * msg, int flags)
                       msg->msg_name, msg->msg_namelen);
 }
 
+int shim_do_sendmmsg (int sockfd, struct mmsghdr * msg, int vlen, int flags)
+{
+    int i, total = 0;
+
+    for (i = 0 ; i * sizeof(struct mmsghdr) < vlen ; i++) {
+        struct msghdr * m = &msg[i].msg_hdr;
+
+        int bytes = do_sendmsg(sockfd, m->msg_iov, m->msg_iovlen, flags,
+                               m->msg_name, m->msg_namelen);
+        if (bytes < 0)
+            return total ? : bytes;
+
+        msg[i].msg_len = bytes;
+        total++;
+    }
+
+    return total;
+}
+
 static ssize_t do_recvmsg (int fd, struct iovec * bufs, int nbufs, int flags,
                            struct sockaddr * addr, socklen_t * addrlen)
 {
@@ -1230,6 +1253,26 @@ ssize_t shim_do_recvmsg (int sockfd, struct msghdr * msg, int flags)
                       msg->msg_name, &msg->msg_namelen);
 }
 
+int shim_do_recvmmsg (int sockfd, struct mmsghdr * msg, int vlen, int flags,
+                      struct __kernel_timespec * timeout)
+{
+    int i, total = 0;
+
+    for (i = 0 ; i * sizeof(struct mmsghdr) < vlen ; i++) {
+        struct msghdr * m = &msg[i].msg_hdr;
+
+        int bytes = do_recvmsg(sockfd, m->msg_iov, m->msg_iovlen, flags,
+                               m->msg_name, m->msg_namelen);
+        if (bytes < 0)
+            return total ? : bytes;
+
+        msg[i].msg_len = bytes;
+        total++;
+    }
+
+    return total;
+}
+
 #define SHUT_RD     0
 #define SHUT_WR     1
 #define SHUT_RDWR   2

LibOS/shim/src/syscallas.S

@@ -40,12 +40,12 @@ syscalldb:
 
         pushq %rbx
 
-        cmp $SHIM_NSYSCALLS, %rax
+        cmp $LIBOS_SYSCALL_BOUND, %rax
         jge isundef
 
         leaq shim_table(%rip), %rbx
         movq (%rbx,%rax,8), %rbx
-        cmp $0, (%rbx)
+        cmp $0, %rbx
         je isundef
 
 isdef:

LibOS/shim/test/apps/bash/bash.manifest.template

@@ -29,6 +29,7 @@ sys.brk.size = 256K
 
 sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
 sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
 sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
 sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
 sgx.trusted_files.libtinfo = file:/lib/x86_64-linux-gnu/libtinfo.so.5

LibOS/shim/test/apps/python/gai.conf

@@ -0,0 +1,65 @@
+# Configuration for getaddrinfo(3).
+#
+# So far only configuration for the destination address sorting is needed.
+# RFC 3484 governs the sorting.  But the RFC also says that system
+# administrators should be able to overwrite the defaults.  This can be
+# achieved here.
+#
+# All lines have an initial identifier specifying the option followed by
+# up to two values.  Information specified in this file replaces the
+# default information.  Complete absence of data of one kind causes the
+# appropriate default information to be used.  The supported commands include:
+#
+# reload  <yes|no>
+#    If set to yes, each getaddrinfo(3) call will check whether this file
+#    changed and if necessary reload.  This option should not really be
+#    used.  There are possible runtime problems.  The default is no.
+#
+# label   <mask>   <value>
+#    Add another rule to the RFC 3484 label table.  See section 2.1 in
+#    RFC 3484.  The default is:
+#
+#label ::1/128       0
+#label ::/0          1
+#label 2002::/16     2
+#label ::/96         3
+#label ::ffff:0:0/96 4
+#label fec0::/10     5
+#label fc00::/7      6
+#label 2001:0::/32   7
+#
+#    This default differs from the tables given in RFC 3484 by handling
+#    (now obsolete) site-local IPv6 addresses and Unique Local Addresses.
+#    The reason for this difference is that these addresses are never
+#    NATed while IPv4 site-local addresses most probably are.  Given
+#    the precedence of IPv6 over IPv4 (see below) on machines having only
+#    site-local IPv4 and IPv6 addresses a lookup for a global address would
+#    see the IPv6 be preferred.  The result is a long delay because the
+#    site-local IPv6 addresses cannot be used while the IPv4 address is
+#    (at least for the foreseeable future) NATed.  We also treat Teredo
+#    tunnels special.
+#
+# precedence  <mask>   <value>
+#    Add another rule to the RFC 3484 precedence table.  See section 2.1
+#    and 10.3 in RFC 3484.  The default is:
+#
+#precedence  ::1/128       50
+#precedence  ::/0          40
+#precedence  2002::/16     30
+#precedence ::/96          20
+#precedence ::ffff:0:0/96  10
+#
+#    For sites which prefer IPv4 connections change the last line to
+#
+#precedence ::ffff:0:0/96  100
+
+#
+# scopev4  <mask>  <value>
+#    Add another rule to the RFC 6724 scope table for IPv4 addresses.
+#    By default the scope IDs described in section 3.2 in RFC 6724 are
+#    used.  Changing these defaults should hardly ever be necessary.
+#    The defaults are equivalent to:
+#
+#scopev4 ::ffff:169.254.0.0/112  2
+#scopev4 ::ffff:127.0.0.0/104    2
+#scopev4 ::ffff:0.0.0.0/96       14

LibOS/shim/test/apps/python/hosts

@@ -0,0 +1,8 @@
+127.0.0.1	localhost
+
+# The following lines are desirable for IPv6 capable hosts
+::1     ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters

LibOS/shim/test/apps/python/python.manifest.template

@@ -3,7 +3,7 @@
 loader.preload = file:$(SHIMPATH)
 loader.exec = file:/usr/bin/python
 loader.execname = python
-loader.env.LD_LIBRARY_PATH = /graphene:/host:/usr/lib:/usr/lib/x86_64-linux-gnu
+loader.env.LD_LIBRARY_PATH = /graphene:/graphene/resolv:/host:/usr/lib:/usr/lib/x86_64-linux-gnu
 loader.env.PATH = /usr/bin:/bin
 loader.env.USERNAME =
 loader.env.HOME =
@@ -26,6 +26,10 @@ fs.mount.usr.type = chroot
 fs.mount.usr.path = /usr
 fs.mount.usr.uri = file:/usr
 
+fs.mount.etc.type = chroot
+fs.mount.etc.path = /etc
+fs.mount.etc.uri = file:
+
 sys.stack.size = 256K
 sys.brk.size = 4M
 glibc.heap_size = 16M
@@ -37,6 +41,15 @@ sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
 sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
 sgx.trusted_files.liburil = file:$(LIBCDIR)/libutil.so.1
 sgx.trusted_files.libz = file:/lib/x86_64-linux-gnu/libz.so.1
+sgx.trusted_files.libnss1 = file:/lib/x86_64-linux-gnu/libnss_compat.so.2
+sgx.trusted_files.libnss2 = file:/lib/x86_64-linux-gnu/libnss_files.so.2
+sgx.trusted_files.libnss3 = file:$(LIBCDIR)/resolv/libnss_dns.so.2
+sgx.trusted_files.libssl = file:/lib/x86_64-linux-gnu/libssl.so.1.0.0
+sgx.trusted_files.libcrypto = file:/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
+sgx.trusted_files.libresolv = file:$(LIBCDIR)/resolv/libresolv.so.2
+sgx.trusted_files.hosts = file:hosts
+sgx.trusted_files.resolv = file:resolv.conf
+sgx.trusted_files.gai = file:gai.conf
 
 sgx.allowed_files.pyhome = file:/usr/lib/python2.7
 sgx.allowed_files.scripts = file:scripts

LibOS/shim/test/apps/python/resolv.conf

@@ -0,0 +1,2 @@
+nameserver 8.8.8.8
+nameserver 8.8.4.4

LibOS/shim/test/apps/python/scripts/test-http.py

@@ -0,0 +1,11 @@
+import urllib2
+
+request = urllib2.Request("http://google.com/")
+opener = urllib2.build_opener()
+response = opener.open(request, timeout=10)
+while True:
+    data = response.read(1024)
+    if data:
+        print data
+    else:
+        break

Pal/src/host/Linux-SGX/db_files.c

@@ -69,8 +69,9 @@ static int file_open (PAL_HANDLE * handle, const char * type, const char * uri,
     uint64_t total;
     int ret = load_trusted_file(hdl, &stubs, &total);
     if (ret < 0) {
-        SGX_DBG(DBG_E, "Accessing file:%s is denied. (%e) "
-                "This file is not trusted or allowed.\n", hdl->file.realpath, ret);
+        SGX_DBG(DBG_E, "Accessing file:%s is denied. (%s) "
+                "This file is not trusted or allowed.\n", hdl->file.realpath,
+                PAL_STRERROR(-ret));
         free(hdl);
         return -PAL_ERROR_DENIED;
     }
@@ -214,7 +215,7 @@ static int file_map (PAL_HANDLE handle, void ** addr, int prot,
 
         if (ret < 0) {
             SGX_DBG(DBG_E, "file_map - verify trusted returned %d\n", ret);
-            ocall_unmap_untrusted(umem, map_start - map_end);
+            ocall_unmap_untrusted(umem, map_end - map_start);
             return ret;
         }
     }
@@ -229,7 +230,7 @@ static int file_map (PAL_HANDLE handle, void ** addr, int prot,
         *addr = mem;
     }
 
-    ocall_unmap_untrusted(umem, map_start - map_end);
+    ocall_unmap_untrusted(umem, map_end - map_start);
     return mem ? 0 : -PAL_ERROR_NOMEM;
 }
 

Pal/src/host/Linux-SGX/db_mutex.c

@@ -96,7 +96,7 @@ success:
 out:
 #ifdef DEBUG_MUTEX
     if (ret < 0)
-        printf("mutex failed (%e, tid = %d)\n", -ret, tid);
+        printf("mutex failed (%s, tid = %d)\n", PAL_STRERROR(ret), tid);
 #endif
     return ret;
 }
@@ -134,7 +134,7 @@ success:
 out:
 #ifdef DEBUG_MUTEX
     if (ret < 0)
-        printf("mutex failed (%e, tid = %d)\n", -ret, tid);
+        printf("mutex failed (%s, tid = %d)\n", PAL_STRERROR(ret), tid);
 #endif
     return ret;
 }

Pal/src/host/Linux-SGX/sgx_enclave.c

@@ -394,6 +394,15 @@ static int sgx_ocall_sock_connect(void * pms)
     }
 
     ret = INLINE_SYSCALL(connect, 3, fd, ms->ms_addr, ms->ms_addrlen);
+
+    if (IS_ERR(ret) && ERRNO(ret) == EINPROGRESS) {
+        do {
+            struct pollfd pfd = { .fd = fd, .events = POLLOUT, .revents = 0, };
+            ret = INLINE_SYSCALL(ppoll, 4, &pfd, 1, NULL, NULL);
+        } while (IS_ERR(ret) &&
+                 ERRNO(ret) == -EWOULDBLOCK);
+    }
+
     if (IS_ERR(ret)) {
         ret = unix_to_pal_error(ERRNO(ret));
         goto err_fd;

Pal/src/host/Linux-SGX/sgx_main.c

@@ -627,8 +627,8 @@ static int create_instance (struct pal_sec * pal_sec)
         }
 
         if (IS_ERR(ret)) {
-            SGX_DBG(DBG_E, "Cannot create directory %s (%e), "
-                   "please check permission\n", path, ERRNO(ret));
+            SGX_DBG(DBG_E, "Cannot create directory %s (%s), "
+                   "please check permission\n", path, PAL_STRERROR(-ERRNO(ret)));
             return -PAL_ERROR_DENIED;
         }
     }
@@ -649,10 +649,10 @@ static int create_instance (struct pal_sec * pal_sec)
 
         ret = INLINE_SYSCALL(mkdir, 2, pal_sec->pipe_prefix, 0700);
 
-        if (IS_ERR(ret) && ERRNO(ret) != -EEXIST) {
-            SGX_DBG(DBG_E, "Cannot create directory %s (%e), "
+        if (IS_ERR(ret) && ERRNO(ret) != EEXIST) {
+            SGX_DBG(DBG_E, "Cannot create directory %s (%s), "
                    "please fix permission\n",
-                   pal_sec->pipe_prefix, ERRNO(ret));
+                   pal_sec->pipe_prefix, PAL_STRERROR(-ERRNO(ret)));
             return -PAL_ERROR_DENIED;
         }
     } while (IS_ERR(ret));

Pal/src/host/Linux/db_mutex.c

@@ -105,7 +105,7 @@ success:
 out:
 #ifdef DEBUG_MUTEX
     if (ret < 0)
-        printf("mutex failed (%e, tid = %d)\n", -ret, tid);
+        printf("mutex failed (%s, tid = %d)\n", PAL_STRERROR(ret), tid);
 #endif
     return ret;
 }
@@ -145,7 +145,7 @@ success:
 out:
 #ifdef DEBUG_MUTEX
     if (ret < 0)
-        printf("mutex failed (%e, tid = %d)\n", -ret, tid);
+        printf("mutex failed (%s, tid = %d)\n", PAL_STRERROR(ret), tid);
 #endif
     return ret;
 }

Pal/src/host/Linux/pal_host.h

@@ -30,8 +30,6 @@
 # error "cannot be included outside PAL"
 #endif
 
-#define DEBUG_MUTEX 1
-
 /* internal Mutex design, the structure has to align at integer boundary
    because it is required by futex call. If DEBUG_MUTEX is defined,
    mutex_handle will record the owner of mutex locking. */

Pal/src/pal_error.h

@@ -90,7 +90,7 @@ __attribute__((unused))
 static inline const char * PAL_STRERROR (int errno)
 {
     int _e = -errno;
-    if (_e > 0 && _e <= PAL_ERROR_BOUND)
+    if (_e >= 0 && _e <= PAL_ERROR_BOUND)
         return pal_errstring[_e];
     return "Unknown error";
 }