ehnahncement/SKALE-3364-check-server-limits-before-running-sgxwallet

74f81b9c · kladko · c7d1ea97 · 74f81b9c · 74f81b9c · 74f81b9c
Unverified Commit 74f81b9c authored Dec 05, 2020 by kladko
6 changed files
--- a/LevelDB.cpp
+++ b/LevelDB.cpp
@@ -219,7 +219,7 @@ void LevelDB::initDataFolderAndDBs() {
    if (getcwd(cwd, sizeof(cwd)) == NULL) {
        spdlog::error("could not get current workin directory");
-        exit(-1);
+        exit(-2);
    }
    sgx_data_folder = string(cwd) + "/" + SGXDATA_FOLDER;
@@ -233,7 +233,7 @@ void LevelDB::initDataFolderAndDBs() {
        }
        else{
            spdlog::error("Couldnt create creating sgx_data folder");
-            exit(-1);
+            exit(-3);
        }
    }

--- a/SEKManager.cpp
+++ b/SEKManager.cpp
@@ -90,7 +90,7 @@ void validate_SEK() {
    if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data(),
                    BUF_LEN)) {
        spdlog::error("Corrupt test key is LevelDB");
-        exit(-1);
+        exit(-4);
    }
    sgx_status_t status = SGX_SUCCESS;
@@ -108,7 +108,7 @@ void validate_SEK() {
        spdlog::error("Invalid storage key. You need to recover using backup key");
        spdlog::error("Set the correct backup key into sgx_datasgxwallet_backup_key.txt");
        spdlog::error("Then run sgxwallet using backup flag");
-        exit(-1);
+        exit(-5);
    }
 }
@@ -215,7 +215,7 @@ void  safeExit() {
    auto previousValue = isSgxWalletExiting.exchange(1);
    if (previousValue != 1)
-        exit(3);
+        exit(-6);
 }
 void setSEK(shared_ptr <string> hex_encrypted_SEK) {
@@ -256,13 +256,13 @@ void enter_SEK() {
    shared_ptr <string> test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY");
    if (test_key_ptr == nullptr) {
        spdlog::error("Error: corrupt or empty LevelDB database");
-        exit(-1);
+        exit(-7);
    }
    if (!experimental::filesystem::is_regular_file(BACKUP_PATH)) {
        spdlog::error("File does not exist: "  BACKUP_PATH);
-        exit(-1);
+        exit(-8);
    }
    ifstream sek_file(BACKUP_PATH);
@@ -278,7 +278,7 @@ void enter_SEK() {
    while (!checkHex(sek, 16)) {
        spdlog::error("Invalid hex in key");
-        exit(-1);
+        exit(-9);
    }
    auto encrypted_SEK = check_and_set_SEK(sek);

--- a/SGXRegistrationServer.cpp
+++ b/SGXRegistrationServer.cpp
@@ -170,7 +170,7 @@ int SGXRegistrationServer::initRegistrationServer(bool _autoSign) {
    if (!server->StartListening()) {
        spdlog::error("Registration server could not start listening on port {}", BASE_PORT + 1);
-        exit(-1);
+        exit(-10);
    } else {
        spdlog::info("Registration server started on port {}", BASE_PORT + 1);
    }

--- a/SGXWalletServer.cpp
+++ b/SGXWalletServer.cpp
@@ -145,7 +145,7 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
            spdlog::info("ROOT CA CERTIFICATE IS SUCCESSFULLY GENERATED");
        } else {
            spdlog::error("ROOT CA CERTIFICATE GENERATION FAILED");
-            exit(-1);
+            exit(-11);
        }
    }
@@ -162,7 +162,7 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
            spdlog::info("SERVER CERTIFICATE IS SUCCESSFULLY GENERATED");
        } else {
            spdlog::info("SERVER CERTIFICATE GENERATION FAILED");
-            exit(-1);
+            exit(-12);
        }
    }
@@ -175,7 +175,7 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
    if (!server->StartListening()) {
        spdlog::error("SGX Server could not start listening");
-        exit(-1);
+        exit(-13);
    } else {
        spdlog::info("SGX Server started on port {}", BASE_PORT);
    }
@@ -191,7 +191,7 @@ int SGXWalletServer::initHttpServer() { //without ssl
                                          JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
    if (!server->StartListening()) {
        spdlog::error("Server could not start listening");
-        exit(-1);
+        exit(-14);
    }
    return 0;
 }

--- a/ServerInit.cpp
+++ b/ServerInit.cpp
@@ -39,6 +39,8 @@
 #include "third_party/spdlog/spdlog.h"
 #include <gmp.h>
 #include <sgx_urts.h>
+#include <unistd.h>
 #include "BLSPrivateKeyShareSGX.h"
@@ -59,6 +61,51 @@
 uint32_t enclaveLogLevel = 0;
+using namespace  std;
+// Copy from libconsensus
+string exec( const char* cmd ) {
+    CHECK_STATE( cmd );
+    std::array< char, 128 > buffer;
+    std::string result;
+    std::unique_ptr< FILE, decltype( &pclose ) > pipe( popen( cmd, "r" ), pclose );
+    if ( !pipe ) {
+        BOOST_THROW_EXCEPTION( std::runtime_error( "popen() failed!" ) );
+    }
+    while ( fgets( buffer.data(), buffer.size(), pipe.get() ) != nullptr ) {
+        result += buffer.data();
+    }
+    return result;
+}
+void systemHealthCheck() {
+    string ulimit;
+    try {
+        ulimit = exec( "/bin/bash -c \"ulimit -n\"" );
+    } catch ( ... ) {
+        spdlog::error("Execution of '/bin/bash -c ulimit -n' failed");
+        exit(-15);
+    }
+    int noFiles = strtol( ulimit.c_str(), NULL, 10 );
+    auto noUlimitCheck = getenv( "NO_ULIMIT_CHECK" ) != nullptr;
+    if ( noFiles < 65535 && !noUlimitCheck) {
+        string errStr =
+                "sgxwallet requires setting Linux file descriptor limit to at least 65535 "
+                "You current limit (ulimit -n) is less than 65535. \n Please set it to 65535:"
+                "by editing /etc/systemd/system.conf"
+                "and setting 'DefaultLimitNOFILE=65535'\n"
+                "After that, restart sgxwallet";
+        spdlog::error(errStr);
+        exit(-16);
+    }
+}
 void initUserSpace() {
    libff::inhibit_profiling_counters = true;
@@ -66,6 +113,12 @@ void initUserSpace() {
    libff::init_alt_bn128_params();
    LevelDB::initDataFolderAndDBs();
+#ifndef SGX_HW_SIM
+    systemHealthCheck();
+#endif
 }
 uint64_t initEnclave() {
@@ -76,7 +129,7 @@ uint64_t initEnclave() {
    support = get_sgx_support();
    if (!SGX_OK(support)) {
        sgx_support_perror(support);
-        exit(1);
+        exit(-17);
    }
 #endif
@@ -107,7 +160,7 @@ uint64_t initEnclave() {
            } else {
                spdlog::error("sgx_create_enclave_search failed {} {}", ENCLAVE_NAME, status);
            }
-            exit(1);
+            exit(-17);
        }
        spdlog::info("Enclave created and started successfully");
@@ -171,15 +224,15 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
        sgxServerInited = true;
    } catch (SGXException &_e) {
        spdlog::error(_e.getMessage());
-        exit(-1);
+        exit(-18);
    } catch (exception &_e) {
        spdlog::error(_e.what());
-        exit(-1);
+        exit(-19);
    }
    catch (...) {
        exception_ptr p = current_exception();
        printf("Exception %s \n", p.__cxa_exception_type()->name());
        spdlog::error("Unknown exception");
-        exit(-1);
+        exit(-20);
    }
 };
--- a/sgxwall.cpp
+++ b/sgxwall.cpp
@@ -40,7 +40,7 @@
 void SGXWallet::usage() {
    cerr << "usage: sgxwallet\n";
-    exit(1);
+    exit(-21);
 }
 void SGXWallet::printUsage() {
@@ -100,14 +100,14 @@ int main(int argc, char *argv[]) {
    if (argc > 1 && strlen(argv[1]) == 1) {
        SGXWallet::printUsage();
-        exit(1);
+        exit(-22);
    }
    while ((opt = getopt(argc, argv, "cshd0abyvVnT")) != -1) {
        switch (opt) {
            case 'h':
                SGXWallet::printUsage();
-                exit(0);
+                exit(-24);
            case 'c':
                checkClientCertOption = false;
                break;
@@ -144,7 +144,7 @@ int main(int argc, char *argv[]) {
                break;
            default:
                SGXWallet::printUsage();
-                exit(1);
+                exit(-23);
                break;
        }
    }