ego icon indicating copy to clipboard operation
ego copied to clipboard
verified publisher icon edgelesssys

how to set CapturePFGPExceptions and in-enclave logging enable

Open zhp1254 opened this issue 2 years ago • 5 comments

Unhandled in-enclave exception. To get more information, configure the enclave with CapturePFGPExceptions=1 and enable the in-enclave logging. [openenclave-src/host/sgx/linux/exception.c:_host_signal_handler:101]

zhp1254 avatar Nov 15 '23 03:11 zhp1254

Hi, is this a production enclave ("debug": false in enclave.json)? You can't enable this for production enclaves for security reasons. For debug enclaves, it should be enabled by default.

thomasten avatar Nov 17 '23 14:11 thomasten

After changing "debug: true", I do get closer to seeing stack:

ego run main

EGo v1.4.1 (8b99356398dd3bcb5f74e5194d20ce421f607404)
[erthost] loading enclave ...
[erthost] entering enclave ...
[ego] starting application ...
ERROR: Segmentation fault [openenclave-src/enclave/core/sgx/exception.c:oe_real_exception_dispatcher:469]
ERROR: Backtrace:
ERROR: main.main(): 0x7f3c41ec9c96
ERROR: runtime.main(): 0x7f3c411f3fa7
ERROR: runtime.goexit.abi0(): 0x7f3c41225141
ERROR: Backtrace:
ERROR: oe_abort_with_td(): 0x7f3c4087eab3
ERROR: oe_abort(): 0x7f3c4087d898
ERROR: oe_real_exception_dispatcher(): 0x7f3c40880fce
ERROR: main.main(): 0x7f3c41ec9c96
ERROR: runtime.main(): 0x7f3c411f3fa7
ERROR: runtime.goexit.abi0(): 0x7f3c41225141
ERROR: :OE_ENCLAVE_ABORTING [openenclave-src/host/calls.c:_call_enclave_function_impl:56]
ERROR: signal: aborted (core dumped)

Is there a way to see file/line numbers for these:

ERROR: main.main(): 0x7f3c41ec9c96
ERROR: runtime.main(): 0x7f3c411f3fa7
ERROR: runtime.goexit.abi0(): 0x7f3c41225141

?

Is there a way to get this output in production? Ie. with debug: false, to just get a stack trace when hitting null pointer exception?

milan-enclave avatar Dec 14 '23 20:12 milan-enclave

Is there a way to see file/line numbers for these:

If you can reproduce this with ego-gdb attached, you'll see the file and line.

If not, you can try this:

  1. Open your executable with gdb (not ego-gdb)
  2. Exec disas main.main and guess what relative address belongs to the absolute address from the stack trace
  3. info line *0x... with the relative address gives you file and line.

Is there a way to get this output in production?

No. For security, logging of this and other messages is disabled in underlying Open Enclave.

thomasten avatar Dec 21 '23 11:12 thomasten

Understood. I have created a fork and made necessary changes to be able to get stacks on crash.

milan-enclave avatar Dec 21 '23 15:12 milan-enclave

We've documented a way to set Open Enclave settings like CapturePFGPExceptions. https://docs.edgeless.systems/ego/reference/config#advanced-users-tweak-underlying-enclave-configuration

thomasten avatar Feb 06 '24 21:02 thomasten