Dmitrii Kuvaiskii
Dmitrii Kuvaiskii
Looks good now. Could you look deeper into the "16 threads" report? In particular, could you unwrap the first 2-3 items, so that we can see the stack traces (=...
Thanks @qijiax, now this gives us a lot of interesting info. I am sure the problem is in our sub-optimal locking during send/recv on TCP/IP sockets. One exerpt from the...
@qijiax Can you set `libos.check_invalid_pointers = false` in your manifest and re-run? This `is_in_adjacent_user_vmas()` function is called to check for invalid pointers in syscall arguments. See https://gramine.readthedocs.io/en/latest/manifest-syntax.html#check-invalid-pointers
> libos.check_invalid_pointers = false Oh, wait, looks like you already have this option set? This cannot be true. Please verify your manifest file again. I don't think you correctly set...
@boryspoplawski Any idea where these malloc/free come from now?
Thanks @lianghouxu for the flame graph! We are aware that `libos_syscall_ppoll()` (the Gramine emulation for `poll` family of syscalls) is sub-par. It needs a re-write. But also, it is clear...
For context, the `sgx_get_seal_key()` function looks like this currently: https://github.com/gramineproject/gramine/blob/90ea5a52609a872c992135f9311a47aeacd5f2b1/pal/src/host/linux-sgx/enclave_framework.c#L241-L270 Note the `memcpy()` operations -- this is what @DL8 means by "hardcoded manner". In other words, the seal key will...
Yeah, exactly. Changing `sgx_get_seal_key()` signature is a no-brainer. The real question is: how do it expose it to end users (in the manifest, in the format of Protected/Encrypted Files, in...
> Also in SGX SDK, the protected file format does record the cpu_svn, isv_svn and key_id in the plain part, and use them upon opening. This is new to me....
Thanks @lejunzhu. This was introduced very long ago, 5 years ago. So we at Gramine just decided to remove these fields? Hm... I don't remember why these fields were removed....