Dmitrii Kuvaiskii

icon indicating a website link https://dimakuv.github.io/ icon indicating an email [email protected]

icon company AWS icon location Dresden, Germany icon location Low-level programming, OS kernels, security, confidential computing, CPUs

Results 127 issues of Dmitrii Kuvaiskii

[Pal/lib] Add spinlocks to mbedTLS-specific SSL recv/send

7 comment

## Description of the changes Linux-SGX PAL wraps all pipe/UNIX domain socket communication in TLS sessions. Previously, Graphene assumed that only one thread at a time accesses one TLS session...

[Meson] vDSO doesn't have the `.note` section

1 comment

## Description of the problem Extracted from https://github.com/oscarlab/graphene/issues/2420. Comment from @boryspoplawski: > I've just checked and libQt5 from Ubuntu20.04 requires version 3.17.0 and we report 4.19.0 in our vdso... OTOH...

bug
P: 1

[Pal/Linux-SGX] Add interoperability with Microsoft Azure Attestation

Microsoft Azure Attestation (MAA) is described here: - https://docs.microsoft.com/en-us/azure/attestation/overview - https://docs.microsoft.com/en-us/azure/attestation/basic-concepts There is already basic infrastructure to communicate with MAA: - https://github.com/Azure-Samples/microsoft-azure-attestation - https://github.com/Azure-Samples/microsoft-azure-attestation/tree/master/intel.sdk.attest.sample/genquotes (Intel SGX SDK minimal example) -...

feature request
P: 2

Add syscalls for process times

Below APIs are used by the openSSL speed test: ``` clock_t now = times(&rus); sysconf(_SC_CLK_TCK); getrusage(RUSAGE_SELF, &rus); ``` See https://github.com/openssl/openssl/blob/6514dee7264d30be1ab9ab07f9798071184e7b7a/apps/lib/apps.c#L2246 We need to implement these APIs/syscalls in Graphene.

enhancement
P: 2

[Pal/Linux-SGX] Allow file-backed writable mmaps

3 comment

1. We don't allow file-backed writable mmaps (`mmap(0, size, PROT_WRITE, MAP_SHARED, file_fd, 0)`) even for `sgx.allowed_files`. We simply return a DENIED error: https://github.com/oscarlab/graphene/blob/4e26fe7e3280a66130000769ea48477bc8da6ade/Pal/src/host/Linux-SGX/db_files.c#L430-L437 2. We already support writable mmaps on...

enhancement
P: 2

[LibOS,PAL] MAP_SHARED flag is not propagated to PAL

6 comment

## Description of the problem During `shim_do_mmap()`, there could be a combination `mmap(..., MAP_SHARED, ...)` which is not possible on Linux-SGX PAL. However, the Linux-SGX PAL layer ignores this flag...

bug
P: 1

[Examples] Add sanitize-args-then-execve example for Python

3 comment

## Description of the problem Sometimes people don't want to hard-code command-line arguments and environment variables via `loader.env_src_file` and `loader.argv_src_file`. What they want is to allow arbitrary arguments/envvars but have...

feature request
P: 3

[Pal/lib] mbedTLS crypto adapter calls `_DkRandomBitsRead()` but is also linked into LibOS

## Description of the problem We have the "common library" that has a bunch of Standard C and utility functions. This library is a static archive called `graphene-lib.a` and is...

enhancement
P: 2

[LibOS] setitimer() emulation is incorrect

1 comment

`shim_do_setitimer()` is incorrect: it only sets the timer for the first interval but never resets the timer to the specified interval. (The idea of this syscall is to set a...

bug
P: 2

[LibOS] FS-specific checkpoint callback must not leak checkpoint data

1 comment

PR #596 fixes the bug of the FS-specific checkpoint callback being called only the first time a process forks (so, when a process forks a second child, the second child...

bug
P: 2