gramine icon indicating copy to clipboard operation
gramine copied to clipboard
verified publisher icon gramineproject

Writing protected files hangs when there is not enough free space

Open Villain88 opened this issue 3 years ago • 1 comments

Writing protected files hangs when there is not enough free space

Steps to reproduce

  1. Create a loopdevice of limited size (2G for example) and mount it in the host system (/mnt/data for example)

  2. Create an application with GSC using the following manifest

fs.mounts = [
  { type = "encrypted", path = "/data", uri = "file:/data", key_name = "default" },

]
  1. Launch the application by forwarding /mnt/data to /data (docker -v /mnt/data:/data)
  2. The application should write a large file or several smaller files (>2G) to the /data directory

Expected results

Write error on directory full

Actual results

Hangs up without error Also hangs when using deprecated syntax (protected files instead of an encrypted file system)

Additional information

Doesn't hang when building in debug (gsc build -d)

Gramine commit hash

v1.2 and last 5b160c68260eaa57a9342762b33dbff1e3c8fb5a commit

Villain88 avatar Sep 08 '22 13:09 Villain88

I can look into this.

oshogbo avatar Sep 08 '22 15:09 oshogbo

I tested this with the debug and release mode, and I cannot reproduce this. I have tried with the small file system (150MB) and a larger one (2G):

truncate -s SIZE file
mount file mounted

My manifest:

libos.entrypoint = "a.out"
loader.entrypoint = "file:{{ gramine.libos }}"
loader.preload = "file:{{ gramine.libos }}"
loader.log_level = "trace"

loader.env.LD_LIBRARY_PATH = "/lib"
loader.insecure__use_cmdline_argv = true

fs.mounts = [
  { path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
  { path = "/tmp", uri = "file:/tmp" },
  { path = "/etc", uri = "file:/tmp" },
  { path = "/file", uri = "file:mounted/file", type = "encrypted" },
]

sgx.debug = true
sys.enable_extra_runtime_domain_names_conf = true
fs.insecure__keys.default = "ffeeddccbbaa99887766554433221100"

sgx.trusted_files = [
  "file:{{ gramine.runtimedir() }}/",
  "file:{{ gramine.libos }}",
  "file:./a.out",
]

Is there something else that I should try? Can you provide a trace log (loader.log_level = "trace") from the execution of your application? Could you share the application or application that reproduces that?

I have not tested docker; might this be an issue? What part does docker play in this?

oshogbo avatar Nov 16 '22 23:11 oshogbo

We cannot reproduce the issue and didn't get any reply from the reporter, so I'm closing it.

mkow avatar Jan 18 '23 14:01 mkow