lejunzhu

I met the same problem in MySQL. I wonder if we can use C99 variable length array to allocate these short-lived buffers on the stack instead? E.g. https://github.com/gramineproject/gramine/blob/72f65247af61c55c54033c3c6934ed21b607987b/libos/src/sys/libos_poll.c#L51 can be...

> Yeah, exactly. Changing `sgx_get_seal_key()` signature is a no-brainer. The real question is: how do it expose it to end users (in the manifest, in the format of Protected/Encrypted Files,...

> This is new to me. @lejunzhu Was it added rather recently (less than 2 years ago)? Because I don't see anything like this in the current Gramine format, and...

You may also check the kernel log: `sudo dmesg | grep ELDU` If it shows something like: `[ 2537.818570] ELDU returned 1073741837 (0x4000000d)` Then it's a kernel bug that causes...

Perhaps you can change the mount line in the manifest to: `{ path = "/datasets/cd-sem-enc", uri = "file:./datasets/cd-sem-enc", type = "encrypted"},` then it should work.

I just tested it. It seems you need to change the encryption command to: `gramine-sgx-pf-crypt encrypt -w test_key -i datasets/cd-sem -o datasets/cd-sem-enc` The leading './' is causing the mismatch (at...

> @fork-while-1 @lejunzhu If you have time, please check #937. It should fix the error. Yes, it fixes the issue in my test.

I think protecting mbedtls_ssl_read and mbedtls_ssl_write with the same lock may cause other problems. Read usually blocks for a long time. If the application is trying to send when recv'ing...

It seems that calling fork() after a thread have started recv() will also cause deadlock. See: [test.txt](https://github.com/oscarlab/graphene/files/5778865/test.txt) Perhaps we can drop the lock before ocall_recv, then re-acquire it after it...

> But this doesn't help with the SSL context... mbedTLS internally changes its own metadata before and after the `recv()` syscall/ocall. So there can be a situation when two threads...