A library OS for Linux multi-process applications, with Intel SGX support

Graphene Library OS with Intel SGX Support

Documentation Status

A Linux-compatible Library OS for Multi-Process Applications

NOTE: We are in the middle of transitioning our buildsystem to Meson, and the build procedures are changing. See Building instructions for an up-to-date build tutorial.

What is Graphene?

Graphene is a lightweight library OS, designed to run a single application with minimal host requirements. Graphene can run applications in an isolated environment with benefits comparable to running a complete OS in a virtual machine -- including guest customization, ease of porting to different OSes, and process migration.

Graphene supports native, unmodified Linux binaries on any platform. Currently, Graphene runs on Linux and Intel SGX enclaves on Linux platforms.

In untrusted cloud and edge deployments, there is a strong desire to shield the whole application from rest of the infrastructure. Graphene supports this “lift and shift” paradigm for bringing unmodified applications into Confidential Computing with Intel SGX. Graphene can protect applications from a malicious system stack with minimal porting effort.

Graphene is a growing project and we have a growing contributor and maintainer community. The code and overall direction of the project are determined by a diverse group of contributors, from universities, small and large companies, as well as individuals. Our goal is to continue this growth in both contributions and community adoption.

Release candidate version of Graphene 1.2 available

Graphene has evolved a lot since our last major release. Over the last few months, we have made significant updates to provide a stable version that supports deploying key workloads with Intel SGX. We’ve rewritten major subsystems, done a significant update to the build and packaging scripts, extended test coverage, and improved the CI/CD process. We’ve reviewed and hardened specific security aspects of Graphene, and increased stability for long-running and heavy workloads.

Graphene also includes full SGX Attestation support, protected files support, multi-process support with encrypted IPC, and support for the upstreamed SGX driver for Linux. We’ve introduced a number of performance optimizations for SGX, and provide mechanisms to more easily deploy in cloud environments with full support for automatic Docker container integration using Graphene Shielded Containers (GSC).

We have a growing set of well-tested applications including machine learning frameworks, databases, webservers, and programming language runtimes.

This version of Graphene is tagged 'v1.2-rc1'. We encourage you to try this out with your workloads and let us know if you’re facing any issues. Please see the release page for release notes and installation instructions.

While we have made significant progress, we are continuing to work towards making Graphene better and adding support for more workloads. The items that we are most immediately working on are tracked in #1544.

In the meantime, we are also in the process of transitioning the Graphene project to a new home within the Confidential Computing Consortium under the Linux Foundation. In Q3 2021 we will provide more details on this, and we expect the next version of Graphene to be released once this transition is complete.

Graphene documentation

The official Graphene documentation can be found at https://graphene.readthedocs.io. Below are quick links to some of the most important pages:

Getting help

For any questions, please send an email to [email protected] (public archive).

For bug reports, post an issue on our GitHub repository: https://github.com/oscarlab/graphene/issues.

Acknowledgments

Graphene Project benefits from generous help of fosshost.org: they lend us a VPS, which we use as toolserver and package hosting.

Owner
Comments
  • Error running the ra-tls-mbedtls example

    Error running the ra-tls-mbedtls example

    I was trying to run the ra-tls-mbedtls example, intially it did not allow me to use the current update where the the value of sx.remote_attestation was changed to attestation type, it gave the following error -

    error: Cannot parse 'sgx.remote_attestation' (the value must be true or false)

    So I changed the value to true on the manifest template. After which it is currently giving me this error -

    Inconsistency detected by ld.so: dl-call-libc-early-init.c: 37: _dl_call_libc_early_init: Assertion `sym != NULL' failed!

  • OOM with javascript + WebAssembly by Gramine in SGX mode

    OOM with javascript + WebAssembly by Gramine in SGX mode

    Description of the problem

    I'm running javascript + WebAssembly in Gramine in SGX mode, but run into OOM error, however I'm able to run javascript + WebAssembly program successfully without Gramine.

    Steps to reproduce

    The attachement is a complete reproducer, in dockerfile format(gramineproject/gramine:v1.2 as base image ), however the problem has nothing to do with container, since I can reproduce this issue in bare metal host, but only because dockerfile can make us have a consistent environment.

    To reproduce:

    1. build docker image by docker build -t gramine-js .
    2. run as a daemon container: docker run -d --device /dev/sgx_enclave --device /dev/sgx_provision gramine-js:latest
    3. login container interactively: docker exec -ti ${container_name} bash
    4. run ./startup.sh to start javascript + WebAssembly + SGX + Gramine from within container instance, you should be able to gramine debug log, you could see Out of Memory error in between
    5. run javascript + WebAssembly program without Gramine and SGX from within the same container instance: node index.js, you can also invoke the server by: curl http://localhost:3000/genAndVerify, it should log some successful messages on node server side.

    Expected results

    server should run and listen on port 3000

    Actual results

    server reports Out of memory error

    Gramine commit hash

    commit: 1.2

    Reproducer

    reproducer.tar.gz

  • gRPC client/server application failure

    gRPC client/server application failure

    Description of the problem

    I observed failure when running gRPC client/server application using gramine sgx. This application works well in native and gramine without sgx. I started the server side first and it would listen at localhost 127.0.0.1:50051, then ran client side continuously for 40 times. I received several error messages as the following:

    rpc error: code = DeadlineExceeded desc = context deadline exceeded
    

    The failure happened randomly. I used the latest Gramine source code. Here is the gRPC source code

    Steps to reproduce

    1. Build the greeter_server:
        cd grpc-go/examples/helloworld/greeter_server
        go mod init server
        go mod tidy
    [server_debug_new.log](https://github.com/gramineproject/gramine/files/8054548/server_debug_new.log)
    
        go build
    
    1. Copy server binary to a folder and build server using gramine
    2. Run this server using graphene-sgx:
       graphene-sgx server
    
    1. Build and run the greeter_client:
     cd grpc-go/examples/helloworld/greeter_client
     go mod init client
     go mod tidy
     go build
    
    1. run the client side outside the TEE for 40 times.
      #!/bin/bash
      for a in {1..40}
      do
           ./client
      done
    

    Expected Results

    server side:

    2022/02/10 22:03:13 server listening at 127.0.0.1:50051
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:32 Received: world
    2022/02/10 22:03:33 Received: world
    2022/02/10 22:03:33 Received: world
    

    client side:

    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:32 Greeting: Hello world
    2022/02/10 22:03:33 Greeting: Hello world
    2022/02/10 22:03:33 Greeting: Hello world
    2022/02/10 22:03:33 Greeting: Hello world
    
    

    Actual Results

    server side:

    2022/02/11 09:13:24 server listening at 127.0.0.1:50051
    2022/02/11 09:13:31 Received: world
    2022/02/11 09:13:31 Received: world
    2022/02/11 09:13:31 Received: world
    2022/02/11 09:13:32 Received: world
    2022/02/11 09:13:32 Received: world
    2022/02/11 09:13:32 Received: world
    2022/02/11 09:13:32 Received: world
    2022/02/11 09:13:32 Received: world
    2022/02/11 09:13:32 Received: world
    2022/02/11 09:13:32 Received: world
    2022/02/11 09:13:32 Received: world
    2022/02/11 09:13:32 Received: world
    2022/02/11 09:13:33 Received: world
    2022/02/11 09:13:33 Received: world
    2022/02/11 09:13:33 Received: world
    2022/02/11 09:13:33 Received: world
    2022/02/11 09:13:33 Received: world
    2022/02/11 09:13:33 Received: world
    2022/02/11 09:13:33 Received: world
    2022/02/11 09:13:33 Received: world
    2022/02/11 09:13:38 Received: world
    2022/02/11 09:13:38 Received: world
    2022/02/11 09:13:38 Received: world
    2022/02/11 09:13:38 Received: world
    2022/02/11 09:13:38 Received: world
    2022/02/11 09:13:38 Received: world
    2022/02/11 09:13:40 Received: world
    2022/02/11 09:13:40 Received: world
    2022/02/11 09:13:40 Received: world
    2022/02/11 09:13:40 Received: world
    2022/02/11 09:13:40 Received: world
    2022/02/11 09:13:40 Received: world
    2022/02/11 09:13:40 Received: world
    2022/02/11 09:13:40 Received: world
    
    
    
    

    client side:

    2022/02/11 09:13:31 Greeting: Hello world
    2022/02/11 09:13:31 Greeting: Hello world
    2022/02/11 09:13:31 Greeting: Hello world
    2022/02/11 09:13:32 could not greet: rpc error: code = DeadlineExceeded desc = context deadlin                                                                                                      e exceeded
    2022/02/11 09:13:32 Greeting: Hello world
    2022/02/11 09:13:32 Greeting: Hello world
    2022/02/11 09:13:32 Greeting: Hello world
    2022/02/11 09:13:32 Greeting: Hello world
    2022/02/11 09:13:32 Greeting: Hello world
    2022/02/11 09:13:32 Greeting: Hello world
    2022/02/11 09:13:32 Greeting: Hello world
    2022/02/11 09:13:32 Greeting: Hello world
    2022/02/11 09:13:33 Greeting: Hello world
    2022/02/11 09:13:33 Greeting: Hello world
    2022/02/11 09:13:33 Greeting: Hello world
    2022/02/11 09:13:33 Greeting: Hello world
    2022/02/11 09:13:33 Greeting: Hello world
    2022/02/11 09:13:33 Greeting: Hello world
    2022/02/11 09:13:33 Greeting: Hello world
    2022/02/11 09:13:33 Greeting: Hello world
    2022/02/11 09:13:34 could not greet: rpc error: code = DeadlineExceeded desc = context deadlin                                                                                                      e exceeded
    2022/02/11 09:13:35 could not greet: rpc error: code = DeadlineExceeded desc = context deadlin                                                                                                      e exceeded
    2022/02/11 09:13:36 could not greet: rpc error: code = DeadlineExceeded desc = context deadlin                                                                                                      e exceeded
    2022/02/11 09:13:37 could not greet: rpc error: code = DeadlineExceeded desc = context deadlin                                                                                                      e exceeded
    2022/02/11 09:13:38 could not greet: rpc error: code = DeadlineExceeded desc = context deadlin                                                                                                      e exceeded
    2022/02/11 09:13:38 Greeting: Hello world
    2022/02/11 09:13:38 Greeting: Hello world
    2022/02/11 09:13:38 Greeting: Hello world
    2022/02/11 09:13:38 Greeting: Hello world
    2022/02/11 09:13:38 Greeting: Hello world
    2022/02/11 09:13:38 Greeting: Hello world
    2022/02/11 09:13:39 could not greet: rpc error: code = DeadlineExceeded desc = context deadlin                                                                                                      e exceeded
    2022/02/11 09:13:40 Greeting: Hello world
    2022/02/11 09:13:40 Greeting: Hello world
    2022/02/11 09:13:40 Greeting: Hello world
    2022/02/11 09:13:40 Greeting: Hello world
    2022/02/11 09:13:40 Greeting: Hello world
    2022/02/11 09:13:40 Greeting: Hello world
    2022/02/11 09:13:40 Greeting: Hello world
    2022/02/11 09:13:40 Greeting: Hello world
    
    

    Additional Information

    Please find the manifest, make and log files attached. Makefile.zip server.manifest.template.zip server_debug.log

    Gramine commit hash

    dbddd90bb51d3c1feff04fc5387ea37073e9321e

    server_debug_new.log

  • Request for AF_PACKET along with raw socket(SOCK_RAW) support.

    Request for AF_PACKET along with raw socket(SOCK_RAW) support.

    Description of the problem

    Currently Gramine does not support AF_PACKET socket type. For one of the application that we are running in Gramine, it needs AF_PACKET socket along with SOCK_RAW (socket_type). Currently, it looks like Gramine does not seem to support raw socket(SOCK_RAW).

    Steps to reproduce

    Any C application code, that invokes below:

    int fd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); if (fd == -1) { perror("socket"); return -1; }

    Expected results

    Actual results

    Does not open the socket type, since it is NOT supported in Gramine.

    Additional information

    AF_PACKET socket along with raw socket support(SOCK_RAW) is needed for running UPF/BESS application(https://github.com/omec-project/upf ) in Gramine.

    Gramine commit hash

    commit 1b83451a1e8e38e7d56c8e6b2fe923504a4dc6a0

  • golang HTTP server freezes after handling some requests

    golang HTTP server freezes after handling some requests

    Description of the problem

    Is there any plan or roadmap to support golang? We are using golang for most of our product. Thanks!

    Steps to reproduce

    Expected results

    Actual results

  • [LibOS] `__process_pending_options()` is buggy in `shim_socket.c`

    [LibOS] `__process_pending_options()` is buggy in `shim_socket.c`

    Hi,

    In want to run the mumble server (https://github.com/mumble-voip/mumble) called murmur in Graphene. My OS is Ubuntu 20.04.

    I copied the memcached manifest template and the Makefile and customized it to my needs. When I run graphene in direct mode I got the following error from murmur:

    Failed to set initial capabilities

    Could be the issue, that some system calls are missing? The log throws a couple of warnings around the error message:

    [P255363:T1:murmurd] debug: glibc register library /lib/x86_64-linux-gnu/libgpg-error.so.0 loaded at 0x5599043ca000
    [P255363:T1:murmurd] debug: adding a library for gdb: file:/lib/x86_64-linux-gnu/libgpg-error.so.0
    [P255363:T1:murmurd] warning: Unsupported system call prctl
    [P255363:T1:murmurd] warning: Unsupported system call prctl
    [P255363:T1:murmurd] warning: Unsupported system call prctl
    [P255363:T1:murmurd] warning: Unsupported system call prctl
    [P255363:T1:murmurd] warning: Unsupported system call prctl
    [P255363:T1:murmurd] warning: Unsupported system call prctl
    [P255363:T1:murmurd] warning: Unsupported system call sysinfo
    [P255363:T1:murmurd] debug: Creating pipe: pipe.srv:8e8056f4f079e6d4c14a29f20d09a6d4039c90784f069159aa22a9691f2098b8
    [P255363:T1:murmurd] debug: Creating pipe: pipe.srv:a2c4dc9fd2c5151d7fae45d205f377c50f1ab2868222fcba9469e3875db0d86e
    [P255363:T1:murmurd] debug: Creating pipe: pipe.srv:2410492390f15c7266c199e70a5f57b1cb967c8ea258aa795b33a60f338ebc22
    [P255363:T1:murmurd] debug: Creating pipe: pipe.srv:25d0a8cb62f22e2b187fbf820d0362b0fcf4cbfa05f7a46da3f8ff5e3d0e50a5
    [P255363:T1:murmurd] warning: Unsupported system call capget
    [P255363:T1:murmurd] warning: Unsupported system call capset
    [P255363:T1:murmurd] warning: Unsupported system call statx
    [P255363:T1:murmurd] warning: Unsupported system call statx
    [P255363:T1:murmurd] warning: Unsupported system call statx
    [P255363:T1:murmurd] warning: Unsupported system call statx
    [P255363:T1:murmurd] warning: Unsupported system call statx
    Failed to set initial capabilities                                                             <- murmur error message
    [P255363:T1:murmurd] warning: Unsupported system call statx
    [P255363:T1:murmurd] warning: Unsupported system call statx
    [P255363:T1:murmurd] warning: Unsupported system call statx
    [P255363:T1:murmurd] warning: Unsupported system call statx
    

    Before Graphene stops to work it writes the following debug message into the log:

    [P255501:T1:murmurd] debug: process 255501 exited with status 0
    [P255503:T2:murmurd] debug: ipc send to 255501: IPC_MSG_LEASE
    [P255503:T2:murmurd] debug: Sending ipc message to 255501
    [P255503:T2:murmurd] debug: Waiting for response (seq = 2)
    [P255503:i1:murmurd] debug: IPC leader disconnected
    [P255503:i1:murmurd] debug: Unknown process (vmid: 0x3e60d) disconnected
    

    Is my assumption correct or do I miss something else?

  • RFC: Sanitization of `/etc/` files

    RFC: Sanitization of `/etc/` files

    Description of the problem

    Currently we put files like /etc/resolv.conf in the sgx.allowed_files list for simplicity. Example: https://github.com/gramineproject/gramine/blob/f7eae7eafab97b74023aadf279fb024cff9b8c78/CI-Examples/redis/redis-server.manifest.template#L130-L142

    Having these files under sgx.allowed_files is not secure. They are read by e.g. Glibc which doesn't expect them to be ill-formatted or maliciously modified.

    The current consensus (see https://github.com/gramineproject/gramine/discussions/687) is: Gramine should read the set of network-related files under /etc/ (when specified in the manifest file), sanitize/verify them and expose to the user app.

    • Only a small set of network-related files under /etc/ should be sanitized like this.
    • One example of a file not to be sanitized is /etc/passwd. This file should be in the sgx.trusted_files list.

    Things to be done as part of this effort

    1. Identify the set of files under /etc/ that needs sanitization.
    2. Analyze the format of each of the files and design per-file sanitization logic.
    3. User-friendliness: where in the manifest these files (like /etc/resolv.conf) should go. Do they just "appear" to the in-Gramine app? Or they need to be put in one of the lists?
  • Thread not using 'expected' stack

    Thread not using 'expected' stack

    I am trying to hunt down an execve/robust_list-related crash on PPC64 and I am wondering whether it is intentional or a coincidence that the stack used by threads on x86_64 running into execve is nowhere near the one that cur_thread->stack is pointing to?

    I have instrumented a part of execve with this patch:

    diff --git a/libos/src/sys/libos_exec.c b/libos/src/sys/libos_exec.c
    index 4b43df74..d93a46f4 100644
    --- a/libos/src/sys/libos_exec.c
    +++ b/libos/src/sys/libos_exec.c
    @@ -36,9 +36,11 @@ noreturn static void __libos_syscall_execve_rtld(void* new_argp, elf_auxv_t* new
             goto error;
         }
    
    +    register void* sp __asm__("sp");
         struct libos_thread* cur_thread = get_cur_thread();
         for (struct libos_vma_info* vma = vmas; vma < vmas + count; vma++) {
             /* Don't free the current stack */
    +        log_error("sp = %p  robus_list  %p   vma->addr=%p .. %p  stack=%p stack_red=%p", sp, cur_thread->robust_list, vma->addr, vma->addr + vma->length, cur_thread->stack, cur_thread->stack_red);
             if (vma->addr == cur_thread->stack || vma->addr == cur_thread->stack_red)
                 continue;
    
    

    When running this command

    /usr/local/lib/x86_64-linux-gnu/gramine/direct/loader /usr/local/lib/x86_64-linux-gnu/gramine/direct/libpal.so init exec_same 1 2
    

    I get this output:

    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x400000 .. 0x401000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x600000 .. 0x601000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x601000 .. 0x602000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdad600000 .. 0x30fdad7e3000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdad7e3000 .. 0x30fdad9e3000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdad9e3000 .. 0x30fdad9e7000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdad9e7000 .. 0x30fdad9e9000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdad9e9000 .. 0x30fdad9f1000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdada00000 .. 0x30fdada01000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdada01000 .. 0x30fdadc00000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdadc00000 .. 0x30fdadc01000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdadc01000 .. 0x30fdadc02000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdadd6f000 .. 0x30fdadd70000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdadd70000 .. 0x30fdaddb0000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdaddb0000 .. 0x30fdaddb1000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdaddb1000 .. 0x30fdaddf1000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000       # Stack VMA
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdaddf1000 .. 0x30fdaddf2000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdaddf2000 .. 0x30fdade32000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdade32000 .. 0x30fdade35000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdade35000 .. 0x30fdade37000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdade37000 .. 0x30fdade38000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdade38000 .. 0x30fdade6a000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdade6a000 .. 0x30fdae06a000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdae06a000 .. 0x30fdae06c000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    [P1:T2:exec_same] error: sp = 0x7ffff3ab7b70  robus_list  0x30fdade32a20   vma->addr=0x30fdae06c000 .. 0x30fdae06e000  stack=0x30fdaddb1000 stack_red=0x30fdaddb0000
    

    The stack pointer sp is somewhere completely different than any of the VMAs. Is this intentional? I am asking because on PPC64 I am currently doing a stack switch before calling this function because if I don't do the stackswitch then I cannot delete the VMA with the stack because the robust_list of a thread is on the stack as well and it segfaults right after the memory area has been unmapped. I later on run into robust_list related issues when in release_robust_list but that's secondary.

  • [CI-Examples] Add an async Rust example

    [CI-Examples] Add an async Rust example

    Rust's async runtime has triggered bugs in our epoll in the past. This example will serve as a smoke-test in this area, as well as point users to the manifest settings that are necessary.

    How to test this PR?

    1. cd CI-Examples/rust
    2. make start-gramine-server SGX=1
    3. In another terminal: curl localhost:3000
    4. Make sure the CI config changes work

    This change is Reviewable

  • Trying to run a Federated Learning Pytorch example with Flower on Gramine-sgx environment

    Trying to run a Federated Learning Pytorch example with Flower on Gramine-sgx environment

    Hi All,

    I am trying to run the quickstart Pytorch example from the Flower Git on gramine. The environment is Microsoft Azure. I have tested gramine on it before and was successfully able to run the examples in the Gramine git. Flower is a Federated Learning framework (https://github.com/adap/flower)

    Below is the source code of the example: https://github.com/adap/flower/tree/main/examples/quickstart_pytorch

    It has 1 server and 2 clients in this framework on different terminals of the VM, trying to communicate with one another. The example was running on the native setting. With the SGX on the communication fails. Below is the screenshot of the error and the log file.

    image

    log_flower.txt

    Any ideas on why this could be happening? Also attaching the manifest file I am using to run this example. manifest.txt

  • rpc error: code = DeadlineExceeded desc = context deadline

    rpc error: code = DeadlineExceeded desc = context deadline

    I have written a simple gRPC server and client applications which will encrypt and decrypt a text. I tried running the client continuously one by one. It works great. No issue up to this point when running them directly as executables.

    After that now running the server application in a gramine container by using the GSC (https://github.com/gramineproject/gsc). and also running the client application as a container(general docker container not the gsc) in another vm. The communication is happening between the server and client and also text encryption and decryption are also working fine.

    After that tried running the client containers one by one continuously by running a simple bash script.

    #!/bin/bash
    #Basic while loop
    counter=1
    while [ $counter -le 10 ]
    do
    echo client-$counter
    docker run client:latest
    ((counter++))
    done
    

    This time, 1 or 2 client containers running fine. But after that, on the next container, it throws the below error,

    **rpc error: code = DeadlineExceeded desc = context deadline**

    Find the below client and server code :

    server sample code :

    func main(){
    lis, err := net.Listen("tcp", port)
    if err != nil {
    log.Fatalf("failed to listen: %v", err)
    }
    s := grpc.NewServer()
    pb.RegisterGolangServer(s, &server{})
    log.Printf("server/main:main() server listening at %v", lis.Addr())
    if err := s.Serve(lis); err != nil {
    log.Fatalf("server/main:main() failed to serve: %v", err)
    }
    return
    }
    
    

    Sample client code :

    func init(){
    conn, err := grpc.Dial(addr, grpc.WithInsecure(), grpc.WithBlock())
    if err != nil {
    log.Fatalf("did not connect: %v", err)
    }
    defer conn.Close()
    log.Println("Establishing connection from Init in session package")
    _, err = EstablishSession(conn)
    }
    
    func EstablishSession(conn *grpc.ClientConn) (*SessionDetailsStore, error) {
    
    c := pb.NewGolangClient(conn)
    nonce := make([]byte, nonceLength)
    if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
    log.Printf("sessionlib/session:EstablishSession() Error in nonce creation: ", err)
    return nil, errors.New("error in nonce creation")
    }
    
    skcserver_token := []byte(aas_token)
    
    ctx, cancel := context.WithTimeout(context.Background(), time.Second)
    defer cancel()
    r, err := c.Session(ctx, &pb.SessionRequest{SkcserverToken: skcserver_token, Nonce: nonce})
    if err != nil {
    log.Printf("sessionlib/session:EstablishSession() Could not create session: %v", err)
    return nil, errors.New("could not create session")
    }
    return nil, nil
    }
    
    

    In client side, I use this establishsession() function to get the session ID and using it for the encryption and decryption process of my text.

    (Point to note : Both encryption and decryption processes have to reach the server for 4 times each during the client runtime.)

    I have tried modifying the time out in the below line of client code, ctx, cancel := context.WithTimeout(context.Background(), time.Second)

    to 10,30,50,80 and 300 seconds. But no improvement. Got the same rpc deadline exceeded error after successful running of 1 or 2 client containers.

    Find the below server and client logs :

    Client :

    client-4
    2022/01/05 14:57:45 Establishing connection from Init in session package
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Entering
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Success in establishing session
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Session ID : [33 241 217 25 54 129 29 39 152 119 168 157 2 8 91 32]
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Attestation Evidence : [116 101 115 116 113 117 111 116 101]
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Leaving
    2022/01/05 14:57:45 client/main:main() Entering
    2022/01/05 14:57:45 client/main:main() Calling skc-crypto-application which in turn call crypto functions
    2022/01/05 14:57:45 crypto_app/crypto_app:cryptoFunctions() Entering
    time="2022-01-05T14:57:45Z" level=info msg="config/config:validateConfiguration() Entering"
    time="2022-01-05T14:57:45Z" level=info msg="config/config:validateUserPermissions() Entering"
    time="2022-01-05T14:57:45Z" level=info msg="config/config:validateUserPermissions() User global_admin_user has required permission(s)"
    time="2022-01-05T14:57:45Z" level=info msg="config/config:validateUserPermissions() Leaving"
    time="2022-01-05T14:57:45Z" level=info msg="config/config:validateConfiguration() Leaving"
    2022/01/05 14:57:45 crypto/aes/cipher:NewCipher() Entering
    2022/01/05 14:57:45 crypto/aes/cipher:NewCipher() get session ID for NewCipher
    2022/01/05 14:57:45 crypto/aes/cipher:GetSessionId() Entering
    crypto_app/crypto_app:cryptoFunctions() we are going to encrypt:
    Mandalorian is currently the best DisneyPlus show
    2022/01/05 14:57:45 crypto/aes/cipher:GetSessionId() try getting session details - aes
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Entering
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Session has been established already. So returning the details
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Leaving
    2022/01/05 14:57:45 crypto/aes/cipher:GetSessionId() Leaving
    time="2022-01-05T14:57:45Z" level=info msg="config/config:validateConfiguration() Entering"
    time="2022-01-05T14:57:45Z" level=info msg="config/config:validateUserPermissions() Entering"
    time="2022-01-05T14:57:45Z" level=info msg="config/config:validateUserPermissions() User global_admin_user has required permission(s)"
    time="2022-01-05T14:57:45Z" level=info msg="config/config:validateUserPermissions() Leaving"
    time="2022-01-05T14:57:45Z" level=info msg="config/config:validateConfiguration() Leaving"
    2022/01/05 14:57:45 crypto/aes/cipher:NewCipher() get new cipher from NewCipher skc server
    crypto_app/crypto_app:cryptoFunctions() cipher id in crypto app = [66 56 51 52 67 51 66 48]
    2022/01/05 14:57:45 crypto/aes/cipher:NewCipher() NewCipher Attestation ID attestation_id:"\xef\x0b\x0c=\xe1\xb2l\xd2t\x8a\xc1\xe8-\x0c\x9a\x83\x19\x05\x81\xf3\xe8\xe5\x89O\xbf\xc54_ݗ\xda\xfd0A\xa9Q\x03u1ã\x84X\xe5\xe3\x8c\x04e\xa6Aܨ\x9df\xab\xf9z,\x1b\x1c\xa6`x\x8a"
    2022/01/05 14:57:45 crypto/aes/cipher:NewCipher() Leaving
    2022/01/05 14:57:45 crypto/cipher/gcm:NewGCM() Entering
    2022/01/05 14:57:45 crypto/cipher/gcm:GetSessionId() Entering
    2022/01/05 14:57:45 crypto/cipher/gcm:GetSessionId() try getting session details - cipher
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Entering
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Session has been established already. So returning the details
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Leaving
    2022/01/05 14:57:45 crypto/cipher/gcm:GetSessionId() Leaving
    2022/01/05 14:57:45 crypto/cipher/gcm:NewGCM() session id : [33 241 217 25 54 129 29 39 152 119 168 157 2 8 91 32]
    2022/01/05 14:57:45 crypto/cipher/gcm:GetSessionId() Entering
    2022/01/05 14:57:45 crypto/cipher/gcm:GetSessionId() try getting session details - cipher
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Entering
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Session has been established already. So returning the details
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Leaving
    2022/01/05 14:57:45 crypto/cipher/gcm:GetSessionId() Leaving
    2022/01/05 14:57:45 crypto/cipher/gcm:NewGCM() get new cipher from NewGCM skc server
    2022/01/05 14:57:45 crypto/cipher/gcm:NewGCM() Get session ID for NewCipher cphr value -> QjgzNEMzQjA=
    crypto_app/crypto_app:cryptoFunctions() gcm_id = [66 56 53 49 50 52 51 48]
    2022/01/05 14:57:45 crypto/cipher/gcm:NewGCM() New gcm id in gcm.go = [66 56 53 49 50 52 51 48]
    2022/01/05 14:57:45 crypto/cipher/gcm:NewGCM() Leaving
    2022/01/05 14:57:45 crypto/cipher/gcm:NonceSize() Entering
    2022/01/05 14:57:45 crypto/cipher/gcm:GetSessionId() Leaving
    2022/01/05 14:57:45 crypto/cipher/gcm:Seal() session id: [33 241 217 25 54 129 29 39 152 119 168 157 2 8 91 32]
    2022/01/05 14:57:45 crypto/cipher/gcm:GetSessionId() Entering
    2022/01/05 14:57:45 crypto/cipher/gcm:GetSessionId() try getting session details - cipher
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Entering
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Session has been established already. So returning the details
    2022/01/05 14:57:45 sessionlib/session:EstablishSession() Leaving
    2022/01/05 14:57:45 crypto/cipher/gcm:GetSessionId() Leaving
    2022/01/05 14:57:46 crypto/cipher/gcm:Seal() get the cipher text from server
    2022/01/05 14:57:46 crypto/cipher/gcm:Seal() Leaving
    2022/01/05 14:57:46 crypto/aes/cipher:NewCipher() Entering
    2022/01/05 14:57:46 crypto/aes/cipher:NewCipher() get session ID for NewCipher
    2022/01/05 14:57:46 crypto/aes/cipher:GetSessionId() Entering
    crypto_app/crypto_app:cryptoFunctions() cipherText = [175 74 224 81 86 167 69 186 18 125 213 235 155 199 211 134 173 31 217 183 58 81 182 108 123 24 125 40 166 216 43 3 3 118 9 16 95 39 250 33 194 131 230 6 169 131 49 228 74 223 161 220 67 35 151 110 65 14 46 123 184 179 4 159 86 191 188 151 180 38 251 198 175 101 184 89 182]
    2022/01/05 14:59:46 crypto/aes/cipher:GetSessionId() try getting session details - aes
    2022/01/05 14:59:46 sessionlib/session:EstablishSession() Entering
    2022/01/05 14:59:46 sessionlib/session:EstablishSession() Session has been established already. So returning the details
    2022/01/05 14:59:46 sessionlib/session:EstablishSession() Leaving
    2022/01/05 14:59:46 crypto/aes/cipher:GetSessionId() Leaving
    
    time="2022-01-05T15:05:46Z" level=info msg="config/config:validateConfiguration() Entering"
    time="2022-01-05T15:05:46Z" level=info msg="config/config:validateUserPermissions() Entering"
    time="2022-01-05T15:05:46Z" level=info msg="config/config:validateUserPermissions() User global_admin_user has required permission(s)"
    time="2022-01-05T15:05:46Z" level=info msg="config/config:validateUserPermissions() Leaving"
    time="2022-01-05T15:05:46Z" level=info msg="config/config:validateConfiguration() Leaving"
    2022/01/05 15:05:46 crypto/aes/cipher:NewCipher() get new cipher from NewCipher skc server
    2022/01/05 15:05:56 crypto/aes/cipher:NewCipher() NewCipher failed with: rpc error: code = DeadlineExceeded desc = context deadline exceeded
    2022/01/05 15:05:56 crypto/aes/cipher:NewCipher() Leaving
    2022/01/05 15:05:56 crypto/cipher/gcm:NewGCM() Entering
    2022/01/05 15:05:56 crypto/cipher/gcm:GetSessionId() Entering
    crypto_app/crypto_app:cryptoFunctions() Failed to create cphr_id using aes.NewCipher rpc error: code = DeadlineExceeded desc = context deadline exceededcrypto_app/crypto_app:cryptoFunctions() cipher id in decryption process = []
    
    2022/01/05 15:14:46 crypto/cipher/gcm:GetSessionId() try getting session details - cipher
    2022/01/05 15:14:46 sessionlib/session:EstablishSession() Entering
    2022/01/05 15:14:46 sessionlib/session:EstablishSession() Session has been established already. So returning the details
    2022/01/05 15:14:46 sessionlib/session:EstablishSession() Leaving
    2022/01/05 15:14:46 crypto/cipher/gcm:GetSessionId() Leaving
    2022/01/05 15:14:46 crypto/cipher/gcm:NewGCM() session id : [33 241 217 25 54 129 29 39 152 119 168 157 2 8 91 32]
    2022/01/05 15:14:46 crypto/cipher/gcm:GetSessionId() Entering
    
    2022/01/05 15:16:46 crypto/cipher/gcm:GetSessionId() try getting session details - cipher
    2022/01/05 15:16:46 sessionlib/session:EstablishSession() Entering
    2022/01/05 15:16:46 sessionlib/session:EstablishSession() Session has been established already. So returning the details
    2022/01/05 15:16:46 sessionlib/session:EstablishSession() Leaving
    2022/01/05 15:16:46 crypto/cipher/gcm:GetSessionId() Leaving
    
    2022/01/05 15:18:46 crypto/cipher/gcm:NewGCM() get new cipher from NewGCM skc server
    2022/01/05 15:18:46 crypto/cipher/gcm:NewGCM() Get session ID for NewCipher cphr value ->
    2022/01/05 15:18:47 crypto/cipher/gcm:NewGCM() Unable to create NewGCM failed with error rpc error: code = DeadlineExceeded desc = context deadline exceeded
    2022/01/05 15:18:47 crypto/cipher/gcm:NewGCM() Leaving
    2022/01/05 15:18:47 crypto/cipher/gcm:NonceSize() Entering
    2022/01/05 15:18:47 crypto/cipher/gcm:GetSessionId() Entering
    crypto_app/crypto_app:cryptoFunctions() Failed to create gcm_id using NewGCM rpc error: code = DeadlineExceeded desc = context deadline exceededcrypto_app/crypto_app:cryptoFunctions() gcm_id in decryption process = []
    
    2022/01/05 15:20:46 crypto/cipher/gcm:GetSessionId() try getting session details - cipher
    2022/01/05 15:20:46 sessionlib/session:EstablishSession() Entering
    2022/01/05 15:20:46 sessionlib/session:EstablishSession() Session has been established already. So returning the details
    2022/01/05 15:20:46 sessionlib/session:EstablishSession() Leaving
    2022/01/05 15:20:46 crypto/cipher/gcm:GetSessionId() Leaving
    2022/01/05 15:20:46 crypto/cipher/gcm:NonceSize() session id: [33 241 217 25 54 129 29 39 152 119 168 157 2 8 91 32]
    2022/01/05 15:20:46 crypto/cipher/gcm:GetSessionId() Entering
    
    2022/01/05 15:22:46 crypto/cipher/gcm:GetSessionId() try getting session details - cipher
    2022/01/05 15:22:46 sessionlib/session:EstablishSession() Entering
    2022/01/05 15:22:46 sessionlib/session:EstablishSession() Session has been established already. So returning the details
    2022/01/05 15:22:46 sessionlib/session:EstablishSession() Leaving
    2022/01/05 15:22:46 crypto/cipher/gcm:GetSessionId() Leaving
    
    2022/01/05 15:24:47 crypto/cipher/gcm:NonceSize() get nonce from the server
    2022/01/05 15:24:48 crypto/cipher/gcm:NonceSize() Failed to perform NonceSize request rpc error: code = DeadlineExceeded desc = context deadline exceeded
    2022/01/05 15:24:48 crypto/cipher/gcm:NonceSize() Leaving
    2022/01/05 15:24:48 crypto/cipher/gcm:Open() Entering
    2022/01/05 15:24:48 crypto/cipher/gcm:GetSessionId() Entering
    crypto_app/crypto_app:cryptoFunctions() Failed to create nonce using Nonce rpc error: code = DeadlineExceeded desc = context deadline exceededcrypto_app/crypto_app:cryptoFunctions() nonceSize in decryption process = 0
    
    2022/01/05 15:33:47 crypto/cipher/gcm:GetSessionId() try getting session details - cipher
    2022/01/05 15:33:47 sessionlib/session:EstablishSession() Entering
    2022/01/05 15:33:47 sessionlib/session:EstablishSession() Session has been established already. So returning the details
    2022/01/05 15:33:47 sessionlib/session:EstablishSession() Leaving
    2022/01/05 15:33:47 crypto/cipher/gcm:GetSessionId() Leaving
    2022/01/05 15:33:47 crypto/cipher/gcm:Open() session id: [33 241 217 25 54 129 29 39 152 119 168 157 2 8 91 32]
    2022/01/05 15:33:47 crypto/cipher/gcm:GetSessionId() Entering
    
    2022/01/05 15:35:47 crypto/cipher/gcm:GetSessionId() try getting session details - cipher
    2022/01/05 15:35:47 sessionlib/session:EstablishSession() Entering
    2022/01/05 15:35:47 sessionlib/session:EstablishSession() Session has been established already. So returning the details
    2022/01/05 15:35:47 sessionlib/session:EstablishSession() Leaving
    2022/01/05 15:35:47 crypto/cipher/gcm:GetSessionId() Leaving
    
    2022/01/05 15:37:47 crypto/cipher/gcm:Open() get decrypted text from the server
    2022/01/05 15:37:48 crypto/cipher/gcm:Open() Failed to perform Open request rpc error: code = DeadlineExceeded desc = context deadline exceeded
    2022/01/05 15:37:48 crypto/cipher/gcm:Open() Leaving
    2022/01/05 15:37:48 crypto_app/crypto_app:cryptoFunctions() Leaving
    2022/01/05 15:37:48 client/main:main() Leaving
    crypto_app/crypto_app:cryptoFunctions() Failed to get plainText using Open rpc error: code = DeadlineExceeded desc = context deadline exceededcrypto_app/crypto_app:cryptoFunctions() after decryption:
    
    

    Server :

    
    2022/01/05 14:57:27 server/main:main() Entering
    2022/01/05 14:57:27 clients/kbs/kbs:Run() Entering
    2022/01/05 14:57:27 clients/kbs/kbs:Run() Creating envelope key
    2022/01/05 14:57:27 clients/kbs/kbs:Run() Leaving
    [P1:T1:skcserver] error: bind: invalid handle returned
    2022/01/05 14:57:27 server/main:main() server listening at [::]:50051
    2022/01/05 14:57:27 server/main:validateAllSession() Entering
    2022/01/05 14:57:27 server/main:validateAllSession() Leaving
    2022/01/05 14:57:35 server/main:Session() Entering
    2022/01/05 14:57:35 server/main:Session() Leaving
    2022/01/05 14:57:35 server/main:NewCipher() Entering
    2022/01/05 14:57:35 server/main:NewCipher() SessionID D2byzSx5vTMXIQBJyhtsVQ==
    2022/01/05 14:57:35 server/main:validateThisSession() Entering
    2022/01/05 14:57:35 server/main:validateThisSession() Leaving
    2022/01/05 14:57:35 server/main:NewCipher() Session id received: [15 102 242 205 44 121 189 51 23 33 0 73 202 27 108 85]
    2022/01/05 14:57:35 server/main:NewCipher() Received key ID = [55 102 50 49 57 49 97 100 45 54 102 101 102 45 52 50 102 99 45 56 98 98 102 45 54 52 98 48 49 50 50 97 51 48 100 53]
    2022/01/05 14:57:35 server/main:verifyKeyData() Entering
    2022/01/05 14:57:35 clients/kbs/kbs:FetchKey() Entering
    2022/01/05 14:57:35 clients/kbs/kbs:FetchKey() keyUrl: https://10.80.243.86:9443/kbs/v1/keys/7f2191ad-6fef-42fc-8bbf-64b0122a30d5/transfer
    2022/01/05 14:57:36 pkg/wpm/util/fetch_key.go:FetchKey() Successfully retrieved key
    2022/01/05 14:57:36 clients/kbs/kbs:FetchKey() https://10.80.243.86:9443/kbs/v1/keys/7f2191ad-6fef-42fc-8bbf-64b0122a30d5/transfer
    2022/01/05 14:57:36 clients/kbs/kbs:FetchKey() Leaving
    2022/01/05 14:57:36 server/main:verifyKeyData() New Key returned from KBS
    2022/01/05 14:57:36 server/main:verifyKeyData() Leaving
    time="2022-01-05T14:57:36Z" level=info msg="pkg/wpm/util/encrypt.go:Encrypt() Successfully unwrapped key" name=default pid=1
    2022/01/05 14:57:36 server/main:NewCipher() Received key ID onWKpZ4J0dODMmBdLHboTQ==
    2022/01/05 14:57:36 server/main:NewCipher() Cipher address:= 0xb8218c80
    2022/01/05 14:57:36 server/main:NewCipher() Cipher address in string:= B8218C80
    2022/01/05 14:57:36 server/main:NewCipher() Cipher address in byte:= [66 56 50 49 56 67 56 48]
    2022/01/05 14:57:36 server/main:NewCipher() Cipher again address in string:= B8218C80
    2022/01/05 14:57:36 server/main:NewCipher() Leaving
    2022/01/05 14:57:37 server/main:NewGCM() Entering
    2022/01/05 14:57:37 server/main:validateThisSession() Entering
    2022/01/05 14:57:37 server/main:validateThisSession() Leaving
    2022/01/05 14:57:37 server/main:NewGCM() Session ID received: [15 102 242 205 44 121 189 51 23 33 0 73 202 27 108 85]
    2022/01/05 14:57:37 server/main:NewGCM() Received cipher ID = [66 56 50 49 56 67 56 48]
    2022/01/05 14:57:37 server/main:NewGCM() Valid cipher address received
    2022/01/05 14:57:37 server/main:NewGCM() Cipher pointer = 0xb8218c80
    2022/01/05 14:57:37 server/main:NewGCM() Created gcm object = 0xb826e270
    2022/01/05 14:57:37 server/main:NewGCM() Cipher address in string:= B826E270
    2022/01/05 14:57:37 server/main:NewGCM() Address in bytes:= [66 56 50 54 69 50 55 48]
    2022/01/05 14:57:37 server/main:NewGCM() Leaving
    2022/01/05 14:57:37 server/main:NonceSize() Entering
    2022/01/05 14:57:37 server/main:validateThisSession() Entering
    2022/01/05 14:57:37 server/main:validateThisSession() Leaving
    2022/01/05 14:57:37 server/main:NonceSize() Valid gcm address received
    2022/01/05 14:57:37 server/main:NonceSize() Leaving
    2022/01/05 14:57:37 server/main:Seal() Entering
    2022/01/05 14:57:37 server/main:validateThisSession() Entering
    2022/01/05 14:57:37 server/main:validateThisSession() Leaving
    2022/01/05 14:57:37 server/main:Seal() Session ID received: [15 102 242 205 44 121 189 51 23 33 0 73 202 27 108 85]
    2022/01/05 14:57:37 server/main:Seal() Received gcm Object ID = [66 56 50 54 69 50 55 48]
    2022/01/05 14:57:37 server/main:Seal() Valid gcm address received
    2022/01/05 14:57:37 server/main:Seal() Leaving
    2022/01/05 14:57:37 server/main:NewCipher() Entering
    2022/01/05 14:57:37 server/main:NewCipher() SessionID D2byzSx5vTMXIQBJyhtsVQ==
    2022/01/05 14:57:37 server/main:validateThisSession() Entering
    2022/01/05 14:57:37 server/main:validateThisSession() Leaving
    2022/01/05 14:57:37 server/main:NewCipher() Session id received: [15 102 242 205 44 121 189 51 23 33 0 73 202 27 108 85]
    2022/01/05 14:57:37 server/main:NewCipher() Received key ID = [55 102 50 49 57 49 97 100 45 54 102 101 102 45 52 50 102 99 45 56 98 98 102 45 54 52 98 48 49 50 50 97 51 48 100 53]
    2022/01/05 14:57:37 server/main:verifyKeyData() Entering
    2022/01/05 14:57:37 server/main:verifyKeyData() Cached Key returned from SKC
    2022/01/05 14:57:37 server/main:verifyKeyData() Leaving
    time="2022-01-05T14:57:37Z" level=info msg="pkg/wpm/util/encrypt.go:Encrypt() Successfully unwrapped key" name=default pid=1
    2022/01/05 14:57:37 server/main:NewCipher() Received key ID onWKpZ4J0dODMmBdLHboTQ==
    2022/01/05 14:57:37 server/main:NewCipher() Cipher address:= 0xb834c3d0
    2022/01/05 14:57:37 server/main:NewCipher() Cipher address in string:= B834C3D0
    2022/01/05 14:57:37 server/main:NewCipher() Cipher address in byte:= [66 56 51 52 67 51 68 48]
    2022/01/05 14:57:37 server/main:NewCipher() Cipher again address in string:= B834C3D0
    2022/01/05 14:57:37 server/main:NewCipher() Leaving
    2022/01/05 14:57:37 server/main:NewGCM() Entering
    2022/01/05 14:57:37 server/main:validateThisSession() Entering
    2022/01/05 14:57:37 server/main:validateThisSession() Leaving
    2022/01/05 14:57:37 server/main:NewGCM() Session ID received: [15 102 242 205 44 121 189 51 23 33 0 73 202 27 108 85]
    2022/01/05 14:57:37 server/main:NewGCM() Received cipher ID = [66 56 51 52 67 51 68 48]
    2022/01/05 14:57:37 server/main:NewGCM() Valid cipher address received
    2022/01/05 14:57:37 server/main:NewGCM() Cipher pointer = 0xb834c3d0
    2022/01/05 14:57:37 server/main:NewGCM() Created gcm object = 0xb834c6f0
    2022/01/05 14:57:37 server/main:NewGCM() Cipher address in string:= B834C6F0
    2022/01/05 14:57:37 server/main:NewGCM() Address in bytes:= [66 56 51 52 67 54 70 48]
    2022/01/05 14:57:37 server/main:NewGCM() Leaving
    2022/01/05 14:57:38 server/main:NonceSize() Entering
    2022/01/05 14:57:38 server/main:validateThisSession() Entering
    2022/01/05 14:57:38 server/main:validateThisSession() Leaving
    2022/01/05 14:57:38 server/main:NonceSize() Valid gcm address received
    2022/01/05 14:57:38 server/main:NonceSize() Leaving
    2022/01/05 14:57:38 server/main:Open() Entering
    2022/01/05 14:57:38 server/main:validateThisSession() Entering
    2022/01/05 14:57:38 server/main:validateThisSession() Leaving
    2022/01/05 14:57:38 server/main:Open() session id received: [15 102 242 205 44 121 189 51 23 33 0 73 202 27 108 85]
    2022/01/05 14:57:38 server/main:Open() received gcm Object ID = [66 56 50 54 69 50 55 48]
    2022/01/05 14:57:38 server/main:Open() Valid gcm address received
    2022/01/05 14:57:38 server/main:Open() Leaving
    2022/01/05 14:57:39 server/main:Session() Entering
    2022/01/05 14:57:39 server/main:Session() Leaving
    2022/01/05 14:57:39 server/main:NewCipher() Entering
    2022/01/05 14:57:39 server/main:NewCipher() SessionID jp/ONz6jT9nahKbfqNIQJg==
    2022/01/05 14:57:39 server/main:validateThisSession() Entering
    2022/01/05 14:57:39 server/main:validateThisSession() Leaving
    2022/01/05 14:57:39 server/main:NewCipher() Session id received: [142 159 206 55 62 163 79 217 218 132 166 223 168 210 16 38]
    2022/01/05 14:57:39 server/main:NewCipher() Received key ID = [55 102 50 49 57 49 97 100 45 54 102 101 102 45 52 50 102 99 45 56 98 98 102 45 54 52 98 48 49 50 50 97 51 48 100 53]
    2022/01/05 14:57:39 server/main:verifyKeyData() Entering
    2022/01/05 14:57:39 server/main:NewGCM() Session ID received: [142 159 206 55 62 163 79 217 218 132 166 223 168 210 16 38]
    2022/01/05 14:57:40 server/main:NewCipher() SessionID jp/ONz6jT9nahKbfqNIQJg==
    2022/01/05 14:57:40 server/main:validateThisSession() Entering
    2022/01/05 14:57:40 server/main:validateThisSession() Leaving
    2022/01/05 14:57:40 server/main:NewCipher() Session id received: [142 159 206 55 62 163 79 217 218 132 166 223 168 210 16 38]
    2022/01/05 14:57:40 server/main:NewCipher() Received key ID = [55 102 50 49 57 49 97 100 45 54 102 101 102 45 52 50 102 99 45 56 98 98 102 45 54 52 98 48 49 50 50 97 51 48 100 53]
    
    time="2022-01-05T14:57:45Z" level=info msg="pkg/wpm/util/encrypt.go:Encrypt() Successfully unwrapped key" name=default pid=1
    2022/01/05 14:57:45 server/main:NewCipher() Received key ID onWKpZ4J0dODMmBdLHboTQ==
    2022/01/05 14:57:45 server/main:NewCipher() Cipher address:= 0xb834c3b0
    2022/01/05 14:57:45 server/main:NewCipher() Cipher address in string:= B834C3B0
    2022/01/05 14:57:45 server/main:NewCipher() Cipher address in byte:= [66 56 51 52 67 51 66 48]
    2022/01/05 14:57:45 server/main:NewCipher() Cipher again address in string:= B834C3B0
    2022/01/05 14:57:45 server/main:validateThisSession() Leaving
    2022/01/05 14:57:45 server/main:NonceSize() Valid gcm address received
    2022/01/05 14:57:45 server/main:NonceSize() Leaving
    2022/01/05 14:57:45 server/main:Seal() Entering
    2022/01/05 14:57:45 server/main:validateThisSession() Entering
    2022/01/05 14:57:45 server/main:validateThisSession() Leaving
    2022/01/05 14:57:45 server/main:Seal() Session ID received: [33 241 217 25 54 129 29 39 152 119 168 157 2 8 91 32]
    2022/01/05 14:57:45 server/main:Seal() Received gcm Object ID = [66 56 53 49 50 52 51 48]
    2022/01/05 14:57:45 server/main:Seal() Valid gcm address received
    2022/01/05 14:57:45 server/main:Seal() Leaving
    
    2022/01/05 15:27:47 server/main:NonceSize() Entering
    2022/01/05 15:27:47 server/main:validateThisSession() Entering
    2022/01/05 15:27:47 server/main:validateThisSession() Leaving
    2022/01/05 15:27:47 server/main:NonceSize() Invalid gcm address received
    2022/01/05 15:27:47 server/main:NonceSize() Leaving
    
    2022/01/05 15:39:47 server/main:Open() Entering
    2022/01/05 15:39:47 server/main:validateThisSession() Entering
    2022/01/05 15:39:47 server/main:validateThisSession() Leaving
    2022/01/05 15:39:47 server/main:Open() session id received: [33 241 217 25 54 129 29 39 152 119 168 157 2 8 91 32]
    2022/01/05 15:39:47 server/main:Open() received gcm Object ID = [66 56 53 49 50 52 51 48]
    2022/01/05 15:39:47 server/main:Open() Valid gcm address received
    2022/01/05 15:39:47 server/main:Open() Leaving
    panic: crypto/cipher: incorrect nonce length given to GCM
    
    goroutine 972 [running]:
    crypto/aes.(*gcmAsm).Open(0xb8452280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb83da0a0, 0x4d, 0x50, ...)
    /usr/local/go/src/crypto/aes/aes_gcm.go:140 +0x654
    main.(*server).Open(0xfdd698, 0xc0b040, 0xb8326000, 0xb8239340, 0x0, 0x0, 0x0)
    /root/g_test2/session_management/golang/server/main.go:335 +0x768
    session_management/golang/_golang.Golang_Open_Handler(0xae3a60, 0xfdd698, 0xc0b040, 0xb8326000, 0xb81c4240, 0x0, 0xc0b040, 0xb8326000, 0xb8310540, 0x6d)
    /root/g_test2/session_management/_golang/_golang/_golang_grpc.pb.go:267 +0x214
    google.golang.org/grpc.(*Server).processUnaryRPC(0xb824b180, 0xc10d00, 0xb8800a80, 0xb847c000, 0xb821f8f0, 0xf9f410, 0x0, 0x0, 0x0)
    /usr/local/pkg/mod/google.golang.org/[email protected]/server.go:1282 +0x522
    google.golang.org/grpc.(*Server).handleStream(0xb824b180, 0xc10d00, 0xb8800a80, 0xb847c000, 0x0)
    /usr/local/pkg/mod/google.golang.org/[email protected]/server.go:1616 +0xd05
    google.golang.org/grpc.(*Server).serveStreams.func1.2(0xb858a0d0, 0xb824b180, 0xc10d00, 0xb8800a80, 0xb847c000)
    /usr/local/pkg/mod/google.golang.org/[email protected]/server.go:921 +0xa5
    created by google.golang.org/grpc.(*Server).serveStreams.func1
    /usr/local/pkg/mod/google.golang.org/[email protected]/server.go:919 +0x1fd
    
    

    Anyone has idea/suggestions on this ?

    Thanks in advance, -Vijay.

  • Low-level /dev/attestation interface

    Low-level /dev/attestation interface

    Description of the problem

    read file /dev/attestation/my_target_info failed . I donot gnow why There is no exception when running hellowrld in the grain environment, but an error is reported when calling the low level interface

    Steps to reproduce

    sgx_target_info_t target_info;
    bytes = file_read_f("/dev/attestation/my_target_info", (char*)&target_info,
                        sizeof(target_info));
    if (bytes != sizeof(target_info)) {
        /* error is already printed by file_read_f() */
        return FAILURE;
    }
    

    return 0;

    Expected results

    I want the return value to be 0

    Actual results

    In fact, reading the interface failed and returned - 1

    Gramine commit hash

    1.1.3

  • Add new system calls to gramine

    Add new system calls to gramine

    Description of the feature

    One of the cloud use cases is to pull docker image and unpack the image. During the unpacking process, directory timestamps need to be updated after all files are extracted using utimenstat system call, but this system call is not available in gramine. Both symlink and hardlink are used to keep the link files during unpacking, but symlink and linkat system calls are not available in gramine either. We need add these three system calls: utimenstat, symlink and linkat.

    Why Gramine should implement it?

    tar-rs crate only preserve timestamps of files. symlink file and directory are not covered, which is the reason why utimenstat is needed to add time stamp to directory and symlink file.

    Without symlink and linkat, the only way to work around it will be to copy files, but it is not only inefficient for the large files, but also could not keep files syn-up with each other.

  • [RFC] Add EDMM support

    [RFC] Add EDMM support

    Description of the changes

    Probably requires documentation and comments, but should be enough for beta testing.

    How to test this PR?

    Get a EDMM capable machine with EDMM capable SGX2 kernel driver and add sgx.edmm_enable = true to manifests.


    This change is Reviewable

  • [LibOS,PAL] Reduce lock contention caused by malloc() in poll

    [LibOS,PAL] Reduce lock contention caused by malloc() in poll

    Description of the changes

    Current implementation of poll syscall uses multiple malloc and free. When the number of threads calling poll is high, the lock contention limits the application performance. This PR tries to use stack space when the space being allocated is small, and reduces such lock contention.

    How to test this PR?

    Run the MySQL example on one server and use Sysbench to test it from another. When the number of threads in Sysbench is set to 128, the result TPS is >50% better than the original code.


    This change is Reviewable

  • Client side error while running the ra-tls-secret-prov example

    Client side error while running the ra-tls-secret-prov example

    Description of the problem

    Hi,

    While running the command gramine-sgx ./client, the following error was encountered:-

    [[email protected] secret_prov_pf]# gramine-sgx ./client
    Gramine is starting. Parsing TOML manifest file, this may take some time...
    -----------------------------------------------------------------------------------------------------------------------
    Gramine detected the following insecure configurations:
    
      - sgx.debug = true                           (this is a debug enclave)
      - loader.insecure__use_cmdline_argv = true   (forwarding command-line args from untrusted host to the app)
      - sgx.allowed_files = [ ... ]                (some files are passed through from untrusted host without verification)
    
    Gramine will continue application execution, but this configuration must not be used in production!
    -----------------------------------------------------------------------------------------------------------------------
    
    /client: symbol lookup error: /usr/lib64/libpthread.so.0: undefined symbol: __libc_siglongjmp, version GLIBC_PRIVATE
    

    System Specs:- RHEL 8.6, Kernel:- 4.18.0-348.20.1.el8_5.x86_64

    Thanks

    Steps to reproduce

    No response

    Expected results

    No response

    Actual results

    No response

    Gramine commit hash

    e18bc05b17fd704b259cb0401f928dc4ec5199a6

  • Gramine Failures for Ubuntu 22.04

    Gramine Failures for Ubuntu 22.04

    Description of the problem

    List of failures for Ubuntu 22.04

    1. Python Fix #938 (SGX)
    2. Nginx (Native, SGX)
    3. R (4.1.2) (SGX)

    Nginx:

    With the latest Ubuntu 22.04 support nginx-1.16 is not compatible with openssl version(3.0.2).
    For most of the cases, we were getting deprecated messages
    src/event/ngx_event_openssl.c:5125:5: error: ‘ENGINE_set_default’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
    src/event/ngx_event_openssl.c:5117:5: error: ‘ENGINE_by_id’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
    etc.
    

    We upgraded the nginx version to 1.22 for both Ubuntu 18.04 & 22.04 and it worked.

    Ubuntu 18.04

    ls
    Makefile   install              nginx-gramine.conf.template  nginx.manifest.template  nginx_args
    OUTPUT     nginx-1.22.0         nginx.manifest               nginx.sig                result-221114-064543
    README.md  nginx-1.22.0.tar.gz  nginx.manifest.sgx           nginx.token              ssl
    
    
    openssl version
    OpenSSL 1.1.1  11 Sep 2018
    
    
    LOOP=1 CONCURRENCY_LIST="1 32" ../common_tools/benchmark-http.sh http://127.0.0.1:8002
    wrk -c 300 -d 30 -t 1 -R 10000 http://127.0.0.1:8002/random/10K.1.html
    Run = 1 Concurrency = 1 Per thread Throughput (bytes) = 6950.00, Latency (ms) = 2500.00
    wrk -c 300 -d 30 -t 32 -R 10000 http://127.0.0.1:8002/random/10K.1.html
    Run = 1 Concurrency = 32 Per thread Throughput (bytes) = 222.09, Latency (ms) = 2340.00
    Concurrency =   1: Per Thread Median Througput (bytes) =  6950.000, Latency (ms) =  2500.000
    Concurrency =  32: Per Thread Median Througput (bytes) =   222.090, Latency (ms) =  2340.000
    Result file: result-221114-064543
    
    

    Ubuntu 22.04

    ls
    Makefile   install              nginx-1.22.0.tar.gz          nginx.manifest.sgx       nginx.token           ssl
    OUTPUT     nginx-1.16.1.tar.gz  nginx-gramine.conf.template  nginx.manifest.template  nginx_args
    README.md  nginx-1.22.0         nginx.manifest               nginx.sig                result-221114-064453
    
    openssl version
    OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
    
    
    LOOP=1 CONCURRENCY_LIST="1 32" ../common_tools/benchmark-http.sh http://127.0.0.1:8002
    wrk -c 300 -d 30 -t 1 -R 10000 http://127.0.0.1:8002/random/10K.1.html
    Run = 1 Concurrency = 1 Per thread Throughput (bytes) = 10430.00, Latency (ms) = 4.26
    wrk -c 300 -d 30 -t 32 -R 10000 http://127.0.0.1:8002/random/10K.1.html
    Run = 1 Concurrency = 32 Per thread Throughput (bytes) = 329.51, Latency (ms) = 1.30
    Concurrency =   1: Per Thread Median Througput (bytes) = 10430.000, Latency (ms) =     4.260
    Concurrency =  32: Per Thread Median Througput (bytes) =   329.510, Latency (ms) =     1.300
    Result file: result-221114-064453
    

    R: R version has been updated in Ubuntu 22.04 and now, it fails with below error. Also, R.manifest.template is not being updated to use max_threads error: There are no available TCS pages left for a new thread! Please try to increase sgx.max_threads in the manifest. The current value is 4 Segmentation fault (core dumped)

    Steps to reproduce

    Gramine: 670cc12609520d01ca4e73af37d57f975faa215d Ubuntu 22.04 Dockerfile: Dockerfile

    Create a docker container for Ubuntu 22.04 Build Gramine Run Python, Nginx and R workload

    Expected results

    Python, R and nginx all should be passed

    Actual results

    Python & R as well for Gramine-SGX whereas nginx is failed for both Gramine-Direct & Gramine SGX

    Gramine commit hash

    670cc12609520d01ca4e73af37d57f975faa215d

A fast multi-producer, multi-consumer lock-free concurrent queue for C++11

moodycamel::ConcurrentQueue An industrial-strength lock-free queue for C++. Note: If all you need is a single-producer, single-consumer queue, I have

Dec 1, 2022
A bounded multi-producer multi-consumer concurrent queue written in C++11
A bounded multi-producer multi-consumer concurrent queue written in C++11

MPMCQueue.h A bounded multi-producer multi-consumer concurrent queue written in C++11. It's battle hardened and used daily in production: In the Frost

Nov 25, 2022
C++11 thread safe, multi-producer, multi-consumer blocking queue, stack & priority queue class

BlockingCollection BlockingCollection is a C++11 thread safe collection class that provides the following features: Modeled after .NET BlockingCollect

Nov 23, 2022
This is a study on how to do create a queue via IPC (inter-process communication)

IPC queue This is a study on how to do create a queue via IPC (inter-process communication). Please take a look at the examples of producer and consum

Nov 28, 2022
A library for enabling task-based multi-threading. It allows execution of task graphs with arbitrary dependencies.

Fiber Tasking Lib This is a library for enabling task-based multi-threading. It allows execution of task graphs with arbitrary dependencies. Dependenc

Nov 18, 2022
Fork of rpmalloc to be used with single thread applications and old C compilers

srpmalloc - Small rpmalloc This is a fork of rpmalloc, with the intent to be used in single threaded applications only, with old C99 compilers, and in

Oct 28, 2022
Optimized primitives for collective multi-GPU communication

NCCL Optimized primitives for inter-GPU communication. Introduction NCCL (pronounced "Nickel") is a stand-alone library of standard communication rout

Nov 24, 2022
Powerful multi-threaded coroutine dispatcher and parallel execution engine

Quantum Library : A scalable C++ coroutine framework Quantum is a full-featured and powerful C++ framework build on top of the Boost coroutine library

Nov 28, 2022
lc is a fast multi-threaded line counter.
lc is a fast multi-threaded line counter.

Fast multi-threaded line counter in Modern C++ (2-10x faster than `wc -l` for large files)

Oct 25, 2022
Multi-backend implementation of SYCL for CPUs and GPUs
Multi-backend implementation of SYCL for CPUs and GPUs

hipSYCL - a SYCL implementation for CPUs and GPUs hipSYCL is a modern SYCL implementation targeting CPUs and GPUs, with a focus on leveraging existing

Nov 24, 2022
KRATOS Multiphysics ("Kratos") is a framework for building parallel, multi-disciplinary simulation software
KRATOS Multiphysics (

KRATOS Multiphysics ("Kratos") is a framework for building parallel, multi-disciplinary simulation software, aiming at modularity, extensibility, and high performance. Kratos is written in C++, and counts with an extensive Python interface.

Dec 5, 2022
This is a C++ package for multi-armed bandit simulations

This is a C++ package for multi-armed bandit simulations.

Nov 22, 2022
Async GRPC with C++20 coroutine support

agrpc Build an elegant GRPC async interface with C++20 coroutine and libunifex (target for C++23 executor). Get started mkdir build && cd build conan

Nov 15, 2022
EnkiTS - A permissively licensed C and C++ Task Scheduler for creating parallel programs. Requires C++11 support.
EnkiTS - A permissively licensed C and C++ Task Scheduler for creating parallel programs. Requires C++11 support.

Support development of enkiTS through Github Sponsors or Patreon enkiTS Master branch Dev branch enki Task Scheduler A permissively licensed C and C++

Nov 29, 2022
Simple example for running code on VPU from Linux

VPU-example Simple example for running code on VPU from Linux Toggling GPIO2 on a Raspberry Pi, see code.asm Based on https://github.com/ali1234/vcpok

Aug 2, 2022
The LKM rootkit working in Linux Kernels 2.6.x/3.x/4.x/5.x
The LKM rootkit working in Linux Kernels 2.6.x/3.x/4.x/5.x

BrokePkg Brokepkg is a LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x and ARM64, with suport after kernel 5.7, without kallsyms_lookup_name. Tested o

Nov 25, 2022
Complementary Concurrency Programs for course "Linux Kernel Internals"

Complementary Programs for course "Linux Kernel Internals" Project Listing tpool: A lightweight thread pool. tinync: A tiny nc implementation using co

Nov 18, 2022
High Performance Linux C++ Network Programming Framework based on IO Multiplexing and Thread Pool

Kingpin is a C++ network programming framework based on TCP/IP + epoll + pthread, aims to implement a library for the high concurrent servers and clie

Oct 19, 2022
Bolt is a C++ template library optimized for GPUs. Bolt provides high-performance library implementations for common algorithms such as scan, reduce, transform, and sort.

Bolt is a C++ template library optimized for heterogeneous computing. Bolt is designed to provide high-performance library implementations for common

Nov 27, 2022