Comments (5)
Zxiaoyu95
commented on May 28, 2024
1
Ok,thank you @cpriebe ,now after update my ubuntu to 18.04,this problem has been resolved.
As the changelog shows,the 4.4.150 kernel and 4.17 kernel also resolved this bug.i believe it is available!
Thank you!
from sgx-lkl.
cpriebe
commented on May 28, 2024
This is most likely due to a Linux kernel bug introduced by the changes related to the L1TF/Foreshadow mitigations (see https://lkml.org/lkml/2018/8/14/887).
The actual bug and the fix are described here: https://lkml.org/lkml/2018/8/16/697
[...]
Manifested as an unexpected mprotect(..., PROT_NONE) failure when
called on a VMA that has VM_PFNMAP and was mmap'd to as something
other than PROT_NONE but never used. mprotect() sends the PROT_NONE
request down prot_none_walk(), which walks the PTEs to check the PFNs.
prot_none_pte_entry() gets the bogus PFN from pte_pfn() and returns
-EACCES because it thinks mprotect() is trying to adjust a high MMIO
address
This has already been patched upstream. Looking at the Ubuntu kernel changelogs (https://launchpad.net/ubuntu/+source/linux/+changelog, search for "x86/speculation/l1tf: Exempt zeroed PTEs from inversion"), it seems like the patch has been applied to the 4.17 kernel used by Ubuntu 18.10, but hasn't made it into the 16.04/18.04 LTS kernels.
To summarize, the solution here is to use a recent version of the kernel that includes the x86/speculation/l1tf: Exempt zeroed PTEs from inversion patch.
from sgx-lkl.
cpriebe
commented on May 28, 2024
This has been resolved a while ago in the official 16.04 and 18.10 Ubuntu kernels. This finally has been backported to the 4.15 kernel used by Ubuntu 18.04. The new kernel version that includes the fix has officially been released today.
See the corresponding bug report here: https://bugs.launchpad.net/ubuntu/+bug/1799237
For Ubuntu 18.04 the bug is fixed in kernel version 4.15.0-46.49.
I am closing this issue.
from sgx-lkl.
Zxiaoyu95
commented on May 28, 2024
hi @cpriebe ,Recently,I meet the same error when i running applications on the JVM on top of SGX-LKL(ubuntu16.04 4.15.0-46-generic ),to resolve the probleam,i must update ubuntu 16.04 to ubuntu 18.04?
from sgx-lkl.
cpriebe
commented on May 28, 2024
Hi @Zxiaoyu95
I am not entirely sure whether the fix is available as part of the Ubuntu 16.04 4.15 image (4.15.0-46.49~16.04.1). But it should be fixed in the 4.4 kernel that is used by 16.04 by default. You could downgrade to that. As you suggested, you could also update to 18.04. In any case, you need to use a kernel with the fix applied. Upstream this has been fixed from I believe 4.17.17 and onward.
You can check which of the official Ubuntu kernel images have the fix applied to them here:
https://launchpad.net/ubuntu/+source/linux/+changelog
Search for x86/speculation/l1tf: Exempt zeroed PTEs from inversion to find where and when the fix has been backported.
from sgx-lkl.
Related Issues (20)
- [Test] Enable back 5 tests failing with ethreads=1 after bugs fixed HOT 1
- [Test] LTP test is not reported failed if binary is not built successfully HOT 2
- [Test] Build only enabled LTP tests
- [Test] Fix LTP tests for sync_file_range02 and fdatasync03 HOT 1
- Dead code in sgx-lkl-musl HOT 3
- Linux kernel version 5.3 is no longer being updated with functional and security patches
- Feature: multi party attestation HOT 2
- Fix broken samples HOT 2
- A futex wait interrupted by a signal returns the wrong errno value (516 vs EINTR)
- branch cleanup-musl deleted ? HOT 2
- Benchmarking file system operations in the enclave; caching ? HOT 1
- problem with redis
- helloworld sample case failed in SGX1
- Unable to use JVM (openjdk-15) inside enclave
- Disk integrity protection status
- ERROR: Failed to map /geth: Resource busy
- helloworld fails on SGX2
- SGX driver used by OpenEnclave is not supported by the latest Ubuntu 18.04 (kernel version 5.4.0)
- Specify the Maximum Heap Size in Enclave HOT 1
- ERROR: Failed to map /foo: Resource busy
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sgx-lkl.