Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Concurrency verification behavior in QVL Impacted by QVE Policy #402

Open
ChengyuZhu6 opened this issue May 21, 2024 · 5 comments
Open

Concurrency verification behavior in QVL Impacted by QVE Policy #402

ChengyuZhu6 opened this issue May 21, 2024 · 5 comments

Comments

@ChengyuZhu6
Copy link

We have observed that the concurrency logic in QVL is being influenced by QVE policy. This behavior seems unintended and could lead to inconsistent handling of concurrent verifiction requests in QVL.

Expected Behavior

The qve_policy is designed to impact QVE verification exclusively. Ideally, qve_policy should not affect the QVL's functionality.

Current Behavior

Currently, QVL processes received verification requests serially by default. The default value of qve_policy is set to SGX_QL_PERSISTENT (which is equivalent to SGX_QL_DEFAULT). However, when we configure the qve_policy value to SGX_QL_PERSISTENT_QVE_MULTI_THREAD, QVL is capable of processing verification requests concurrently.

SGXDataCenterAttestationPrimitives/QuoteVerification/dcap_quoteverify/sgx_dcap_quoteverify.cpp

Lines 504 to 515 in 45554a7

//untrsuted quote verification
//
else {
if (tee_type == SGX_EVIDENCE)
class_type = CLASS_SGX_QVL;
if (tee_type == TDX_EVIDENCE)
class_type = CLASS_TDX_QVL;
}
if (g_qve_policy == SGX_QL_PERSISTENT || g_qve_policy == SGX_QL_EPHEMERAL) {
std::lock_guard<std::mutex> lock(qve_mutex);

ChengyuZhu6 added a commit to ChengyuZhu6/trustee that referenced this issue May 21, 2024
@ChengyuZhu6
verifier:tdx: Refactor code to reference the verification issue
42a2ae6 
Refactor code to reference issue: intel/SGXDataCenterAttestationPrimitives#402

Fixes: confidential-containers#386 -- part II

Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
@hyjiang
Copy link
Contributor

hyjiang commented May 21, 2024

This is by design because we want to guarantee the default behavior of QVL/QvE keep unchanged with old DCAP release. In the other words, the legacy mode SGX_QL_PERSISTENT and SGX_QL_EPHEMERAL don't have multiple thread support from the very beginning.

So we added two new modes SGX_QL_EPHEMERAL_QVE_MULTI_THREAD and SGX_QL_PERSISTENT_QVE_MULTI_THREAD to improve the performance. If you have performance requirement, please use these 2 new modes.

ChengyuZhu6 added a commit to ChengyuZhu6/trustee that referenced this issue May 21, 2024
@ChengyuZhu6
verifier:tdx: Refactor code to reference the verification issue
c5696cc 
Refactor code to reference issue: intel/SGXDataCenterAttestationPrimitives#402

Fixes: confidential-containers#386 -- part II

Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
ChengyuZhu6 added a commit to ChengyuZhu6/trustee that referenced this issue May 21, 2024
@ChengyuZhu6
verifier:tdx: Refactor code to reference the verification issue
b40b233 
Refactor code to reference issue: intel/SGXDataCenterAttestationPrimitives#402

Fixes: confidential-containers#386 -- part II

Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
@ChengyuZhu6
Copy link
Author

This is by design because we want to guarantee the default behavior of QVL/QvE keep unchanged with old DCAP release. In the other words, the legacy mode SGX_QL_PERSISTENT and SGX_QL_EPHEMERAL don't have multiple thread support from the very beginning.

So we added two new modes SGX_QL_EPHEMERAL_QVE_MULTI_THREAD and SGX_QL_PERSISTENT_QVE_MULTI_THREAD to improve the performance. If you have performance requirement, please use these 2 new modes.

Thanks for your information.

@mythi
Copy link

mythi commented May 21, 2024

Ideally, qve_policy should not affect the QVL's functionality.

@hyjiang The case here is that the user has explicitly chosen not to use QVE so why they still need to care about the load policy

@hyjiang
Copy link
Contributor

hyjiang commented May 22, 2024

Ideally, qve_policy should not affect the QVL's functionality.

@hyjiang The case here is that the user has explicitly chosen not to use QVE so why they still need to care about the load policy

You're right, the overall solution doesn't seem perfect at the moment. This is because the previous QVL/QvE did not support multithreading, and when we consider adding multithreading support, we need to keep the original behavior unchanged.
So you need to set a different mode as a switch, as a result, the existing loading QvE policy API has been reused.

@mythi
Copy link

mythi commented May 22, 2024

So you need to set a different mode as a switch, as a result, the existing loading QvE policy API has been reused.

Do you have the behavior documented so that we could point our code to it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mythi @hyjiang @ChengyuZhu6