You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@teaclave.apache.org by GitBox <gi...@apache.org> on 2020/05/27 04:04:56 UTC

[GitHub] [incubator-teaclave-sgx-sdk] fredfortier opened a new issue #240: TLS -> TCS policy must be bound

fredfortier opened a new issue #240:
URL: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/240


   I recently upgraded to sdk 1.1.2, and I'm getting this error with a TLS client similar to the example provided.
   ```
   thread '<unnamed>' panicked at 'Can not access a Thread Local Storage value: AccessError { msg: "If TLS data needs to be destructed, TCS policy must be Bound." }', /root/.cargo/git/checkouts/teaclave-sgx-sdk-be25c2ad2f03718d/253b3ac/sgx_tstd/src/thread/local.rs:148:9
   note: Call backtrace::enable_backtrace with 'PrintFormat::Short/Full' for a backtrace.
   fatal runtime error: failed to initiate panic, error 5
   ``
   Any clues on how to investigate would be appreciated.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org

[GitHub] [incubator-teaclave-sgx-sdk] volcano0dr commented on issue #240: TLS -> TCS policy must be bound

Posted by GitBox <gi...@apache.org>.

volcano0dr commented on issue #240:
URL: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/240#issuecomment-633832339


   When `TCSPOLICY = UNBOUND`, each root ECALL will re-initialize thread local storage, so in most cases, when using thread local storage, you should configure the enclave TCS policy to bound.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org

[GitHub] [incubator-teaclave-sgx-sdk] fredfortier closed issue #240: TLS -> TCS policy must be bound

Posted by GitBox <gi...@apache.org>.

fredfortier closed issue #240:
URL: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/240


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org

[GitHub] [incubator-teaclave-sgx-sdk] fredfortier commented on issue #240: TLS -> TCS policy must be bound

Posted by GitBox <gi...@apache.org>.

fredfortier commented on issue #240:
URL: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/240#issuecomment-634181067


   Thank you so much guys! These were all the right clues. I did recently start using `rand::thread_rng` in the untrusted module. I suspect that this is what caused the error rather than the SDK upgrade. Setting `<TCSPolicy>0</TCSPolicy>` worked although I'm reading more about it to understand its ramification.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org

[GitHub] [incubator-teaclave-sgx-sdk] Zha0Chan commented on issue #240: TLS -> TCS policy must be bound

Posted by GitBox <gi...@apache.org>.

Zha0Chan commented on issue #240:
URL: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/240#issuecomment-633805976


   
   Please configure Enclave.config.xml
   > TCSPolicy TCS management policy.
   0 – TCS is bound to the untrusted
   thread.
   1 – TCS is not bound to the untrusted
   thread.
   
   https://download.01.org/intel-sgx/linux-2.2/docs/Intel_SGX_Developer_Reference_Linux_2.2_Open_Source.pdf
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org

[GitHub] [incubator-teaclave-sgx-sdk] dingelish commented on issue #240: TLS -> TCS policy must be bound

Posted by GitBox <gi...@apache.org>.

dingelish commented on issue #240:
URL: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/240#issuecomment-633824518


   > I recently upgraded to sdk 1.1.2, and I'm getting this error with a TLS client similar to the example provided.
   > 
   > ```
   > thread '<unnamed>' panicked at 'Can not access a Thread Local Storage value: AccessError { msg: "If TLS data needs to be destructed, TCS policy must be Bound." }', /root/.cargo/git/checkouts/teaclave-sgx-sdk-be25c2ad2f03718d/253b3ac/sgx_tstd/src/thread/local.rs:148:9
   > note: Call backtrace::enable_backtrace with 'PrintFormat::Short/Full' for a backtrace.
   > fatal runtime error: failed to initiate panic, error 5
   > ```
   > 
   > Any clues on how to investigate would be appreciated.
   
   The reason is that something is relying on thread local storage, while your enclave is configured as `TCSPOLICY = UNBOUND` which means your enclave does not support thread local storage.
   
   The most frequent case is using `rand::thread_rng`, which depends on thread local storage.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org