From dev-return-117-archive-asf-public=cust-asf.ponee.io@tvm.apache.org Fri Apr 5 07:46:52 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 1CF9A18060F for ; Fri, 5 Apr 2019 09:46:51 +0200 (CEST) Received: (qmail 11555 invoked by uid 500); 5 Apr 2019 07:46:51 -0000 Mailing-List: contact dev-help@tvm.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@tvm.apache.org Delivered-To: mailing list dev@tvm.apache.org Received: (qmail 11543 invoked by uid 99); 5 Apr 2019 07:46:50 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Apr 2019 07:46:50 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 011B2180A20 for ; Fri, 5 Apr 2019 07:46:50 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.898 X-Spam-Level: X-Spam-Status: No, score=0.898 tagged_above=-999 required=6.31 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=2, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id GffUNs8dpslN for ; Fri, 5 Apr 2019 07:46:48 +0000 (UTC) Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 7ADE15FE34 for ; Fri, 5 Apr 2019 07:46:47 +0000 (UTC) Received: by mail-ed1-f48.google.com with SMTP id h22so4620749edw.7 for ; Fri, 05 Apr 2019 00:46:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:delivered-to:date:dkim-signature:from:reply-to :to:cc:message-id:in-reply-to:references:subject:mime-version :content-transfer-encoding:precedence:list-id:list-archive:list-post :list-unsubscribe; bh=x0hq5C6pHGOiPAd4NYLG7c+VOTUQbfZnoNoxcEou8rQ=; b=Bkcjjg+U/RZYwx2PEOqCxzrTMR1M971C13KZlNwpl0UYHQZ77bZqZNrh0wueZyRm+E 0WAaR/myhrlMeVpAg1KtgNxQuSxvdGh2pMDUogRYYEPrCXXTb91sbkj97t4+gbJjqxbT CRgc5HTNZdYqLMAi0cyZIByI2z8FhXlXUkKK57v7eXtvq8zqlOM8pNusT2VkewQnuwri h7mFlRvRpdAa8A6Z126zhQdWh6SJlDyQYrhEys+iZquONpLjE91mlNZNgM+Ir72Wp4Y2 NApur3wWk7Iu5WtwX0VuzLHcF05AcnaotYcw0h1idD1A4zSx+KOkWY8yqUjueTH3GnIY xHDA== X-Gm-Message-State: APjAAAWjnhRy85wkUn8o1oNvasLzZN/nV4qRWPrsYmeEnGoSDF4k9MlW GUeHF0IJ7wNioHtaOf/3BrBwOKwhs9ehtnK9STb/lYa++a+1F+Y= X-Received: by 2002:a50:ad23:: with SMTP id y32mr6953730edc.90.1554450407285; Fri, 05 Apr 2019 00:46:47 -0700 (PDT) X-Forwarded-To: dev@tvm.apache.org X-Forwarded-For: tvm.archiver@gmail.com dev@tvm.apache.org Delivered-To: tvm.archiver@gmail.com Received: by 2002:a50:cf4b:0:0:0:0:0 with SMTP id d11csp149356edk; Fri, 5 Apr 2019 00:46:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqz63233rfLiXkQ75bR9nox4ZtL8FWzFuqnTkwkpt8S30hxmc4C6kwwiqn21tQy8e1REMEVZ X-Received: by 2002:ac8:1a5a:: with SMTP id q26mr9352711qtk.283.1554450405904; Fri, 05 Apr 2019 00:46:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554450405; cv=none; d=google.com; s=arc-20160816; b=sp68W0UlMon2N6xDvVitDmKy0OYBHWtM833TSkWfbFCFx9IK57peNSDjxXHmPexmuE l4y3Fbv/AHHx5it675fWbNMAxbPeZt9RvundqOiYnVYdoaBBYvxUT9NpP0v4jIY4i2Eq MyIhdQfo8mu9bwN3y5skQUVnp3H89eE8yRhjEPTjz5ZE6NXZT9euRDfbmzO+ZcdIvISX cBuGIRqlWeQn0Iu5lpr6O6yia4jD3691UNBUtx1jutoLoQ3SWkZdcbWXdrPJd1C7bTgY b1T8r+xlxMACODZ4+wDTOfb1PJie8jtkTdNvNkaXXtmF4/IoeRcr6/WDMuxXD+2f8M/E Zgeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-post:list-archive:list-id:precedence :content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:reply-to:from:dkim-signature:date; bh=x0hq5C6pHGOiPAd4NYLG7c+VOTUQbfZnoNoxcEou8rQ=; b=VUrzWIfz28Npc2gzmOh1JaHLIDaEn0rN8BtDOLks4+2FMv+BgmEhcAB7gh6EpJc036 mzyWP6tl9h945sCe8gk+yx/nD7yGejosfKZ1Ap06a7mthUXJqMcMpVs8HPw424nDuUZA f4XD7Nq5seydNEcDuzABrs2CRpG5RBL7OdZYwTbCx1HkB+OPJWVIk94xgKszBopZd0YD MdhN6n9M4SLMHrSN+T5TT4PTrD7Owfv1ZbbTwzGKlIHTItPeqH9//4wJSt6y7LvLBNnD tYIU72gM+KGN2qGs9JniAoYcjapUT0NlId+rfFYcaORXDA1Vo2m5nt17+RMQ4q86ygxu DeOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass (test mode) header.i=@github.com header.s=pf2014 header.b="HioD/0NX"; spf=pass (google.com: domain of noreply@github.com designates 192.30.252.192 as permitted sender) smtp.mailfrom=noreply@github.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=github.com Received: from out-1.smtp.github.com (out-1.smtp.github.com. [192.30.252.192]) by mx.google.com with ESMTPS id k19si10315678qvf.134.2019.04.05.00.46.45 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 05 Apr 2019 00:46:45 -0700 (PDT) Received-SPF: pass (google.com: domain of noreply@github.com designates 192.30.252.192 as permitted sender) client-ip=192.30.252.192; Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@github.com header.s=pf2014 header.b="HioD/0NX"; spf=pass (google.com: domain of noreply@github.com designates 192.30.252.192 as permitted sender) smtp.mailfrom=noreply@github.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=github.com Date: Fri, 05 Apr 2019 00:46:45 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1554450405; bh=x0hq5C6pHGOiPAd4NYLG7c+VOTUQbfZnoNoxcEou8rQ=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=HioD/0NXvzlnCqeIrejL2g89thPqj2WhQYZez3An0FmMmrGauvs1n2QSyLszVn66K suINeRJIgZvovtsUYMo3J7MxQ9pkO3xl4I/zeNBbhP7MvgAJv+QjbEy6v/M8C5zeHp uG2CTT9EkHxiAIfaHaTjribW36ZWibUvEINKk2eQ= From: Nick Hynes Reply-To: dmlc/tvm To: dmlc/tvm Cc: Subscribed Message-ID: In-Reply-To: References: Subject: Re: [dmlc/tvm] [RFC][SGX] Use Fortanix EDP instead of rust-sgx-sdk (#2887) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5ca707e58a4de_202f3fe6a50d45b4799b5"; charset=UTF-8 Content-Transfer-Encoding: 7bit X-GitHub-Sender: nhynes X-GitHub-Recipient: tvm-archiver X-GitHub-Reason: subscribed List-Archive: https://github.com/dmlc/tvm X-Auto-Response-Suppress: All X-GitHub-Recipient-Address: tvm.archiver@gmail.com ----==_mimepart_5ca707e58a4de_202f3fe6a50d45b4799b5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit For others' reference, the [rust-sgx-sdk `Mutex` uses a spinlock provided by the sgx libc](https://github.com/intel/linux-sgx/blob/d10cabebb5512878e84f5d21cdf27c39c428ffe2/sdk/tlibthread/sethread_mutex.cpp#L74). > depending on untrusted Mutex Right, but all the untrusted OS can do is not provide threads. That only compromises availability, and the untrusted system is always able to harm availability--correctness is not affected. > LibOS-like Rust-SGX environment without any ability to control/audit the usercalls This is a fair point. Allowing a supposedly secure enclave to trivially access untrusted functions like `fs`, `net`, and `time` is not a good model for users who don't understand the security implications of doing so. The approach of r-s-s which makes these modules private is certainly the more secure approach. For experienced users and library authors, however, usercalls offer greater usability. > pwasm-std FWIW, without wasi, `fs` doesn't compile under `wasm32-unknown-*`. (sys|user)calls aside, pwasm-std unnecessarily limits itself by not including the standard library. Their focus is not security, but rather, ensuring that consensus succeeds. Of course, disallowing structures like `HashMap` is an oversight since their serialization is, in fact, canonical. Similarly with their disallowing floats: it's totally possible to do flops if one "simply" canonicalizes the Wasm NaN representation (or all of the miners use a single architecture). Of course, pwasm is unrelated to the matter at hand :) As another point in favor of the fortanix edp, there's substantially lower overhead from ecalls/ocalls since it transparently implements switchless. Overall, if the TVM runtime using more than just `std::thread` and those threads _weren't_ embarrassingly parallel, I'd be more concerned about security. The main boons of switching are maintainability and usability. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/dmlc/tvm/issues/2887#issuecomment-480180856 ----==_mimepart_5ca707e58a4de_202f3fe6a50d45b4799b5--