-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nginx
performance degradation in Gramine-SGX
attributed to SHA256 hashing
#1712
Comments
@sahason please update the perf table when you bypass hash verification |
Updated the issue with perf table when hash verification is bypassed by not calling |
Thanks for reporting the perf numbers, I didn't expect such a huge overhead of trusted-files hash comparison. This is because Nginx relies on the Linux kernel's Page Cache feature (see https://en.wikipedia.org/wiki/Page_cache) as an optimization. So once Linux reads the file contents, they stay in main memory (until kicked out due to some cache-eviction policy). This means that on bare Linux, opening the file and reading from it is a very fast operation. Gramine doesn't implement a Page Cache feature, so it doesn't have the optimization of keeping the trusted file in enclave memory. Please note that for allowed files this is irrelevant as they don't have hashing, and for protected files also irrelevant as protected files already have a caching optimization. So the solution would be to implement a Page Cache for trusted files. This shouldn't be hard, we have the LRU-cache building blocks (implemented for Protected Files), just need to agree on the policy and on how we expose it to users and how we allow to fine-tune it. Memory is precious resource in SGX enclaves, so we should not hard-code a limit that would set aside too few/too much enclave memory for this Page Cache. |
The Page Cache I proposed above should have a size. I propose to use rlimits for this: #1714 (comment) For this particular issue, we could have a new non-standard rlimit: |
Why rlimit? What will |
Good question, I don't know :) I guess this will be disallowed, or it will mean "default" (which is a terminology overload, which is bad). |
I'm not convinced about taking Linux APIs and adding special cases in them with different meanings inside Gramine than in Linux... And I'm not sure anyone will actually modify the app to dynamically adjust this, people usually just use some existing apps like nginx already mentioned here? So, I'd rather do a separate manifest option for this or, if you want dynamic control, have a special file in |
We see more and more people using Gramine as an "SDK on steroids", not just throwing an existing unmodified app into the enclave.
Ok, yes, I don't mind having another user-facing API. |
@dimakuv Thanks for the analysis. I have one query. How do we handle this scenerio - with page cache feature for trusted files if the cached part of the trusted file (stored inside enclave) becomes stale when the file in disk modified by malicious host? Currently before computing the hash we read the data so we are always having latest data and able to catch any hash verification fail. |
@sahason There are actually two algorithms at play:
So in your scenario, if the partial data is read from the malicious host (the data is maliciously modified), then algorithm 2 kicks in. This is already implemented and is always done. |
Description of the problem
Poor performance of Nginx in Gramine-SGX is seen due to ~60% overhead of
mbedtls_sha256_update
. Please see the attached perf report.We used
wrk
benchmarking tool to compare the performance of Nginx on Native and Gramine-SGX with threads 1 and 64. Thewrk
command used:wrk -t64 -c300 -d30s http://127.0.0.1:8002/random/10K.1.html
. The statistics of Throughput (Requests/sec) shows a poor performance of Nginx in Garmine-SGX.Few observations:
10K.1.html
underallowed files
inmanifest
file improves the performance.SHA256
calls incopy_and_verify_trusted_files
improves the performance a lot. Please check below table.Please suggest how can we improve the throughput.
With 64 threads:
Steps to reproduce
Build and run Nginx server:
cd CI-Examples/nginx
nginx-gramine.conf.template
with the below datamake SGX=1
gramine-sgx nginx
Run benchmark:
wrk -t64 -c300 -d30s http://127.0.0.1:8002/random/10K.1.html
Expected results
No response
Actual results
No response
Gramine commit hash
1f72aaf
The text was updated successfully, but these errors were encountered: