Function not implemented (src/ip.cpp:563) in testing GSC container

[ntk97]

Function not implemented (src/ip.cpp:563) in testing GSC container

Trying to the integrate Avalon with Graphene, while testing the GSC build container with simple client without Avalon.

Steps to reproduce

Build the avalon-python worker base image by following below steps

• git clone https://github.com/hyperledger/avalon.git
• cd avalon/tc/graphene/python_worker/
• docker-compose build builds the docker image avalon-python-worker-dev
• Build Graphene GSC by following the doc https://graphene.readthedocs.io/en/latest/quickstart.html#quick-start-with-sgx-support
• git clone https://github.com/gramineproject/graphene.git
• cd Tools/gsc
• cp config.yaml.template config.yaml
• openssl genrsa -3 -out enclave-key.pem 3072
• ./gsc build --insecure-args avaolon-python-worker-dev test/ubuntu18.04-python3.manifest
• ./gsc sign-image avalon-python-worker-dev enclave-key.pem
• docker run --device=/dev/sgx_enclave -it --entrypoint /bin/bash gsc-avalon-python-worker-dev
• GSC build for avalon-python-image is successful

  Next while testing the above GSC image without Avalon by following the steps

• https://github.com/hyperledger/avalon/tree/main/tc/graphene/python_worker#test-python-worker-using-test-client-without-avalon-1
• cd avalon/tc/graphene/python_worker/
• docker-compose -f docker-compose.yaml -f compose/graphene-sgx.yaml up

  During execution of docker command for testing Graphene GSC without Avalon, throws Function not implemented (src/ip.cpp:563) . Unable to locate the file src/ip.cpp file.

Content of graphene-sgx.yaml in the path avalon/tc/graphene/python_worker/compose/graphene-sgx.yaml is mentioned below

version: '3.5'

services:
  process-work-order:
    image: gsc-avalon-python-worker-dev
    devices:
      - "dev/sgx_enclave:/dev/sgx_enclave"

Content of modified python manifest file in the pathgraphene/Tools/gsc/test/ubuntu18.04-python3.manifest is mentioned below

sgx.enclave_size = "256M"
sgx.thread_num = 8
sgx.allow_file_creation = 1
sgx.file_check_policy = "allow_all_but_log"

# the below three lines are for testing internal GSC logic (they must be skipped); note that
# the dummy3 line is skipped by GSC because it contains an illegal "=" inside filename

# sgx.allowed_files.dummy1 = "file:commented-out-with-space"
#sgx.allowed_files.dummy2 = "file:commented-out"
# sgx.allowed_files.dummy3 = "file:weird=file"

# the below files may differ from Docker container to Docker container, so they are marked as
# allowed (this may be insecure if untrusted host maliciously modified these files!)
# sgx.allowed_files.etchostname = "file:/etc/hostname"
# sgx.allowed_files.etchosts    = "file:/etc/hosts"
# sgx.allowed_files.etcresolv   = "file:/etc/resolv.conf"

sgx.allowed_files = [
  "file:/usr/local/lib/python3.9/",
  "file:/home/python_worker/bash", # for getdents test
  "file:/etc/hostname",
  "file:/etc/hosts",
  "file:/etc/resolv.conf",
  "file:/root/.python_history-00001.tmp",
  "file:/tmp"
]

[dimakuv]

During execution of docker command for testing Graphene GSC without Avalon, throws Function not implemented (src/ip.cpp:563) . Unable to locate the file src/ip.cpp file.

Sorry but this is not a Graphene problem. You should be asking Avalon people what this src/ip.cpp file could be.

Anyways, quick googling lead me to this: https://github.com/zeromq/libzmq/blob/5d8d857540323e2d85c64a7edde1ad5280cad04b/src/ip.cpp#L563. This feels like a right hit, so probably Avalon uses libzmq (ZeroMQ, https://github.com/zeromq/libzmq).

Looking at that code, we see this system call executing: https://github.com/zeromq/libzmq/blob/5d8d857540323e2d85c64a7edde1ad5280cad04b/src/ip.cpp#L561. This is eventfd(), which is disable in Graphene by default. See https://gramine.readthedocs.io/en/latest/manifest-syntax.html#allowing-eventfd.

So you can try to add this line to your manifest file:

sys.insecure__allow_eventfd = true

[ntk97]

Enabling theeventfd() by adding sys.insecure__allow_eventfd = true in manifest resolved the issue.