I realize the open file for accept4 will have a limit by ulimit -n max opening file in parallel, which also limits the accept4 syscall. It was reset by kernel updates. Some nginx upload file limits also may be the outcome of this. After setting it to 65534, no 443 and 80 highjacks will be enforced.
Sounds like I'm messed up the mount of overlay hostPath that stores the containers when updating from centos7 to 8-stream. I also noticed that 9-stream is in beta.
[root@ecs-t6-large-2-linux-20190912001402 ~]# podman ps
Error: kernel does not support overlay fs: 'overlay' is not supported over extfs at "/var/lib/containers/storage/overlay": backing file system is unsupported for this graph driver
For Kubernetes, we automatically apply the pod using yaml file like
The open at /etc/selinux/refpolicy/contexts/lxc_contexts is wierd so I think there's sth about the selinux, so I remvoe container-selinux and everythin works fine.
[root@ecs-t6-large-2-linux-20190912001402 ~]# docker ps
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
WARN[0000] Error validating CNI config file /etc/cni/net.d/10-flannel.conflist: [failed to find plugin "flannel" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin]]
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Also after upgrade to CentOS 8, don't forget to disable firealld and selinux because it'll update the settings. I debug it through self ping success and couldn't get anything from browser.
root@epyc:~# uname -a
Linux epyc.node2 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux
root@epyc:~# ldd --version
ldd (Debian GLIBC 2.28-10) 2.28
Copyright (C) 2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.
diff --git 2.28/nptl/pthread_rwlock_common.c 2.29/nptl/pthread_rwlock_common.c
index a290d08332..81b162bbee 100644
--- 2.28/nptl/pthread_rwlock_common.c
+++ 2.29/nptl/pthread_rwlock_common.c
@@ -310,6 +310,7 @@ __pthread_rwlock_rdlock_full (pthread_rwlock_t *rwlock,
if (atomic_compare_exchange_weak_relaxed
(&rwlock->__data.__readers, &r, r | PTHREAD_RWLOCK_RWAITING))
{
+ r |= PTHREAD_RWLOCK_RWAITING;
/* Wait for as long as the flag is set. An ABA situation is
harmless because the flag is just about the state of
__readers, and all threads set the flag under the same
Here's the graph extrated from [1], essentially to tell the root of trust. A secure system depends on every part in the system to cooperate. For SGX, the Trusted Computing Base(Trusted Counter/ RDRAND/ hardware sha/ ECDSA) is the memory region allocated from a reserved memory on the DRAM called the Enclave Page Cache (EPC), which is initialized at the booting time. The EPC is currently limited to 128MB (in IceLake, was raised to 1TB with weakened HW support. Only 96 MB(24K*4KB pages) could be used, 32MB is for various metadata.) To prevent distruptions by physical attack or previledge software attack from cacheline-granularity modification, every cacheline can be assoiciated with a Message Authentication Code(MAC), but this does not prevent replay attack. To extend the trusted region of memory and do not introduce huge overheads, one solution is put the construct the merkle tree, that every cacheline of leaf is assured by MAC and root MAC is stored at EPC. Transaction Memory Abort with SGX can be leveraged to do page fault side-channel. The transaction memory page fault attack on peresistent memory is still under research.
For Riscv, we have currently 2 proposals - Keystone and Penglai for enclave and every vendor has different implementations. Keystone essentially utilize M- mode PMP limited special registers the control permissions of U- mode and S- mode accesses to a specified memory region. The number/priority of PMP could be pre-configured. and the addressing is mode of naturally aligned power-of-2 regions (NAPOT) and base and bound strategy. The machine mode is unavoidable introduce physical memory fragmentation and waste: everytime you enter another enclave, you have to call M- mode once. Good Side is S/U- Mode are both enclaved by M- mode with easy shared buffer and enclave operation throughout all modes. Penglai has upgraded a lot since its debut(from 19 first commit on Xinlai's SoC to OSDI 21). The originality for sPMP is to reduces the TCB in the machine mode and could provides guarded page table(locked cacheline), Mountable Merkle Tree and Shadow Fork to speed up. However, it introduce the double PMPs for OS to handle, and overhead of page table walk could still be high, which makes it hard to be universal.
Starting from Penglai, IPADS continuously focus on S- mode Enclaves. One of the application may be the double hypervisor in the secure/non-secure S- Mode. The Armv8.4 introduce the both secure and non-secure mode hypervisor originally to support cloud native secure hypervisor. TwinVisor is to run unmodified VM images both as normal and confidential VMs. Armv9 introduce the Confidential Compute Architecture(CCA), another similar technology. TwinVisor is an pre-opensource implementation of it.
supported trustzone extention starting from Armv7.
AMBA-AXI bus extension, adding the flags secure read and write address lines: AWPROT and ARPROT.
extension of controller (or extension of master), adding SCR.NS bits inside ARM Core, so that operations initiated by ARM Core can be marked as "access initiated as secure or access initiated as non-secure".
TZPC extension, TZPC is added to the AXI-TO-APB side to configure the apb controller privileges (or secure controller).
TZASC extension, in the DDRC (DMC) on top of the addition of a memory filter.
MMU support for security extensions:
TTBRx_EL0, TTBRx_EL1 extension: In Armv7, these two registers are banked for secure and non-secure attributes, that is, there is a set of such registers in the secure and non-secure worlds, so in linux and tee, each can maintain a memory page table of its own. The secureos and monitor could share the page table if they are both 64 bits.
cache extension: add the (non-)secure attributes.
VSTTBR_EL2 extension: Since Armv8.4, when the non-secure world uses TTBR_EL2 to translate the address, the entry attribute is checked to be secure and will be translated by itself.
GIC to secure extensions. The trap is devided into group0, secure group1 and non-secure group1. The group0 and secure group1 will not trap to linux.
Proposed Attack Model
The author mentioned physical attack or previledge software attack from N-VM to S-VM, this can be prevent by controlling the transmission channel.
TACTOC attack led by Shared Pages for General-purpose Registers, check-after-load way [50] by reading register values before checking them.
Design
Horisontal trap: modifies the N-visor to logically deprivledge N-visor without sharing the data. Exeptional Return(ERET) is the only sensitive instruction affect trusted chain, it intercepted by TZASC and repoted to S-visor.
Shadow S2PT: shadow page table of VSTTBR_EL2, used in kvm, too. It has page fault with different status when in different world.
Split Continuous Memory Allocation: Tricks to improves utilization and speed up memory management in Twinvisor. In linux, buddy allocator used to decide a continuous memory is big enough for boot and do CMA, this is for better performance of IOMMU that require physical memory to be continuous. (This deterministic algorithm makes it easy for memory probing and memory dump by e.g. row hammer/DRAMA ).
Efficient world switch: change NS bit in SCR_EL3 register in EL3, side core polling and shared memory to avoid context switches
Shadow PV I/O: use shadow I/O rings and shdow DMA buffer to be transparent to S-VMs. reduce ring overhead by do IRQ only when WFx instructions.
Experiment
Suppose
The world switch does not happen so frequently.
Hardware
Kirin 990. (Not scalable to Big machines, because KunPeng920 is not yet Armv8.4, scability is not convincible)
Currently, I'm busy writing emails for my Ph.D and taking TOEFL and taking care of the Quantum ESPRESSO library changing and MadFS Optimization, so it may waste some time. Till now, I have to apply the DTA tool of phosphor for the java order dependency project.
about surfire integration into normal tests.
Maven extension
Integration into Maven add the redirector
Insert phosphor plugin one class by one into.
Configuration to the phosphor
Class Visitor, Method Visitor, Adaptor Mode Visitor
Mutable field in the Dependency Tainter
Start the taint for some place attach the tainted check after the test
Assert the junit stuf in check=omparison.
Brittle assertions in check(Taint) recursively.
Output the tainted version into the sufire executable folder
Debug
mvn install -Dmaven.surefire.debug -f /Volumes/DataCorrupted/project/UIUC/bramble/integration-tests/pom.xml and attach the trace point.
Start from the maven compilation.
Brittle Assertion
This outputs only the dependency for one test introduced in Oracle Polish JPF. For dependenct between test1 and test2,
这个集散地 nsf fund 的工作只招美国居民或者绿卡。之前看到一亩三分地上有个关于为什么美国和中国同工不同酬,有个解释很有趣,visa 就好似一种半透膜,不是所有人都付得起硕士 OPT 的钱。不过这钱有点Overpay了。而码农这种工作确实吃青春饭,只有在学的最快的时候多学一点才有用。感觉只有加州、UIUC、剩下三大的暑研或者未来PhD 适合我去念。
General Requirement
Online Application
One-page Personal Statement: why this teacher? why this program
Official Transcript
Curriculum Vitae (CV)
Your Top Faculty Choices - If no faculty matches your interest, please indicate your preferred. Preferably the professor with similar aim.
professor whose research area best aligns with your interest. You can learn about each faculty member’s research area by referring to the Samueli School of Engineering website.
For pure motivation, I need a Ph.D. for investigating a direction that is worth my life fighting for and the society's values. With the rapid growth of the Chinese economy followed by huge research investment, at least for the past three years in ShanghaiTech, I witnessed extraordinary scientific progress in all disciplines. China has also provided huge markets to fast deploy the research results and companies start to be willing to devote higher salaries and equipment for new grads to dig into their research fields. However, most professor in our school only takes care of short-term profits and put many efforts into applications of established ideas, which things solely get one direction worse in other institutes. Plus, no profitable company is founded on tech infrastructure as Nvidia, Intel and Xilinx do but exploiting the unsophisticated public's time like Tencent and ByteDance. That accounts for the U.S.A. is still the origin of innovation today. In China, the general public's pure pursuit for better technology downturns to self-imposed comfort based on the current circumstance. But, I'm not and from the bottom of my heart, want to use technology to change.
I recently published a paper on the adversarial sample in AI security scenario on ISSTA21 as the fourth author under the supervision of Prof. Fu Song. I helped the first author Ph.D. candidate Zhe Zhao run most experiments during my Freshman summer. It innovatively utilized the fact label change rate through model mutation testing to distinguish adversarial examples and put them on defend the data that use this technique, which we called Attack as Defense. I got to know how software engineering testing works on artificial intelligence and could apply to any other places like language spec on smart contracts, operating system‘s concurrency, and computer architecture's semantics. That's my two other Work-In-Progress work mainly focus on, to use Z3 solver on verifying the possible timestamp attack and arithmetic overflow on Diem move language. During my weekly seminar at System and Software Security Lab for two years, I grabbed ideas like Decision Procedures, basically, the originality/application of SMT solver as the combination of logic and program, fuzzing techniques, and Capture The Flags Surroundings - a security competition.
From my Sophomore year on, my main focus turns into industrial needs practice. GeekPie_HPC is a place I devote time to. We just obtain second place at SC21-SCC. I would say I put the obscure system knowledge into production on high-performance heterogeneous systems. For example, I got how the Linux system called flock work in class, but not until I found it messy once linking on GPFS with un-updated data drag me into this semantic deeper, I resolved it by fsync to manually force synchronize. I knew Cuda only as a library importer using Pytorch auto-gradient that for sure run on GPU, not until I compare different compiler hint with different HPC algorithm and MPI scatter/reduce and alltoallv takes me to figure out how data transmit on GPU. My school establishes a long-term connection to Jump Trading by us winning the super clustering competition that the recruiter gets to know that our students are unique to problem-solving with the right tools. My experience at Jump Trading in sophomore summer let me dig into the more cutting-edge technology eBPF and Intel Mesh Micro Architecture. However, the main focus of industrial is quite different. I mostly applied for the kernel dynamic inspection work on the distributed filesystem in terms of different lease users and apply the core affinity strategy considering core to NUMA, DDR, NIC, and GPU latency. From my perception through my ex-colleague, more production level engineers usually have Bachelor Degree only and are cultivated by the company like my mentor, but the real secret big thing is usually brought by Ph.D. like the author of eBPF or reverse-engineering work on intel processors.
For this summer, I remotely joined Darko Marinov's as REU(research experience for undergrads) and worked with a Peking University classmate Ruidong Zhu for testing order-dependent tests. I started a brand-new direction as pure software testing on order-dependent JUnit tests. Flakiness means tests may fail or pass for different rounds. This could be triggered by some order-dependent values which could be identified on Darko's iDFlaky tool automatically run on Azure. For testing, their previous work explains the cleaner, polluters, and victims of specific variables on specific values. Their latest work submitted for ICSE21 is to introduce Non-idempotent tests that could be identified by running methods one after one in isolated methods/class/entire suite to see whether they may be flaky. We run a dynamic taint analysis tool called PraDet on all the runnable tests on three of their latest test suites and report. We are currently modifying a more advanced tool based on these limitations. During the process. I'm intrigued by the passion of my mentor Wing Lam and Darko's energy in thoughts in contrast to his lazy lying posture.
For choosing UMich, I'm captivated by a school that chose potential people that are intrinsically apt with engineering problem-solving skills and cultivate them into world-class researchers like Baris Kasikci. The recently published paper "Rethinking File Mapping for Persistent Memory" on FAST21 is really amazing. The authors propose to use hash for File Mapping. an example is given in the text, PMem is divided into a file data region and metadata region, if the logical address to be mapped is <inum=1, iblk=21>, the offset of this logical block in the hash is i, then the physical block address corresponding to this logical block is ( file data region start address + i*4KB). There is 5+ paper every year from Baris. For these world-class research opportunities, the CS department of UMich is especially attractive to me. It would be a privilege to study under the guidance of its remarkable faculty during "A New Golden Age for Computer Architecture".
I have enjoyed being able to apply what I learned in classes such as computer architecture and the principle of the compiler to my research. On the other hand, I have also cultivated a broad interest in other areas, such as Reinforce Learning, as a source of inspiration. I seek different kinds of creativity in engineering and in the beauty of itself when it was realized. It is this creative will that I wish to pursue in UMich's Ph.D. program and afterward as a researcher in the industry. My learning experience under the guidance of my advisor convinced me not only of the potential of research but also of the value of teaching. I have also enjoyed working as an undergraduate teaching assistant for the compiler. Through my course studies, I expect to become and will work hard to be a productive researcher and teacher.
UCSD PS
First of all, my previous experience makes me an open-minded person with high motivation that does not take the current circumstances for granted. I think that kind of momentum and curiosity is cultivated through my travel and experience. As for the social practices, for the summer of Sophomore, 20 other students and I come to PingTang, the place installed with a Five-hundred-meter Aperture Spherical Telescope. We investigated how this externality affects the locals' tourism from the first year's pouring of capital to the second year's over-saturated and how it changed with the downturn of the Chinese economy. China's investment of Infrastructure is fundamental to every public in the rural area, and socialism is taking effect with the targeted poverty alleviation in this Xi's time. 800 RMB per year per family is the definition of the poor and until 2020 if he's still under this line, he has disabled member or unwillingness to labor. However, criticism is cast on the push of every man to engage in the smallholder economy like strawberries that do not match the local environment. I solo visit HK during the protest, Singapore, Malaysia, Thailand, India, and Nepal within 12 days. I witnessed the big countries' hegemony and small country esteem. I witnessed the deep inequality of poverty in this world and the importance of establishing the network/highway infrastructure.
The open mind takes me naturally into a diverse environment. My previous employer, Jump Trading is a place that embraces diversity. I first come to realize that in a tiny office, there exists multiple races, LGBTQ+, multiple languages as a native language, and multiple religions. For communicating more fluently without barriers, all we did is to respect with no discrimination. The colleague who worked with me is an MtF(Male to Female), besides calling 'her', talking off sex mutual stuff and no man's joke. My mentor is born in Malaysia and his mother is from England and his father is from Hong Kong. So he's quite familiar with Cantonese words. From a technical perspective, the people who graduated from French Schools focus more on mathematical proof as well as intuition while those from American Schools care more about implementation and effectiveness. We are valuing every people from different backgrounds which I'm tuned a while for it since I'm situated in a single race country with a single religion. Every year, there are 3 top-tier competitions for super-cluster competition and I'm the lead for the team to compete with prestigious universities like UCSD, UIUC, and Gatech. Our team GeekPie_HPC has recruited 2 females out of 6 for daily training and eventual competition. We highly recommend female computer science students to join in such a low female density department.
My research taste and delight come from the demand of my curiosity. Many dummy things happen when choosing the courses and taking exams, I get accustomed to getting the hardest course that gives me the challenge of pressure. Once I'm determined to do something, I would focus on the point until it's figuring out or give up it because I knew the stuff does not fit me. The overall process of college for me is a time of testing failures. The projects and exams are similar to a I knew that I have many shortages, but it didn't bother my desperation to solve hardest open questions.
Jung making-connection Letter
I’m CS Undergrad from ShanghaiTech specializing in general systems. I grabbed most of my practical skills by attending GeekPie HPC. I spent some time working on eBPF and intel processor micro arch at Jump Trading Shanghai (which has proven to be engineers' efforts talking with other guys but get me into the micro arch world). During summer 2022, I worked on Java Flaky Testing with Darko Marinov from UIUC. During my time at Chundong's lab, we discussed a lot on your paper of study on failure tolerance, memory order bugs, and performance on Optane persistent memory. I referred to your paper for grabbing a general knowledge of how to tune performance on Optane Memory. I think I could put energy into them if I had the opportunity to join your team. Sincerely, would you recruit Ph.D. or masters this year?