Add memory monitor measurement logics #408
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yawangwang
force-pushed
the
add-mem-monitor-measurement
branch
5 times, most recently
from
15808b4
to
cdd35d8
Compare
jkl73
reviewed
Feb 1, 2024
launcher/container_runner.go
Outdated
| } | ||
|
|
||
| var memoryMonitoringEnabledBit uint8 | ||
| if status == "active" { |
There was a problem hiding this comment.
I'd also including "activating" status here
launcher/container_runner.go
Outdated
| // measureMemoryMonitor will measure the current memory monitoring state into the COS | ||
| // eventlog in the AttestationAgent. | ||
| func (r *ContainerRunner) measureMemoryMonitor(ctx context.Context) error { | ||
| s, err := systemctl.New() |
There was a problem hiding this comment.
probably don't need to create a new systemctl client here, you can try to pass it in as a parameter.
There was a problem hiding this comment.
Alternatively, try to get the MemoryMonitor status outside of this function
There was a problem hiding this comment.
Discussed offline, we should measure the memory monitoring decision made by container launcher.
Done.
yawangwang
force-pushed
the
add-mem-monitor-measurement
branch
from
cdd35d8
to
bfba9f6
Compare
yawangwang
force-pushed
the
add-mem-monitor-measurement
branch
5 times, most recently
from
abe77fe
to
4bf5512
Compare
jkl73
approved these changes
Feb 6, 2024
alexmwu
reviewed
Feb 6, 2024
| EventType: cel.LaunchSeparatorType, | ||
| EventContent: nil, // Success | ||
| } | ||
| return r.attestAgent.MeasureEvent(separator) |
There was a problem hiding this comment.
Not necessarily related to this PR, but we need a unit test to ensure the separator always gets measured. Since you moved this around, can you add one for measureCELEvents? Perhaps also ensure we get the workload digest and ID
There was a problem hiding this comment.
Ideally we have a test for different launchspec inputs if that doesn't exist.
There was a problem hiding this comment.
Done, created a fake container and fake container image to "fake" dependencies that measureCELEvents need. Added a unit test to container_runnter_test.go for different launchspec inputs.
| @@ -42,6 +43,19 @@ func (s *Systemctl) Stop(unit string) error { | |||
| return runSystemdCmd(s.dbus.StopUnitContext, "stop", unit) | |||
| } | |||
|
|
|||
| // GetStatus is the equivalent of `systemctl is-active $unit`. | |||
| // The status can be "active", "activating", "deactivating", "inactive" or "failed". | |||
| func (s *Systemctl) GetStatus(ctx context.Context, unit string) (string, error) { | |||
There was a problem hiding this comment.
IMO this should be called IsActive so that it matches the systemctl API.
yawangwang
force-pushed
the
add-mem-monitor-measurement
branch
3 times, most recently
from
6d816fb
to
f5c6251
Compare
yawangwang
force-pushed
the
add-mem-monitor-measurement
branch
from
f5c6251
to
1c542f2
Compare
alexmwu
reviewed
Feb 7, 2024
launcher/container_runner_test.go
Outdated
| } | ||
|
|
||
| for _, wantEvent := range tc.wantCELEvents { | ||
| if !slices.Contains(gotEvents, cel.CosType(wantEvent)) { |
There was a problem hiding this comment.
Order matters here, at least for the separator which should be last. Use cmp.Equal.
launcher/container_runner.go
Outdated
Comment on lines
554
to
559
| if err := r.measureCELEvents(ctx); err != nil { | ||
| return fmt.Errorf("failed to measure CEL events: %v", err) | ||
| } | ||
|
|
||
| if err := r.fetchAndWriteToken(ctx); err != nil { | ||
| return fmt.Errorf("failed to fetch and write OIDC token: %v", err) |
There was a problem hiding this comment.
Measurements should happen before experiments turn on and potentially introduce side effects. So please move this back to the beginning of Run. We should measure first, and it's okay to enable memory monitoring after, even if it fails.
launcher/container_runner_test.go
Outdated
| }, | ||
| { | ||
| name: "measure memory monitoring event and launch separator event", | ||
| wantCELEvents: []cel.CosType{cel.LaunchSeparatorType, cel.MemoryMonitorType}, |
There was a problem hiding this comment.
wantCELEvents should have the separator last.
alexmwu
approved these changes
Feb 8, 2024
yawangwang
force-pushed
the
add-mem-monitor-measurement
branch
from
34f61ae
to
07ce3e5
Compare
|
/gcbrun |
jkl73
approved these changes
Feb 8, 2024
alexmwu
added a commit
to alexmwu/go-tpm-tools
that referenced
this pull request
Feb 22, 2024
New Features: [launcher] Add TEE server IPC implementation google#367 [launcher] Enable memory monitoring in CS google#391 Use TDX quote provider to attest and verify google#405 Integrate nonce verification as part of the TDX quote validation procedure. google#395 Add RISC V support google#407 [launcher] Use resizable integrity-fs with in-memory tags google#412 Bug Fixes: [launcher] Fix launcher exit code google#384 [launcher] Handle exit code checking during deferral evaluation google#392 [cmd] Skip tests that call setGCEAKTemplate google#402 [launcher] Fix teeserver context reset issue & add container signature cache google#397 Set all unused parameters as _ to fix CI lint failure google#411 [launcher] Make customtoken test sleep to mitigate clock skew google#413 Other Changes: Add eventlog parse logics for memory monitoring google#404 [launcher]: Add memory monitor measurement logics google#408 Update go-tdx-guest version to v0.3.1 google#414 New Contributors: @KeithMoyer in google#392 @vbalain in google#405 @aimixsaka in google#407
Merged
alexmwu
added a commit
that referenced
this pull request
Feb 22, 2024
New Features: [launcher] Add TEE server IPC implementation #367 [launcher] Enable memory monitoring in CS #391 Use TDX quote provider to attest and verify #405 Integrate nonce verification as part of the TDX quote validation procedure. #395 Add RISC V support #407 [launcher] Use resizable integrity-fs with in-memory tags #412 Bug Fixes: [launcher] Fix launcher exit code #384 [launcher] Handle exit code checking during deferral evaluation #392 [cmd] Skip tests that call setGCEAKTemplate #402 [launcher] Fix teeserver context reset issue & add container signature cache #397 Set all unused parameters as _ to fix CI lint failure #411 [launcher] Make customtoken test sleep to mitigate clock skew #413 Other Changes: Add eventlog parse logics for memory monitoring #404 [launcher]: Add memory monitor measurement logics #408 Update go-tdx-guest version to v0.3.1 #414 New Contributors: @KeithMoyer in #392 @vbalain in #405 @aimixsaka in #407
alexmwu
added a commit
to alexmwu/go-tpm-tools
that referenced
this pull request
Mar 29, 2024
New Features: [launcher] Add TEE server IPC implementation google#367 [launcher] Enable memory monitoring in CS google#391 Use TDX quote provider to attest and verify google#405 Integrate nonce verification as part of the TDX quote validation procedure. google#395 Add RISC V support google#407 [launcher] Use resizable integrity-fs with in-memory tags google#412 Bug Fixes: [launcher] Fix launcher exit code google#384 [launcher] Handle exit code checking during deferral evaluation google#392 [cmd] Skip tests that call setGCEAKTemplate google#402 [launcher] Fix teeserver context reset issue & add container signature cache google#397 Set all unused parameters as _ to fix CI lint failure google#411 [launcher] Make customtoken test sleep to mitigate clock skew google#413 Other Changes: Add eventlog parse logics for memory monitoring google#404 [launcher]: Add memory monitor measurement logics google#408 Update go-tdx-guest version to v0.3.1 google#414 New Contributors: @KeithMoyer in google#392 @vbalain in google#405 @aimixsaka in google#407
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR removes the existing experiment flag
EnableMemoryMonitoringand add a new experiment flagEnableMeasureMemoryMonitorto gate the memory monitoring measurement logics.