general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add AMX and EDMM as feature in Occlum.json

Browse Source
This commit is contained in:
Hui, Chunyang 2024-01-12 07:45:42 +00:00 committed by volcano
parent 879cfa58a5
commit 1e8c5a6d0a
7 changed files with 48 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/composite_action/hw/action.yml vendored
View File

@ -42,11 +42,7 @@ runs:
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
docker run -itd --name=${{ env.CONTAINER_NAME }} ${{ inputs.container-run-params }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }};
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
if [[ "${{ matrix.self_runner[2] }}" == "EDMM" ]]; then
docker run -itd --name=${{ env.CONTAINER_NAME }} ${{ inputs.container-run-params }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --env ENABLE_EDMM=Y -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }};
else
docker run -itd --name=${{ env.CONTAINER_NAME }} ${{ inputs.container-run-params }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }};
fi
docker run -itd --name=${{ env.CONTAINER_NAME }} ${{ inputs.container-run-params }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }};
else
echo "Unsupported Hardware"
fi;
@ -91,6 +87,6 @@ runs:
- name: Configure Occlum features
run: |
if [[ "${{ matrix.self_runner[2] }}" == "EDMM" ]]; then
docker exec ${{ env.CONTAINER_NAME }} bash -c "jq '.feature.enable_posix_shm = true' /opt/occlum/etc/template/Occlum.json > /tmp.json && mv /tmp.json /opt/occlum/etc/template/Occlum.json"
docker exec ${{ env.CONTAINER_NAME }} bash -c "jq '.feature.enable_posix_shm = true | .feature.enable_edmm = true' /opt/occlum/etc/template/Occlum.json > /tmp.json && mv /tmp.json /opt/occlum/etc/template/Occlum.json"
fi;
shell: bash

20
docs/readthedocs/docs/source/occlum_configuration.md
View File

@ -72,6 +72,13 @@ The template of `Occlum.json` is shown below.
},
// Features
"feature": {
// Whether to turn on AMX feature in Occlum
// Occlum supports AMX instruction running inside the enclave when user enables it
//
// "amx" = 0: AMX feature must be disabled
// "amx" = 1: AMX feature must be enabled
// "amx" = 2: AMX feature is enabled if the platform supports it
"amx": 0,
// Whether to turn on PKU feature in Occlum
// Occlum uses PKU for isolation between LibOS and userspace program,
// It is useful for developers to detect potential bugs.
@ -80,9 +87,16 @@ The template of `Occlum.json` is shown below.
// "pkru" = 1: PKU feature must be enabled
// "pkru" = 2: PKU feature is enabled if the platform supports it
"pkru": 0,
// Whether to enable POSIX shared memory feature.
// Enabling POSIX shm allows processes to communicate by sharing a region of memory.
//
// Whether to enable the EDMM feature
// Enabling EDMM feature can make the enclave initialize faster and sometimes can also
// bring performance benifit for the entire application
//
// Enabling EDMM feature will need more configuration on the memory related fields, for more information,
// please visit [EDMM Configuration Guide](https://github.com/occlum/occlum/blob/master/docs/edmm/edmm_config_guide.md)
"enable_edmm": false,
// Whether to enable POSIX shared memory feature
// Enabling POSIX shm allows processes to communicate by sharing a region of memory
//
// Set "enable_posix_shm" to true, the syscall `mmap` with flag `MAP_SHARED`
// is supported more comprehensively, implies that the file-backed memory mapping
// become shared among processes.

5
etc/template/Occlum.json
View File

@ -33,11 +33,12 @@
"ext_prod_id": {
"high": "0x0",
"low": "0x0"
},
"amx": 0
}
},
"feature": {
"amx": 0,
"pkru": 0,
"enable_edmm": false,
"enable_posix_shm": false
},
"mount": [

10
src/libos/src/config.rs
View File

@ -146,7 +146,9 @@ pub struct ConfigApp {
#[derive(Clone, Debug)]
pub struct ConfigFeature {
pub amx: u32,
pub pkru: u32,
pub enable_edmm: bool,
pub enable_posix_shm: bool,
}
@ -303,7 +305,9 @@ impl ConfigApp {
impl ConfigFeature {
fn from_input(input: &InputConfigFeature) -> Result<ConfigFeature> {
Ok(ConfigFeature {
amx: input.amx,
pkru: input.pkru,
enable_edmm: input.enable_edmm,
enable_posix_shm: input.enable_posix_shm,
})
}
@ -529,16 +533,22 @@ struct InputConfigApp {
#[derive(Deserialize, Debug)]
#[serde(deny_unknown_fields)]
struct InputConfigFeature {
#[serde(default)]
pub amx: u32,
#[serde(default)]
pub pkru: u32,
#[serde(default)]
pub enable_edmm: bool,
#[serde(default)]
pub enable_posix_shm: bool,
}
impl Default for InputConfigFeature {
fn default() -> InputConfigFeature {
InputConfigFeature {
amx: 0,
pkru: 0,
enable_edmm: false,
enable_posix_shm: false,
}
}

2
test/Occlum.json
View File

@ -42,7 +42,9 @@
}
},
"feature": {
"amx": 0,
"pkru": 0,
"enable_edmm": false,
"enable_posix_shm": true
},
"mount": [

25
tools/gen_internal_conf/src/main.rs
View File

@ -49,13 +49,6 @@ impl DefaultConfig {
fn main() {
env_logger::init();
let instance_is_for_edmm_platform = {
match std::env::var("INSTANCE_IS_FOR_EDMM_PLATFORM") {
Ok(val) => val == "YES",
_ => unreachable!(),
}
};
let matches = App::new("gen_internal_conf")
.version("0.2.0")
// Input: JSON file which users may change
@ -131,6 +124,14 @@ fn main() {
.expect("It is not a valid Occlum configuration file.");
debug!("The occlum config is:{:?}", occlum_config);
// If env is set, or Occlum.json `enable_edmm` field is set to true, EDMM is enabled.
let instance_is_for_edmm_platform = {
match std::env::var("INSTANCE_IS_FOR_EDMM_PLATFORM") {
Ok(val) => val == "YES" || occlum_config.feature.enable_edmm,
_ => unreachable!(),
}
};
// Match subcommand
if let Some(sub_matches) = matches.subcommand_matches("gen_conf") {
let occlum_conf_user_fs_mac = sub_matches.value_of("user_fs_mac").unwrap();
@ -151,7 +152,7 @@ fn main() {
enclave_config_file_path
);
debug!(
println!(
"Build on platform {} EDMM support",
if instance_is_for_edmm_platform {
"WITH"
@ -467,7 +468,7 @@ fn main() {
ISVFAMILYID_H: kss_tuple.3,
ISVFAMILYID_L: kss_tuple.4,
PKRU: occlum_config.feature.pkru,
AMX: occlum_config.metadata.amx,
AMX: occlum_config.feature.amx,
};
let enclave_config = serde_xml_rs::to_string(&sgx_enclave_configuration).unwrap();
debug!("The enclave config:{:?}", enclave_config);
@ -748,15 +749,17 @@ struct OcclumMetadata {
enable_kss: bool,
family_id: OcclumMetaID,
ext_prod_id: OcclumMetaID,
#[serde(default)]
amx: u32,
}
#[derive(Debug, PartialEq, Clone, Deserialize, Serialize)]
struct OcclumFeature {
#[serde(default)]
amx: u32,
#[serde(default)]
pkru: u32,
#[serde(default)]
enable_edmm: bool,
#[serde(default)]
enable_posix_shm: bool,
}

3
tools/occlum
View File

@ -410,7 +410,6 @@ cmd_build() {
libos_lib=libocclum-libos_hyper.so
fi
echo "SGX mode: $SGX_MODE"
echo "Enable EDMM: No"
INSTANCE_IS_FOR_EDMM_PLATFORM="NO"
else
echo "SGX mode: HW"
@ -419,11 +418,9 @@ cmd_build() {
case "$ENABLE_EDMM" in
"Y" | "YES" | "Yes" | "yes" | "True" | "true" | "1")
INSTANCE_IS_FOR_EDMM_PLATFORM="YES"
echo "Enable EDMM: Yes"
;;
*)
INSTANCE_IS_FOR_EDMM_PLATFORM="NO"
echo "Enable EDMM: No"
;;
esac
fi