From 1e8c5a6d0abfa9b1e231ef578aa02fe5c7dff386 Mon Sep 17 00:00:00 2001 From: "Hui, Chunyang" Date: Fri, 12 Jan 2024 07:45:42 +0000 Subject: [PATCH] Add AMX and EDMM as feature in Occlum.json --- .../workflows/composite_action/hw/action.yml | 8 ++---- .../docs/source/occlum_configuration.md | 20 ++++++++++++--- etc/template/Occlum.json | 5 ++-- src/libos/src/config.rs | 10 ++++++++ test/Occlum.json | 2 ++ tools/gen_internal_conf/src/main.rs | 25 +++++++++++-------- tools/occlum | 3 --- 7 files changed, 48 insertions(+), 25 deletions(-) diff --git a/.github/workflows/composite_action/hw/action.yml b/.github/workflows/composite_action/hw/action.yml index a9abbb0c..c5059649 100644 --- a/.github/workflows/composite_action/hw/action.yml +++ b/.github/workflows/composite_action/hw/action.yml @@ -42,11 +42,7 @@ runs: if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then docker run -itd --name=${{ env.CONTAINER_NAME }} ${{ inputs.container-run-params }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }}; elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then - if [[ "${{ matrix.self_runner[2] }}" == "EDMM" ]]; then - docker run -itd --name=${{ env.CONTAINER_NAME }} ${{ inputs.container-run-params }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --env ENABLE_EDMM=Y -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }}; - else - docker run -itd --name=${{ env.CONTAINER_NAME }} ${{ inputs.container-run-params }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }}; - fi + docker run -itd --name=${{ env.CONTAINER_NAME }} ${{ inputs.container-run-params }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }}; else echo "Unsupported Hardware" fi; @@ -91,6 +87,6 @@ runs: - name: Configure Occlum features run: | if [[ "${{ matrix.self_runner[2] }}" == "EDMM" ]]; then - docker exec ${{ env.CONTAINER_NAME }} bash -c "jq '.feature.enable_posix_shm = true' /opt/occlum/etc/template/Occlum.json > /tmp.json && mv /tmp.json /opt/occlum/etc/template/Occlum.json" + docker exec ${{ env.CONTAINER_NAME }} bash -c "jq '.feature.enable_posix_shm = true | .feature.enable_edmm = true' /opt/occlum/etc/template/Occlum.json > /tmp.json && mv /tmp.json /opt/occlum/etc/template/Occlum.json" fi; shell: bash diff --git a/docs/readthedocs/docs/source/occlum_configuration.md b/docs/readthedocs/docs/source/occlum_configuration.md index b0a96f8a..654f2963 100644 --- a/docs/readthedocs/docs/source/occlum_configuration.md +++ b/docs/readthedocs/docs/source/occlum_configuration.md @@ -72,6 +72,13 @@ The template of `Occlum.json` is shown below. }, // Features "feature": { + // Whether to turn on AMX feature in Occlum + // Occlum supports AMX instruction running inside the enclave when user enables it + // + // "amx" = 0: AMX feature must be disabled + // "amx" = 1: AMX feature must be enabled + // "amx" = 2: AMX feature is enabled if the platform supports it + "amx": 0, // Whether to turn on PKU feature in Occlum // Occlum uses PKU for isolation between LibOS and userspace program, // It is useful for developers to detect potential bugs. @@ -80,9 +87,16 @@ The template of `Occlum.json` is shown below. // "pkru" = 1: PKU feature must be enabled // "pkru" = 2: PKU feature is enabled if the platform supports it "pkru": 0, - // Whether to enable POSIX shared memory feature. - // Enabling POSIX shm allows processes to communicate by sharing a region of memory. - // + // Whether to enable the EDMM feature + // Enabling EDMM feature can make the enclave initialize faster and sometimes can also + // bring performance benifit for the entire application + // + // Enabling EDMM feature will need more configuration on the memory related fields, for more information, + // please visit [EDMM Configuration Guide](https://github.com/occlum/occlum/blob/master/docs/edmm/edmm_config_guide.md) + "enable_edmm": false, + // Whether to enable POSIX shared memory feature + // Enabling POSIX shm allows processes to communicate by sharing a region of memory + // // Set "enable_posix_shm" to true, the syscall `mmap` with flag `MAP_SHARED` // is supported more comprehensively, implies that the file-backed memory mapping // become shared among processes. diff --git a/etc/template/Occlum.json b/etc/template/Occlum.json index f3c3a2fa..0b8cc202 100644 --- a/etc/template/Occlum.json +++ b/etc/template/Occlum.json @@ -33,11 +33,12 @@ "ext_prod_id": { "high": "0x0", "low": "0x0" - }, - "amx": 0 + } }, "feature": { + "amx": 0, "pkru": 0, + "enable_edmm": false, "enable_posix_shm": false }, "mount": [ diff --git a/src/libos/src/config.rs b/src/libos/src/config.rs index c79ec339..ecf82cd2 100644 --- a/src/libos/src/config.rs +++ b/src/libos/src/config.rs @@ -146,7 +146,9 @@ pub struct ConfigApp { #[derive(Clone, Debug)] pub struct ConfigFeature { + pub amx: u32, pub pkru: u32, + pub enable_edmm: bool, pub enable_posix_shm: bool, } @@ -303,7 +305,9 @@ impl ConfigApp { impl ConfigFeature { fn from_input(input: &InputConfigFeature) -> Result { Ok(ConfigFeature { + amx: input.amx, pkru: input.pkru, + enable_edmm: input.enable_edmm, enable_posix_shm: input.enable_posix_shm, }) } @@ -529,16 +533,22 @@ struct InputConfigApp { #[derive(Deserialize, Debug)] #[serde(deny_unknown_fields)] struct InputConfigFeature { + #[serde(default)] + pub amx: u32, #[serde(default)] pub pkru: u32, #[serde(default)] + pub enable_edmm: bool, + #[serde(default)] pub enable_posix_shm: bool, } impl Default for InputConfigFeature { fn default() -> InputConfigFeature { InputConfigFeature { + amx: 0, pkru: 0, + enable_edmm: false, enable_posix_shm: false, } } diff --git a/test/Occlum.json b/test/Occlum.json index d73df3a0..9459fb20 100644 --- a/test/Occlum.json +++ b/test/Occlum.json @@ -42,7 +42,9 @@ } }, "feature": { + "amx": 0, "pkru": 0, + "enable_edmm": false, "enable_posix_shm": true }, "mount": [ diff --git a/tools/gen_internal_conf/src/main.rs b/tools/gen_internal_conf/src/main.rs index ffb86244..c35a136d 100644 --- a/tools/gen_internal_conf/src/main.rs +++ b/tools/gen_internal_conf/src/main.rs @@ -49,13 +49,6 @@ impl DefaultConfig { fn main() { env_logger::init(); - let instance_is_for_edmm_platform = { - match std::env::var("INSTANCE_IS_FOR_EDMM_PLATFORM") { - Ok(val) => val == "YES", - _ => unreachable!(), - } - }; - let matches = App::new("gen_internal_conf") .version("0.2.0") // Input: JSON file which users may change @@ -131,6 +124,14 @@ fn main() { .expect("It is not a valid Occlum configuration file."); debug!("The occlum config is:{:?}", occlum_config); + // If env is set, or Occlum.json `enable_edmm` field is set to true, EDMM is enabled. + let instance_is_for_edmm_platform = { + match std::env::var("INSTANCE_IS_FOR_EDMM_PLATFORM") { + Ok(val) => val == "YES" || occlum_config.feature.enable_edmm, + _ => unreachable!(), + } + }; + // Match subcommand if let Some(sub_matches) = matches.subcommand_matches("gen_conf") { let occlum_conf_user_fs_mac = sub_matches.value_of("user_fs_mac").unwrap(); @@ -151,7 +152,7 @@ fn main() { enclave_config_file_path ); - debug!( + println!( "Build on platform {} EDMM support", if instance_is_for_edmm_platform { "WITH" @@ -467,7 +468,7 @@ fn main() { ISVFAMILYID_H: kss_tuple.3, ISVFAMILYID_L: kss_tuple.4, PKRU: occlum_config.feature.pkru, - AMX: occlum_config.metadata.amx, + AMX: occlum_config.feature.amx, }; let enclave_config = serde_xml_rs::to_string(&sgx_enclave_configuration).unwrap(); debug!("The enclave config:{:?}", enclave_config); @@ -748,15 +749,17 @@ struct OcclumMetadata { enable_kss: bool, family_id: OcclumMetaID, ext_prod_id: OcclumMetaID, - #[serde(default)] - amx: u32, } #[derive(Debug, PartialEq, Clone, Deserialize, Serialize)] struct OcclumFeature { + #[serde(default)] + amx: u32, #[serde(default)] pkru: u32, #[serde(default)] + enable_edmm: bool, + #[serde(default)] enable_posix_shm: bool, } diff --git a/tools/occlum b/tools/occlum index 0541560d..7097d86d 100755 --- a/tools/occlum +++ b/tools/occlum @@ -410,7 +410,6 @@ cmd_build() { libos_lib=libocclum-libos_hyper.so fi echo "SGX mode: $SGX_MODE" - echo "Enable EDMM: No" INSTANCE_IS_FOR_EDMM_PLATFORM="NO" else echo "SGX mode: HW" @@ -419,11 +418,9 @@ cmd_build() { case "$ENABLE_EDMM" in "Y" | "YES" | "Yes" | "yes" | "True" | "true" | "1") INSTANCE_IS_FOR_EDMM_PLATFORM="YES" - echo "Enable EDMM: Yes" ;; *) INSTANCE_IS_FOR_EDMM_PLATFORM="NO" - echo "Enable EDMM: No" ;; esac fi