general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add AMX and EDMM as feature in Occlum.json

Browse Source
This commit is contained in:
Hui, Chunyang 2024-01-12 07:45:42 +00:00 committed by volcano
parent 836513687a
commit bf8d6a65f0
7 changed files with 48 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/composite_action/hw/action.yml vendored
View File

@ -42,11 +42,7 @@ runs:
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
docker run -itd --name=${{ env.CONTAINER_NAME }} ${{ inputs.container-run-params }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }}; docker run -itd --name=${{ env.CONTAINER_NAME }} ${{ inputs.container-run-params }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }};
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
if [[ "${{ matrix.self_runner[2] }}" == "EDMM" ]]; then
docker run -itd --name=${{ env.CONTAINER_NAME }} ${{ inputs.container-run-params }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --env ENABLE_EDMM=Y -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }};
else
docker run -itd --name=${{ env.CONTAINER_NAME }} ${{ inputs.container-run-params }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }}; docker run -itd --name=${{ env.CONTAINER_NAME }} ${{ inputs.container-run-params }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }};
fi
else else
echo "Unsupported Hardware" echo "Unsupported Hardware"
fi; fi;
@ -91,6 +87,6 @@ runs:
- name: Configure Occlum features - name: Configure Occlum features
run: | run: |
if [[ "${{ matrix.self_runner[2] }}" == "EDMM" ]]; then if [[ "${{ matrix.self_runner[2] }}" == "EDMM" ]]; then
docker exec ${{ env.CONTAINER_NAME }} bash -c "jq '.feature.enable_posix_shm = true' /opt/occlum/etc/template/Occlum.json > /tmp.json && mv /tmp.json /opt/occlum/etc/template/Occlum.json" docker exec ${{ env.CONTAINER_NAME }} bash -c "jq '.feature.enable_posix_shm = true | .feature.enable_edmm = true' /opt/occlum/etc/template/Occlum.json > /tmp.json && mv /tmp.json /opt/occlum/etc/template/Occlum.json"
fi; fi;
shell: bash shell: bash

18
docs/readthedocs/docs/source/occlum_configuration.md
View File

@ -72,6 +72,13 @@ The template of `Occlum.json` is shown below.
}, },
// Features // Features
"feature": { "feature": {
// Whether to turn on AMX feature in Occlum
// Occlum supports AMX instruction running inside the enclave when user enables it
//
// "amx" = 0: AMX feature must be disabled
// "amx" = 1: AMX feature must be enabled
// "amx" = 2: AMX feature is enabled if the platform supports it
"amx": 0,
// Whether to turn on PKU feature in Occlum // Whether to turn on PKU feature in Occlum
// Occlum uses PKU for isolation between LibOS and userspace program, // Occlum uses PKU for isolation between LibOS and userspace program,
// It is useful for developers to detect potential bugs. // It is useful for developers to detect potential bugs.
@ -80,8 +87,15 @@ The template of `Occlum.json` is shown below.
// "pkru" = 1: PKU feature must be enabled // "pkru" = 1: PKU feature must be enabled
// "pkru" = 2: PKU feature is enabled if the platform supports it // "pkru" = 2: PKU feature is enabled if the platform supports it
"pkru": 0, "pkru": 0,
// Whether to enable POSIX shared memory feature. // Whether to enable the EDMM feature
// Enabling POSIX shm allows processes to communicate by sharing a region of memory. // Enabling EDMM feature can make the enclave initialize faster and sometimes can also
// bring performance benifit for the entire application
//
// Enabling EDMM feature will need more configuration on the memory related fields, for more information,
// please visit [EDMM Configuration Guide](https://github.com/occlum/occlum/blob/master/docs/edmm/edmm_config_guide.md)
"enable_edmm": false,
// Whether to enable POSIX shared memory feature
// Enabling POSIX shm allows processes to communicate by sharing a region of memory
// //
// Set "enable_posix_shm" to true, the syscall `mmap` with flag `MAP_SHARED` // Set "enable_posix_shm" to true, the syscall `mmap` with flag `MAP_SHARED`
// is supported more comprehensively, implies that the file-backed memory mapping // is supported more comprehensively, implies that the file-backed memory mapping

5
etc/template/Occlum.json
View File

@ -33,11 +33,12 @@
"ext_prod_id": { "ext_prod_id": {
"high": "0x0", "high": "0x0",
"low": "0x0" "low": "0x0"
}, }
"amx": 0
}, },
"feature": { "feature": {
"amx": 0,
"pkru": 0, "pkru": 0,
"enable_edmm": false,
"enable_posix_shm": false "enable_posix_shm": false
}, },
"mount": [ "mount": [

10
src/libos/src/config.rs
View File

@ -146,7 +146,9 @@ pub struct ConfigApp {
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub struct ConfigFeature { pub struct ConfigFeature {
pub amx: u32,
pub pkru: u32, pub pkru: u32,
pub enable_edmm: bool,
pub enable_posix_shm: bool, pub enable_posix_shm: bool,
} }
@ -303,7 +305,9 @@ impl ConfigApp {
impl ConfigFeature { impl ConfigFeature {
fn from_input(input: &InputConfigFeature) -> Result<ConfigFeature> { fn from_input(input: &InputConfigFeature) -> Result<ConfigFeature> {
Ok(ConfigFeature { Ok(ConfigFeature {
amx: input.amx,
pkru: input.pkru, pkru: input.pkru,
enable_edmm: input.enable_edmm,
enable_posix_shm: input.enable_posix_shm, enable_posix_shm: input.enable_posix_shm,
}) })
} }
@ -529,16 +533,22 @@ struct InputConfigApp {
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
#[serde(deny_unknown_fields)] #[serde(deny_unknown_fields)]
struct InputConfigFeature { struct InputConfigFeature {
#[serde(default)]
pub amx: u32,
#[serde(default)] #[serde(default)]
pub pkru: u32, pub pkru: u32,
#[serde(default)] #[serde(default)]
pub enable_edmm: bool,
#[serde(default)]
pub enable_posix_shm: bool, pub enable_posix_shm: bool,
} }
impl Default for InputConfigFeature { impl Default for InputConfigFeature {
fn default() -> InputConfigFeature { fn default() -> InputConfigFeature {
InputConfigFeature { InputConfigFeature {
amx: 0,
pkru: 0, pkru: 0,
enable_edmm: false,
enable_posix_shm: false, enable_posix_shm: false,
} }
} }

2
test/Occlum.json
View File

@ -42,7 +42,9 @@
} }
}, },
"feature": { "feature": {
"amx": 0,
"pkru": 0, "pkru": 0,
"enable_edmm": false,
"enable_posix_shm": true "enable_posix_shm": true
}, },
"mount": [ "mount": [

25
tools/gen_internal_conf/src/main.rs
View File

@ -49,13 +49,6 @@ impl DefaultConfig {
fn main() { fn main() {
env_logger::init(); env_logger::init();
let instance_is_for_edmm_platform = {
match std::env::var("INSTANCE_IS_FOR_EDMM_PLATFORM") {
Ok(val) => val == "YES",
_ => unreachable!(),
}
};
let matches = App::new("gen_internal_conf") let matches = App::new("gen_internal_conf")
.version("0.2.0") .version("0.2.0")
// Input: JSON file which users may change // Input: JSON file which users may change
@ -131,6 +124,14 @@ fn main() {
.expect("It is not a valid Occlum configuration file."); .expect("It is not a valid Occlum configuration file.");
debug!("The occlum config is:{:?}", occlum_config); debug!("The occlum config is:{:?}", occlum_config);
// If env is set, or Occlum.json `enable_edmm` field is set to true, EDMM is enabled.
let instance_is_for_edmm_platform = {
match std::env::var("INSTANCE_IS_FOR_EDMM_PLATFORM") {
Ok(val) => val == "YES" || occlum_config.feature.enable_edmm,
_ => unreachable!(),
}
};
// Match subcommand // Match subcommand
if let Some(sub_matches) = matches.subcommand_matches("gen_conf") { if let Some(sub_matches) = matches.subcommand_matches("gen_conf") {
let occlum_conf_user_fs_mac = sub_matches.value_of("user_fs_mac").unwrap(); let occlum_conf_user_fs_mac = sub_matches.value_of("user_fs_mac").unwrap();
@ -151,7 +152,7 @@ fn main() {
enclave_config_file_path enclave_config_file_path
); );
debug!( println!(
"Build on platform {} EDMM support", "Build on platform {} EDMM support",
if instance_is_for_edmm_platform { if instance_is_for_edmm_platform {
"WITH" "WITH"
@ -467,7 +468,7 @@ fn main() {
ISVFAMILYID_H: kss_tuple.3, ISVFAMILYID_H: kss_tuple.3,
ISVFAMILYID_L: kss_tuple.4, ISVFAMILYID_L: kss_tuple.4,
PKRU: occlum_config.feature.pkru, PKRU: occlum_config.feature.pkru,
AMX: occlum_config.metadata.amx, AMX: occlum_config.feature.amx,
}; };
let enclave_config = serde_xml_rs::to_string(&sgx_enclave_configuration).unwrap(); let enclave_config = serde_xml_rs::to_string(&sgx_enclave_configuration).unwrap();
debug!("The enclave config:{:?}", enclave_config); debug!("The enclave config:{:?}", enclave_config);
@ -748,15 +749,17 @@ struct OcclumMetadata {
enable_kss: bool, enable_kss: bool,
family_id: OcclumMetaID, family_id: OcclumMetaID,
ext_prod_id: OcclumMetaID, ext_prod_id: OcclumMetaID,
#[serde(default)]
amx: u32,
} }
#[derive(Debug, PartialEq, Clone, Deserialize, Serialize)] #[derive(Debug, PartialEq, Clone, Deserialize, Serialize)]
struct OcclumFeature { struct OcclumFeature {
#[serde(default)]
amx: u32,
#[serde(default)] #[serde(default)]
pkru: u32, pkru: u32,
#[serde(default)] #[serde(default)]
enable_edmm: bool,
#[serde(default)]
enable_posix_shm: bool, enable_posix_shm: bool,
} }

3
tools/occlum
View File

@ -410,7 +410,6 @@ cmd_build() {
libos_lib=libocclum-libos_hyper.so libos_lib=libocclum-libos_hyper.so
fi fi
echo "SGX mode: $SGX_MODE" echo "SGX mode: $SGX_MODE"
echo "Enable EDMM: No"
INSTANCE_IS_FOR_EDMM_PLATFORM="NO" INSTANCE_IS_FOR_EDMM_PLATFORM="NO"
else else
echo "SGX mode: HW" echo "SGX mode: HW"
@ -419,11 +418,9 @@ cmd_build() {
case "$ENABLE_EDMM" in case "$ENABLE_EDMM" in
"Y" | "YES" | "Yes" | "yes" | "True" | "true" | "1") "Y" | "YES" | "Yes" | "yes" | "True" | "true" | "1")
INSTANCE_IS_FOR_EDMM_PLATFORM="YES" INSTANCE_IS_FOR_EDMM_PLATFORM="YES"
echo "Enable EDMM: Yes"
;; ;;
*) *)
INSTANCE_IS_FOR_EDMM_PLATFORM="NO" INSTANCE_IS_FOR_EDMM_PLATFORM="NO"
echo "Enable EDMM: No"
;; ;;
esac esac
fi fi