Replies: 3 comments 5 replies
-
|
Hmm, no idea, but I'd expect all EPC regions to be shared between CPUs, because enclave threads may be scheduled on a core from any CPU package (in case of no pinning).
Yeah, someday hopefully we'll find time for that :) We started once, but didn't finish it: https://gramine.readthedocs.io/en/latest/sgx-intro.html#term-EPC.
Not sure if that was a statement and you already know what the difference is, or maybe a question :) I'll answer anyways: EPC is only a cache, it's possible to have enclaves much larger than the EPC size, but if the working set exceeds EPC size then it will cause terribly slow swapping to non-EPC RAM.
That sounds like a bug. We calculate it by summing all EPC regions reported by |
Beta Was this translation helpful? Give feedback.
-
|
Yes sorry, what I meant is - I think Gramine is a starting point for people who aren't that knowledgeable about SGX internals (like me) and want to port applications, so these things sometimes are not immediate :) Thanks a lot for the input! |
Beta Was this translation helpful? Give feedback.
-
|
I did some update to the docs, please check: #1827. It's still not complete, but at least better than before. |
Beta Was this translation helpful? Give feedback.
-
|
Great, thank you so much! |
Beta Was this translation helpful? Give feedback.
-
|
The easiest way to see all the EPC ranges is by looking at the dmesg log - the in-kernel driver prints each range out: sudo dmesg | grep -i sgx The cpuid tool can be used, also, because that's how the in-kernel driver gets them the EPC ranges, as does is-sgx-available. |
Beta Was this translation helpful? Give feedback.
-
|
@ScottR-Intel: Will an enclave running on a single CPU have access to EPC from other nodes as well? Or will it start swapping to RAM after exhausting its local EPC? (I think that was the original question @ila had) |
Beta Was this translation helpful? Give feedback.
-
|
Ah... Yes, all ranges are available to all cores/sockets. There is some basic NUMA support in the upstreamed in-kernel driver where all requested enclave memory is placed inside a single EPC range, if possible. If not, it has to spread it out, which of course, incurs some performance penalty. |
Beta Was this translation helpful? Give feedback.
-
So, I was discussing this with @mwkmwkmwk and my answer actually doesn't make sense, all CPUs have to be aware of all EPC mappings in all NUMA regions, and this is indeed the case on a server with NUMA we have. @ila: Could you double check your numbers? Is it really 64GB in the BIOS, but gramine/tools/sgx/is-sgx-available/is_sgx_available.cpp Lines 130 to 145 in 4dae6b0 |
Beta Was this translation helpful? Give feedback.
-
Hi, I have a quick question - using
is-sgx-availableI see that my EPC size is 16GB, however in my BIOS I specified 64GB. This makes sense since my machine has 4 NUMA regions, so EPC is region-wise. However, if I run Gramine, will my available EPC size be 16GB or 64GB? If I pin Gramine to one NUMA core, will it use all the 64GB?In other words - if I want Gramine to use 64GB of EPC, should I specify 256GB in the BIOS? Or 64GB?
Also would appreciate a lot any kind of documentation on this - I find it a bit confusing that Gramine does not explain the difference between enclave size and EPC size, or that the tool
is-sgx-availableshows per-region statistics.Beta Was this translation helpful? Give feedback.
All reactions