fixup! [Pal/Linux-SGX] DONTMERGE: Initial EDMM dynamic heap implement…

…ation
gramineproject · Mar 5, 2021 · 1fc6ffa · 1fc6ffa
1 parent cdb5c18
commit 1fc6ffa
Show file tree

Hide file tree

Showing 11 changed files with 206 additions and 102 deletions.
diff --git a/Documentation/manifest-syntax.rst b/Documentation/manifest-syntax.rst
@@ -375,14 +375,19 @@ EDMM dynamic heap (Experimental)
     sgx.edmm_enable_heap = [1|0]
     (Default: 0)
 
-This syntax enables EDMM dynamic heap feature available as part of Intel SGX2
-capable hardware. By default the feature is disabled but when enabled, EPC
-pages are not added when creating the enclave but allocated when an unavailable
-page is EACCEPT'ed. This triggers a page fault (#PF) which is handled by the
-Intel SGX driver (legacy driver) which EAUG's the page and is then EACCEPT'ed
-by the enclave. This does help reduce the loading time of a large enclave
-application but can impact the runtime as there is a penalty for additional
-asynchronous enclave exits (AEXs) caused by #PFs.
+This syntax enables EDMM dynamic heap feature available as part of Intel
+":term:`SGX2`" capable hardware. When enabled, EPC pages are not added when
+creating the enclave but allocated dynamically using EACCEPT when Graphene
+requests more heap memory. This triggers a page fault (#PF) which is handled by
+the Intel SGX driver (legacy driver) by EAUGing the page and returning the
+control back to the enclave. The enclave now continues from the same EACCEPT
+instruction (but this time this instruction succeeds).
+
+One of the key advantages of EDMM is that the enclave ends up using only the
+EPC pages that it requires and the user does not need to tailor the enclave
+size precisely for each workload. EDMM does help to reduce the loading time of
+a large enclave application but can impact the runtime as there is a penalty
+for additional asynchronous enclave exits (AEXs) caused by #PFs.
 
 Optional CPU features (AVX, AVX512, MPX, PKRU)
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

diff --git a/Pal/src/host/Linux-SGX/db_main.c b/Pal/src/host/Linux-SGX/db_main.c
@@ -710,7 +710,7 @@ noreturn void pal_linux_main(char* uptr_libpal_uri, size_t libpal_uri_len, char*
         log_error("Cannot parse \'sgx.preheat_enclave\' (the value must be 0 or 1)\n");
         ocall_exit(1, true);
     }
-    if (preheat_enclave == 1) {
+    if (!g_pal_sec.edmm_enable_heap && preheat_enclave == 1) {
         for (uint8_t* i = g_pal_sec.heap_min; i < (uint8_t*)g_pal_sec.heap_max; i += g_page_size)
             READ_ONCE(*i);
     }

diff --git a/Pal/src/host/Linux-SGX/enclave_ocalls.c b/Pal/src/host/Linux-SGX/enclave_ocalls.c
@@ -1703,18 +1703,18 @@ int ocall_sched_getaffinity(void* tcs, size_t cpumask_size, void* cpu_mask) {
     return retval;
 }
 
-int ocall_trim_epc_pages(struct sgx_range* rg) {
+int ocall_trim_epc_pages(void* addr, unsigned int nr_pages) {
     int retval = 0;
-    struct sgx_range* ms;
+    ms_ocall_sgx_range_t* ms;
 
-    void *old_ustack = sgx_prepare_ustack();
+    void* old_ustack = sgx_prepare_ustack();
     ms = sgx_alloc_on_ustack_aligned(sizeof(*ms), alignof(*ms));
     if (!ms) {
         retval = -ENOMEM;
         goto out;
     }
-    ms->start_addr = rg->start_addr;
-    ms->nr_pages = rg->nr_pages;
+    ms->start_addr = (unsigned long)addr;
+    ms->nr_pages = nr_pages;
 
     do {
         retval = sgx_exitless_ocall(OCALL_TRIM_EPC_PAGES, ms);
@@ -1725,18 +1725,18 @@ int ocall_trim_epc_pages(struct sgx_range* rg) {
     return retval;
 }
 
-int ocall_notify_accept(struct sgx_range* rg) {
+int ocall_notify_accept(void* addr, unsigned int nr_pages) {
     int retval = 0;
-    struct sgx_range* ms;
+    ms_ocall_sgx_range_t* ms;
 
-    void *old_ustack = sgx_prepare_ustack();
+    void* old_ustack = sgx_prepare_ustack();
     ms = sgx_alloc_on_ustack_aligned(sizeof(*ms), alignof(*ms));
     if (!ms) {
         retval = -ENOMEM;
         goto out;
     }
-    ms->start_addr = rg->start_addr;
-    ms->nr_pages = rg->nr_pages;
+    ms->start_addr = (unsigned long)addr;
+    ms->nr_pages = nr_pages;
 
     do {
         retval = sgx_exitless_ocall(OCALL_NOTIFY_ACCEPT, ms);

diff --git a/Pal/src/host/Linux-SGX/enclave_ocalls.h b/Pal/src/host/Linux-SGX/enclave_ocalls.h
@@ -11,8 +11,6 @@
 #include "pal_linux.h"
 #include "sgx_attest.h"
 
-#include "gsgx.h"
-
 noreturn void ocall_exit(int exitcode, int is_exitgroup);
 
 int ocall_mmap_untrusted(void** addrptr, size_t size, int prot, int flags, int fd, off_t offset);
@@ -118,6 +116,6 @@ int ocall_eventfd(unsigned int initval, int flags);
 int ocall_get_quote(const sgx_spid_t* spid, bool linkable, const sgx_report_t* report,
                     const sgx_quote_nonce_t* nonce, char** quote, size_t* quote_len);
 
-int ocall_trim_epc_pages(struct sgx_range* rg);
+int ocall_trim_epc_pages(void* addr, unsigned int nr_pages);
 
-int ocall_notify_accept(struct sgx_range* rg);
+int ocall_notify_accept(void* addr, unsigned int nr_pages);