Regarding the issue of building and installing HyperEnclave

xiaoran33 commented 1 month ago

你好，咨询一个问题：目前在hygon服务器上编译注册hyperenclave报错，报错如下：

[  449.191342] HE: init_enclave_page: 333. Initialized EPC ranges size: 0x1dc0000000
[  449.191344] HE: he_cmd_enable: 383. config_header load_addr: 0xffffff0004790000
[  449.191350] HE: parse_ivrs: 47. HE_ERROR. IVRS acpi_table AE_NOT_FOUND
[  449.191389] HE: he_cmd_enable: 397. HE_ERROR. failed to parse iommu

GRUB_CMDLINE_LINUX的配置： memmap=128G\\\$0x100000000 iommu=off no5lvl lscpu信息如下：

root@test:~# lscpu
Architecture:                       x86_64
CPU op-mode(s):                     32-bit, 64-bit
Byte Order:                         Little Endian
Address sizes:                      48 bits physical, 48 bits virtual
CPU(s):                             128
On-line CPU(s) list:                0-127
Thread(s) per core:                 2
Core(s) per socket:                 32
Socket(s):                          2
NUMA node(s):                       8
Vendor ID:                          HygonGenuine
CPU family:                         24
Model:                              2
Model name:                         Hygon C86 7381 32-core Processor
Stepping:                           2
CPU MHz:                            2683.788
BogoMIPS:                           4599.97
Virtualization:                     AMD-V
L1d cache:                          2 MiB
L1i cache:                          4 MiB
L2 cache:                           32 MiB
L3 cache:                           128 MiB
NUMA node0 CPU(s):                  0-7,64-71
NUMA node1 CPU(s):                  8-15,72-79
NUMA node2 CPU(s):                  16-23,80-87
NUMA node3 CPU(s):                  24-31,88-95
NUMA node4 CPU(s):                  32-39,96-103
NUMA node5 CPU(s):                  40-47,104-111
NUMA node6 CPU(s):                  48-55,112-119
NUMA node7 CPU(s):                  56-63,120-127
Vulnerability Gather data sampling: Not affected
Vulnerability Itlb multihit:        Not affected
Vulnerability L1tf:                 Not affected
Vulnerability Mds:                  Not affected
Vulnerability Meltdown:             Not affected
Vulnerability Mmio stale data:      Not affected
Vulnerability Retbleed:             Vulnerable
Vulnerability Spec store bypass:    Mitigation; Speculative Store Bypass disabled via prctl and seccomp
Vulnerability Spectre v1:           Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2:           Mitigation; Retpolines; IBPB conditional; STIBP disabled; RSB filling; PBRSB-eIBRS Not affected; BHI Not affected
Vulnerability Srbds:                Not affected
Vulnerability Tsx async abort:      Not affected
Flags:                              fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_
                                    opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid amd_dcm aperfmperf pni pclmulqdq monitor ssse
                                    3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalign
                                    sse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate ssbd ibpb vmmca
                                    ll fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr ar
                                    at npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload v
                                    gif overflow_recov succor smca sme sev sev_es

xiaoran33 commented 1 month ago

@Bonjourz 请问官方的同学，目前问题定位到了吗？

xiaoran33 commented 1 month ago

有官方的同学解答一下吗？

oceanqdu commented 3 weeks ago

@xiaoran33 iommu在海光cpu里应该是amd_iommu

Bonjourz commented 3 weeks ago

Hi @xiaoran33 ,

to determine what happens on you platform, could you provide the following information for us:

The kernel version, by typing $ uname -r in your bash;
The kernel command line configuration, by typing $ cat /proc/cmdline in your bash;
It seems that IOMMU is not enable in the BIOS on your platform, so HyperEnclave Driver cannot get the "ivrs" section in the ACPI table:
```
[  449.191350] HE: parse_ivrs: 47. HE_ERROR. IVRS acpi_table AE_NOT_FOUND
```
so you need to provide the kernel log (which can be gotten by $dmesg in your bash after reboot).

xiaoran33 commented 3 weeks ago

好的

root@test:~# uname -r
5.4.0-196-generic

root@test:~# cat /proc/cmdline 
BOOT_IMAGE=/boot/vmlinuz-5.4.0-196-generic root=UUID=57af455c-7808-4a17-b758-3cd51901d43b ro memmap=128G$0x100000000 iommu=off no5lvl

issue貌似上传不了文件，我把日志输出文件了，下面是在日志搜索到的iommu 内容，(或者你需要日志文件我可以通过钉钉传给你) dmesg kernel log: [ 1.692840] iommu: Default domain type: Translated

Bonjourz commented 3 weeks ago

Hi @xiaoran33 , just drag the "dmesg" file here.

xiaoran33 commented 3 weeks ago

dmesg_kernel.log

Bonjourz commented 3 weeks ago

Hi @xiaoran33 ,

Please make sure AMD I/O Virtualization Technology (IOMMU) is enabled in the BIOS.

xiaoran33 commented 18 hours ago

我在跑readme文档示例hello_c的时候，occlum run /bin/hello_world卡住了， occlum build正常执行，打印的信息如下：

root@test:~/occlum/demos/hello_c/occlum_instance# occlum build
Enclave sign-tool: /opt/occlum/sgxsdk-tools/bin/x64/sgx_sign_hyper
Enclave sign-key: /opt/occlum/etc/template/Enclave.pem
SGX mode: HYPER
rm -rf /root/occlum/demos/hello_c/occlum_instance/build
Building the initfs...
[+] Home dir is /root
[+] Open token file success! 
[+] Token file valid!
[+] Init Enclave Successful 1769526525954!
Generate the SEFS image successfully
Building new image...
[+] Home dir is /root
[+] Open token file success! 
[+] Token file valid!
[+] Init Enclave Successful 1791001362434!
Generate the SEFS image successfully
Building libOS...
Signing the enclave...
<EnclaveConfiguration>
    <ProdID>0</ProdID>
    <ISVSVN>0</ISVSVN>
    <StackMaxSize>1048576</StackMaxSize>
    <StackMinSize>1048576</StackMinSize>
    <HeapInitSize>33554432</HeapInitSize>
    <HeapMaxSize>1073741824</HeapMaxSize>
    <HeapMinSize>33554432</HeapMinSize>
    <TCSNum>32</TCSNum>
    <TCSMaxNum>4096</TCSMaxNum>
    <TCSMinPool>32</TCSMinPool>
    <TCSPolicy>1</TCSPolicy>
    <DisableDebug>0</DisableDebug>
    <MiscSelect>1</MiscSelect>
    <MiscMask>0x0</MiscMask>
    <ReservedMemMaxSize>314572800</ReservedMemMaxSize>
    <ReservedMemMinSize>314572800</ReservedMemMinSize>
    <ReservedMemInitSize>314572800</ReservedMemInitSize>
    <ReservedMemExecutable>1</ReservedMemExecutable>
    <MarshalBufferSize>1048576</MarshalBufferSize>
    <EnableKSS>0</EnableKSS>
    <ISVEXTPRODID_H>0</ISVEXTPRODID_H>
    <ISVEXTPRODID_L>0</ISVEXTPRODID_L>
    <ISVFAMILYID_H>0</ISVFAMILYID_H>
    <ISVFAMILYID_L>0</ISVFAMILYID_L>
</EnclaveConfiguration>
tcs_num 32, tcs_max_num 4096, tcs_min_pool 32
The required memory is 386457600B.
The required memory is 0x1708e000, 377400 KB.
Succeed.
Built the Occlum image and enclave successfully

occlum run /bin/hello_world卡住了，进程一直不结束，也没打印Hello World，如下： root@test:~/occlum/demos/hello_c/occlum_instance# occlum run /bin/hello_world

Bonjourz commented 10 hours ago

Hi @xiaoran33 ,

Have you resolved the issue you mentioned before? It seems that you have successfully built and installed HyperEnclave on your platform. How do you solve these problems you mentioned before? Could you please share it with us and the community?

If the problem "Regarding the issue of building and installing HyperEnclave" is solved, could you close this issue?

For the new problems: "occlum run /bin/hello_world hangs", could you open another issue so we can discuss it there.

asterinas / hyperenclave

Regarding the issue of building and installing HyperEnclave #2