[Pal/Linux-SGX] Add sgx.preheat_enclave manifest option

Signed-off-by: Michał Kowalczyk <mkow@invisiblethingslab.com>
2026-04-28 11:13:41 +00:00 · 2021-01-24 01:06:30 +01:00
parent a06b93d8dc
commit a402a2a8d9
3 changed files with 32 additions and 1 deletions
--- a/Documentation/manifest-syntax.rst
+++ b/Documentation/manifest-syntax.rst
@@ -487,6 +487,24 @@ For DCAP/ECDSA based attestation, ``ra_client_spid`` must be an empty string
 (this is a hint to Graphene to use DCAP instead of EPID) and
 ``ra_client_linkable`` is ignored.

+Pre-heating enclave
+^^^^^^^^^^^^^^^^^^^
+
+::
+
+    sgx.preheat_enclave = [1|0]
+    (Default: 0)
+
+When enabled, this option instructs Graphene to pre-fault all heap pages during
+initialization. This has a negative impact on the total run time, but shifts the
+:term:`EPC` page faults cost to the initialization phase, which can be useful in
+a scenario where a server starts and receives connections / work packages only
+after some time. It also makes the later run time and latency much more
+predictable.
+
+Please note that using this option makes sense only when the :term:`EPC` is
+large enough to hold the whole heap area.
+
 Enabling per-thread and process-wide SGX stats
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

--- a/LibOS/shim/test/regression/openmp.manifest.template
+++ b/LibOS/shim/test/regression/openmp.manifest.template
@@ -4,9 +4,10 @@ loader.argv0_override = "openmp"

 loader.env.LD_LIBRARY_PATH = "/lib:/usrlib"

-# two manifest options below are added only for testing, they have no significance for OpenMP
+# the manifest options below are added only for testing, they have no significance for OpenMP
 libos.check_invalid_pointers = 0
 sys.enable_sigterm_injection = 1
+sgx.preheat_enclave = 1

 fs.mount.lib.type = "chroot"
 fs.mount.lib.path = "/lib"
--- a/Pal/src/host/Linux-SGX/db_main.c
+++ b/Pal/src/host/Linux-SGX/db_main.c
@@ -700,6 +700,18 @@ noreturn void pal_linux_main(char* uptr_libpal_uri, size_t libpal_uri_len, char*
    g_pal_state.raw_manifest_data = manifest_addr;
    g_pal_state.manifest_root = manifest_root;

+    int64_t preheat_enclave = 0;
+    ret = toml_int_in(g_pal_state.manifest_root, "sgx.preheat_enclave", /*defaultval=*/0,
+                      &preheat_enclave);
+    if (ret < 0 || (preheat_enclave != 0 && preheat_enclave != 1)) {
+        log_error("Cannot parse \'sgx.preheat_enclave\' (the value must be 0 or 1)\n");
+        ocall_exit(1, true);
+    }
+    if (preheat_enclave == 1) {
+        for (uint8_t* i = g_pal_sec.heap_min; i < (uint8_t*)g_pal_sec.heap_max; i += g_page_size)
+            READ_ONCE(*i);
+    }
+
    ret = toml_sizestring_in(g_pal_state.manifest_root, "loader.pal_internal_mem_size",
                             /*defaultval=*/0, &g_pal_internal_mem_size);
    if (ret < 0) {