Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Mon, 29 Apr 2024 11:43:05 -0500, Jarkko Sakkinen wrote: On Mon Apr 29, 2024 at 7:18 PM EEST, Haitao Huang wrote: Hi Jarkko On Sun, 28 Apr 2024 17:03:17 -0500, Jarkko Sakkinen wrote: > On Fri Apr 26, 2024 at 5:28 PM EEST, Dave Hansen wrote: >> On 4/16/24 07:15, Jarkko Sakkinen wrote: >> > On Tue Apr 16, 2024 at 8:42 AM EEST, Huang, Kai wrote: >> > Yes, exactly. I'd take one week break and cycle the kselftest part >> > internally a bit as I said my previous response. I'm sure that there >> > is experise inside Intel how to implement it properly. I.e. take some >> > time to find the right person, and wait as long as that person has a >> > bit of bandwidth to go through the test and suggest modifications. >> >> Folks, I worry that this series is getting bogged down in the selftests. >> Yes, selftests are important. But getting _some_ tests in the kernel >> is substantially more important than getting perfect tests. >> >> I don't think Haitao needs to "cycle" this back inside Intel. > > The problem with the tests was that they are hard to run anything else > than Ubuntu (and perhaps Debian). It is hopefully now taken care of. > Selftests do not have to be perfect but at minimum they need to be > runnable. > > I need ret-test the latest series because it is possible that I did not > have right flags (I was travelling few days thus have not done it yet). > > BR, Jarkko > Let me know if you want me to send v13 before testing or you can just use the sgx_cg_upstream_v12_plus branch in my repo. Also thanks for the "Reviewed-by" tags for other patches. But I've not got "Reviewed-by" from you for patches #8-12 (not sure I missed). Could you go through those alsoe when you get chance? So, I compiled v12 branch. Was the only difference in selftests? I can just copy them to the device. BR, Jarkko The only other functional change is using BUG_ON() when workqueue allocation fails in sgx_cgroup_init(). It should not affect testing results. Thanks Haitao
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Mon Apr 29, 2024 at 7:18 PM EEST, Haitao Huang wrote: > Hi Jarkko > > On Sun, 28 Apr 2024 17:03:17 -0500, Jarkko Sakkinen > wrote: > > > On Fri Apr 26, 2024 at 5:28 PM EEST, Dave Hansen wrote: > >> On 4/16/24 07:15, Jarkko Sakkinen wrote: > >> > On Tue Apr 16, 2024 at 8:42 AM EEST, Huang, Kai wrote: > >> > Yes, exactly. I'd take one week break and cycle the kselftest part > >> > internally a bit as I said my previous response. I'm sure that there > >> > is experise inside Intel how to implement it properly. I.e. take some > >> > time to find the right person, and wait as long as that person has a > >> > bit of bandwidth to go through the test and suggest modifications. > >> > >> Folks, I worry that this series is getting bogged down in the selftests. > >> Yes, selftests are important. But getting _some_ tests in the kernel > >> is substantially more important than getting perfect tests. > >> > >> I don't think Haitao needs to "cycle" this back inside Intel. > > > > The problem with the tests was that they are hard to run anything else > > than Ubuntu (and perhaps Debian). It is hopefully now taken care of. > > Selftests do not have to be perfect but at minimum they need to be > > runnable. > > > > I need ret-test the latest series because it is possible that I did not > > have right flags (I was travelling few days thus have not done it yet). > > > > BR, Jarkko > > > > Let me know if you want me to send v13 before testing or you can just use > the sgx_cg_upstream_v12_plus branch in my repo. > > Also thanks for the "Reviewed-by" tags for other patches. But I've not got > "Reviewed-by" from you for patches #8-12 (not sure I missed). Could you go > through those alsoe when you get chance? So, I compiled v12 branch. Was the only difference in selftests? I can just copy them to the device. BR, Jarkko
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
Hi Jarkko On Sun, 28 Apr 2024 17:03:17 -0500, Jarkko Sakkinen wrote: On Fri Apr 26, 2024 at 5:28 PM EEST, Dave Hansen wrote: On 4/16/24 07:15, Jarkko Sakkinen wrote: > On Tue Apr 16, 2024 at 8:42 AM EEST, Huang, Kai wrote: > Yes, exactly. I'd take one week break and cycle the kselftest part > internally a bit as I said my previous response. I'm sure that there > is experise inside Intel how to implement it properly. I.e. take some > time to find the right person, and wait as long as that person has a > bit of bandwidth to go through the test and suggest modifications. Folks, I worry that this series is getting bogged down in the selftests. Yes, selftests are important. But getting _some_ tests in the kernel is substantially more important than getting perfect tests. I don't think Haitao needs to "cycle" this back inside Intel. The problem with the tests was that they are hard to run anything else than Ubuntu (and perhaps Debian). It is hopefully now taken care of. Selftests do not have to be perfect but at minimum they need to be runnable. I need ret-test the latest series because it is possible that I did not have right flags (I was travelling few days thus have not done it yet). BR, Jarkko Let me know if you want me to send v13 before testing or you can just use the sgx_cg_upstream_v12_plus branch in my repo. Also thanks for the "Reviewed-by" tags for other patches. But I've not got "Reviewed-by" from you for patches #8-12 (not sure I missed). Could you go through those alsoe when you get chance? Thanks Haitao
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Fri Apr 26, 2024 at 5:28 PM EEST, Dave Hansen wrote: > On 4/16/24 07:15, Jarkko Sakkinen wrote: > > On Tue Apr 16, 2024 at 8:42 AM EEST, Huang, Kai wrote: > > Yes, exactly. I'd take one week break and cycle the kselftest part > > internally a bit as I said my previous response. I'm sure that there > > is experise inside Intel how to implement it properly. I.e. take some > > time to find the right person, and wait as long as that person has a > > bit of bandwidth to go through the test and suggest modifications. > > Folks, I worry that this series is getting bogged down in the selftests. > Yes, selftests are important. But getting _some_ tests in the kernel > is substantially more important than getting perfect tests. > > I don't think Haitao needs to "cycle" this back inside Intel. The problem with the tests was that they are hard to run anything else than Ubuntu (and perhaps Debian). It is hopefully now taken care of. Selftests do not have to be perfect but at minimum they need to be runnable. I need ret-test the latest series because it is possible that I did not have right flags (I was travelling few days thus have not done it yet). BR, Jarkko
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On 4/16/24 07:15, Jarkko Sakkinen wrote: > On Tue Apr 16, 2024 at 8:42 AM EEST, Huang, Kai wrote: > Yes, exactly. I'd take one week break and cycle the kselftest part > internally a bit as I said my previous response. I'm sure that there > is experise inside Intel how to implement it properly. I.e. take some > time to find the right person, and wait as long as that person has a > bit of bandwidth to go through the test and suggest modifications. Folks, I worry that this series is getting bogged down in the selftests. Yes, selftests are important. But getting _some_ tests in the kernel is substantially more important than getting perfect tests. I don't think Haitao needs to "cycle" this back inside Intel.
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Wed Apr 24, 2024 at 10:42 PM EEST, Haitao Huang wrote: > Hi Jarkko > On Tue, 16 Apr 2024 11:08:11 -0500, Jarkko Sakkinen > wrote: > > > On Tue Apr 16, 2024 at 5:54 PM EEST, Haitao Huang wrote: > >> I did declare the configs in the config file but I missed it in my patch > >> as stated earlier. IIUC, that would not cause this error though. > >> > >> Maybe I should exit with the skip code if no CGROUP_MISC (no more > >> CGROUP_SGX_EPC) is configured? > > OK, so I wanted to do a distro kernel test here, and used the default > > OpenSUSE kernel config. I need to check if it has CGROUP_MISC set. > > I couldn't figure out why this failure you have encountered. I think > OpenSUSE kernel most likely config CGROUP_MISC. > > Also if CGROUP_MISC not set, then there should be error happen earlier on > echoing "+misc" to cgroup.subtree_control at line 20. But your log > indicates only error on echoing "sgx_epc ..." to > /sys/fs/cgroup/...//misc.max. > > I can only speculate that can could happen (if sgx epc cgroup was compiled > in) when the cgroup-fs subdirectories in question already have populated > config that is conflicting with the scripts. > > Could you double check or start from a clean environment? > Thanks > Haitao I can re-check next week once I'm back from Estonia. I'm travelling now to https://lu.ma/uncloud. BR, Jarkko
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
Hi Jarkko On Tue, 16 Apr 2024 11:08:11 -0500, Jarkko Sakkinen wrote: On Tue Apr 16, 2024 at 5:54 PM EEST, Haitao Huang wrote: I did declare the configs in the config file but I missed it in my patch as stated earlier. IIUC, that would not cause this error though. Maybe I should exit with the skip code if no CGROUP_MISC (no more CGROUP_SGX_EPC) is configured? OK, so I wanted to do a distro kernel test here, and used the default OpenSUSE kernel config. I need to check if it has CGROUP_MISC set. I couldn't figure out why this failure you have encountered. I think OpenSUSE kernel most likely config CGROUP_MISC. Also if CGROUP_MISC not set, then there should be error happen earlier on echoing "+misc" to cgroup.subtree_control at line 20. But your log indicates only error on echoing "sgx_epc ..." to /sys/fs/cgroup/...//misc.max. I can only speculate that can could happen (if sgx epc cgroup was compiled in) when the cgroup-fs subdirectories in question already have populated config that is conflicting with the scripts. Could you double check or start from a clean environment? Thanks Haitao
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Wed Apr 17, 2024 at 1:04 AM EEST, Haitao Huang wrote: > On Tue, 16 Apr 2024 11:08:11 -0500, Jarkko Sakkinen > wrote: > > > On Tue Apr 16, 2024 at 5:54 PM EEST, Haitao Huang wrote: > >> I did declare the configs in the config file but I missed it in my patch > >> as stated earlier. IIUC, that would not cause this error though. > >> > >> Maybe I should exit with the skip code if no CGROUP_MISC (no more > >> CGROUP_SGX_EPC) is configured? > > > > OK, so I wanted to do a distro kernel test here, and used the default > > OpenSUSE kernel config. I need to check if it has CGROUP_MISC set. > > > >> tools/testing/selftests$ find . -name README > >> ./futex/README > >> ./tc-testing/README > >> ./net/forwarding/README > >> ./powerpc/nx-gzip/README > >> ./ftrace/README > >> ./arm64/signal/README > >> ./arm64/fp/README > >> ./arm64/README > >> ./zram/README > >> ./livepatch/README > >> ./resctrl/README > > > > So is there a README because of override timeout parameter? Maybe it > > should be just set to a high enough value? > > > > BR, Jarkko > > > > > From the docs, I think we are supposed to use override. > See: https://docs.kernel.org/dev-tools/kselftest.html#timeout-for-selftests OK, fair enough :-) I did not know this. BR, Jarkko
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Tue, 16 Apr 2024 17:21:24 -0500, Haitao Huang wrote: On Tue, 16 Apr 2024 17:04:21 -0500, Haitao Huang wrote: On Tue, 16 Apr 2024 11:08:11 -0500, Jarkko Sakkinen wrote: On Tue Apr 16, 2024 at 5:54 PM EEST, Haitao Huang wrote: I did declare the configs in the config file but I missed it in my patch as stated earlier. IIUC, that would not cause this error though. Maybe I should exit with the skip code if no CGROUP_MISC (no more CGROUP_SGX_EPC) is configured? OK, so I wanted to do a distro kernel test here, and used the default OpenSUSE kernel config. I need to check if it has CGROUP_MISC set. tools/testing/selftests$ find . -name README ./futex/README ./tc-testing/README ./net/forwarding/README ./powerpc/nx-gzip/README ./ftrace/README ./arm64/signal/README ./arm64/fp/README ./arm64/README ./zram/README ./livepatch/README ./resctrl/README So is there a README because of override timeout parameter? Maybe it should be just set to a high enough value? BR, Jarkko From the docs, I think we are supposed to use override. See: https://docs.kernel.org/dev-tools/kselftest.html#timeout-for-selftests Thanks Haitao Maybe you are suggesting we add settings file? I can do that. README also explains what the tests do though. Do you still think they should not exist? I was mostly following resctrl as example. Thanks Haitao With the settings I shortened the README quite bit. Now I also lean towards removing it. Let me know your preference. You can check the latest at my branch for reference: https://github.com/haitaohuang/linux/tree/sgx_cg_upstream_v12_plus Thanks Haitao
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Tue, 16 Apr 2024 17:04:21 -0500, Haitao Huang wrote: On Tue, 16 Apr 2024 11:08:11 -0500, Jarkko Sakkinen wrote: On Tue Apr 16, 2024 at 5:54 PM EEST, Haitao Huang wrote: I did declare the configs in the config file but I missed it in my patch as stated earlier. IIUC, that would not cause this error though. Maybe I should exit with the skip code if no CGROUP_MISC (no more CGROUP_SGX_EPC) is configured? OK, so I wanted to do a distro kernel test here, and used the default OpenSUSE kernel config. I need to check if it has CGROUP_MISC set. tools/testing/selftests$ find . -name README ./futex/README ./tc-testing/README ./net/forwarding/README ./powerpc/nx-gzip/README ./ftrace/README ./arm64/signal/README ./arm64/fp/README ./arm64/README ./zram/README ./livepatch/README ./resctrl/README So is there a README because of override timeout parameter? Maybe it should be just set to a high enough value? BR, Jarkko From the docs, I think we are supposed to use override. See: https://docs.kernel.org/dev-tools/kselftest.html#timeout-for-selftests Thanks Haitao Maybe you are suggesting we add settings file? I can do that. README also explains what the tests do though. Do you still think they should not exist? I was mostly following resctrl as example. Thanks Haitao
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Tue, 16 Apr 2024 11:08:11 -0500, Jarkko Sakkinen wrote: On Tue Apr 16, 2024 at 5:54 PM EEST, Haitao Huang wrote: I did declare the configs in the config file but I missed it in my patch as stated earlier. IIUC, that would not cause this error though. Maybe I should exit with the skip code if no CGROUP_MISC (no more CGROUP_SGX_EPC) is configured? OK, so I wanted to do a distro kernel test here, and used the default OpenSUSE kernel config. I need to check if it has CGROUP_MISC set. tools/testing/selftests$ find . -name README ./futex/README ./tc-testing/README ./net/forwarding/README ./powerpc/nx-gzip/README ./ftrace/README ./arm64/signal/README ./arm64/fp/README ./arm64/README ./zram/README ./livepatch/README ./resctrl/README So is there a README because of override timeout parameter? Maybe it should be just set to a high enough value? BR, Jarkko From the docs, I think we are supposed to use override. See: https://docs.kernel.org/dev-tools/kselftest.html#timeout-for-selftests Thanks Haitao
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Tue Apr 16, 2024 at 5:54 PM EEST, Haitao Huang wrote: > I did declare the configs in the config file but I missed it in my patch > as stated earlier. IIUC, that would not cause this error though. > > Maybe I should exit with the skip code if no CGROUP_MISC (no more > CGROUP_SGX_EPC) is configured? OK, so I wanted to do a distro kernel test here, and used the default OpenSUSE kernel config. I need to check if it has CGROUP_MISC set. > tools/testing/selftests$ find . -name README > ./futex/README > ./tc-testing/README > ./net/forwarding/README > ./powerpc/nx-gzip/README > ./ftrace/README > ./arm64/signal/README > ./arm64/fp/README > ./arm64/README > ./zram/README > ./livepatch/README > ./resctrl/README So is there a README because of override timeout parameter? Maybe it should be just set to a high enough value? BR, Jarkko
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Tue, 16 Apr 2024 00:42:41 -0500, Huang, Kai wrote: I'll send a fixup for this patch or another version of the series if more changes are needed. Hi Haitao, I don't like to say but in general I think you are sending too frequently. The last version was sent April, 11th (my time), so considering the weekend it has only been 3 or at most 4 days. Please slow down a little bit to give people more time. More information please also see: https://www.kernel.org/doc/html/next/process/submitting-patches.html#resend-reminders Thanks for the feedback. I'll slow down sending new versions. Haitao
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Tue, 16 Apr 2024 09:10:12 -0500, Jarkko Sakkinen wrote: On Tue Apr 16, 2024 at 5:05 PM EEST, Jarkko Sakkinen wrote: On Tue Apr 16, 2024 at 6:20 AM EEST, Haitao Huang wrote: > With different cgroups, the script starts one or multiple concurrent SGX > selftests (test_sgx), each to run the unclobbered_vdso_oversubscribed > test case, which loads an enclave of EPC size equal to the EPC capacity > available on the platform. The script checks results against the > expectation set for each cgroup and reports success or failure. > > The script creates 3 different cgroups at the beginning with following > expectations: > > 1) SMALL - intentionally small enough to fail the test loading an > enclave of size equal to the capacity. > 2) LARGE - large enough to run up to 4 concurrent tests but fail some if > more than 4 concurrent tests are run. The script starts 4 expecting at > least one test to pass, and then starts 5 expecting at least one test > to fail. > 3) LARGER - limit is the same as the capacity, large enough to run lots of > concurrent tests. The script starts 8 of them and expects all pass. > Then it reruns the same test with one process randomly killed and > usage checked to be zero after all processes exit. > > The script also includes a test with low mem_cg limit and LARGE sgx_epc > limit to verify that the RAM used for per-cgroup reclamation is charged > to a proper mem_cg. For this test, it turns off swapping before start, > and turns swapping back on afterwards. > > Add README to document how to run the tests. > > Signed-off-by: Haitao Huang jarkko@mustatorvisieni:~/linux-tpmdd> sudo make -C tools/testing/selftests/sgx run_tests make: Entering directory '/home/jarkko/linux-tpmdd/tools/testing/selftests/sgx' gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include -fPIC -c main.c -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/main.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include -fPIC -c load.c -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/load.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include -fPIC -c sigstruct.c -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sigstruct.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include -fPIC -c call.S -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/call.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include -fPIC -c sign_key.S -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sign_key.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include -fPIC -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/test_sgx /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/main.o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/load.o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sigstruct.o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/call.o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sign_key.o -z noexecstack -lcrypto gcc -Wall -Werror -static-pie -nostdlib -ffreestanding -fPIE -fno-stack-protector -mrdrnd -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include test_encl.c test_encl_bootstrap.S -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/test_encl.elf -Wl,-T,test_encl.lds,--build-id=none /usr/lib64/gcc/x86_64-suse-linux/13/../../../../x86_64-suse-linux/bin/ld: warning: /tmp/ccqvDJVg.o: missing .note.GNU-stack section implies executable stack /usr/lib64/gcc/x86_64-suse-linux/13/../../../../x86_64-suse-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker TAP version 13 1..2 # timeout set to 45 # selftests: sgx: test_sgx # TAP version 13 # 1..16 # # Starting 16 tests from 1 test cases. # # RUN enclave.unclobbered_vdso ... # #OK enclave.unclobbered_vdso # ok 1 enclave.unclobbered_vdso # # RUN enclave.unclobbered_vdso_oversubscribed ... # #OK enclave.unclobbered_vdso_oversubscribed # ok 2 enclave.unclobbered_vdso_oversubscribed # # RUN enclave.unclobbered_vdso_oversubscribed_remove ... # # main.c:402:unclobbered_vdso_oversubscribed_remove:Creating an enclave with 98566144 bytes heap may take a while ... # # main.c:457:unclobbered_vdso_oversubscribed_remove:Changing type of 98566144 bytes to trimmed may take a while ... # # main.c:473:unclobbered_vdso_oversubscribed_remove:Entering enclave to run EACCEPT for each page of 98566144 bytes may take a while ... # # main.c:494:unclobbered_vdso_oversubscribed_remove:Removing 98566144 bytes from enclave may take a while ... # #OK enclave.unclobbered_vdso_oversubscribed_remove # ok 3 enclave.unclobbered_vdso_oversubscribed_remove # # RUN
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Tue Apr 16, 2024 at 8:42 AM EEST, Huang, Kai wrote: > > > > I'll send a fixup for this patch or another version of the series if more > > changes are needed. > > Hi Haitao, > > I don't like to say but in general I think you are sending too frequently. > The > last version was sent April, 11th (my time), so considering the weekend it has > only been 3 or at most 4 days. > > Please slow down a little bit to give people more time. > > More information please also see: > > https://www.kernel.org/doc/html/next/process/submitting-patches.html#resend-reminders +1 Yes, exactly. I'd take one week break and cycle the kselftest part internally a bit as I said my previous response. I'm sure that there is experise inside Intel how to implement it properly. I.e. take some time to find the right person, and wait as long as that person has a bit of bandwidth to go through the test and suggest modifications. Cannot blame, as I've done the same mistake a few times in past but yeah this would be the best possible corrective action to take. BR, Jarkko
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Tue Apr 16, 2024 at 5:05 PM EEST, Jarkko Sakkinen wrote: > On Tue Apr 16, 2024 at 6:20 AM EEST, Haitao Huang wrote: > > With different cgroups, the script starts one or multiple concurrent SGX > > selftests (test_sgx), each to run the unclobbered_vdso_oversubscribed > > test case, which loads an enclave of EPC size equal to the EPC capacity > > available on the platform. The script checks results against the > > expectation set for each cgroup and reports success or failure. > > > > The script creates 3 different cgroups at the beginning with following > > expectations: > > > > 1) SMALL - intentionally small enough to fail the test loading an > > enclave of size equal to the capacity. > > 2) LARGE - large enough to run up to 4 concurrent tests but fail some if > > more than 4 concurrent tests are run. The script starts 4 expecting at > > least one test to pass, and then starts 5 expecting at least one test > > to fail. > > 3) LARGER - limit is the same as the capacity, large enough to run lots of > > concurrent tests. The script starts 8 of them and expects all pass. > > Then it reruns the same test with one process randomly killed and > > usage checked to be zero after all processes exit. > > > > The script also includes a test with low mem_cg limit and LARGE sgx_epc > > limit to verify that the RAM used for per-cgroup reclamation is charged > > to a proper mem_cg. For this test, it turns off swapping before start, > > and turns swapping back on afterwards. > > > > Add README to document how to run the tests. > > > > Signed-off-by: Haitao Huang > > jarkko@mustatorvisieni:~/linux-tpmdd> sudo make -C > tools/testing/selftests/sgx run_tests > make: Entering directory > '/home/jarkko/linux-tpmdd/tools/testing/selftests/sgx' > gcc -Wall -Werror -g > -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include > -fPIC -c main.c -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/main.o > gcc -Wall -Werror -g > -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include > -fPIC -c load.c -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/load.o > gcc -Wall -Werror -g > -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include > -fPIC -c sigstruct.c -o > /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sigstruct.o > gcc -Wall -Werror -g > -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include > -fPIC -c call.S -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/call.o > gcc -Wall -Werror -g > -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include > -fPIC -c sign_key.S -o > /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sign_key.o > gcc -Wall -Werror -g > -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include > -fPIC -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/test_sgx > /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/main.o > /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/load.o > /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sigstruct.o > /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/call.o > /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sign_key.o -z > noexecstack -lcrypto > gcc -Wall -Werror -static-pie -nostdlib -ffreestanding -fPIE > -fno-stack-protector -mrdrnd > -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include > test_encl.c test_encl_bootstrap.S -o > /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/test_encl.elf > -Wl,-T,test_encl.lds,--build-id=none > /usr/lib64/gcc/x86_64-suse-linux/13/../../../../x86_64-suse-linux/bin/ld: > warning: /tmp/ccqvDJVg.o: missing .note.GNU-stack section implies executable > stack > /usr/lib64/gcc/x86_64-suse-linux/13/../../../../x86_64-suse-linux/bin/ld: > NOTE: This behaviour is deprecated and will be removed in a future version of > the linker > TAP version 13 > 1..2 > # timeout set to 45 > # selftests: sgx: test_sgx > # TAP version 13 > # 1..16 > # # Starting 16 tests from 1 test cases. > # # RUN enclave.unclobbered_vdso ... > # #OK enclave.unclobbered_vdso > # ok 1 enclave.unclobbered_vdso > # # RUN enclave.unclobbered_vdso_oversubscribed ... > # #OK enclave.unclobbered_vdso_oversubscribed > # ok 2 enclave.unclobbered_vdso_oversubscribed > # # RUN enclave.unclobbered_vdso_oversubscribed_remove ... > # # main.c:402:unclobbered_vdso_oversubscribed_remove:Creating an enclave > with 98566144 bytes heap may take a while ... > # # main.c:457:unclobbered_vdso_oversubscribed_remove:Changing type of > 98566144 bytes to trimmed may take a while ... > # # main.c:473:unclobbered_vdso_oversubscribed_remove:Entering enclave to run > EACCEPT for each page of 98566144 bytes may take a while ... > # # main.c:494:unclobbered_vdso_oversubscribed_remove:Removing 98566144 bytes > from enclave may take a while ... > # #OK enclave.unclobbered_vdso_oversubscribed_remove > # ok 3
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
On Tue Apr 16, 2024 at 6:20 AM EEST, Haitao Huang wrote: > With different cgroups, the script starts one or multiple concurrent SGX > selftests (test_sgx), each to run the unclobbered_vdso_oversubscribed > test case, which loads an enclave of EPC size equal to the EPC capacity > available on the platform. The script checks results against the > expectation set for each cgroup and reports success or failure. > > The script creates 3 different cgroups at the beginning with following > expectations: > > 1) SMALL - intentionally small enough to fail the test loading an > enclave of size equal to the capacity. > 2) LARGE - large enough to run up to 4 concurrent tests but fail some if > more than 4 concurrent tests are run. The script starts 4 expecting at > least one test to pass, and then starts 5 expecting at least one test > to fail. > 3) LARGER - limit is the same as the capacity, large enough to run lots of > concurrent tests. The script starts 8 of them and expects all pass. > Then it reruns the same test with one process randomly killed and > usage checked to be zero after all processes exit. > > The script also includes a test with low mem_cg limit and LARGE sgx_epc > limit to verify that the RAM used for per-cgroup reclamation is charged > to a proper mem_cg. For this test, it turns off swapping before start, > and turns swapping back on afterwards. > > Add README to document how to run the tests. > > Signed-off-by: Haitao Huang jarkko@mustatorvisieni:~/linux-tpmdd> sudo make -C tools/testing/selftests/sgx run_tests make: Entering directory '/home/jarkko/linux-tpmdd/tools/testing/selftests/sgx' gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include -fPIC -c main.c -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/main.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include -fPIC -c load.c -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/load.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include -fPIC -c sigstruct.c -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sigstruct.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include -fPIC -c call.S -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/call.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include -fPIC -c sign_key.S -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sign_key.o gcc -Wall -Werror -g -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include -fPIC -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/test_sgx /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/main.o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/load.o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sigstruct.o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/call.o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/sign_key.o -z noexecstack -lcrypto gcc -Wall -Werror -static-pie -nostdlib -ffreestanding -fPIE -fno-stack-protector -mrdrnd -I/home/jarkko/linux-tpmdd/tools/testing/selftests/../../../tools/include test_encl.c test_encl_bootstrap.S -o /home/jarkko/linux-tpmdd/tools/testing/selftests/sgx/test_encl.elf -Wl,-T,test_encl.lds,--build-id=none /usr/lib64/gcc/x86_64-suse-linux/13/../../../../x86_64-suse-linux/bin/ld: warning: /tmp/ccqvDJVg.o: missing .note.GNU-stack section implies executable stack /usr/lib64/gcc/x86_64-suse-linux/13/../../../../x86_64-suse-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker TAP version 13 1..2 # timeout set to 45 # selftests: sgx: test_sgx # TAP version 13 # 1..16 # # Starting 16 tests from 1 test cases. # # RUN enclave.unclobbered_vdso ... # #OK enclave.unclobbered_vdso # ok 1 enclave.unclobbered_vdso # # RUN enclave.unclobbered_vdso_oversubscribed ... # #OK enclave.unclobbered_vdso_oversubscribed # ok 2 enclave.unclobbered_vdso_oversubscribed # # RUN enclave.unclobbered_vdso_oversubscribed_remove ... # # main.c:402:unclobbered_vdso_oversubscribed_remove:Creating an enclave with 98566144 bytes heap may take a while ... # # main.c:457:unclobbered_vdso_oversubscribed_remove:Changing type of 98566144 bytes to trimmed may take a while ... # # main.c:473:unclobbered_vdso_oversubscribed_remove:Entering enclave to run EACCEPT for each page of 98566144 bytes may take a while ... # # main.c:494:unclobbered_vdso_oversubscribed_remove:Removing 98566144 bytes from enclave may take a while ... # #OK enclave.unclobbered_vdso_oversubscribed_remove # ok 3 enclave.unclobbered_vdso_oversubscribed_remove # # RUN enclave.clobbered_vdso ... # #OK enclave.clobbered_vdso # ok 4 enclave.clobbered_vdso # # RUN enclave.clobbered_vdso_and_user_function ... # #OK
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
> > I'll send a fixup for this patch or another version of the series if more > changes are needed. Hi Haitao, I don't like to say but in general I think you are sending too frequently. The last version was sent April, 11th (my time), so considering the weekend it has only been 3 or at most 4 days. Please slow down a little bit to give people more time. More information please also see: https://www.kernel.org/doc/html/next/process/submitting-patches.html#resend-reminders
Re: [PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
Missed adding the config file: index ..e7f1db1d3eff --- /dev/null +++ b/tools/testing/selftests/sgx/config @@ -0,0 +1,4 @@ +CONFIG_CGROUPS=y +CONFIG_CGROUP_MISC=y +CONFIG_MEMCG=y +CONFIG_X86_SGX=y I'll send a fixup for this patch or another version of the series if more changes are needed. Thanks Haitao
[PATCH v12 14/14] selftests/sgx: Add scripts for EPC cgroup testing
With different cgroups, the script starts one or multiple concurrent SGX selftests (test_sgx), each to run the unclobbered_vdso_oversubscribed test case, which loads an enclave of EPC size equal to the EPC capacity available on the platform. The script checks results against the expectation set for each cgroup and reports success or failure. The script creates 3 different cgroups at the beginning with following expectations: 1) SMALL - intentionally small enough to fail the test loading an enclave of size equal to the capacity. 2) LARGE - large enough to run up to 4 concurrent tests but fail some if more than 4 concurrent tests are run. The script starts 4 expecting at least one test to pass, and then starts 5 expecting at least one test to fail. 3) LARGER - limit is the same as the capacity, large enough to run lots of concurrent tests. The script starts 8 of them and expects all pass. Then it reruns the same test with one process randomly killed and usage checked to be zero after all processes exit. The script also includes a test with low mem_cg limit and LARGE sgx_epc limit to verify that the RAM used for per-cgroup reclamation is charged to a proper mem_cg. For this test, it turns off swapping before start, and turns swapping back on afterwards. Add README to document how to run the tests. Signed-off-by: Haitao Huang --- V12: - Integrate the scripts to the "run_tests" target. (Jarkko) V11: - Remove cgroups-tools dependency and make scripts ash compatible. (Jarkko) - Drop support for cgroup v1 and simplify. (Michal, Jarkko) - Add documentation for functions. (Jarkko) - Turn off swapping before memcontrol tests and back on after - Format and style fixes, name for hard coded values V7: - Added memcontrol test. V5: - Added script with automatic results checking, remove the interactive script. - The script can run independent from the series below. --- tools/testing/selftests/sgx/Makefile | 3 +- tools/testing/selftests/sgx/README| 116 +++ tools/testing/selftests/sgx/ash_cgexec.sh | 16 + .../selftests/sgx/run_epc_cg_selftests.sh | 283 ++ .../selftests/sgx/watch_misc_for_tests.sh | 11 + 5 files changed, 428 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/sgx/README create mode 100755 tools/testing/selftests/sgx/ash_cgexec.sh create mode 100755 tools/testing/selftests/sgx/run_epc_cg_selftests.sh create mode 100755 tools/testing/selftests/sgx/watch_misc_for_tests.sh diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile index 867f88ce2570..739376af9e33 100644 --- a/tools/testing/selftests/sgx/Makefile +++ b/tools/testing/selftests/sgx/Makefile @@ -20,7 +20,8 @@ ENCL_LDFLAGS := -Wl,-T,test_encl.lds,--build-id=none ifeq ($(CAN_BUILD_X86_64), 1) TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx -TEST_FILES := $(OUTPUT)/test_encl.elf +TEST_FILES := $(OUTPUT)/test_encl.elf ash_cgexec.sh +TEST_PROGS := run_epc_cg_selftests.sh all: $(TEST_CUSTOM_PROGS) $(OUTPUT)/test_encl.elf endif diff --git a/tools/testing/selftests/sgx/README b/tools/testing/selftests/sgx/README new file mode 100644 index ..dfc0c74ce99d --- /dev/null +++ b/tools/testing/selftests/sgx/README @@ -0,0 +1,116 @@ +SGX selftests + +The SGX selftests includes a c program (test_sgx) that covers basic user space +facing APIs and a shell scripts (run_sgx_cg_selftests.sh) testing SGX misc +cgroup. The SGX cgroup test script requires root privileges and runs a +specific test case of the test_sgx in different cgroups configured by the +script. More details about the cgroup test can be found below. + +All SGX selftests can run with or without kselftest framework. + +WITH KSELFTEST FRAMEWORK +=== + +BUILD +- + +Build executable file "test_sgx" from top level directory of the kernel source: + $ make -C tools/testing/selftests TARGETS=sgx + +RUN +--- + +Run all sgx tests as sudo or root since the cgroup tests need to configure cgroup +limits in files under /sys/fs/cgroup. + + $ sudo make -C tools/testing/selftests/sgx run_tests + +Without sudo, SGX cgroup tests will be skipped. + +On platforms with large Enclave Page Cache (EPC) and/or less cpu cores, the +tests may need run longer than default timeout of 45 seconds. To avoid +timeouts, set a value for kselftest_override_timeout for the make command: + + $ sudo kselftest_override_timeout=165 make -C tools/testing/selftests/sgx run_tests + +Or use --override-timeout option if running the installed kselftests from the +installation root directory: + + $sudo ./run_kselftest.sh --override-timeout 165 -c sgx + +More details about kselftest framework can be found in +Documentation/dev-tools/kselftest.rst. + +WITHOUT KSELFTEST FRAMEWORK +=== + +BUILD +- + +Build executable file "test_sgx" from this +directory(tools/testing/selftests/sgx/): + + $ make + +RUN +--- + +Run all non-cgroup tests: + + $ ./test_sgx + +To test
