From: Sean Christopherson <seanjc@google.com>
To: Kai Huang <kai.huang@intel.com>
Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org,
pbonzini@redhat.com, bp@alien8.de, jarkko@kernel.org,
dave.hansen@intel.com, luto@kernel.org,
rick.p.edgecombe@intel.com, haitao.huang@intel.com
Subject: Re: [PATCH v4 07/11] KVM: VMX: Add SGX ENCLS[ECREATE] handler to enforce CPUID restrictions
Date: Wed, 7 Apr 2021 22:10:36 +0000 [thread overview]
Message-ID: <YG4t3DYYNd4eBeNt@google.com> (raw)
In-Reply-To: <963a2416333290e23773260d824a9e038aed5a53.1617825858.git.kai.huang@intel.com>
On Thu, Apr 08, 2021, Kai Huang wrote:
> + /*
> + * sgx_virt_ecreate() returns:
> + * 1) 0: ECREATE was successful
> + * 2) -EFAULT: ECREATE was run but faulted, and trapnr was set to the
> + * exception number.
> + * 3) -EINVAL: access_ok() on @secs_hva fails. It's a kernel bug and
> + * sgx_virt_ecreate() aleady gave a warning.
Eh, I don't love "kernel bug", all we know is that access_ok() failed. It's
also not all that helpful since it doesn't guide the debugger to any particular
code that would prevent access_ok() from failing.
What if this comment simply states the rules/expectations and lets the debugger
figure out what's wrong? E.g.
* 3) -EINVAL: access_ok() on @secs_hva failed. This should never
* happen as KVM checks host addresses at memslot creation.
* sgx_virt_create() has already warned in this case.
Same goes for sgx_virt_einit() in the next patch.
> + */
> + ret = sgx_virt_ecreate(pageinfo, (void __user *)secs_hva, &trapnr);
> + if (!ret)
> + return kvm_skip_emulated_instruction(vcpu);
> + if (ret == -EFAULT)
> + return sgx_inject_fault(vcpu, secs_gva, trapnr);
> +
> + return ret;
> +}
next prev parent reply other threads:[~2021-04-07 22:11 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 20:49 [PATCH v4 00/11] KVM SGX virtualization support (KVM part) Kai Huang
2021-04-07 20:49 ` [PATCH v4 01/11] KVM: x86: Export kvm_mmu_gva_to_gpa_{read,write}() for SGX (VMX) Kai Huang
2021-04-07 20:49 ` [PATCH v4 02/11] KVM: x86: Define new #PF SGX error code bit Kai Huang
2021-04-07 20:49 ` [PATCH v4 03/11] KVM: x86: Add support for reverse CPUID lookup of scattered features Kai Huang
2021-04-07 20:49 ` [PATCH v4 04/11] KVM: x86: Add reverse-CPUID lookup support for scattered SGX features Kai Huang
2021-04-07 20:49 ` [PATCH v4 05/11] KVM: VMX: Add basic handling of VM-Exit from SGX enclave Kai Huang
2021-04-07 20:49 ` [PATCH v4 06/11] KVM: VMX: Frame in ENCLS handler for SGX virtualization Kai Huang
2021-04-07 22:16 ` Sean Christopherson
2021-04-07 22:33 ` Kai Huang
2021-04-07 22:35 ` Sean Christopherson
2021-04-07 22:44 ` Kai Huang
2021-04-07 22:47 ` Sean Christopherson
2021-04-07 22:59 ` Kai Huang
2021-04-07 20:49 ` [PATCH v4 07/11] KVM: VMX: Add SGX ENCLS[ECREATE] handler to enforce CPUID restrictions Kai Huang
2021-04-07 21:52 ` Sean Christopherson
2021-04-07 21:58 ` Kai Huang
2021-04-07 22:04 ` Sean Christopherson
2021-04-07 22:16 ` Kai Huang
2021-04-07 22:10 ` Sean Christopherson [this message]
2021-04-07 22:15 ` Kai Huang
2021-04-07 20:49 ` [PATCH v4 08/11] KVM: VMX: Add emulation of SGX Launch Control LE hash MSRs Kai Huang
2021-04-07 20:49 ` [PATCH v4 09/11] KVM: VMX: Add ENCLS[EINIT] handler to support SGX Launch Control (LC) Kai Huang
2021-04-07 20:49 ` [PATCH v4 10/11] KVM: VMX: Enable SGX virtualization for SGX1, SGX2 and LC Kai Huang
2021-04-07 20:49 ` [PATCH v4 11/11] KVM: x86: Add capability to grant VM access to privileged SGX attribute Kai Huang
2021-04-07 23:08 ` [PATCH v4 00/11] KVM SGX virtualization support (KVM part) Kai Huang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YG4t3DYYNd4eBeNt@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=haitao.huang@intel.com \
--cc=jarkko@kernel.org \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=luto@kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.