From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Andy Lutomirski <luto@kernel.org>,
"Huang, Kai" <kai.huang@linux.intel.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: kvm list <kvm@vger.kernel.org>, Radim Krcmar <rkrcmar@redhat.com>,
haim.cohen@intel.com,
"intel-sgx-kernel-dev@lists.01.org"
<intel-sgx-kernel-dev@lists.01.org>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [intel-sgx-kernel-dev] [PATCH 08/10] kvm: vmx: add guest's IA32_SGXLEPUBKEYHASHn runtime switch support
Date: Wed, 19 Jul 2017 08:04:51 -0700 [thread overview]
Message-ID: <1500476691.18653.5.camel@intel.com> (raw)
In-Reply-To: <CALCETrUcYfb8E2Ot=WhPH79bVNoPxyBX1ot02o_QvxVsLsQnMg@mail.gmail.com>
On Thu, 2017-05-11 at 23:11 -0700, Andy Lutomirski wrote:
> On Thu, May 11, 2017 at 9:56 PM, Huang, Kai <kai.huang@linux.intel.com> wrote:
> >
> > > Have a percpu variable that stores the current SGXLEPUBKEYHASH along
> > > with whatever lock is needed (probably just a mutex). Users of EINIT
> > > will take the mutex, compare the percpu variable to the desired value,
> > > and, if it's different, do WRMSR and update the percpu variable.
> > >
> > > KVM will implement writes to SGXLEPUBKEYHASH by updating its in-memory
> > > state but *not* changing the MSRs. KVM will trap and emulate EINIT to
> > > support the same handling as the host. There is no action required at
> > > all on KVM guest entry and exit.
> >
> > This is doable, but SGX driver needs to do those things and expose
> > interfaces for KVM to use. In terms of the percpu data, it is nice to have,
> > but I am not sure whether it is mandatory, as IMO EINIT is not even in
> > performance critical path. We can simply read old value from MSRs out and
> > compare whether the old equals to the new.
> I think the SGX driver should probably live in arch/x86, and the
> interface could be a simple percpu variable that is exported (from the
> main kernel image, not from a module).
Jarkko, what are your thoughts on moving the SGX code into arch/x86 and removing
the option to build it as a module? This would simplify the KVM and EPC cgroup
implementations.
next prev parent reply other threads:[~2017-07-19 15:04 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-08 5:24 [RFC PATCH 00/10] Basic KVM SGX Virtualization support Kai Huang
2017-05-08 5:24 ` [PATCH 01/10] x86: add SGX Launch Control definition to cpufeature Kai Huang
2017-05-08 5:24 ` [PATCH 02/10] kvm: vmx: add ENCLS VMEXIT detection Kai Huang
2017-05-08 5:24 ` [PATCH 03/10] kvm: vmx: detect presence of host SGX driver Kai Huang
2017-05-08 5:24 ` [PATCH 04/10] kvm: sgx: new functions to init and destory SGX for guest Kai Huang
2017-05-08 5:24 ` [PATCH 05/10] kvm: x86: add KVM_GET_SUPPORTED_CPUID SGX support Kai Huang
2017-05-08 5:24 ` [PATCH 06/10] kvm: x86: add KVM_SET_CPUID2 " Kai Huang
2017-05-08 5:24 ` [PATCH 07/10] kvm: vmx: add SGX IA32_FEATURE_CONTROL MSR emulation Kai Huang
2017-05-08 5:24 ` [PATCH 08/10] kvm: vmx: add guest's IA32_SGXLEPUBKEYHASHn runtime switch support Kai Huang
2017-05-12 0:32 ` Huang, Kai
2017-05-12 3:28 ` [intel-sgx-kernel-dev] " Andy Lutomirski
2017-05-12 4:56 ` Huang, Kai
2017-05-12 6:11 ` Andy Lutomirski
2017-05-12 18:48 ` Christopherson, Sean J
2017-05-12 20:50 ` Christopherson, Sean J
2017-05-16 0:59 ` Huang, Kai
2017-05-16 1:22 ` Huang, Kai
2017-05-16 0:48 ` Huang, Kai
2017-05-16 14:21 ` Paolo Bonzini
2017-05-18 7:54 ` Huang, Kai
2017-05-18 8:58 ` Paolo Bonzini
2017-05-17 0:09 ` Andy Lutomirski
2017-05-18 7:45 ` Huang, Kai
2017-06-06 20:52 ` Huang, Kai
2017-06-06 21:22 ` Andy Lutomirski
2017-06-06 22:51 ` Huang, Kai
2017-06-07 14:45 ` Cohen, Haim
2017-06-08 12:31 ` Jarkko Sakkinen
2017-06-08 23:47 ` Huang, Kai
2017-06-08 23:53 ` Andy Lutomirski
2017-06-09 15:38 ` Cohen, Haim
2017-06-10 12:23 ` Jarkko Sakkinen
2017-06-11 22:45 ` Huang, Kai
2017-06-12 8:36 ` Jarkko Sakkinen
2017-06-12 9:53 ` Huang, Kai
2017-06-12 16:24 ` Andy Lutomirski
2017-06-12 22:08 ` Huang, Kai
2017-06-12 23:00 ` Andy Lutomirski
2017-06-16 3:46 ` Huang, Kai
2017-06-16 4:11 ` Andy Lutomirski
2017-06-16 4:33 ` Huang, Kai
2017-06-16 9:34 ` Huang, Kai
2017-06-16 16:03 ` Andy Lutomirski
2017-06-16 16:25 ` Andy Lutomirski
2017-06-16 16:31 ` Christopherson, Sean J
2017-06-16 16:43 ` Andy Lutomirski
2017-06-13 18:57 ` Jarkko Sakkinen
2017-06-13 19:05 ` Jarkko Sakkinen
2017-06-13 20:13 ` Sean Christopherson
2017-06-14 9:37 ` Jarkko Sakkinen
2017-06-14 15:11 ` Christopherson, Sean J
2017-06-14 17:03 ` Jarkko Sakkinen
2017-06-13 23:28 ` Huang, Kai
2017-06-14 9:44 ` Jarkko Sakkinen
2017-07-19 15:04 ` Sean Christopherson [this message]
2017-05-15 12:46 ` Jarkko Sakkinen
2017-05-15 23:56 ` Huang, Kai
2017-05-16 14:23 ` Paolo Bonzini
2017-05-17 14:21 ` Sean Christopherson
2017-05-18 8:14 ` Huang, Kai
2017-05-20 21:55 ` Andy Lutomirski
2017-05-23 5:43 ` Huang, Kai
2017-05-23 5:55 ` Huang, Kai
2017-05-23 16:34 ` Andy Lutomirski
2017-05-23 16:43 ` Paolo Bonzini
2017-05-24 8:20 ` Huang, Kai
2017-05-20 13:23 ` Jarkko Sakkinen
2017-05-08 5:24 ` [PATCH 09/10] kvm: vmx: handle ENCLS VMEXIT Kai Huang
2017-05-08 8:08 ` Paolo Bonzini
2017-05-10 1:30 ` Huang, Kai
2017-05-08 5:24 ` [PATCH 10/10] kvm: vmx: handle VMEXIT from SGX Enclave Kai Huang
2017-05-08 8:22 ` Paolo Bonzini
2017-05-11 9:34 ` Huang, Kai
2017-06-19 5:02 ` Huang, Kai
2017-06-27 15:29 ` Radim Krčmář
2017-06-28 22:22 ` Huang, Kai
2017-05-08 5:24 ` [PATCH 11/11] kvm: vmx: workaround FEATURE_CONTROL[17] is not set by BIOS Kai Huang
2017-05-08 5:29 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1500476691.18653.5.camel@intel.com \
--to=sean.j.christopherson@intel.com \
--cc=haim.cohen@intel.com \
--cc=intel-sgx-kernel-dev@lists.01.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=kai.huang@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=luto@kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).