Re: [PATCH v2 0/2] x86: sgx_vepc: implement ioctl to EREMOVE all pages

[Yang Zhong <yang.zhong@intel.com>]

On Tue, Oct 12, 2021 at 06:57:06AM -0400, Paolo Bonzini wrote:
> Add to /dev/sgx_vepc a ioctl that brings vEPC pages back to uninitialized
> state with EREMOVE.  This is useful in order to match the expectations
> of guests after reboot, and to match the behavior of real hardware.
> 
> The ioctl is a cleaner alternative to closing and reopening the
> /dev/sgx_vepc device; reopening /dev/sgx_vepc could be problematic in
> case userspace has sandboxed itself since the time it first opened the
> device, and has thus lost permissions to do so.
> 
> If possible, I would like these patches to be included in 5.15 through
> either the x86 or the KVM tree.
> 
  
  Paolo, i did the below tests to verify those two patches on ICX server 
  (1). Windows2019 and Linux guest reboot 
  (2). One 10G vepc, and started 500 enclaves(each 2G) in guest, and then reset
       the guest with 'system_reset' command in monitor.
  (3). One 100K vepc, and start one 2M enclave in guest, then reset the guest
       with 'system_reset' command in the monitor.

   All those tests are successful, and the kernel changes work well. Thanks for
   the great support!

   Yang


> Thanks,
> 
> Paolo
> 
> Changes from RFC:
> - improved commit messages, added documentation
> - renamed ioctl from SGX_IOC_VEPC_REMOVE to SGX_IOC_VEPC_REMOVE_ALL
> 
> Change from v1:
> - fixed documentation and code to cover SGX_ENCLAVE_ACT errors
> - removed Tested-by since the code is quite different now
> 
> Paolo Bonzini (2):
>   x86: sgx_vepc: extract sgx_vepc_remove_page
>   x86: sgx_vepc: implement SGX_IOC_VEPC_REMOVE_ALL ioctl
> 
>  Documentation/x86/sgx.rst       | 26 +++++++++++++
>  arch/x86/include/asm/sgx.h      |  3 ++
>  arch/x86/include/uapi/asm/sgx.h |  2 +
>  arch/x86/kernel/cpu/sgx/virt.c  | 69 ++++++++++++++++++++++++++++++---
>  4 files changed, 95 insertions(+), 5 deletions(-)
> 
> -- 
> 2.27.0