From: Alexander Graf <graf@amazon.de>
To: Andra Paraschiv <andraprs@amazon.com>, <linux-kernel@vger.kernel.org>
Cc: Anthony Liguori <aliguori@amazon.com>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Colm MacCarthaigh <colmmacc@amazon.com>,
"Bjoern Doebel" <doebel@amazon.de>,
David Woodhouse <dwmw@amazon.co.uk>,
"Frank van der Linden" <fllinden@amazon.com>,
Greg KH <gregkh@linuxfoundation.org>,
Martin Pohlack <mpohlack@amazon.de>, Matt Wilson <msw@amazon.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
Balbir Singh <sblbir@amazon.com>,
"Stefano Garzarella" <sgarzare@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>,
Stewart Smith <trawets@amazon.com>,
Uwe Dannowski <uwed@amazon.de>, <kvm@vger.kernel.org>,
<ne-devel-upstream@amazon.com>
Subject: Re: [PATCH v4 12/18] nitro_enclaves: Add logic for enclave start
Date: Mon, 6 Jul 2020 13:21:49 +0200 [thread overview]
Message-ID: <ff9b84e0-b4b5-fea4-e2e0-118d59e23784@amazon.de> (raw)
In-Reply-To: <20200622200329.52996-13-andraprs@amazon.com>
On 22.06.20 22:03, Andra Paraschiv wrote:
> After all the enclave resources are set, the enclave is ready for
> beginning to run.
>
> Add ioctl command logic for starting an enclave after all its resources,
> memory regions and CPUs, have been set.
>
> The enclave start information includes the local channel addressing -
> vsock CID - and the flags associated with the enclave.
>
> Signed-off-by: Alexandru Vasile <lexnv@amazon.com>
> Signed-off-by: Andra Paraschiv <andraprs@amazon.com>
> ---
> Changelog
>
> v3 -> v4
>
> * Use dev_err instead of custom NE log pattern.
> * Update the naming for the ioctl command from metadata to info.
> * Check for minimum enclave memory size.
>
> v2 -> v3
>
> * Remove the WARN_ON calls.
> * Update static calls sanity checks.
>
> v1 -> v2
>
> * Add log pattern for NE.
> * Check if enclave state is init when starting an enclave.
> * Remove the BUG_ON calls.
> ---
> drivers/virt/nitro_enclaves/ne_misc_dev.c | 114 ++++++++++++++++++++++
> 1 file changed, 114 insertions(+)
>
> diff --git a/drivers/virt/nitro_enclaves/ne_misc_dev.c b/drivers/virt/nitro_enclaves/ne_misc_dev.c
> index 17ccb6cdbd75..d9794f327169 100644
> --- a/drivers/virt/nitro_enclaves/ne_misc_dev.c
> +++ b/drivers/virt/nitro_enclaves/ne_misc_dev.c
> @@ -703,6 +703,45 @@ static int ne_set_user_memory_region_ioctl(struct ne_enclave *ne_enclave,
> return rc;
> }
>
> +/**
> + * ne_start_enclave_ioctl - Trigger enclave start after the enclave resources,
> + * such as memory and CPU, have been set.
> + *
> + * This function gets called with the ne_enclave mutex held.
> + *
> + * @ne_enclave: private data associated with the current enclave.
> + * @enclave_start_info: enclave info that includes enclave cid and flags.
> + *
> + * @returns: 0 on success, negative return value on failure.
> + */
> +static int ne_start_enclave_ioctl(struct ne_enclave *ne_enclave,
> + struct ne_enclave_start_info *enclave_start_info)
> +{
> + struct ne_pci_dev_cmd_reply cmd_reply = {};
> + struct enclave_start_req enclave_start_req = {};
> + int rc = -EINVAL;
> +
> + enclave_start_req.enclave_cid = enclave_start_info->enclave_cid;
> + enclave_start_req.flags = enclave_start_info->flags;
> + enclave_start_req.slot_uid = ne_enclave->slot_uid;
I think it's easier to read if you do the initialization straight in the
variable declaation:
struct enclave_start_req enclave_start_req = {
.enclave_cid = enclave_start_info->cid,
.flags = enclave_start_info->flags,
.slot_uid = ne_enclave->slot_uid,
};
> +
> + rc = ne_do_request(ne_enclave->pdev, ENCLAVE_START, &enclave_start_req,
> + sizeof(enclave_start_req), &cmd_reply,
> + sizeof(cmd_reply));
> + if (rc < 0) {
> + dev_err_ratelimited(ne_misc_dev.this_device,
> + "Error in enclave start [rc=%d]\n", rc);
> +
> + return rc;
> + }
> +
> + ne_enclave->state = NE_STATE_RUNNING;
> +
> + enclave_start_info->enclave_cid = cmd_reply.enclave_cid;
> +
> + return 0;
> +}
> +
> static long ne_enclave_ioctl(struct file *file, unsigned int cmd,
> unsigned long arg)
> {
> @@ -818,6 +857,81 @@ static long ne_enclave_ioctl(struct file *file, unsigned int cmd,
> return rc;
> }
>
> + case NE_START_ENCLAVE: {
> + struct ne_enclave_start_info enclave_start_info = {};
> + int rc = -EINVAL;
> +
> + if (copy_from_user(&enclave_start_info, (void *)arg,
> + sizeof(enclave_start_info))) {
> + dev_err_ratelimited(ne_misc_dev.this_device,
> + "Error in copy from user\n");
No need to print anything here
> +
> + return -EFAULT;
> + }
> +
> + mutex_lock(&ne_enclave->enclave_info_mutex);
> +
> + if (ne_enclave->state != NE_STATE_INIT) {
> + dev_err_ratelimited(ne_misc_dev.this_device,
> + "Enclave isn't in init state\n");
> +
> + mutex_unlock(&ne_enclave->enclave_info_mutex);
> +
> + return -EINVAL;
Can this be its own return value instead?
> + }
> +
> + if (!ne_enclave->nr_mem_regions) {
> + dev_err_ratelimited(ne_misc_dev.this_device,
> + "Enclave has no mem regions\n");
> +
> + mutex_unlock(&ne_enclave->enclave_info_mutex);
> +
> + return -ENOMEM;
> + }
> +
> + if (ne_enclave->mem_size < NE_MIN_ENCLAVE_MEM_SIZE) {
> + dev_err_ratelimited(ne_misc_dev.this_device,
> + "Enclave memory is less than %ld\n",
> + NE_MIN_ENCLAVE_MEM_SIZE);
> +
> + mutex_unlock(&ne_enclave->enclave_info_mutex);
> +
> + return -ENOMEM;
> + }
> +
> + if (!ne_enclave->nr_vcpus) {
> + dev_err_ratelimited(ne_misc_dev.this_device,
> + "Enclave has no vcpus\n");
> +
> + mutex_unlock(&ne_enclave->enclave_info_mutex);
> +
> + return -EINVAL;
Same here.
> + }
> +
> + if (!cpumask_empty(ne_enclave->cpu_siblings)) {
> + dev_err_ratelimited(ne_misc_dev.this_device,
> + "CPU siblings not used\n");
> +
> + mutex_unlock(&ne_enclave->enclave_info_mutex);
> +
> + return -EINVAL;
Same here.
> + }
> +
> + rc = ne_start_enclave_ioctl(ne_enclave, &enclave_start_info);
> +
> + mutex_unlock(&ne_enclave->enclave_info_mutex);
> +
> + if (copy_to_user((void *)arg, &enclave_start_info,
This needs to be __user void *, no?
Alex
> + sizeof(enclave_start_info))) {
> + dev_err_ratelimited(ne_misc_dev.this_device,
> + "Error in copy to user\n");
> +
> + return -EFAULT;
> + }
> +
> + return rc;
> + }
> +
> default:
> return -ENOTTY;
> }
>
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879
next prev parent reply other threads:[~2020-07-06 11:22 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-22 20:03 [PATCH v4 00/18] Add support for Nitro Enclaves Andra Paraschiv
2020-06-22 20:03 ` [PATCH v4 01/18] nitro_enclaves: Add ioctl interface definition Andra Paraschiv
2020-06-23 8:56 ` Stefan Hajnoczi
2020-06-24 14:02 ` Paraschiv, Andra-Irina
2020-06-25 13:29 ` Stefan Hajnoczi
2020-06-25 17:42 ` Paraschiv, Andra-Irina
2020-07-02 15:24 ` Alexander Graf
2020-07-04 8:09 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 02/18] nitro_enclaves: Define the PCI device interface Andra Paraschiv
2020-07-02 15:24 ` Alexander Graf
2020-07-04 8:20 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 03/18] nitro_enclaves: Define enclave info for internal bookkeeping Andra Paraschiv
2020-07-02 15:24 ` Alexander Graf
2020-07-04 8:23 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 04/18] nitro_enclaves: Init PCI device driver Andra Paraschiv
2020-07-02 15:09 ` Alexander Graf
2020-07-04 10:00 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 05/18] nitro_enclaves: Handle PCI device command requests Andra Paraschiv
2020-07-02 15:19 ` Alexander Graf
2020-07-04 15:05 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 06/18] nitro_enclaves: Handle out-of-band PCI device events Andra Paraschiv
2020-07-02 15:24 ` Alexander Graf
2020-07-04 15:43 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 07/18] nitro_enclaves: Init misc device providing the ioctl interface Andra Paraschiv
2020-06-29 16:20 ` Greg KH
2020-06-29 17:45 ` Paraschiv, Andra-Irina
2020-06-30 8:05 ` Greg KH
2020-06-30 9:08 ` Paraschiv, Andra-Irina
2020-07-06 7:13 ` Alexander Graf
2020-07-06 7:49 ` Paraschiv, Andra-Irina
2020-07-06 8:01 ` Alexander Graf
2020-07-06 13:09 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 08/18] nitro_enclaves: Add logic for enclave vm creation Andra Paraschiv
2020-07-06 7:53 ` Alexander Graf
2020-07-06 13:12 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 09/18] nitro_enclaves: Add logic for enclave vcpu creation Andra Paraschiv
2020-07-06 10:12 ` Alexander Graf
2020-07-08 12:46 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 10/18] nitro_enclaves: Add logic for enclave image load info Andra Paraschiv
2020-07-06 10:16 ` Alexander Graf
2020-07-06 13:35 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 11/18] nitro_enclaves: Add logic for enclave memory region set Andra Paraschiv
2020-07-06 10:46 ` Alexander Graf
2020-07-09 7:36 ` Paraschiv, Andra-Irina
2020-07-09 8:40 ` Alexander Graf
2020-07-09 9:41 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 12/18] nitro_enclaves: Add logic for enclave start Andra Paraschiv
2020-07-06 11:21 ` Alexander Graf [this message]
2020-07-07 18:27 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 13/18] nitro_enclaves: Add logic for enclave termination Andra Paraschiv
2020-07-06 11:26 ` Alexander Graf
2020-07-06 14:15 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 14/18] nitro_enclaves: Add Kconfig for the Nitro Enclaves driver Andra Paraschiv
2020-07-06 11:28 ` Alexander Graf
2020-07-06 13:50 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 15/18] nitro_enclaves: Add Makefile " Andra Paraschiv
2020-07-06 11:30 ` Alexander Graf
2020-07-06 14:00 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 16/18] nitro_enclaves: Add sample for ioctl interface usage Andra Paraschiv
2020-07-06 11:39 ` Alexander Graf
2020-07-07 19:03 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 17/18] nitro_enclaves: Add overview documentation Andra Paraschiv
2020-06-23 8:59 ` Stefan Hajnoczi
2020-06-24 14:39 ` Paraschiv, Andra-Irina
2020-06-25 13:10 ` Stefan Hajnoczi
2020-06-25 17:36 ` Paraschiv, Andra-Irina
2020-06-22 20:03 ` [PATCH v4 18/18] MAINTAINERS: Add entry for the Nitro Enclaves driver Andra Paraschiv
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ff9b84e0-b4b5-fea4-e2e0-118d59e23784@amazon.de \
--to=graf@amazon.de \
--cc=aliguori@amazon.com \
--cc=andraprs@amazon.com \
--cc=benh@kernel.crashing.org \
--cc=colmmacc@amazon.com \
--cc=doebel@amazon.de \
--cc=dwmw@amazon.co.uk \
--cc=fllinden@amazon.com \
--cc=gregkh@linuxfoundation.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpohlack@amazon.de \
--cc=msw@amazon.com \
--cc=ne-devel-upstream@amazon.com \
--cc=pbonzini@redhat.com \
--cc=sblbir@amazon.com \
--cc=sgarzare@redhat.com \
--cc=stefanha@redhat.com \
--cc=trawets@amazon.com \
--cc=uwed@amazon.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox