From mboxrd@z Thu Jan  1 00:00:00 1970
From: Sean Christopherson <sean.j.christopherson@intel.com>
Subject: Re: [intel-sgx-kernel-dev] [PATCH 08/10] kvm: vmx: add guest's
 IA32_SGXLEPUBKEYHASHn runtime switch support
Date: Wed, 19 Jul 2017 08:04:51 -0700
Message-ID: <1500476691.18653.5.camel@intel.com>
References: <20170508052434.3627-1-kai.huang@linux.intel.com>
         <20170508052434.3627-9-kai.huang@linux.intel.com>
         <58dcdb2d-6894-b0a3-8d6f-2ab752fd6d22@linux.intel.com>
         <CALCETrXG6KZEuxzDRwrAC5Wp=tCFaUBt4oPMQE40gdYB4p_A_Q@mail.gmail.com>
         <6ab7ec4e-e0fa-af47-11b2-f26edcb088fb@linux.intel.com>
         <CALCETrUcYfb8E2Ot=WhPH79bVNoPxyBX1ot02o_QvxVsLsQnMg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Cc: kvm list <kvm@vger.kernel.org>, Radim Krcmar <rkrcmar@redhat.com>,
        haim.cohen@intel.com,
        "intel-sgx-kernel-dev@lists.01.org"
        <intel-sgx-kernel-dev@lists.01.org>,
        Paolo Bonzini <pbonzini@redhat.com>
To: Andy Lutomirski <luto@kernel.org>,
        "Huang, Kai" <kai.huang@linux.intel.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mga03.intel.com ([134.134.136.65]:44130 "EHLO mga03.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1754068AbdGSPEw (ORCPT <rfc822;kvm@vger.kernel.org>);
        Wed, 19 Jul 2017 11:04:52 -0400
In-Reply-To: <CALCETrUcYfb8E2Ot=WhPH79bVNoPxyBX1ot02o_QvxVsLsQnMg@mail.gmail.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Thu, 2017-05-11 at 23:11 -0700, Andy Lutomirski wrote:
> On Thu, May 11, 2017 at 9:56 PM, Huang, Kai <kai.huang@linux.intel.com> wrote:
> > 
> > > Have a percpu variable that stores the current SGXLEPUBKEYHASH along
> > > with whatever lock is needed (probably just a mutex).  Users of EINIT
> > > will take the mutex, compare the percpu variable to the desired value,
> > > and, if it's different, do WRMSR and update the percpu variable.
> > > 
> > > KVM will implement writes to SGXLEPUBKEYHASH by updating its in-memory
> > > state but *not* changing the MSRs.  KVM will trap and emulate EINIT to
> > > support the same handling as the host.  There is no action required at
> > > all on KVM guest entry and exit.
> > 
> > This is doable, but SGX driver needs to do those things and expose
> > interfaces for KVM to use. In terms of the percpu data, it is nice to have,
> > but I am not sure whether it is mandatory, as IMO EINIT is not even in
> > performance critical path. We can simply read old value from MSRs out and
> > compare whether the old equals to the new.
> I think the SGX driver should probably live in arch/x86, and the
> interface could be a simple percpu variable that is exported (from the
> main kernel image, not from a module).

Jarkko, what are your thoughts on moving the SGX code into arch/x86 and removing
the option to build it as a module?  This would simplify the KVM and EPC cgroup
implementations.