From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH 10/10] kvm: vmx: handle VMEXIT from SGX Enclave
Date: Mon, 8 May 2017 10:22:53 +0200
Message-ID: <23e2cc83-8cbf-07f7-56c0-6fe422bac06e@redhat.com>
References: <20170508052434.3627-1-kai.huang@linux.intel.com>
 <20170508052434.3627-11-kai.huang@linux.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
To: Kai Huang <kaih.linux@gmail.com>, rkrcmar@redhat.com,
        kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:42444 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751208AbdEKFI0 (ORCPT <rfc822;kvm@vger.kernel.org>);
        Thu, 11 May 2017 01:08:26 -0400
In-Reply-To: <20170508052434.3627-11-kai.huang@linux.intel.com>
Content-Language: en-US
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>



On 08/05/2017 07:24, Kai Huang wrote:
> @@ -6977,6 +7042,31 @@ static __exit void hardware_unsetup(void)
>   */
>  static int handle_pause(struct kvm_vcpu *vcpu)
>  {
> +	/*
> +	 * SDM 39.6.3 PAUSE Instruction.
> +	 *
> +	 * SDM suggests, if VMEXIT caused by 'PAUSE-loop exiting', VMM should
> +	 * disable 'PAUSE-loop exiting' so PAUSE can be executed in Enclave
> +	 * again without further PAUSE-looping VMEXIT.
> +	 *
> +	 * SDM suggests, if VMEXIT caused by 'PAUSE exiting', VMM should disable
> +	 * 'PAUSE exiting' so PAUSE can be executed in Enclave again without
> +	 * further PAUSE VMEXIT.
> +	 */

How is PLE re-enabled?

I don't understand the interaction of the internal control registers
(paragraph 41.1.4) with VMX.  How can you migrate the VM between EENTER
and EEXIT?

In addition, paragraph 41.1.4 does not include the parts of CR_SAVE_FS*
and CR_SAVE_GS* (base, limit, access rights) and does not include
CR_ENCLAVE_ENTRY_IP.

Paolo

> +	if (vmx_exit_from_enclave(vcpu)) {
> +		u32 exec_ctl, secondary_exec_ctl;
> +
> +		exec_ctl = vmx_exec_control(to_vmx(vcpu));
> +		exec_ctl &= ~CPU_BASED_PAUSE_EXITING;
> +		vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, exec_ctl);
> +
> +		secondary_exec_ctl = vmx_secondary_exec_control(to_vmx(vcpu));
> +		secondary_exec_ctl &= ~SECONDARY_EXEC_PAUSE_LOOP_EXITING;
> +		vmcs_set_secondary_exec_control(secondary_exec_ctl);
> +
> +		return 1;
> +	}
> +