[PATCH v1 0/3] nitro_enclaves: Add support for Arm64

[PATCH v1 0/3] nitro_enclaves: Add support for Arm64

[Andra Paraschiv]

Update the kernel config of the Nitro Enclaves kernel driver to enable Arm
support. Add Arm specific references to its documentation.

While at it, fix a set of reports from checkpatch and kernel-doc scripts.

Thank you,
Andra

---

Patch Series Changelog

The patch series is built on top of v5.14-rc7.

GitHub repo branch for the latest version of the patch series:

* https://github.com/andraprs/linux/tree/ne-driver-arm-support-v1

---

Andra Paraschiv (3):
  nitro_enclaves: Enable Arm support
  nitro_enclaves: Update documentation for Arm support
  nitro_enclaves: Add fixes for checkpatch and docs reports

 Documentation/virt/ne_overview.rst        |  8 +++++---
 drivers/virt/nitro_enclaves/Kconfig       |  8 ++------
 drivers/virt/nitro_enclaves/ne_misc_dev.c | 17 +++++++++--------
 drivers/virt/nitro_enclaves/ne_pci_dev.c  |  2 +-
 drivers/virt/nitro_enclaves/ne_pci_dev.h  |  8 ++++++--
 include/uapi/linux/nitro_enclaves.h       | 10 +++++-----
 samples/nitro_enclaves/ne_ioctl_sample.c  |  7 +++----
 7 files changed, 31 insertions(+), 29 deletions(-)

-- 
2.20.1 (Apple Git-117)




Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.

[PATCH v1 1/3] nitro_enclaves: Enable Arm support

[Andra Paraschiv]

Update the kernel config to enable the Nitro Enclaves kernel driver for
Arm support.

Signed-off-by: Andra Paraschiv <andraprs@amazon.com>
---
 drivers/virt/nitro_enclaves/Kconfig | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/drivers/virt/nitro_enclaves/Kconfig b/drivers/virt/nitro_enclaves/Kconfig
index 8c9387a232df8..f53740b941c0f 100644
--- a/drivers/virt/nitro_enclaves/Kconfig
+++ b/drivers/virt/nitro_enclaves/Kconfig
@@ -1,17 +1,13 @@
 # SPDX-License-Identifier: GPL-2.0
 #
-# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 
 # Amazon Nitro Enclaves (NE) support.
 # Nitro is a hypervisor that has been developed by Amazon.
 
-# TODO: Add dependency for ARM64 once NE is supported on Arm platforms. For now,
-# the NE kernel driver can be built for aarch64 arch.
-# depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
-
 config NITRO_ENCLAVES
 	tristate "Nitro Enclaves Support"
-	depends on X86 && HOTPLUG_CPU && PCI && SMP
+	depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
 	help
 	  This driver consists of support for enclave lifetime management
 	  for Nitro Enclaves (NE).
-- 
2.20.1 (Apple Git-117)




Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.

[PATCH v1 2/3] nitro_enclaves: Update documentation for Arm support

[Andra Paraschiv]

Add references for hugepages and booting steps for Arm.

Signed-off-by: Andra Paraschiv <andraprs@amazon.com>
---
 Documentation/virt/ne_overview.rst | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Documentation/virt/ne_overview.rst b/Documentation/virt/ne_overview.rst
index 39b0c8fe2654a..2777da1fb0ad1 100644
--- a/Documentation/virt/ne_overview.rst
+++ b/Documentation/virt/ne_overview.rst
@@ -43,8 +43,8 @@ for the enclave VM. An enclave does not have persistent storage attached.
 The memory regions carved out of the primary VM and given to an enclave need to
 be aligned 2 MiB / 1 GiB physically contiguous memory regions (or multiple of
 this size e.g. 8 MiB). The memory can be allocated e.g. by using hugetlbfs from
-user space [2][3]. The memory size for an enclave needs to be at least 64 MiB.
-The enclave memory and CPUs need to be from the same NUMA node.
+user space [2][3][7]. The memory size for an enclave needs to be at least
+64 MiB. The enclave memory and CPUs need to be from the same NUMA node.
 
 An enclave runs on dedicated cores. CPU 0 and its CPU siblings need to remain
 available for the primary VM. A CPU pool has to be set for NE purposes by an
@@ -61,7 +61,7 @@ device is placed in memory below the typical 4 GiB.
 The application that runs in the enclave needs to be packaged in an enclave
 image together with the OS ( e.g. kernel, ramdisk, init ) that will run in the
 enclave VM. The enclave VM has its own kernel and follows the standard Linux
-boot protocol [6].
+boot protocol [6][8].
 
 The kernel bzImage, the kernel command line, the ramdisk(s) are part of the
 Enclave Image Format (EIF); plus an EIF header including metadata such as magic
@@ -93,3 +93,5 @@ enclave process can exit.
 [4] https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
 [5] https://man7.org/linux/man-pages/man7/vsock.7.html
 [6] https://www.kernel.org/doc/html/latest/x86/boot.html
+[7] https://www.kernel.org/doc/html/latest/arm64/hugetlbpage.html
+[8] https://www.kernel.org/doc/html/latest/arm64/booting.html
-- 
2.20.1 (Apple Git-117)




Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.

[PATCH v1 3/3] nitro_enclaves: Add fixes for checkpatch and docs reports

[Andra Paraschiv]

Fix the reported issues from checkpatch and kernel-doc scripts.

Update the copyright statements to include 2021, where changes have been
made over this year.

Signed-off-by: Andra Paraschiv <andraprs@amazon.com>
---
 drivers/virt/nitro_enclaves/ne_misc_dev.c | 17 +++++++++--------
 drivers/virt/nitro_enclaves/ne_pci_dev.c  |  2 +-
 drivers/virt/nitro_enclaves/ne_pci_dev.h  |  8 ++++++--
 include/uapi/linux/nitro_enclaves.h       | 10 +++++-----
 samples/nitro_enclaves/ne_ioctl_sample.c  |  7 +++----
 5 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/drivers/virt/nitro_enclaves/ne_misc_dev.c b/drivers/virt/nitro_enclaves/ne_misc_dev.c
index e21e1e86ad15f..8939612ee0e08 100644
--- a/drivers/virt/nitro_enclaves/ne_misc_dev.c
+++ b/drivers/virt/nitro_enclaves/ne_misc_dev.c
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0
 /*
- * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  */
 
 /**
@@ -284,8 +284,8 @@ static int ne_setup_cpu_pool(const char *ne_cpu_list)
 	ne_cpu_pool.nr_parent_vm_cores = nr_cpu_ids / ne_cpu_pool.nr_threads_per_core;
 
 	ne_cpu_pool.avail_threads_per_core = kcalloc(ne_cpu_pool.nr_parent_vm_cores,
-					     sizeof(*ne_cpu_pool.avail_threads_per_core),
-					     GFP_KERNEL);
+						     sizeof(*ne_cpu_pool.avail_threads_per_core),
+						     GFP_KERNEL);
 	if (!ne_cpu_pool.avail_threads_per_core) {
 		rc = -ENOMEM;
 
@@ -735,7 +735,7 @@ static int ne_add_vcpu_ioctl(struct ne_enclave *ne_enclave, u32 vcpu_id)
  * * Negative return value on failure.
  */
 static int ne_sanity_check_user_mem_region(struct ne_enclave *ne_enclave,
-	struct ne_user_memory_region mem_region)
+					   struct ne_user_memory_region mem_region)
 {
 	struct ne_mem_region *ne_mem_region = NULL;
 
@@ -771,7 +771,7 @@ static int ne_sanity_check_user_mem_region(struct ne_enclave *ne_enclave,
 		u64 userspace_addr = ne_mem_region->userspace_addr;
 
 		if ((userspace_addr <= mem_region.userspace_addr &&
-		    mem_region.userspace_addr < (userspace_addr + memory_size)) ||
+		     mem_region.userspace_addr < (userspace_addr + memory_size)) ||
 		    (mem_region.userspace_addr <= userspace_addr &&
 		    (mem_region.userspace_addr + mem_region.memory_size) > userspace_addr)) {
 			dev_err_ratelimited(ne_misc_dev.this_device,
@@ -836,7 +836,7 @@ static int ne_sanity_check_user_mem_region_page(struct ne_enclave *ne_enclave,
  * * Negative return value on failure.
  */
 static int ne_set_user_memory_region_ioctl(struct ne_enclave *ne_enclave,
-	struct ne_user_memory_region mem_region)
+					   struct ne_user_memory_region mem_region)
 {
 	long gup_rc = 0;
 	unsigned long i = 0;
@@ -1014,7 +1014,7 @@ static int ne_set_user_memory_region_ioctl(struct ne_enclave *ne_enclave,
  * * Negative return value on failure.
  */
 static int ne_start_enclave_ioctl(struct ne_enclave *ne_enclave,
-	struct ne_enclave_start_info *enclave_start_info)
+				  struct ne_enclave_start_info *enclave_start_info)
 {
 	struct ne_pci_dev_cmd_reply cmd_reply = {};
 	unsigned int cpu = 0;
@@ -1574,7 +1574,8 @@ static int ne_create_vm_ioctl(struct ne_pci_dev *ne_pci_dev, u64 __user *slot_ui
 	mutex_unlock(&ne_cpu_pool.mutex);
 
 	ne_enclave->threads_per_core = kcalloc(ne_enclave->nr_parent_vm_cores,
-		sizeof(*ne_enclave->threads_per_core), GFP_KERNEL);
+					       sizeof(*ne_enclave->threads_per_core),
+					       GFP_KERNEL);
 	if (!ne_enclave->threads_per_core) {
 		rc = -ENOMEM;
 
diff --git a/drivers/virt/nitro_enclaves/ne_pci_dev.c b/drivers/virt/nitro_enclaves/ne_pci_dev.c
index 143207e9b9698..40b49ec8e30b1 100644
--- a/drivers/virt/nitro_enclaves/ne_pci_dev.c
+++ b/drivers/virt/nitro_enclaves/ne_pci_dev.c
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0
 /*
- * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  */
 
 /**
diff --git a/drivers/virt/nitro_enclaves/ne_pci_dev.h b/drivers/virt/nitro_enclaves/ne_pci_dev.h
index 8bfbc66078185..7bbfd39280fec 100644
--- a/drivers/virt/nitro_enclaves/ne_pci_dev.h
+++ b/drivers/virt/nitro_enclaves/ne_pci_dev.h
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0 */
 /*
- * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  */
 
 #ifndef _NE_PCI_DEV_H_
@@ -84,9 +84,13 @@
  */
 
 /**
- * NE_SEND_DATA_SIZE / NE_RECV_DATA_SIZE - 240 bytes for send / recv buffer.
+ * NE_SEND_DATA_SIZE - 240 bytes for send buffer.
  */
 #define NE_SEND_DATA_SIZE	(240)
+
+/**
+ * NE_RECV_DATA_SIZE - 240 bytes for recv buffer.
+ */
 #define NE_RECV_DATA_SIZE	(240)
 
 /**
diff --git a/include/uapi/linux/nitro_enclaves.h b/include/uapi/linux/nitro_enclaves.h
index b945073fe544d..e808f5ba124d4 100644
--- a/include/uapi/linux/nitro_enclaves.h
+++ b/include/uapi/linux/nitro_enclaves.h
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
 /*
- * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  */
 
 #ifndef _UAPI_LINUX_NITRO_ENCLAVES_H_
@@ -60,7 +60,7 @@
  *
  * Context: Process context.
  * Return:
- * * 0					- Logic succesfully completed.
+ * * 0					- Logic successfully completed.
  * *  -1				- There was a failure in the ioctl logic.
  * On failure, errno is set to:
  * * EFAULT				- copy_from_user() / copy_to_user() failure.
@@ -95,7 +95,7 @@
  *
  * Context: Process context.
  * Return:
- * * 0				- Logic succesfully completed.
+ * * 0				- Logic successfully completed.
  * *  -1			- There was a failure in the ioctl logic.
  * On failure, errno is set to:
  * * EFAULT			- copy_from_user() / copy_to_user() failure.
@@ -118,7 +118,7 @@
  *
  * Context: Process context.
  * Return:
- * * 0					- Logic succesfully completed.
+ * * 0					- Logic successfully completed.
  * *  -1				- There was a failure in the ioctl logic.
  * On failure, errno is set to:
  * * EFAULT				- copy_from_user() failure.
@@ -161,7 +161,7 @@
  *
  * Context: Process context.
  * Return:
- * * 0					- Logic succesfully completed.
+ * * 0					- Logic successfully completed.
  * *  -1				- There was a failure in the ioctl logic.
  * On failure, errno is set to:
  * * EFAULT				- copy_from_user() / copy_to_user() failure.
diff --git a/samples/nitro_enclaves/ne_ioctl_sample.c b/samples/nitro_enclaves/ne_ioctl_sample.c
index 480b763142b34..765b131c73190 100644
--- a/samples/nitro_enclaves/ne_ioctl_sample.c
+++ b/samples/nitro_enclaves/ne_ioctl_sample.c
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0
 /*
- * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  */
 
 /**
@@ -185,7 +185,6 @@ static int ne_create_vm(int ne_dev_fd, unsigned long *slot_uid, int *enclave_fd)
 	return 0;
 }
 
-
 /**
  * ne_poll_enclave_fd() - Thread function for polling the enclave fd.
  * @data:	Argument provided for the polling function.
@@ -560,8 +559,8 @@ static int ne_add_vcpu(int enclave_fd, unsigned int *vcpu_id)
 
 		default:
 			printf("Error in add vcpu [%m]\n");
-
 		}
+
 		return rc;
 	}
 
@@ -638,7 +637,7 @@ static int ne_start_enclave(int enclave_fd,  struct ne_enclave_start_info *encla
 }
 
 /**
- * ne_start_enclave_check_booted() - Start the enclave and wait for a hearbeat
+ * ne_start_enclave_check_booted() - Start the enclave and wait for a heartbeat
  *				     from it, on a newly created vsock channel,
  *				     to check it has booted.
  * @enclave_fd :	The file descriptor associated with the enclave.
-- 
2.20.1 (Apple Git-117)




Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.

Re: [PATCH v1 3/3] nitro_enclaves: Add fixes for checkpatch and docs reports

[Vitaly Kuznetsov]

Andra Paraschiv <andraprs@amazon.com> writes:

> Fix the reported issues from checkpatch and kernel-doc scripts.
>
> Update the copyright statements to include 2021, where changes have been
> made over this year.
>
> Signed-off-by: Andra Paraschiv <andraprs@amazon.com>
> ---
>  drivers/virt/nitro_enclaves/ne_misc_dev.c | 17 +++++++++--------
>  drivers/virt/nitro_enclaves/ne_pci_dev.c  |  2 +-
>  drivers/virt/nitro_enclaves/ne_pci_dev.h  |  8 ++++++--
>  include/uapi/linux/nitro_enclaves.h       | 10 +++++-----
>  samples/nitro_enclaves/ne_ioctl_sample.c  |  7 +++----
>  5 files changed, 24 insertions(+), 20 deletions(-)
>
> diff --git a/drivers/virt/nitro_enclaves/ne_misc_dev.c b/drivers/virt/nitro_enclaves/ne_misc_dev.c
> index e21e1e86ad15f..8939612ee0e08 100644
> --- a/drivers/virt/nitro_enclaves/ne_misc_dev.c
> +++ b/drivers/virt/nitro_enclaves/ne_misc_dev.c
> @@ -1,6 +1,6 @@
>  // SPDX-License-Identifier: GPL-2.0
>  /*
> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>   */
>  
>  /**
> @@ -284,8 +284,8 @@ static int ne_setup_cpu_pool(const char *ne_cpu_list)
>  	ne_cpu_pool.nr_parent_vm_cores = nr_cpu_ids / ne_cpu_pool.nr_threads_per_core;
>  
>  	ne_cpu_pool.avail_threads_per_core = kcalloc(ne_cpu_pool.nr_parent_vm_cores,
> -					     sizeof(*ne_cpu_pool.avail_threads_per_core),
> -					     GFP_KERNEL);
> +						     sizeof(*ne_cpu_pool.avail_threads_per_core),
> +						     GFP_KERNEL);
>  	if (!ne_cpu_pool.avail_threads_per_core) {
>  		rc = -ENOMEM;
>  
> @@ -735,7 +735,7 @@ static int ne_add_vcpu_ioctl(struct ne_enclave *ne_enclave, u32 vcpu_id)
>   * * Negative return value on failure.
>   */
>  static int ne_sanity_check_user_mem_region(struct ne_enclave *ne_enclave,
> -	struct ne_user_memory_region mem_region)
> +					   struct ne_user_memory_region mem_region)
>  {
>  	struct ne_mem_region *ne_mem_region = NULL;
>  
> @@ -771,7 +771,7 @@ static int ne_sanity_check_user_mem_region(struct ne_enclave *ne_enclave,
>  		u64 userspace_addr = ne_mem_region->userspace_addr;
>  
>  		if ((userspace_addr <= mem_region.userspace_addr &&
> -		    mem_region.userspace_addr < (userspace_addr + memory_size)) ||
> +		     mem_region.userspace_addr < (userspace_addr + memory_size)) ||
>  		    (mem_region.userspace_addr <= userspace_addr &&
>  		    (mem_region.userspace_addr + mem_region.memory_size) > userspace_addr)) {
>  			dev_err_ratelimited(ne_misc_dev.this_device,
> @@ -836,7 +836,7 @@ static int ne_sanity_check_user_mem_region_page(struct ne_enclave *ne_enclave,
>   * * Negative return value on failure.
>   */
>  static int ne_set_user_memory_region_ioctl(struct ne_enclave *ne_enclave,
> -	struct ne_user_memory_region mem_region)
> +					   struct ne_user_memory_region mem_region)
>  {
>  	long gup_rc = 0;
>  	unsigned long i = 0;
> @@ -1014,7 +1014,7 @@ static int ne_set_user_memory_region_ioctl(struct ne_enclave *ne_enclave,
>   * * Negative return value on failure.
>   */
>  static int ne_start_enclave_ioctl(struct ne_enclave *ne_enclave,
> -	struct ne_enclave_start_info *enclave_start_info)
> +				  struct ne_enclave_start_info *enclave_start_info)
>  {
>  	struct ne_pci_dev_cmd_reply cmd_reply = {};
>  	unsigned int cpu = 0;
> @@ -1574,7 +1574,8 @@ static int ne_create_vm_ioctl(struct ne_pci_dev *ne_pci_dev, u64 __user *slot_ui
>  	mutex_unlock(&ne_cpu_pool.mutex);
>  
>  	ne_enclave->threads_per_core = kcalloc(ne_enclave->nr_parent_vm_cores,
> -		sizeof(*ne_enclave->threads_per_core), GFP_KERNEL);
> +					       sizeof(*ne_enclave->threads_per_core),
> +					       GFP_KERNEL);
>  	if (!ne_enclave->threads_per_core) {
>  		rc = -ENOMEM;
>  
> diff --git a/drivers/virt/nitro_enclaves/ne_pci_dev.c b/drivers/virt/nitro_enclaves/ne_pci_dev.c
> index 143207e9b9698..40b49ec8e30b1 100644
> --- a/drivers/virt/nitro_enclaves/ne_pci_dev.c
> +++ b/drivers/virt/nitro_enclaves/ne_pci_dev.c
> @@ -1,6 +1,6 @@
>  // SPDX-License-Identifier: GPL-2.0
>  /*
> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>   */
>  
>  /**
> diff --git a/drivers/virt/nitro_enclaves/ne_pci_dev.h b/drivers/virt/nitro_enclaves/ne_pci_dev.h
> index 8bfbc66078185..7bbfd39280fec 100644
> --- a/drivers/virt/nitro_enclaves/ne_pci_dev.h
> +++ b/drivers/virt/nitro_enclaves/ne_pci_dev.h
> @@ -1,6 +1,6 @@
>  /* SPDX-License-Identifier: GPL-2.0 */
>  /*
> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>   */
>  
>  #ifndef _NE_PCI_DEV_H_
> @@ -84,9 +84,13 @@
>   */
>  
>  /**
> - * NE_SEND_DATA_SIZE / NE_RECV_DATA_SIZE - 240 bytes for send / recv buffer.
> + * NE_SEND_DATA_SIZE - 240 bytes for send buffer.
>   */
>  #define NE_SEND_DATA_SIZE	(240)

Nitpicking: "240 bytes for send buffer" comment looks a bit weird, it
would probably be better to just state what 'NE_SEND_DATA_SIZE' defines:

/*
 * NE_SEND_DATA_SIZE - size of the send buffer, in bytes
 */

> +
> +/**
> + * NE_RECV_DATA_SIZE - 240 bytes for recv buffer.
> + */
>  #define NE_RECV_DATA_SIZE	(240)

Ditto.

>  
>  /**
> diff --git a/include/uapi/linux/nitro_enclaves.h b/include/uapi/linux/nitro_enclaves.h
> index b945073fe544d..e808f5ba124d4 100644
> --- a/include/uapi/linux/nitro_enclaves.h
> +++ b/include/uapi/linux/nitro_enclaves.h
> @@ -1,6 +1,6 @@
>  /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
>  /*
> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>   */
>  
>  #ifndef _UAPI_LINUX_NITRO_ENCLAVES_H_
> @@ -60,7 +60,7 @@
>   *
>   * Context: Process context.
>   * Return:
> - * * 0					- Logic succesfully completed.
> + * * 0					- Logic successfully completed.
>   * *  -1				- There was a failure in the ioctl logic.
>   * On failure, errno is set to:
>   * * EFAULT				- copy_from_user() / copy_to_user() failure.
> @@ -95,7 +95,7 @@
>   *
>   * Context: Process context.
>   * Return:
> - * * 0				- Logic succesfully completed.
> + * * 0				- Logic successfully completed.
>   * *  -1			- There was a failure in the ioctl logic.
>   * On failure, errno is set to:
>   * * EFAULT			- copy_from_user() / copy_to_user() failure.
> @@ -118,7 +118,7 @@
>   *
>   * Context: Process context.
>   * Return:
> - * * 0					- Logic succesfully completed.
> + * * 0					- Logic successfully completed.
>   * *  -1				- There was a failure in the ioctl logic.
>   * On failure, errno is set to:
>   * * EFAULT				- copy_from_user() failure.
> @@ -161,7 +161,7 @@
>   *
>   * Context: Process context.
>   * Return:
> - * * 0					- Logic succesfully completed.
> + * * 0					- Logic successfully completed.
>   * *  -1				- There was a failure in the ioctl logic.
>   * On failure, errno is set to:
>   * * EFAULT				- copy_from_user() / copy_to_user() failure.
> diff --git a/samples/nitro_enclaves/ne_ioctl_sample.c b/samples/nitro_enclaves/ne_ioctl_sample.c
> index 480b763142b34..765b131c73190 100644
> --- a/samples/nitro_enclaves/ne_ioctl_sample.c
> +++ b/samples/nitro_enclaves/ne_ioctl_sample.c
> @@ -1,6 +1,6 @@
>  // SPDX-License-Identifier: GPL-2.0
>  /*
> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>   */
>  
>  /**
> @@ -185,7 +185,6 @@ static int ne_create_vm(int ne_dev_fd, unsigned long *slot_uid, int *enclave_fd)
>  	return 0;
>  }
>  
> -
>  /**
>   * ne_poll_enclave_fd() - Thread function for polling the enclave fd.
>   * @data:	Argument provided for the polling function.
> @@ -560,8 +559,8 @@ static int ne_add_vcpu(int enclave_fd, unsigned int *vcpu_id)
>  
>  		default:
>  			printf("Error in add vcpu [%m]\n");
> -
>  		}
> +
>  		return rc;
>  	}
>  
> @@ -638,7 +637,7 @@ static int ne_start_enclave(int enclave_fd,  struct ne_enclave_start_info *encla
>  }
>  
>  /**
> - * ne_start_enclave_check_booted() - Start the enclave and wait for a hearbeat
> + * ne_start_enclave_check_booted() - Start the enclave and wait for a heartbeat
>   *				     from it, on a newly created vsock channel,
>   *				     to check it has booted.
>   * @enclave_fd :	The file descriptor associated with the enclave.

-- 
Vitaly

Re: [PATCH v1 3/3] nitro_enclaves: Add fixes for checkpatch and docs reports

[Paraschiv, Andra-Irina]

On 26/08/2021 20:51, Vitaly Kuznetsov wrote:
> Andra Paraschiv <andraprs@amazon.com> writes:
>
>> Fix the reported issues from checkpatch and kernel-doc scripts.
>>
>> Update the copyright statements to include 2021, where changes have been
>> made over this year.
>>
>> Signed-off-by: Andra Paraschiv <andraprs@amazon.com>
>> ---
>>   drivers/virt/nitro_enclaves/ne_misc_dev.c | 17 +++++++++--------
>>   drivers/virt/nitro_enclaves/ne_pci_dev.c  |  2 +-
>>   drivers/virt/nitro_enclaves/ne_pci_dev.h  |  8 ++++++--
>>   include/uapi/linux/nitro_enclaves.h       | 10 +++++-----
>>   samples/nitro_enclaves/ne_ioctl_sample.c  |  7 +++----
>>   5 files changed, 24 insertions(+), 20 deletions(-)
>>
>> diff --git a/drivers/virt/nitro_enclaves/ne_misc_dev.c b/drivers/virt/nitro_enclaves/ne_misc_dev.c
>> index e21e1e86ad15f..8939612ee0e08 100644
>> --- a/drivers/virt/nitro_enclaves/ne_misc_dev.c
>> +++ b/drivers/virt/nitro_enclaves/ne_misc_dev.c
>> @@ -1,6 +1,6 @@
>>   // SPDX-License-Identifier: GPL-2.0
>>   /*
>> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>>    */
>>
>>   /**
>> @@ -284,8 +284,8 @@ static int ne_setup_cpu_pool(const char *ne_cpu_list)
>>        ne_cpu_pool.nr_parent_vm_cores = nr_cpu_ids / ne_cpu_pool.nr_threads_per_core;
>>
>>        ne_cpu_pool.avail_threads_per_core = kcalloc(ne_cpu_pool.nr_parent_vm_cores,
>> -                                          sizeof(*ne_cpu_pool.avail_threads_per_core),
>> -                                          GFP_KERNEL);
>> +                                                  sizeof(*ne_cpu_pool.avail_threads_per_core),
>> +                                                  GFP_KERNEL);
>>        if (!ne_cpu_pool.avail_threads_per_core) {
>>                rc = -ENOMEM;
>>
>> @@ -735,7 +735,7 @@ static int ne_add_vcpu_ioctl(struct ne_enclave *ne_enclave, u32 vcpu_id)
>>    * * Negative return value on failure.
>>    */
>>   static int ne_sanity_check_user_mem_region(struct ne_enclave *ne_enclave,
>> -     struct ne_user_memory_region mem_region)
>> +                                        struct ne_user_memory_region mem_region)
>>   {
>>        struct ne_mem_region *ne_mem_region = NULL;
>>
>> @@ -771,7 +771,7 @@ static int ne_sanity_check_user_mem_region(struct ne_enclave *ne_enclave,
>>                u64 userspace_addr = ne_mem_region->userspace_addr;
>>
>>                if ((userspace_addr <= mem_region.userspace_addr &&
>> -                 mem_region.userspace_addr < (userspace_addr + memory_size)) ||
>> +                  mem_region.userspace_addr < (userspace_addr + memory_size)) ||
>>                    (mem_region.userspace_addr <= userspace_addr &&
>>                    (mem_region.userspace_addr + mem_region.memory_size) > userspace_addr)) {
>>                        dev_err_ratelimited(ne_misc_dev.this_device,
>> @@ -836,7 +836,7 @@ static int ne_sanity_check_user_mem_region_page(struct ne_enclave *ne_enclave,
>>    * * Negative return value on failure.
>>    */
>>   static int ne_set_user_memory_region_ioctl(struct ne_enclave *ne_enclave,
>> -     struct ne_user_memory_region mem_region)
>> +                                        struct ne_user_memory_region mem_region)
>>   {
>>        long gup_rc = 0;
>>        unsigned long i = 0;
>> @@ -1014,7 +1014,7 @@ static int ne_set_user_memory_region_ioctl(struct ne_enclave *ne_enclave,
>>    * * Negative return value on failure.
>>    */
>>   static int ne_start_enclave_ioctl(struct ne_enclave *ne_enclave,
>> -     struct ne_enclave_start_info *enclave_start_info)
>> +                               struct ne_enclave_start_info *enclave_start_info)
>>   {
>>        struct ne_pci_dev_cmd_reply cmd_reply = {};
>>        unsigned int cpu = 0;
>> @@ -1574,7 +1574,8 @@ static int ne_create_vm_ioctl(struct ne_pci_dev *ne_pci_dev, u64 __user *slot_ui
>>        mutex_unlock(&ne_cpu_pool.mutex);
>>
>>        ne_enclave->threads_per_core = kcalloc(ne_enclave->nr_parent_vm_cores,
>> -             sizeof(*ne_enclave->threads_per_core), GFP_KERNEL);
>> +                                            sizeof(*ne_enclave->threads_per_core),
>> +                                            GFP_KERNEL);
>>        if (!ne_enclave->threads_per_core) {
>>                rc = -ENOMEM;
>>
>> diff --git a/drivers/virt/nitro_enclaves/ne_pci_dev.c b/drivers/virt/nitro_enclaves/ne_pci_dev.c
>> index 143207e9b9698..40b49ec8e30b1 100644
>> --- a/drivers/virt/nitro_enclaves/ne_pci_dev.c
>> +++ b/drivers/virt/nitro_enclaves/ne_pci_dev.c
>> @@ -1,6 +1,6 @@
>>   // SPDX-License-Identifier: GPL-2.0
>>   /*
>> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>>    */
>>
>>   /**
>> diff --git a/drivers/virt/nitro_enclaves/ne_pci_dev.h b/drivers/virt/nitro_enclaves/ne_pci_dev.h
>> index 8bfbc66078185..7bbfd39280fec 100644
>> --- a/drivers/virt/nitro_enclaves/ne_pci_dev.h
>> +++ b/drivers/virt/nitro_enclaves/ne_pci_dev.h
>> @@ -1,6 +1,6 @@
>>   /* SPDX-License-Identifier: GPL-2.0 */
>>   /*
>> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>>    */
>>
>>   #ifndef _NE_PCI_DEV_H_
>> @@ -84,9 +84,13 @@
>>    */
>>
>>   /**
>> - * NE_SEND_DATA_SIZE / NE_RECV_DATA_SIZE - 240 bytes for send / recv buffer.
>> + * NE_SEND_DATA_SIZE - 240 bytes for send buffer.
>>    */
>>   #define NE_SEND_DATA_SIZE    (240)
> Nitpicking: "240 bytes for send buffer" comment looks a bit weird, it
> would probably be better to just state what 'NE_SEND_DATA_SIZE' defines:
>
> /*
>   * NE_SEND_DATA_SIZE - size of the send buffer, in bytes
>   */

Thank you, Vitaly.

I updated both comments for v2.

Andra

>
>> +
>> +/**
>> + * NE_RECV_DATA_SIZE - 240 bytes for recv buffer.
>> + */
>>   #define NE_RECV_DATA_SIZE    (240)
> Ditto.
>
>>   /**
>> diff --git a/include/uapi/linux/nitro_enclaves.h b/include/uapi/linux/nitro_enclaves.h
>> index b945073fe544d..e808f5ba124d4 100644
>> --- a/include/uapi/linux/nitro_enclaves.h
>> +++ b/include/uapi/linux/nitro_enclaves.h
>> @@ -1,6 +1,6 @@
>>   /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
>>   /*
>> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>>    */
>>
>>   #ifndef _UAPI_LINUX_NITRO_ENCLAVES_H_
>> @@ -60,7 +60,7 @@
>>    *
>>    * Context: Process context.
>>    * Return:
>> - * * 0                                       - Logic succesfully completed.
>> + * * 0                                       - Logic successfully completed.
>>    * *  -1                             - There was a failure in the ioctl logic.
>>    * On failure, errno is set to:
>>    * * EFAULT                          - copy_from_user() / copy_to_user() failure.
>> @@ -95,7 +95,7 @@
>>    *
>>    * Context: Process context.
>>    * Return:
>> - * * 0                               - Logic succesfully completed.
>> + * * 0                               - Logic successfully completed.
>>    * *  -1                     - There was a failure in the ioctl logic.
>>    * On failure, errno is set to:
>>    * * EFAULT                  - copy_from_user() / copy_to_user() failure.
>> @@ -118,7 +118,7 @@
>>    *
>>    * Context: Process context.
>>    * Return:
>> - * * 0                                       - Logic succesfully completed.
>> + * * 0                                       - Logic successfully completed.
>>    * *  -1                             - There was a failure in the ioctl logic.
>>    * On failure, errno is set to:
>>    * * EFAULT                          - copy_from_user() failure.
>> @@ -161,7 +161,7 @@
>>    *
>>    * Context: Process context.
>>    * Return:
>> - * * 0                                       - Logic succesfully completed.
>> + * * 0                                       - Logic successfully completed.
>>    * *  -1                             - There was a failure in the ioctl logic.
>>    * On failure, errno is set to:
>>    * * EFAULT                          - copy_from_user() / copy_to_user() failure.
>> diff --git a/samples/nitro_enclaves/ne_ioctl_sample.c b/samples/nitro_enclaves/ne_ioctl_sample.c
>> index 480b763142b34..765b131c73190 100644
>> --- a/samples/nitro_enclaves/ne_ioctl_sample.c
>> +++ b/samples/nitro_enclaves/ne_ioctl_sample.c
>> @@ -1,6 +1,6 @@
>>   // SPDX-License-Identifier: GPL-2.0
>>   /*
>> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>>    */
>>
>>   /**
>> @@ -185,7 +185,6 @@ static int ne_create_vm(int ne_dev_fd, unsigned long *slot_uid, int *enclave_fd)
>>        return 0;
>>   }
>>
>> -
>>   /**
>>    * ne_poll_enclave_fd() - Thread function for polling the enclave fd.
>>    * @data:    Argument provided for the polling function.
>> @@ -560,8 +559,8 @@ static int ne_add_vcpu(int enclave_fd, unsigned int *vcpu_id)
>>
>>                default:
>>                        printf("Error in add vcpu [%m]\n");
>> -
>>                }
>> +
>>                return rc;
>>        }
>>
>> @@ -638,7 +637,7 @@ static int ne_start_enclave(int enclave_fd,  struct ne_enclave_start_info *encla
>>   }
>>
>>   /**
>> - * ne_start_enclave_check_booted() - Start the enclave and wait for a hearbeat
>> + * ne_start_enclave_check_booted() - Start the enclave and wait for a heartbeat
>>    *                                from it, on a newly created vsock channel,
>>    *                                to check it has booted.
>>    * @enclave_fd :     The file descriptor associated with the enclave.
> --
> Vitaly
>




Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.

Re: [PATCH v1 1/3] nitro_enclaves: Enable Arm support

[Stefano Garzarella]

On Thu, Aug 26, 2021 at 08:34:49PM +0300, Andra Paraschiv wrote:
>Update the kernel config to enable the Nitro Enclaves kernel driver for
>Arm support.
>
>Signed-off-by: Andra Paraschiv <andraprs@amazon.com>
>---
> drivers/virt/nitro_enclaves/Kconfig | 8 ++------
> 1 file changed, 2 insertions(+), 6 deletions(-)

Acked-by: Stefano Garzarella <sgarzare@redhat.com>

>
>diff --git a/drivers/virt/nitro_enclaves/Kconfig b/drivers/virt/nitro_enclaves/Kconfig
>index 8c9387a232df8..f53740b941c0f 100644
>--- a/drivers/virt/nitro_enclaves/Kconfig
>+++ b/drivers/virt/nitro_enclaves/Kconfig
>@@ -1,17 +1,13 @@
> # SPDX-License-Identifier: GPL-2.0
> #
>-# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>+# Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>
> # Amazon Nitro Enclaves (NE) support.
> # Nitro is a hypervisor that has been developed by Amazon.
>
>-# TODO: Add dependency for ARM64 once NE is supported on Arm platforms. For now,
>-# the NE kernel driver can be built for aarch64 arch.
>-# depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
>-
> config NITRO_ENCLAVES
> 	tristate "Nitro Enclaves Support"
>-	depends on X86 && HOTPLUG_CPU && PCI && SMP
>+	depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
> 	help
> 	  This driver consists of support for enclave lifetime management
> 	  for Nitro Enclaves (NE).
>-- 
>2.20.1 (Apple Git-117)
>
>
>
>
>Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
>

Re: [PATCH v1 2/3] nitro_enclaves: Update documentation for Arm support

[Stefano Garzarella]

On Thu, Aug 26, 2021 at 08:34:50PM +0300, Andra Paraschiv wrote:
>Add references for hugepages and booting steps for Arm.
>
>Signed-off-by: Andra Paraschiv <andraprs@amazon.com>
>---
> Documentation/virt/ne_overview.rst | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)

If you need to respin, maybe we can add a little section with supported 
architectures (x86, ARM64).

Stefano

>
>diff --git a/Documentation/virt/ne_overview.rst b/Documentation/virt/ne_overview.rst
>index 39b0c8fe2654a..2777da1fb0ad1 100644
>--- a/Documentation/virt/ne_overview.rst
>+++ b/Documentation/virt/ne_overview.rst
>@@ -43,8 +43,8 @@ for the enclave VM. An enclave does not have persistent storage attached.
> The memory regions carved out of the primary VM and given to an enclave need to
> be aligned 2 MiB / 1 GiB physically contiguous memory regions (or multiple of
> this size e.g. 8 MiB). The memory can be allocated e.g. by using hugetlbfs from
>-user space [2][3]. The memory size for an enclave needs to be at least 64 MiB.
>-The enclave memory and CPUs need to be from the same NUMA node.
>+user space [2][3][7]. The memory size for an enclave needs to be at least
>+64 MiB. The enclave memory and CPUs need to be from the same NUMA node.
>
> An enclave runs on dedicated cores. CPU 0 and its CPU siblings need to remain
> available for the primary VM. A CPU pool has to be set for NE purposes by an
>@@ -61,7 +61,7 @@ device is placed in memory below the typical 4 GiB.
> The application that runs in the enclave needs to be packaged in an enclave
> image together with the OS ( e.g. kernel, ramdisk, init ) that will run in the
> enclave VM. The enclave VM has its own kernel and follows the standard Linux
>-boot protocol [6].
>+boot protocol [6][8].
>
> The kernel bzImage, the kernel command line, the ramdisk(s) are part of the
> Enclave Image Format (EIF); plus an EIF header including metadata such as magic
>@@ -93,3 +93,5 @@ enclave process can exit.
> [4] https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
> [5] https://man7.org/linux/man-pages/man7/vsock.7.html
> [6] https://www.kernel.org/doc/html/latest/x86/boot.html
>+[7] https://www.kernel.org/doc/html/latest/arm64/hugetlbpage.html
>+[8] https://www.kernel.org/doc/html/latest/arm64/booting.html
>-- 
>2.20.1 (Apple Git-117)
>
>
>
>
>Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
>

Re: [PATCH v1 1/3] nitro_enclaves: Enable Arm support

[Greg KH]

On Thu, Aug 26, 2021 at 08:34:49PM +0300, Andra Paraschiv wrote:
> Update the kernel config to enable the Nitro Enclaves kernel driver for
> Arm support.
> 
> Signed-off-by: Andra Paraschiv <andraprs@amazon.com>
> ---
>  drivers/virt/nitro_enclaves/Kconfig | 8 ++------
>  1 file changed, 2 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/virt/nitro_enclaves/Kconfig b/drivers/virt/nitro_enclaves/Kconfig
> index 8c9387a232df8..f53740b941c0f 100644
> --- a/drivers/virt/nitro_enclaves/Kconfig
> +++ b/drivers/virt/nitro_enclaves/Kconfig
> @@ -1,17 +1,13 @@
>  # SPDX-License-Identifier: GPL-2.0
>  #
> -# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> +# Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>  
>  # Amazon Nitro Enclaves (NE) support.
>  # Nitro is a hypervisor that has been developed by Amazon.
>  
> -# TODO: Add dependency for ARM64 once NE is supported on Arm platforms. For now,
> -# the NE kernel driver can be built for aarch64 arch.
> -# depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
> -
>  config NITRO_ENCLAVES
>  	tristate "Nitro Enclaves Support"
> -	depends on X86 && HOTPLUG_CPU && PCI && SMP
> +	depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP

So no code change needed?  If not, they why do we have a cpu type at all
here?

thanks,

greg k-h

Re: [PATCH v1 3/3] nitro_enclaves: Add fixes for checkpatch and docs reports

[Greg KH]

On Thu, Aug 26, 2021 at 08:34:51PM +0300, Andra Paraschiv wrote:
> Fix the reported issues from checkpatch and kernel-doc scripts.
> 
> Update the copyright statements to include 2021, where changes have been
> made over this year.
> 
> Signed-off-by: Andra Paraschiv <andraprs@amazon.com>

Please break this up into "one patch per logical change" do not mix
different things in the same commit.

thanks,

greg k-h

Re: [PATCH v1 2/3] nitro_enclaves: Update documentation for Arm support

[Paraschiv, Andra-Irina]

On 27/08/2021 10:21, Stefano Garzarella wrote:
> On Thu, Aug 26, 2021 at 08:34:50PM +0300, Andra Paraschiv wrote:
>> Add references for hugepages and booting steps for Arm.
>>
>> Signed-off-by: Andra Paraschiv <andraprs@amazon.com>
>> ---
>> Documentation/virt/ne_overview.rst | 8 +++++---
>> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> If you need to respin, maybe we can add a little section with 
> supported architectures (x86, ARM64).
>

Sure, I can add this info.

Thanks, Stefano, for review and ack.

Andra

>
>>
>> diff --git a/Documentation/virt/ne_overview.rst 
>> b/Documentation/virt/ne_overview.rst
>> index 39b0c8fe2654a..2777da1fb0ad1 100644
>> --- a/Documentation/virt/ne_overview.rst
>> +++ b/Documentation/virt/ne_overview.rst
>> @@ -43,8 +43,8 @@ for the enclave VM. An enclave does not have 
>> persistent storage attached.
>> The memory regions carved out of the primary VM and given to an 
>> enclave need to
>> be aligned 2 MiB / 1 GiB physically contiguous memory regions (or 
>> multiple of
>> this size e.g. 8 MiB). The memory can be allocated e.g. by using 
>> hugetlbfs from
>> -user space [2][3]. The memory size for an enclave needs to be at 
>> least 64 MiB.
>> -The enclave memory and CPUs need to be from the same NUMA node.
>> +user space [2][3][7]. The memory size for an enclave needs to be at 
>> least
>> +64 MiB. The enclave memory and CPUs need to be from the same NUMA node.
>>
>> An enclave runs on dedicated cores. CPU 0 and its CPU siblings need 
>> to remain
>> available for the primary VM. A CPU pool has to be set for NE 
>> purposes by an
>> @@ -61,7 +61,7 @@ device is placed in memory below the typical 4 GiB.
>> The application that runs in the enclave needs to be packaged in an 
>> enclave
>> image together with the OS ( e.g. kernel, ramdisk, init ) that will 
>> run in the
>> enclave VM. The enclave VM has its own kernel and follows the 
>> standard Linux
>> -boot protocol [6].
>> +boot protocol [6][8].
>>
>> The kernel bzImage, the kernel command line, the ramdisk(s) are part 
>> of the
>> Enclave Image Format (EIF); plus an EIF header including metadata 
>> such as magic
>> @@ -93,3 +93,5 @@ enclave process can exit.
>> [4] 
>> https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
>> [5] https://man7.org/linux/man-pages/man7/vsock.7.html
>> [6] https://www.kernel.org/doc/html/latest/x86/boot.html
>> +[7] https://www.kernel.org/doc/html/latest/arm64/hugetlbpage.html
>> +[8] https://www.kernel.org/doc/html/latest/arm64/booting.html
>> -- 
>> 2.20.1 (Apple Git-117)
>>
>>
>>
>>
>> Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. 
>> Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. 
>> Registered in Romania. Registration number J22/2621/2005.
>>
>




Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.

Re: [PATCH v1 1/3] nitro_enclaves: Enable Arm support

[Paraschiv, Andra-Irina]

On 27/08/2021 11:43, Greg KH wrote:
> On Thu, Aug 26, 2021 at 08:34:49PM +0300, Andra Paraschiv wrote:
>> Update the kernel config to enable the Nitro Enclaves kernel driver for
>> Arm support.
>>
>> Signed-off-by: Andra Paraschiv <andraprs@amazon.com>
>> ---
>>   drivers/virt/nitro_enclaves/Kconfig | 8 ++------
>>   1 file changed, 2 insertions(+), 6 deletions(-)
>>
>> diff --git a/drivers/virt/nitro_enclaves/Kconfig b/drivers/virt/nitro_enclaves/Kconfig
>> index 8c9387a232df8..f53740b941c0f 100644
>> --- a/drivers/virt/nitro_enclaves/Kconfig
>> +++ b/drivers/virt/nitro_enclaves/Kconfig
>> @@ -1,17 +1,13 @@
>>   # SPDX-License-Identifier: GPL-2.0
>>   #
>> -# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>> +# Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>>
>>   # Amazon Nitro Enclaves (NE) support.
>>   # Nitro is a hypervisor that has been developed by Amazon.
>>
>> -# TODO: Add dependency for ARM64 once NE is supported on Arm platforms. For now,
>> -# the NE kernel driver can be built for aarch64 arch.
>> -# depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
>> -
>>   config NITRO_ENCLAVES
>>        tristate "Nitro Enclaves Support"
>> -     depends on X86 && HOTPLUG_CPU && PCI && SMP
>> +     depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
> So no code change needed?  If not, they why do we have a cpu type at all
> here?

Yes, no codebase changes needed so far.

I've looked during the initial phase of the upstreaming process to also 
check the ARM64 build and use / implement functionality that would not 
be x86 specific, if possible. And it worked good, for now no necessary 
updates.

The supported architectures for the Nitro Enclaves overall project will 
be x86 and ARM64 (x86 support has been released, ARM64 support is to be 
released), so mentioning these explicitly here. No other architectures 
have been considered so far.

Thanks,
Andra



Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.

Re: [PATCH v1 3/3] nitro_enclaves: Add fixes for checkpatch and docs reports

[Paraschiv, Andra-Irina]

On 27/08/2021 11:43, Greg KH wrote:
> On Thu, Aug 26, 2021 at 08:34:51PM +0300, Andra Paraschiv wrote:
>> Fix the reported issues from checkpatch and kernel-doc scripts.
>>
>> Update the copyright statements to include 2021, where changes have been
>> made over this year.
>>
>> Signed-off-by: Andra Paraschiv <andraprs@amazon.com>
> Please break this up into "one patch per logical change" do not mix
> different things in the same commit.

Sure, I can split this patch in multiple ones for v2.

Thanks,
Andra



Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.