From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Huang, Kai" Subject: Re: [PATCH 09/10] kvm: vmx: handle ENCLS VMEXIT Date: Wed, 10 May 2017 13:30:04 +1200 Message-ID: <933c8474-756f-69e0-59d0-a1fdd6eef818@linux.intel.com> References: <20170508052434.3627-1-kai.huang@linux.intel.com> <20170508052434.3627-10-kai.huang@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit To: Paolo Bonzini , Kai Huang , rkrcmar@redhat.com, kvm@vger.kernel.org Return-path: Received: from mga14.intel.com ([192.55.52.115]:20060 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750780AbdEJBaK (ORCPT ); Tue, 9 May 2017 21:30:10 -0400 In-Reply-To: Sender: kvm-owner@vger.kernel.org List-ID: On 5/8/2017 8:08 PM, Paolo Bonzini wrote: > > > On 08/05/2017 07:24, Kai Huang wrote: >> This patch handles ENCLS VMEXIT. ENCLS VMEXIT doesn't need to be always turned >> on, actually it should not be turned on in most cases, as guest can run ENCLS >> perfectly in non-root mode. However there are some cases we need to trap ENCLS >> and emulate as in those cases ENCLS in guest may behavor differently with >> in native (for example, when hardware supports SGX but SGX is not exposed to >> guest, and if guest runs ENCLS deliberately, it may have different behavior to >> on native). >> >> In case of nested SGX support, we need to turn on ENCLS VMEXIT if L1 hypervisor >> has turned on ENCLS VMEXIT, and such ENCLS VMEXIT from L2 (nested guest) will >> be handled by L1 hypervisor. >> >> Signed-off-by: Kai Huang >> --- >> arch/x86/include/asm/vmx.h | 2 + >> arch/x86/include/uapi/asm/vmx.h | 4 +- >> arch/x86/kvm/vmx.c | 265 ++++++++++++++++++++++++++++++++++++++++ > > Please try to move more code to sgx.c. Hi Paolo, Thanks for comments. Will try to do this in next version. Thanks, -Kai > > Paolo > >> 3 files changed, 270 insertions(+), 1 deletion(-) >> >> diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h >> index f7ac249ce83d..2f24290b7f9d 100644 >> --- a/arch/x86/include/asm/vmx.h >> +++ b/arch/x86/include/asm/vmx.h >> @@ -202,6 +202,8 @@ enum vmcs_field { >> XSS_EXIT_BITMAP_HIGH = 0x0000202D, >> TSC_MULTIPLIER = 0x00002032, >> TSC_MULTIPLIER_HIGH = 0x00002033, >> + ENCLS_EXITING_BITMAP = 0x0000202E, >> + ENCLS_EXITING_BITMAP_HIGH = 0x0000202F, >> GUEST_PHYSICAL_ADDRESS = 0x00002400, >> GUEST_PHYSICAL_ADDRESS_HIGH = 0x00002401, >> VMCS_LINK_POINTER = 0x00002800, >> diff --git a/arch/x86/include/uapi/asm/vmx.h b/arch/x86/include/uapi/asm/vmx.h >> index 14458658e988..2bcd967d5c83 100644 >> --- a/arch/x86/include/uapi/asm/vmx.h >> +++ b/arch/x86/include/uapi/asm/vmx.h >> @@ -77,6 +77,7 @@ >> #define EXIT_REASON_XSETBV 55 >> #define EXIT_REASON_APIC_WRITE 56 >> #define EXIT_REASON_INVPCID 58 >> +#define EXIT_REASON_ENCLS 60 >> #define EXIT_REASON_PML_FULL 62 >> #define EXIT_REASON_XSAVES 63 >> #define EXIT_REASON_XRSTORS 64 >> @@ -130,7 +131,8 @@ >> { EXIT_REASON_INVVPID, "INVVPID" }, \ >> { EXIT_REASON_INVPCID, "INVPCID" }, \ >> { EXIT_REASON_XSAVES, "XSAVES" }, \ >> - { EXIT_REASON_XRSTORS, "XRSTORS" } >> + { EXIT_REASON_XRSTORS, "XRSTORS" }, \ >> + { EXIT_REASON_ENCLS, "ENCLS" } >> >> #define VMX_ABORT_SAVE_GUEST_MSR_FAIL 1 >> #define VMX_ABORT_LOAD_HOST_PDPTE_FAIL 2 >