From: "Huang, Kai" <kai.huang@linux.intel.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>,
Kai Huang <kaih.linux@gmail.com>,
xen-devel@lists.xen.org
Cc: kevin.tian@intel.com, jbeulich@suse.com
Subject: Re: [PATCH 03/15] xen: x86: add early stage SGX feature detection
Date: Fri, 21 Jul 2017 21:17:44 +1200 [thread overview]
Message-ID: <deb9a06c-722b-b1e1-e649-86a8d46951c1@linux.intel.com> (raw)
In-Reply-To: <5931d3d6-e5b6-2fb3-c443-63899db090fb@citrix.com>
On 7/20/2017 2:23 AM, Andrew Cooper wrote:
> On 09/07/17 09:09, Kai Huang wrote:
>> This patch adds early stage SGX feature detection via SGX CPUID 0x12. Function
>> detect_sgx is added to detect SGX info on each CPU (called from vmx_cpu_up).
>> SDM says SGX info returned by CPUID is per-thread, and we cannot assume all
>> threads will return the same SGX info, so we have to detect SGX for each CPU.
>> For simplicity, currently SGX is only supported when all CPUs reports the same
>> SGX info.
>>
>> SDM also says it's possible to have multiple EPC sections but this is only for
>> multiple-socket server, which we don't support now (there are other things
>> need to be done, ex, NUMA EPC, scheduling, etc, as well), so currently only
>> one EPC is supported.
>>
>> Dedicated files sgx.c and sgx.h are added (under vmx directory as SGX is Intel
>> specific) for bulk of above SGX detection code detection code, and for further
>> SGX code as well.
>>
>> Signed-off-by: Kai Huang <kai.huang@linux.intel.com>
>
> I am not sure putting this under hvm/ is a sensible move. Almost
> everything in this patch is currently common, and I can forsee us
> wanting to introduce PV support, so it would be good to introduce this
> in a guest-neutral location to begin with.
>
>> ---
>> xen/arch/x86/hvm/vmx/Makefile | 1 +
>> xen/arch/x86/hvm/vmx/sgx.c | 208 ++++++++++++++++++++++++++++++++++++++
>> xen/arch/x86/hvm/vmx/vmcs.c | 4 +
>> xen/include/asm-x86/cpufeature.h | 1 +
>> xen/include/asm-x86/hvm/vmx/sgx.h | 45 +++++++++
>> 5 files changed, 259 insertions(+)
>> create mode 100644 xen/arch/x86/hvm/vmx/sgx.c
>> create mode 100644 xen/include/asm-x86/hvm/vmx/sgx.h
>>
>> diff --git a/xen/arch/x86/hvm/vmx/Makefile b/xen/arch/x86/hvm/vmx/Makefile
>> index 04a29ce59d..f6bcf0d143 100644
>> --- a/xen/arch/x86/hvm/vmx/Makefile
>> +++ b/xen/arch/x86/hvm/vmx/Makefile
>> @@ -4,3 +4,4 @@ obj-y += realmode.o
>> obj-y += vmcs.o
>> obj-y += vmx.o
>> obj-y += vvmx.o
>> +obj-y += sgx.o
>> diff --git a/xen/arch/x86/hvm/vmx/sgx.c b/xen/arch/x86/hvm/vmx/sgx.c
>> new file mode 100644
>> index 0000000000..6b41469371
>> --- /dev/null
>> +++ b/xen/arch/x86/hvm/vmx/sgx.c
>
> This file looks like it should be arch/x86/sgx.c, given its current content.
>
>> @@ -0,0 +1,208 @@
>> +/*
>> + * Intel Software Guard Extensions support
>
> Please include a GPLv2 header.
>
>> + *
>> + * Author: Kai Huang <kai.huang@linux.intel.com>
>> + */
>> +
>> +#include <asm/cpufeature.h>
>> +#include <asm/msr-index.h>
>> +#include <asm/msr.h>
>> +#include <asm/hvm/vmx/sgx.h>
>> +#include <asm/hvm/vmx/vmcs.h>
>> +
>> +static struct sgx_cpuinfo __read_mostly sgx_cpudata[NR_CPUS];
>> +static struct sgx_cpuinfo __read_mostly boot_sgx_cpudata;
>
> I don't think any of this is necessary. The description says that all
> EPCs across the server will be reported in CPUID subleaves, and our
> implementation gives up if the data are non-identical across CPUs.
>
> Therefore, we only need to keep one copy of the data, and check check
> APs against the master copy.
Right. boot_sgx_cpudata is what we need. Currently detect_sgx is called
from vmx_cpu_up. How about changing to calling it from identify_cpu, and
something like below ?
if ( c == &boot_cpu_data )
detect_sgx(&boot_sgx_cpudata);
else {
struct sgx_cpuinfo tmp;
detect_sgx(&tmp);
if ( memcmp(&boot_sgx_cpudata, &tmp, sizeof (tmp)) )
//disable SGX
}
Thanks,
-Kai
>
>
> Let me see about splitting up a few bits of the existing CPUID
> infrastructure, so we can use the host cpuid policy more effectively for
> Xen related things.
>
> ~Andrew
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> https://lists.xen.org/xen-devel
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-07-21 9:17 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-09 8:03 [RFC PATCH 00/15] RFC: SGX virtualization design and draft patches Kai Huang
2017-07-09 8:04 ` [PATCH 01/15] xen: x86: expose SGX to HVM domain in CPU featureset Kai Huang
2017-07-12 11:09 ` Andrew Cooper
2017-07-17 6:20 ` Huang, Kai
2017-07-18 10:12 ` Andrew Cooper
2017-07-18 22:41 ` Huang, Kai
2017-07-09 8:09 ` [PATCH 02/15] xen: vmx: detect ENCLS VMEXIT Kai Huang
2017-07-12 11:11 ` Andrew Cooper
2017-07-12 18:54 ` Jan Beulich
2017-07-13 4:57 ` Huang, Kai
2017-07-09 8:09 ` [PATCH 03/15] xen: x86: add early stage SGX feature detection Kai Huang
2017-07-19 14:23 ` Andrew Cooper
2017-07-21 9:17 ` Huang, Kai [this message]
2017-07-22 1:06 ` Huang, Kai
2017-07-09 8:09 ` [PATCH 06/15] xen: x86: add SGX basic EPC management Kai Huang
2017-07-09 8:09 ` [PATCH 07/15] xen: x86: add functions to populate and destroy EPC for domain Kai Huang
2017-07-09 8:09 ` [PATCH 09/15] xen: vmx: handle SGX related MSRs Kai Huang
2017-07-19 17:27 ` Andrew Cooper
2017-07-21 9:42 ` Huang, Kai
2017-07-22 1:37 ` Huang, Kai
2017-07-09 8:09 ` [PATCH 10/15] xen: vmx: handle ENCLS VMEXIT Kai Huang
2017-07-09 8:09 ` [PATCH 11/15] xen: vmx: handle VMEXIT from SGX enclave Kai Huang
2017-07-09 8:09 ` [PATCH 12/15] xen: x86: reset EPC when guest got suspended Kai Huang
2017-07-09 8:10 ` [PATCH 04/15] xen: mm: add ioremap_cache Kai Huang
2017-07-11 20:14 ` Julien Grall
2017-07-12 1:52 ` Huang, Kai
2017-07-12 7:13 ` Julien Grall
2017-07-13 5:01 ` Huang, Kai
2017-07-12 6:17 ` Jan Beulich
2017-07-13 4:59 ` Huang, Kai
2017-07-09 8:10 ` [PATCH 08/15] xen: x86: add SGX cpuid handling support Kai Huang
2017-07-12 10:56 ` Andrew Cooper
2017-07-13 5:42 ` Huang, Kai
2017-07-14 7:37 ` Andrew Cooper
2017-07-14 11:08 ` Jan Beulich
2017-07-17 6:16 ` Huang, Kai
2017-07-09 8:12 ` [PATCH 05/15] xen: p2m: new 'p2m_epc' type for EPC mapping Kai Huang
2017-07-12 11:01 ` Andrew Cooper
2017-07-12 12:21 ` George Dunlap
2017-07-13 5:56 ` Huang, Kai
2017-07-09 8:14 ` [PATCH 13/15] xen: tools: add new 'epc' parameter support Kai Huang
2017-07-09 8:15 ` [PATCH 14/15] xen: tools: add SGX to applying CPUID policy Kai Huang
2017-07-09 8:16 ` [PATCH 15/15] xen: tools: expose EPC in ACPI table Kai Huang
2017-07-12 11:05 ` Andrew Cooper
2017-07-13 8:23 ` Huang, Kai
2017-07-14 11:31 ` Jan Beulich
2017-07-17 6:11 ` Huang, Kai
2017-07-17 10:54 ` Roger Pau Monné
2017-07-18 8:36 ` Huang, Kai
2017-07-18 10:21 ` Roger Pau Monné
2017-07-18 22:44 ` Huang, Kai
2017-07-11 14:13 ` [RFC PATCH 00/15] RFC: SGX virtualization design and draft patches Andrew Cooper
2017-07-17 6:08 ` Huang, Kai
2017-07-21 9:04 ` Huang, Kai
2017-07-17 9:16 ` Wei Liu
2017-07-18 8:22 ` Huang, Kai
2017-07-28 13:40 ` Wei Liu
2017-07-31 8:37 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=deb9a06c-722b-b1e1-e649-86a8d46951c1@linux.intel.com \
--to=kai.huang@linux.intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=kaih.linux@gmail.com \
--cc=kevin.tian@intel.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.