From: "Huang, Kai" <kai.huang@linux.intel.com>
To: Jan Beulich <jbeulich@suse.com>,
andrew.cooper3@citrix.com, kaih.linux@gmail.com
Cc: kevin.tian@intel.com, xen-devel@lists.xen.org
Subject: Re: [PATCH 02/15] xen: vmx: detect ENCLS VMEXIT
Date: Thu, 13 Jul 2017 16:57:41 +1200 [thread overview]
Message-ID: <ee0f0313-7146-6bd6-90be-22726ff016c5@linux.intel.com> (raw)
In-Reply-To: <596670480200007800102362@prv-mh.provo.novell.com>
On 7/13/2017 6:54 AM, Jan Beulich wrote:
>>>> Andrew Cooper <andrew.cooper3@citrix.com> 07/12/17 1:12 PM >>>
>> On 09/07/17 10:09, Kai Huang wrote:
>>> If ENCLS VMEXIT is not present then we cannot support SGX virtualization.
>>> This patch detects presence of ENCLS VMEXIT. A Xen boot boolean parameter
>>> 'sgx' is also added to manually enable/disable SGX.
>>>
>>> Signed-off-by: Kai Huang <kai.huang@linux.intel.com>
>>
>> At a minimum, you also need to modify calculate_hvm_max_policy() to hide
>> SGX if we don't have ENCLS intercept support.
Actually IMO this is not needed, as I added an __initcall(sgx_init) (see
patch 0003), where I will call setup_clear_cpu_cap(X86_FEATURE_SGX) if
for any reason boot_sgx_cpuidata (which contains common SGX cpuid info
shared by all cores) doesn't have valid SGX info. if ENCLS VMEXIT is not
present, then detect_sgx won't be called for any core so that
X86_FEATURE_SGX will be cleared in boot_cpu_data. As init_guest_cpuid is
called after all __initcalls are called, so if ENCLS VMEXIT is not
present, or sgx is disabled via boot parameter, then even for
host_policy, it won't have SGX.
Of course if we changed the implementation of __initcall(sgx_init), we
probably need to explicitly clear SGX here. Anyway clearing SGX here
doesn't have any harm, so I am completely fine to do it if you think it
is necessary.
>
> Additionally I think the command line option should default to off initially
> and it needs an entry in the command line option doc.
Sure. I'll change default to 0 and change the doc as well.
Thanks,
-Kai
>
> Jan
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> https://lists.xen.org/xen-devel
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-07-13 4:57 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-09 8:03 [RFC PATCH 00/15] RFC: SGX virtualization design and draft patches Kai Huang
2017-07-09 8:04 ` [PATCH 01/15] xen: x86: expose SGX to HVM domain in CPU featureset Kai Huang
2017-07-12 11:09 ` Andrew Cooper
2017-07-17 6:20 ` Huang, Kai
2017-07-18 10:12 ` Andrew Cooper
2017-07-18 22:41 ` Huang, Kai
2017-07-09 8:09 ` [PATCH 02/15] xen: vmx: detect ENCLS VMEXIT Kai Huang
2017-07-12 11:11 ` Andrew Cooper
2017-07-12 18:54 ` Jan Beulich
2017-07-13 4:57 ` Huang, Kai [this message]
2017-07-09 8:09 ` [PATCH 03/15] xen: x86: add early stage SGX feature detection Kai Huang
2017-07-19 14:23 ` Andrew Cooper
2017-07-21 9:17 ` Huang, Kai
2017-07-22 1:06 ` Huang, Kai
2017-07-09 8:09 ` [PATCH 06/15] xen: x86: add SGX basic EPC management Kai Huang
2017-07-09 8:09 ` [PATCH 07/15] xen: x86: add functions to populate and destroy EPC for domain Kai Huang
2017-07-09 8:09 ` [PATCH 09/15] xen: vmx: handle SGX related MSRs Kai Huang
2017-07-19 17:27 ` Andrew Cooper
2017-07-21 9:42 ` Huang, Kai
2017-07-22 1:37 ` Huang, Kai
2017-07-09 8:09 ` [PATCH 10/15] xen: vmx: handle ENCLS VMEXIT Kai Huang
2017-07-09 8:09 ` [PATCH 11/15] xen: vmx: handle VMEXIT from SGX enclave Kai Huang
2017-07-09 8:09 ` [PATCH 12/15] xen: x86: reset EPC when guest got suspended Kai Huang
2017-07-09 8:10 ` [PATCH 04/15] xen: mm: add ioremap_cache Kai Huang
2017-07-11 20:14 ` Julien Grall
2017-07-12 1:52 ` Huang, Kai
2017-07-12 7:13 ` Julien Grall
2017-07-13 5:01 ` Huang, Kai
2017-07-12 6:17 ` Jan Beulich
2017-07-13 4:59 ` Huang, Kai
2017-07-09 8:10 ` [PATCH 08/15] xen: x86: add SGX cpuid handling support Kai Huang
2017-07-12 10:56 ` Andrew Cooper
2017-07-13 5:42 ` Huang, Kai
2017-07-14 7:37 ` Andrew Cooper
2017-07-14 11:08 ` Jan Beulich
2017-07-17 6:16 ` Huang, Kai
2017-07-09 8:12 ` [PATCH 05/15] xen: p2m: new 'p2m_epc' type for EPC mapping Kai Huang
2017-07-12 11:01 ` Andrew Cooper
2017-07-12 12:21 ` George Dunlap
2017-07-13 5:56 ` Huang, Kai
2017-07-09 8:14 ` [PATCH 13/15] xen: tools: add new 'epc' parameter support Kai Huang
2017-07-09 8:15 ` [PATCH 14/15] xen: tools: add SGX to applying CPUID policy Kai Huang
2017-07-09 8:16 ` [PATCH 15/15] xen: tools: expose EPC in ACPI table Kai Huang
2017-07-12 11:05 ` Andrew Cooper
2017-07-13 8:23 ` Huang, Kai
2017-07-14 11:31 ` Jan Beulich
2017-07-17 6:11 ` Huang, Kai
2017-07-17 10:54 ` Roger Pau Monné
2017-07-18 8:36 ` Huang, Kai
2017-07-18 10:21 ` Roger Pau Monné
2017-07-18 22:44 ` Huang, Kai
2017-07-11 14:13 ` [RFC PATCH 00/15] RFC: SGX virtualization design and draft patches Andrew Cooper
2017-07-17 6:08 ` Huang, Kai
2017-07-21 9:04 ` Huang, Kai
2017-07-17 9:16 ` Wei Liu
2017-07-18 8:22 ` Huang, Kai
2017-07-28 13:40 ` Wei Liu
2017-07-31 8:37 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ee0f0313-7146-6bd6-90be-22726ff016c5@linux.intel.com \
--to=kai.huang@linux.intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=kaih.linux@gmail.com \
--cc=kevin.tian@intel.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.