KVM Archive on lore.kernel.org
 help / color / Atom feed
* [RFC PATCH 00/21] x86/sgx: KVM: Add SGX virtualization
@ 2019-07-27  5:51 Sean Christopherson
  2019-07-27  5:51 ` [RFC PATCH 01/21] x86/sgx: Add defines for SGX device minor numbers Sean Christopherson
                   ` (20 more replies)
  0 siblings, 21 replies; 32+ messages in thread
From: Sean Christopherson @ 2019-07-27  5:51 UTC (permalink / raw)
  To: Paolo Bonzini, Radim Krčmář,
	Thomas Gleixner, Ingo Molnar, Borislav Petkov, x86,
	Jarkko Sakkinen, Sean Christopherson, Joerg Roedel
  Cc: H. Peter Anvin, kvm, linux-kernel, linux-sgx, Andy Lutomirski

This is an "early" RFC series for adding SGX virtualization to KVM.  SGX
virtualization (more specifically, EPC virtualization) is dependent on the
not-yet-merged SGX enabling series and so cannot be considered for
inclusion any time soon.

The primary goal of this RFC is to get feedback on the overall approach,
e.g. code location, uAPI changes, functionality, etc...  My hope is to
sort out any major issues sooner rather than later, so that if/when the
base SGX enabling is merged, virtualization support can quickly follow
suit.

That being said, nitpicking and bikeshedding is more than welcome :-)

This code applies on top of a slightly modified version of v21 of the SGX
enabling series[1].  The modifications on top of the SGX series are a few
minor bug fixes that are not related to SGX virtualization, but affect
code that is moved/modified by this series.  The full source for the
modified version of v21 can be found at:

 https://github.com/sean-jc/linux.git

under the tag:

  sgx-v21-ish

A corresponding Qemu RFC will (hopefully) follow next week, the Qemu
patches need a bit more cleanup...

[1] https://lkml.kernel.org/r/20190713170804.2340-1-jarkko.sakkinen@linux.intel.com

Sean Christopherson (21):
  x86/sgx: Add defines for SGX device minor numbers
  x86/sgx: Move bus registration and device init to common code
  x86/sgx: Move provisioning device to common code
  x86/sgx: Add /dev/sgx/virt_epc device to allocate "raw" EPC for VMs
  x86/sgx: Expose SGX architectural definitions to the kernel
  KVM: x86: Add SGX sub-features leaf to reverse CPUID table
  KVM: x86: Add WARN_ON_ONCE(index!=0) in __do_cpuid_ent
  KVM: x86: Add kvm_x86_ops hook to short circuit emulation
  KVM: VMX: Add basic handling of VM-Exit from SGX enclave
  KVM: x86: Export kvm_mmu_gva_to_gpa_{read,write}() for VMX/SGX
  KVM: x86: Export kvm_propagate_fault (as kvm_propagate_page_fault)
  KVM: x86: Define new #PF SGX error code bit
  x86/sgx: Move the intermediate EINIT helper into the driver
  x86/sgx: Add helpers to expose ECREATE and EINIT to KVM
  KVM: VMX: Add SGX ENCLS[ECREATE] handler to enforce CPUID restrictions
  KVM: VMX: Edd emulation of SGX Launch Control LE hash MSRs
  KVM: VMX: Add handler for ENCLS[EINIT] to support SGX Launch Control
  KVM: x86: Invoke kvm_x86_ops->cpuid_update() after kvm_update_cpuid()
  KVM: VMX: Enable SGX virtualization for SGX1, SGX2 and LC
  x86/sgx: Export sgx_set_attribute() for use by KVM
  KVM: x86: Add capability to grant VM access to privileged SGX
    attribute

 Documentation/virtual/kvm/api.txt             |  20 ++
 arch/x86/Kconfig                              |  13 +
 arch/x86/include/asm/kvm_host.h               |   8 +-
 arch/x86/include/asm/sgx.h                    |  17 +
 .../cpu/sgx/arch.h => include/asm/sgx_arch.h} |   1 +
 arch/x86/include/asm/vmx.h                    |   1 +
 arch/x86/include/uapi/asm/vmx.h               |   1 +
 arch/x86/kernel/cpu/sgx/Makefile              |   1 +
 arch/x86/kernel/cpu/sgx/driver/driver.h       |   3 +-
 arch/x86/kernel/cpu/sgx/driver/ioctl.c        |  40 ++-
 arch/x86/kernel/cpu/sgx/driver/main.c         |  73 +----
 arch/x86/kernel/cpu/sgx/encl.c                |   2 +-
 arch/x86/kernel/cpu/sgx/encls.h               |   2 +-
 arch/x86/kernel/cpu/sgx/main.c                | 141 ++++++--
 arch/x86/kernel/cpu/sgx/sgx.h                 |  16 +-
 arch/x86/kernel/cpu/sgx/virt.c                | 308 ++++++++++++++++++
 arch/x86/kernel/cpu/sgx/virt.h                |  14 +
 arch/x86/kvm/Makefile                         |   2 +
 arch/x86/kvm/cpuid.c                          | 135 ++++++--
 arch/x86/kvm/cpuid.h                          |  20 ++
 arch/x86/kvm/emulate.c                        |   1 +
 arch/x86/kvm/mmu.c                            |  12 -
 arch/x86/kvm/svm.c                            |  19 +-
 arch/x86/kvm/vmx/nested.c                     |  21 +-
 arch/x86/kvm/vmx/nested.h                     |   5 +
 arch/x86/kvm/vmx/sgx.c                        | 247 ++++++++++++++
 arch/x86/kvm/vmx/sgx.h                        |  11 +
 arch/x86/kvm/vmx/vmcs12.c                     |   1 +
 arch/x86/kvm/vmx/vmcs12.h                     |   4 +-
 arch/x86/kvm/vmx/vmx.c                        | 251 +++++++++++++-
 arch/x86/kvm/vmx/vmx.h                        |   6 +
 arch/x86/kvm/x86.c                            |  40 ++-
 arch/x86/kvm/x86.h                            |   5 -
 include/uapi/linux/kvm.h                      |   1 +
 tools/testing/selftests/x86/sgx/defines.h     |   2 +-
 35 files changed, 1234 insertions(+), 210 deletions(-)
 create mode 100644 arch/x86/include/asm/sgx.h
 rename arch/x86/{kernel/cpu/sgx/arch.h => include/asm/sgx_arch.h} (99%)
 create mode 100644 arch/x86/kernel/cpu/sgx/virt.c
 create mode 100644 arch/x86/kernel/cpu/sgx/virt.h
 create mode 100644 arch/x86/kvm/vmx/sgx.c
 create mode 100644 arch/x86/kvm/vmx/sgx.h

-- 
2.22.0


^ permalink raw reply	[flat|nested] 32+ messages in thread

end of thread, back to index

Thread overview: 32+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-27  5:51 [RFC PATCH 00/21] x86/sgx: KVM: Add SGX virtualization Sean Christopherson
2019-07-27  5:51 ` [RFC PATCH 01/21] x86/sgx: Add defines for SGX device minor numbers Sean Christopherson
2019-07-27  5:51 ` [RFC PATCH 02/21] x86/sgx: Move bus registration and device init to common code Sean Christopherson
2019-07-27  5:51 ` [RFC PATCH 03/21] x86/sgx: Move provisioning device " Sean Christopherson
2019-07-27  5:51 ` [RFC PATCH 04/21] x86/sgx: Add /dev/sgx/virt_epc device to allocate "raw" EPC for VMs Sean Christopherson
2019-07-27 17:44   ` Andy Lutomirski
2019-07-29 17:05     ` Sean Christopherson
2019-07-27  5:51 ` [RFC PATCH 05/21] x86/sgx: Expose SGX architectural definitions to the kernel Sean Christopherson
2019-07-27  5:51 ` [RFC PATCH 06/21] KVM: x86: Add SGX sub-features leaf to reverse CPUID table Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 07/21] KVM: x86: Add WARN_ON_ONCE(index!=0) in __do_cpuid_ent Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 08/21] KVM: x86: Add kvm_x86_ops hook to short circuit emulation Sean Christopherson
2019-07-27 17:38   ` Andy Lutomirski
2019-07-30  2:49     ` Sean Christopherson
2019-08-16  0:47       ` Andy Lutomirski
2019-08-19 22:01         ` Sean Christopherson
2019-08-20  1:34           ` Andy Lutomirski
2019-08-20  1:41             ` Sean Christopherson
2019-07-30  3:08   ` Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 09/21] KVM: VMX: Add basic handling of VM-Exit from SGX enclave Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 10/21] KVM: x86: Export kvm_mmu_gva_to_gpa_{read,write}() for VMX/SGX Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 11/21] KVM: x86: Export kvm_propagate_fault (as kvm_propagate_page_fault) Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 12/21] KVM: x86: Define new #PF SGX error code bit Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 13/21] x86/sgx: Move the intermediate EINIT helper into the driver Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 14/21] x86/sgx: Add helpers to expose ECREATE and EINIT to KVM Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 15/21] KVM: VMX: Add SGX ENCLS[ECREATE] handler to enforce CPUID restrictions Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 16/21] KVM: VMX: Edd emulation of SGX Launch Control LE hash MSRs Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 17/21] KVM: VMX: Add handler for ENCLS[EINIT] to support SGX Launch Control Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 18/21] KVM: x86: Invoke kvm_x86_ops->cpuid_update() after kvm_update_cpuid() Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 19/21] KVM: VMX: Enable SGX virtualization for SGX1, SGX2 and LC Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 20/21] x86/sgx: Export sgx_set_attribute() for use by KVM Sean Christopherson
2019-07-27  5:52 ` [RFC PATCH 21/21] KVM: x86: Add capability to grant VM access to privileged SGX attribute Sean Christopherson
2019-07-27 17:32   ` Andy Lutomirski

KVM Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kvm/0 kvm/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kvm kvm/ https://lore.kernel.org/kvm \
		kvm@vger.kernel.org
	public-inbox-index kvm

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.kvm


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git