From: Sean Christopherson <seanjc@google.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Kai Huang <kai.huang@intel.com>,
linux-sgx@vger.kernel.org, kvm@vger.kernel.org, x86@kernel.org,
luto@kernel.org, dave.hansen@intel.com, haitao.huang@intel.com,
pbonzini@redhat.com, bp@alien8.de, tglx@linutronix.de,
mingo@redhat.com, hpa@zytor.com, jethro@fortanix.com,
b.thiel@posteo.de, mattson@google.com, joro@8bytes.org,
vkuznets@redhat.com, wanpengli@tencent.com, corbet@lwn.net
Subject: Re: [RFC PATCH 00/23] KVM SGX virtualization support
Date: Mon, 11 Jan 2021 10:37:05 -0800 [thread overview]
Message-ID: <X/ya0XnsQn4xb/1L@google.com> (raw)
In-Reply-To: <2422737f6b0cddf6ff1be9cf90e287dd00d6a6a3.camel@kernel.org>
On Mon, Jan 11, 2021, Jarkko Sakkinen wrote:
> On Wed, 2021-01-06 at 14:55 +1300, Kai Huang wrote:
> > - Does not require changes to KVM's uAPI, e.g. EPC gets handled as
> > just another memory backend for guests.
>
> Why this an advantage? No objection, just a question.
There are zero KVM changes required to support exposing EPC to a guest. KVM's
MMU is completely ignorant of what physical backing is used for any given host
virtual address. KVM has to be aware of various VM_* flags, e.g. VM_PFNMAP and
VM_IO, but that code is arch agnostic and is quite isolated.
> > - EPC management is wholly contained in the SGX subsystem, e.g. SGX
> > does not have to export any symbols, changes to reclaim flows don't
> > need to be routed through KVM, SGX's dirty laundry doesn't have to
> > get aired out for the world to see, and so on and so forth.
>
> No comments to this before understanding code changes better.
>
> > The virtual EPC allocated to guests is currently not reclaimable, due to
> > reclaiming EPC from KVM guests is not currently supported. Due to the
> > complications of handling reclaim conflicts between guest and host, KVM
> > EPC oversubscription, which allows total virtual EPC size greater than
> > physical EPC by being able to reclaiming guests' EPC, is significantly more
> > complex than basic support for SGX virtualization.
>
> I think it should be really in the center of the patch set description that
> this patch set implements segmentation of EPC, not oversubscription. It should
> be clear immediately. It's a core part of knowing "what I'm looking at".
Technically, it doesn't implement EPC segmentation of EPC. It implements
non-reclaimable EPC allocation. Even that is somewhat untrue as the EPC can be
forcefully reclaimed, but doing so will destroy the guest contents.
Userspace can oversubscribe the EPC to KVM guests, but it would need to kill,
migrate, or pause one or more VMs if the pool of physical EPC were exhausted.
> > - Support SGX virtualization without SGX Launch Control unlocked mode
> >
> > Although SGX driver requires SGX Launch Control unlocked mode to work, SGX
> > virtualization doesn't, since how enclave is created is completely controlled
> > by guest SGX software, which is not necessarily linux. Therefore, this series
> > allows KVM to expose SGX to guest even SGX Launch Control is in locked mode,
> > or is not present at all. The reason is the goal of SGX virtualization, or
> > virtualization in general, is to expose hardware feature to guest, but not to
> > make assumption how guest will use it. Therefore, KVM should support SGX guest
> > as long as hardware is able to, to have chance to support more potential use
> > cases in cloud environment.
>
> AFAIK the convergence point with the FLC was, and is that Linux never enables
> SGX with locked MSRs.
>
> And I don't understand, if it is not fine to allow locked SGX for a *process*,
> why is it fine for a *virtual machine*? They have a lot same.
Because it's a completely different OS/kernel. If the user has a kernel that
supports locked SGX, then so be it. There's no novel circumvention of the
kernel policy, e.g. the user could simply boot the non-upstream kernel directly,
and running an upstream kernel in the guest will not cause the kernel to support
SGX.
There are any number of things that are allowed in a KVM guest that are not
allowed in a bare metal process.
> I cannot remember out of top of my head, could the Intel SHA256 be read when
> booted with unlocked MSRs. If that is the case, then you can still support
> guests with that configuration.
No, it's not guaranteed to be readable as firmware could have already changed
the values in the MSRs.
> Context-dependent guidelines tend to also trash code big time. Also, for the
> sake of a sane kernel code base, I would consider only supporting unlocked
> MSRs.
It's one line of a code to teach the kernel driver not to load if the MSRs are
locked. And IMO, that one line of code is a net positive as it makes it clear
in the driver itself that it chooses not support locked MSRs, even if SGX itself
is fully enabled.
next prev parent reply other threads:[~2021-01-11 18:38 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-06 1:55 [RFC PATCH 00/23] KVM SGX virtualization support Kai Huang
2021-01-06 1:55 ` [RFC PATCH 01/23] x86/sgx: Split out adding EPC page to free list to separate helper Kai Huang
2021-01-11 22:38 ` Jarkko Sakkinen
2021-01-12 0:19 ` Kai Huang
2021-01-12 21:45 ` Sean Christopherson
2021-01-13 1:15 ` Kai Huang
2021-01-13 17:05 ` Jarkko Sakkinen
2021-01-06 1:55 ` [RFC PATCH 02/23] x86/sgx: Add enum for SGX_CHILD_PRESENT error code Kai Huang
2021-01-06 18:28 ` Dave Hansen
2021-01-06 21:40 ` Kai Huang
2021-01-12 0:26 ` Jarkko Sakkinen
2021-01-11 23:32 ` Jarkko Sakkinen
2021-01-12 0:16 ` Kai Huang
2021-01-12 1:46 ` Jarkko Sakkinen
2021-01-06 1:55 ` [RFC PATCH 03/23] x86/sgx: Introduce virtual EPC for use by KVM guests Kai Huang
2021-01-06 19:35 ` Dave Hansen
2021-01-06 20:35 ` Sean Christopherson
2021-01-07 0:47 ` Kai Huang
2021-01-07 0:52 ` Dave Hansen
2021-01-07 1:38 ` Kai Huang
2021-01-07 5:00 ` Dave Hansen
2021-01-07 1:42 ` Kai Huang
2021-01-07 5:02 ` Dave Hansen
2021-01-15 14:07 ` Kai Huang
2021-01-15 15:39 ` Dave Hansen
2021-01-15 21:33 ` Kai Huang
2021-01-15 21:45 ` Sean Christopherson
2021-01-15 22:30 ` Kai Huang
2021-01-11 23:38 ` Jarkko Sakkinen
2021-01-12 0:56 ` Kai Huang
2021-01-12 1:50 ` Jarkko Sakkinen
2021-01-12 2:03 ` Kai Huang
2021-01-06 1:55 ` [RFC PATCH 04/23] x86/cpufeatures: Add SGX1 and SGX2 sub-features Kai Huang
2021-01-06 19:39 ` Dave Hansen
2021-01-06 22:12 ` Kai Huang
2021-01-06 22:21 ` Dave Hansen
2021-01-06 22:56 ` Kai Huang
2021-01-06 23:19 ` Sean Christopherson
2021-01-06 23:33 ` Dave Hansen
2021-01-06 23:56 ` Kai Huang
2021-01-06 23:40 ` Kai Huang
2021-01-06 23:43 ` Dave Hansen
2021-01-06 23:56 ` Kai Huang
2021-01-06 22:15 ` Borislav Petkov
2021-01-06 23:09 ` Kai Huang
2021-01-07 6:41 ` Borislav Petkov
2021-01-08 2:00 ` Kai Huang
2021-01-08 5:10 ` Dave Hansen
2021-01-08 7:03 ` Kai Huang
2021-01-08 7:17 ` Borislav Petkov
2021-01-08 8:06 ` Kai Huang
2021-01-08 8:13 ` Borislav Petkov
2021-01-08 9:00 ` Kai Huang
2021-01-08 23:55 ` Sean Christopherson
2021-01-09 0:35 ` Borislav Petkov
2021-01-09 1:01 ` Sean Christopherson
2021-01-09 1:19 ` Borislav Petkov
2021-01-11 17:54 ` Sean Christopherson
2021-01-11 19:09 ` Borislav Petkov
2021-01-11 19:20 ` Sean Christopherson
2021-01-12 2:01 ` Kai Huang
2021-01-12 12:13 ` Borislav Petkov
2021-01-12 17:15 ` Sean Christopherson
2021-01-12 17:51 ` Borislav Petkov
2021-01-12 21:07 ` Kai Huang
2021-01-12 23:17 ` Sean Christopherson
2021-01-13 1:05 ` Kai Huang
2021-01-11 23:39 ` Jarkko Sakkinen
2021-01-06 1:55 ` [RFC PATCH 05/23] x86/cpu/intel: Allow SGX virtualization without Launch Control support Kai Huang
2021-01-06 19:54 ` Dave Hansen
2021-01-06 22:34 ` Kai Huang
2021-01-06 22:38 ` Dave Hansen
2021-01-06 1:56 ` [RFC PATCH 06/23] x86/sgx: Expose SGX architectural definitions to the kernel Kai Huang
2021-01-06 1:56 ` [RFC PATCH 07/23] x86/sgx: Move ENCLS leaf definitions to sgx_arch.h Kai Huang
2021-01-06 1:56 ` [RFC PATCH 08/23] x86/sgx: Add SGX2 ENCLS leaf definitions (EAUG, EMODPR and EMODT) Kai Huang
2021-01-06 1:56 ` [RFC PATCH 09/23] x86/sgx: Add encls_faulted() helper Kai Huang
2021-01-06 1:56 ` [RFC PATCH 10/23] x86/sgx: Add helper to update SGX_LEPUBKEYHASHn MSRs Kai Huang
2021-01-06 19:56 ` Dave Hansen
2021-01-06 1:56 ` [RFC PATCH 11/23] x86/sgx: Add helpers to expose ECREATE and EINIT to KVM Kai Huang
2021-01-06 20:12 ` Dave Hansen
2021-01-06 21:04 ` Sean Christopherson
2021-01-06 21:23 ` Dave Hansen
2021-01-06 22:58 ` Kai Huang
2021-01-06 1:56 ` [RFC PATCH 12/23] x86/sgx: Move provisioning device creation out of SGX driver Kai Huang
2021-01-06 1:56 ` [RFC PATCH 13/23] KVM: VMX: Convert vcpu_vmx.exit_reason to a union Kai Huang
2021-01-06 1:56 ` [RFC PATCH 14/23] KVM: x86: Export kvm_mmu_gva_to_gpa_{read,write}() for SGX (VMX) Kai Huang
2021-01-06 1:56 ` [RFC PATCH 15/23] KVM: x86: Define new #PF SGX error code bit Kai Huang
2021-01-06 1:56 ` [RFC PATCH 16/23] KVM: x86: Add SGX feature leaf to reverse CPUID lookup Kai Huang
2021-01-06 1:56 ` [RFC PATCH 17/23] KVM: VMX: Add basic handling of VM-Exit from SGX enclave Kai Huang
2021-01-06 1:56 ` [RFC PATCH 18/23] KVM: VMX: Frame in ENCLS handler for SGX virtualization Kai Huang
2021-01-06 1:56 ` [RFC PATCH 19/23] KVM: VMX: Add SGX ENCLS[ECREATE] handler to enforce CPUID restrictions Kai Huang
2021-01-06 1:56 ` [RFC PATCH 20/23] KVM: VMX: Add emulation of SGX Launch Control LE hash MSRs Kai Huang
2021-01-06 1:56 ` [RFC PATCH 21/23] KVM: VMX: Add ENCLS[EINIT] handler to support SGX Launch Control (LC) Kai Huang
2021-01-06 1:56 ` [RFC PATCH 22/23] KVM: VMX: Enable SGX virtualization for SGX1, SGX2 and LC Kai Huang
2021-01-06 1:58 ` [RFC PATCH 23/23] KVM: x86: Add capability to grant VM access to privileged SGX attribute Kai Huang
2021-01-06 2:22 ` [RFC PATCH 00/23] KVM SGX virtualization support Kai Huang
2021-01-06 17:07 ` Dave Hansen
2021-01-07 0:34 ` Kai Huang
2021-01-07 0:48 ` Dave Hansen
2021-01-07 1:50 ` Kai Huang
2021-01-07 16:14 ` Sean Christopherson
2021-01-08 2:16 ` Kai Huang
2021-01-11 17:20 ` Jarkko Sakkinen
2021-01-11 18:37 ` Sean Christopherson [this message]
2021-01-12 1:58 ` Jarkko Sakkinen
2021-01-12 1:14 ` Kai Huang
2021-01-12 2:02 ` Jarkko Sakkinen
2021-01-12 2:07 ` Kai Huang
2021-01-15 14:43 ` Kai Huang
2021-01-16 9:31 ` Jarkko Sakkinen
2021-01-16 9:50 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=X/ya0XnsQn4xb/1L@google.com \
--to=seanjc@google.com \
--cc=b.thiel@posteo.de \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@intel.com \
--cc=haitao.huang@intel.com \
--cc=hpa@zytor.com \
--cc=jarkko@kernel.org \
--cc=jethro@fortanix.com \
--cc=joro@8bytes.org \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mattson@google.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).