Message ID | cover.1618196135.git.kai.huang@intel.com (mailing list archive) |
---|---|
Headers | show |
Series | KVM SGX virtualization support (KVM part) | expand |
On 12/04/21 06:21, Kai Huang wrote: > Hi Paolo, Sean, > > Boris has merged x86 part patches to the tip/x86/sgx. This series is KVM part > patches. Due to some code change in x86 part patches, two KVM patches need > update so this is the new version. Please help to review. Thanks! > > Specifically, x86 patch (x86/sgx: Add helpers to expose ECREATE and EINIT to > KVM) was changed to return -EINVAL directly w/o setting trapnr when > access_ok()s fail on any user pointers, so KVM patches: > > KVM: VMX: Add SGX ENCLS[ECREATE] handler to enforce CPUID restrictions > KVM: VMX: Add ENCLS[EINIT] handler to support SGX Launch Control (LC) > > were updated to handle this case. > > This seris was firstly based on tip/x86/sgx, and then rebased to latest > kvm/queue, so it can be applied to kvm/queue directly now. Boris, can you confirm that tip/x86/sgx has stable commit hashes? Thanks, Paolo > Changelog: > > (Please see individual patch for changelog for specific patch) > > v4->v5: > - Addressed Sean's comments (patch 06, 07, 09 were slightly updated). > - Rebased to latest kvm/queue (patch 08, 11 were updated to resolve conflict). > > Sean Christopherson (11): > KVM: x86: Export kvm_mmu_gva_to_gpa_{read,write}() for SGX (VMX) > KVM: x86: Define new #PF SGX error code bit > KVM: x86: Add support for reverse CPUID lookup of scattered features > KVM: x86: Add reverse-CPUID lookup support for scattered SGX features > KVM: VMX: Add basic handling of VM-Exit from SGX enclave > KVM: VMX: Frame in ENCLS handler for SGX virtualization > KVM: VMX: Add SGX ENCLS[ECREATE] handler to enforce CPUID restrictions > KVM: VMX: Add emulation of SGX Launch Control LE hash MSRs > KVM: VMX: Add ENCLS[EINIT] handler to support SGX Launch Control (LC) > KVM: VMX: Enable SGX virtualization for SGX1, SGX2 and LC > KVM: x86: Add capability to grant VM access to privileged SGX > attribute > > Documentation/virt/kvm/api.rst | 23 ++ > arch/x86/include/asm/kvm_host.h | 5 + > arch/x86/include/asm/vmx.h | 1 + > arch/x86/include/uapi/asm/vmx.h | 1 + > arch/x86/kvm/Makefile | 2 + > arch/x86/kvm/cpuid.c | 89 +++++- > arch/x86/kvm/cpuid.h | 50 +++- > arch/x86/kvm/vmx/nested.c | 28 +- > arch/x86/kvm/vmx/nested.h | 5 + > arch/x86/kvm/vmx/sgx.c | 502 ++++++++++++++++++++++++++++++++ > arch/x86/kvm/vmx/sgx.h | 34 +++ > arch/x86/kvm/vmx/vmcs12.c | 1 + > arch/x86/kvm/vmx/vmcs12.h | 4 +- > arch/x86/kvm/vmx/vmx.c | 109 ++++++- > arch/x86/kvm/vmx/vmx.h | 3 + > arch/x86/kvm/x86.c | 23 ++ > include/uapi/linux/kvm.h | 1 + > 17 files changed, 858 insertions(+), 23 deletions(-) > create mode 100644 arch/x86/kvm/vmx/sgx.c > create mode 100644 arch/x86/kvm/vmx/sgx.h >
On Tue, Apr 13, 2021 at 04:51:50PM +0200, Paolo Bonzini wrote:
> Boris, can you confirm that tip/x86/sgx has stable commit hashes?
Yap, you can go ahead and merge it.
Thx.
On Tue, 2021-04-13 at 17:01 +0200, Borislav Petkov wrote: > On Tue, Apr 13, 2021 at 04:51:50PM +0200, Paolo Bonzini wrote: > > Boris, can you confirm that tip/x86/sgx has stable commit hashes? > > Yap, you can go ahead and merge it. > > Thx. > Thank you Boris, Paolo!
On 12/04/21 06:21, Kai Huang wrote: > Hi Paolo, Sean, > > Boris has merged x86 part patches to the tip/x86/sgx. This series is KVM part > patches. Due to some code change in x86 part patches, two KVM patches need > update so this is the new version. Please help to review. Thanks! > > Specifically, x86 patch (x86/sgx: Add helpers to expose ECREATE and EINIT to > KVM) was changed to return -EINVAL directly w/o setting trapnr when > access_ok()s fail on any user pointers, so KVM patches: > > KVM: VMX: Add SGX ENCLS[ECREATE] handler to enforce CPUID restrictions > KVM: VMX: Add ENCLS[EINIT] handler to support SGX Launch Control (LC) > > were updated to handle this case. > > This seris was firstly based on tip/x86/sgx, and then rebased to latest > kvm/queue, so it can be applied to kvm/queue directly now. > > Changelog: > > (Please see individual patch for changelog for specific patch) > > v4->v5: > - Addressed Sean's comments (patch 06, 07, 09 were slightly updated). > - Rebased to latest kvm/queue (patch 08, 11 were updated to resolve conflict). > > Sean Christopherson (11): > KVM: x86: Export kvm_mmu_gva_to_gpa_{read,write}() for SGX (VMX) > KVM: x86: Define new #PF SGX error code bit > KVM: x86: Add support for reverse CPUID lookup of scattered features > KVM: x86: Add reverse-CPUID lookup support for scattered SGX features > KVM: VMX: Add basic handling of VM-Exit from SGX enclave > KVM: VMX: Frame in ENCLS handler for SGX virtualization > KVM: VMX: Add SGX ENCLS[ECREATE] handler to enforce CPUID restrictions > KVM: VMX: Add emulation of SGX Launch Control LE hash MSRs > KVM: VMX: Add ENCLS[EINIT] handler to support SGX Launch Control (LC) > KVM: VMX: Enable SGX virtualization for SGX1, SGX2 and LC > KVM: x86: Add capability to grant VM access to privileged SGX > attribute > > Documentation/virt/kvm/api.rst | 23 ++ > arch/x86/include/asm/kvm_host.h | 5 + > arch/x86/include/asm/vmx.h | 1 + > arch/x86/include/uapi/asm/vmx.h | 1 + > arch/x86/kvm/Makefile | 2 + > arch/x86/kvm/cpuid.c | 89 +++++- > arch/x86/kvm/cpuid.h | 50 +++- > arch/x86/kvm/vmx/nested.c | 28 +- > arch/x86/kvm/vmx/nested.h | 5 + > arch/x86/kvm/vmx/sgx.c | 502 ++++++++++++++++++++++++++++++++ > arch/x86/kvm/vmx/sgx.h | 34 +++ > arch/x86/kvm/vmx/vmcs12.c | 1 + > arch/x86/kvm/vmx/vmcs12.h | 4 +- > arch/x86/kvm/vmx/vmx.c | 109 ++++++- > arch/x86/kvm/vmx/vmx.h | 3 + > arch/x86/kvm/x86.c | 23 ++ > include/uapi/linux/kvm.h | 1 + > 17 files changed, 858 insertions(+), 23 deletions(-) > create mode 100644 arch/x86/kvm/vmx/sgx.c > create mode 100644 arch/x86/kvm/vmx/sgx.h > Queued, thanks. Paolo