Message ID | cover.1615250634.git.kai.huang@intel.com (mailing list archive) |
---|---|
Headers | show |
Series | KVM SGX virtualization support | expand |
On Tue, Mar 09, 2021 at 02:38:49PM +1300, Kai Huang wrote: > This series adds KVM SGX virtualization support. The first 14 patches starting > with x86/sgx or x86/cpu.. are necessary changes to x86 and SGX core/driver to > support KVM SGX virtualization, while the rest are patches to KVM subsystem. Ok, I guess I'll queue 1-14 once Sean doesn't find anything objectionable then give Paolo an immutable commit to base the KVM stuff ontop. Unless folks have better suggestions, ofc. Thx.
On Tue, 2021-03-09 at 10:30 +0100, Borislav Petkov wrote: > On Tue, Mar 09, 2021 at 02:38:49PM +1300, Kai Huang wrote: > > This series adds KVM SGX virtualization support. The first 14 patches starting > > with x86/sgx or x86/cpu.. are necessary changes to x86 and SGX core/driver to > > support KVM SGX virtualization, while the rest are patches to KVM subsystem. > > Ok, I guess I'll queue 1-14 once Sean doesn't find anything > objectionable then give Paolo an immutable commit to base the KVM stuff > ontop. > > Unless folks have better suggestions, ofc. > > Thx. > Thanks Boris! Hi Sean, Paolo, Could you take a look? Thanks.
On 09/03/21 10:30, Borislav Petkov wrote: > On Tue, Mar 09, 2021 at 02:38:49PM +1300, Kai Huang wrote: >> This series adds KVM SGX virtualization support. The first 14 patches starting >> with x86/sgx or x86/cpu.. are necessary changes to x86 and SGX core/driver to >> support KVM SGX virtualization, while the rest are patches to KVM subsystem. > > Ok, I guess I'll queue 1-14 once Sean doesn't find anything > objectionable then give Paolo an immutable commit to base the KVM stuff > ontop. Sounds great. Paolo
On Tue, 2021-03-09 at 10:30 +0100, Borislav Petkov wrote: > On Tue, Mar 09, 2021 at 02:38:49PM +1300, Kai Huang wrote: > > This series adds KVM SGX virtualization support. The first 14 patches starting > > with x86/sgx or x86/cpu.. are necessary changes to x86 and SGX core/driver to > > support KVM SGX virtualization, while the rest are patches to KVM subsystem. > > Ok, I guess I'll queue 1-14 once Sean doesn't find anything > objectionable then give Paolo an immutable commit to base the KVM stuff > ontop. > > Unless folks have better suggestions, ofc. > > Thx. > Hi Boris, Sorry that we found a bug in below patch in series: [PATCH v2 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page() that I made a mistake when copying & pasting, which results in SECS page and va_page not being freed correctly in sgx_encl_release(). Sorry for the mistake. I will send out another version with that fixed.
On Wed, Mar 10, 2021 at 10:27:05PM +1300, Kai Huang wrote:
> Sorry for the mistake. I will send out another version with that fixed.
If patch 3 is the only one which needs to change, you can send only that
one as a reply to the original patch 3 message...
Thx.
On Tue, Mar 09, 2021 at 10:30:37AM +0100, Borislav Petkov wrote: > On Tue, Mar 09, 2021 at 02:38:49PM +1300, Kai Huang wrote: > > This series adds KVM SGX virtualization support. The first 14 patches starting > > with x86/sgx or x86/cpu.. are necessary changes to x86 and SGX core/driver to > > support KVM SGX virtualization, while the rest are patches to KVM subsystem. > > Ok, I guess I'll queue 1-14 once Sean doesn't find anything > objectionable then give Paolo an immutable commit to base the KVM stuff > ontop. > > Unless folks have better suggestions, ofc. I'm otherwise cool with that, except patch #2. It's based on this series: https://lore.kernel.org/linux-sgx/20210113233541.17669-1-jarkko@kernel.org/ It's not reasonable to create driver specific wrapper for sgx_free_epc_page() because there is exactly *2* call sites of the function in the driver. The driver contains 10 call sites (11 after my NUMA patches have been applied) of sgx_free_epc_page() in total. Instead, it is better to add explicit EREMOVE to those call sites. The wrapper only trashes the codebase. I'm not happy with it, given all the trouble to make it clean and sound. > Thx. > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette /Jarkko
On Wed, 2021-03-10 at 20:01 +0200, Jarkko Sakkinen wrote: > On Tue, Mar 09, 2021 at 10:30:37AM +0100, Borislav Petkov wrote: > > On Tue, Mar 09, 2021 at 02:38:49PM +1300, Kai Huang wrote: > > > This series adds KVM SGX virtualization support. The first 14 patches starting > > > with x86/sgx or x86/cpu.. are necessary changes to x86 and SGX core/driver to > > > support KVM SGX virtualization, while the rest are patches to KVM subsystem. > > > > Ok, I guess I'll queue 1-14 once Sean doesn't find anything > > objectionable then give Paolo an immutable commit to base the KVM stuff > > ontop. > > > > Unless folks have better suggestions, ofc. > > I'm otherwise cool with that, except patch #2. > > It's based on this series: > > https://lore.kernel.org/linux-sgx/20210113233541.17669-1-jarkko@kernel.org/ > > It's not reasonable to create driver specific wrapper for > sgx_free_epc_page() because there is exactly *2* call sites of the function > in the driver. The driver contains 10 call sites (11 after my NUMA patches > have been applied) of sgx_free_epc_page() in total. > > Instead, it is better to add explicit EREMOVE to those call sites. > > The wrapper only trashes the codebase. I'm not happy with it, given all the > trouble to make it clean and sound. However, your change has side effort: it always put page back into free pool, even EREMOVE fails. To make your change w/o having any functional change, it has to be: if(!sgx_reset_epc_page()) sgx_free_epc_page(); And for this, Dave raised one concern we should add a WARN() to let user know EPC page is leaked, and reboot is requied to get them back. However with sgx_reset_epc_page(), there's no place to add such WARN(), and implementing original sgx_free_epc_page() as sgx_encl_free_epc_page() looks very reasonable to me: https://www.spinics.net/lists/linux-sgx/msg04631.html Hi Dave, What is your comment here? > > > Thx. > > > > -- > > Regards/Gruss, > > Boris. > > > > https://people.kernel.org/tglx/notes-about-netiquette > > > /Jarkko
On Wed, 10 Mar 2021 14:29:48 +0100 Borislav Petkov wrote: > On Wed, Mar 10, 2021 at 10:27:05PM +1300, Kai Huang wrote: > > Sorry for the mistake. I will send out another version with that fixed. > > If patch 3 is the only one which needs to change, you can send only that > one as a reply to the original patch 3 message... > > Thx. Hi Boris, Yes it is the only patch needs change. I have send out updated v3 patch 3. I provided some changelog history to explain and also added Jarkko's Acked-by in the new patch. Sorry for the trouble. Hi Sean, If you see this, could you take another check on whether this series is OK? Thanks in advance.
On Tue, Mar 09, 2021, Paolo Bonzini wrote: > On 09/03/21 10:30, Borislav Petkov wrote: > > On Tue, Mar 09, 2021 at 02:38:49PM +1300, Kai Huang wrote: > > > This series adds KVM SGX virtualization support. The first 14 patches starting > > > with x86/sgx or x86/cpu.. are necessary changes to x86 and SGX core/driver to > > > support KVM SGX virtualization, while the rest are patches to KVM subsystem. > > > > Ok, I guess I'll queue 1-14 once Sean doesn't find anything > > objectionable then give Paolo an immutable commit to base the KVM stuff > > ontop. > > Sounds great. Patches 1-14 look good, just a few minor nits, nothing functional. I'll look at the KVM patches next week. Thanks for picking this up Kai!
On Fri, 2021-03-12 at 14:04 -0800, Sean Christopherson wrote: > On Tue, Mar 09, 2021, Paolo Bonzini wrote: > > On 09/03/21 10:30, Borislav Petkov wrote: > > > On Tue, Mar 09, 2021 at 02:38:49PM +1300, Kai Huang wrote: > > > > This series adds KVM SGX virtualization support. The first 14 patches starting > > > > with x86/sgx or x86/cpu.. are necessary changes to x86 and SGX core/driver to > > > > support KVM SGX virtualization, while the rest are patches to KVM subsystem. > > > > > > Ok, I guess I'll queue 1-14 once Sean doesn't find anything > > > objectionable then give Paolo an immutable commit to base the KVM stuff > > > ontop. > > > > Sounds great. > > Patches 1-14 look good, just a few minor nits, nothing functional. I'll look at > the KVM patches next week. > > Thanks for picking this up Kai! Thank you Sean! I'll address your comments in next version.