[v4,0/2] x86: sgx_vepc: implement ioctl to EREMOVE all pages

Message ID	20211021201155.1523989-1-pbonzini@redhat.com (mailing list archive)
Headers	show Return-Path: <kvm-owner@kernel.org> From: Paolo Bonzini <pbonzini@redhat.com> To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: bp@suse.de, seanjc@google.com, dave.hansen@linux.intel.com, jarkko@kernel.org, yang.zhong@intel.com, x86@kernel.org Subject: [PATCH v4 0/2] x86: sgx_vepc: implement ioctl to EREMOVE all pages Date: Thu, 21 Oct 2021 16:11:53 -0400 Message-Id: <20211021201155.1523989-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	x86: sgx_vepc: implement ioctl to EREMOVE all pages \| expand [v4,0/2] x86: sgx_vepc: implement ioctl to EREMOVE all pages [v4,1/2] x86: sgx_vepc: extract sgx_vepc_remove_page [v4,2/2] x86: sgx_vepc: implement SGX_IOC_VEPC_REMOVE ioctl

Message ID

20211021201155.1523989-1-pbonzini@redhat.com (mailing list archive)

Headers

From: Paolo Bonzini <pbonzini@redhat.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: bp@suse.de, seanjc@google.com, dave.hansen@linux.intel.com,
        jarkko@kernel.org, yang.zhong@intel.com, x86@kernel.org
Subject: [PATCH v4 0/2] x86: sgx_vepc: implement ioctl to EREMOVE all pages
Date: Thu, 21 Oct 2021 16:11:53 -0400
Message-Id: <20211021201155.1523989-1-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

x86: sgx_vepc: implement ioctl to EREMOVE all pages | expand

Message

Paolo Bonzini Oct. 21, 2021, 8:11 p.m. UTC

Add to /dev/sgx_vepc a ioctl that brings vEPC pages back to uninitialized
state with EREMOVE.  This is useful in order to match the expectations
of guests after reboot, and to match the behavior of real hardware.

The ioctl is a cleaner alternative to closing and reopening the
/dev/sgx_vepc device; reopening /dev/sgx_vepc could be problematic in
case userspace has sandboxed itself since the time it first opened the
device, and has thus lost permissions to do so.

If possible, I would like these patches to be included in 5.15 through
either the x86 or the KVM tree.

Thanks,

Paolo

Changes from RFC:
- improved commit messages, added documentation
- renamed ioctl from SGX_IOC_VEPC_REMOVE to SGX_IOC_VEPC_REMOVE_ALL

Change from v1:
- fixed documentation and code to cover SGX_ENCLAVE_ACT errors
- removed Tested-by since the code is quite different now

Changes from v2:
- return EBUSY also if EREMOVE causes a general protection fault

Changes from v3:
- keep the warning if EREMOVE causes a #PF (or any other fault
  than a general protection fault)

Paolo Bonzini (2):
  x86: sgx_vepc: extract sgx_vepc_remove_page
  x86: sgx_vepc: implement SGX_IOC_VEPC_REMOVE_ALL ioctl

 Documentation/x86/sgx.rst       | 35 +++++++++++++++++++++
 arch/x86/include/uapi/asm/sgx.h |  2 ++
 arch/x86/kernel/cpu/sgx/virt.c  | 63 ++++++++++++++++++++++++++++++---
 3 files changed, 95 insertions(+), 5 deletions(-)

Comments

Yang Zhong Oct. 22, 2021, 6:25 a.m. UTC | #1

On Thu, Oct 21, 2021 at 04:11:53PM -0400, Paolo Bonzini wrote:
> Add to /dev/sgx_vepc a ioctl that brings vEPC pages back to uninitialized
> state with EREMOVE.  This is useful in order to match the expectations
> of guests after reboot, and to match the behavior of real hardware.
> 
> The ioctl is a cleaner alternative to closing and reopening the
> /dev/sgx_vepc device; reopening /dev/sgx_vepc could be problematic in
> case userspace has sandboxed itself since the time it first opened the
> device, and has thus lost permissions to do so.
> 
> If possible, I would like these patches to be included in 5.15 through
> either the x86 or the KVM tree.
>

  Paolo, i verified this version with latest SGX NUMA patches plus Qemu
  reset patch, and below all tests are passed.
  1). Windows2019 guest reboot.
  2). Single vepc and multiple vepcs to guest, and run 500 enclaves in the
      guest. reboot the guest.

  This kernel patchset can remove all pages including child and SECS pages
  with one round or two rounds removals from Qemu side.

  The Qemu NUMA v2 will be sent out today, and which will include this reset
  patch. Welcome to use this v2 to verify this reset or NUMA cases, thanks!

  Yang

 
> Thanks,
> 
> Paolo
> 
> Changes from RFC:
> - improved commit messages, added documentation
> - renamed ioctl from SGX_IOC_VEPC_REMOVE to SGX_IOC_VEPC_REMOVE_ALL
> 
> Change from v1:
> - fixed documentation and code to cover SGX_ENCLAVE_ACT errors
> - removed Tested-by since the code is quite different now
> 
> Changes from v2:
> - return EBUSY also if EREMOVE causes a general protection fault
> 
> Changes from v3:
> - keep the warning if EREMOVE causes a #PF (or any other fault
>   than a general protection fault)
> 
> Paolo Bonzini (2):
>   x86: sgx_vepc: extract sgx_vepc_remove_page
>   x86: sgx_vepc: implement SGX_IOC_VEPC_REMOVE_ALL ioctl
> 
>  Documentation/x86/sgx.rst       | 35 +++++++++++++++++++++
>  arch/x86/include/uapi/asm/sgx.h |  2 ++
>  arch/x86/kernel/cpu/sgx/virt.c  | 63 ++++++++++++++++++++++++++++++---
>  3 files changed, 95 insertions(+), 5 deletions(-)
> 
> -- 
> 2.27.0