Update the kernel config of the Nitro Enclaves kernel driver to enable Arm64
support. Add Arm64 specific references to its documentation.
While at it, fix a set of reports from checkpatch and kernel-doc scripts.
Thank you,
Andra
---
Patch Series Changelog
The patch series is built on top of v5.14-rc7.
GitHub repo branch for the latest version of the patch series:
* https://github.com/andraprs/linux/tree/ne-driver-arm-support-v3
v1 -> v2
* Add information about supported architectures for the NE kernel driver.
* Update comments for send / receive buffer sizes for the NE PCI device.
* Split patch 3 that includes fixes for the checkpatch and kernel-doc reports
into multiple ones.
* v1: https://lore.kernel.org/lkml/[email protected]/
v2 -> v3
* Move changelog after the "---" line in all commits from the patch series.
* v2: https://lore.kernel.org/lkml/[email protected]/
---
Andra Paraschiv (7):
nitro_enclaves: Enable Arm64 support
nitro_enclaves: Update documentation for Arm64 support
nitro_enclaves: Add fix for the kernel-doc report
nitro_enclaves: Update copyright statement to include 2021
nitro_enclaves: Add fixes for checkpatch match open parenthesis
reports
nitro_enclaves: Add fixes for checkpatch spell check reports
nitro_enclaves: Add fixes for checkpatch blank line reports
Documentation/virt/ne_overview.rst | 21 +++++++++++++--------
drivers/virt/nitro_enclaves/Kconfig | 8 ++------
drivers/virt/nitro_enclaves/ne_misc_dev.c | 17 +++++++++--------
drivers/virt/nitro_enclaves/ne_pci_dev.c | 2 +-
drivers/virt/nitro_enclaves/ne_pci_dev.h | 8 ++++++--
include/uapi/linux/nitro_enclaves.h | 10 +++++-----
samples/nitro_enclaves/ne_ioctl_sample.c | 7 +++----
7 files changed, 39 insertions(+), 34 deletions(-)
--
2.20.1 (Apple Git-117)
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
Update the codebase formatting to fix the reports from the checkpatch
script, to match the open parenthesis.
Signed-off-by: Andra Paraschiv <[email protected]>
---
Changelog
v1 -> v2
* No codebase changes, it was split from the patch 3 in the v1 of the
patch series.
v2 -> v3
* Move changelog after the "---" line.
---
drivers/virt/nitro_enclaves/ne_misc_dev.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/virt/nitro_enclaves/ne_misc_dev.c b/drivers/virt/nitro_enclaves/ne_misc_dev.c
index e21e1e86ad15f..8939612ee0e08 100644
--- a/drivers/virt/nitro_enclaves/ne_misc_dev.c
+++ b/drivers/virt/nitro_enclaves/ne_misc_dev.c
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0
/*
- * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*/
/**
@@ -284,8 +284,8 @@ static int ne_setup_cpu_pool(const char *ne_cpu_list)
ne_cpu_pool.nr_parent_vm_cores = nr_cpu_ids / ne_cpu_pool.nr_threads_per_core;
ne_cpu_pool.avail_threads_per_core = kcalloc(ne_cpu_pool.nr_parent_vm_cores,
- sizeof(*ne_cpu_pool.avail_threads_per_core),
- GFP_KERNEL);
+ sizeof(*ne_cpu_pool.avail_threads_per_core),
+ GFP_KERNEL);
if (!ne_cpu_pool.avail_threads_per_core) {
rc = -ENOMEM;
@@ -735,7 +735,7 @@ static int ne_add_vcpu_ioctl(struct ne_enclave *ne_enclave, u32 vcpu_id)
* * Negative return value on failure.
*/
static int ne_sanity_check_user_mem_region(struct ne_enclave *ne_enclave,
- struct ne_user_memory_region mem_region)
+ struct ne_user_memory_region mem_region)
{
struct ne_mem_region *ne_mem_region = NULL;
@@ -771,7 +771,7 @@ static int ne_sanity_check_user_mem_region(struct ne_enclave *ne_enclave,
u64 userspace_addr = ne_mem_region->userspace_addr;
if ((userspace_addr <= mem_region.userspace_addr &&
- mem_region.userspace_addr < (userspace_addr + memory_size)) ||
+ mem_region.userspace_addr < (userspace_addr + memory_size)) ||
(mem_region.userspace_addr <= userspace_addr &&
(mem_region.userspace_addr + mem_region.memory_size) > userspace_addr)) {
dev_err_ratelimited(ne_misc_dev.this_device,
@@ -836,7 +836,7 @@ static int ne_sanity_check_user_mem_region_page(struct ne_enclave *ne_enclave,
* * Negative return value on failure.
*/
static int ne_set_user_memory_region_ioctl(struct ne_enclave *ne_enclave,
- struct ne_user_memory_region mem_region)
+ struct ne_user_memory_region mem_region)
{
long gup_rc = 0;
unsigned long i = 0;
@@ -1014,7 +1014,7 @@ static int ne_set_user_memory_region_ioctl(struct ne_enclave *ne_enclave,
* * Negative return value on failure.
*/
static int ne_start_enclave_ioctl(struct ne_enclave *ne_enclave,
- struct ne_enclave_start_info *enclave_start_info)
+ struct ne_enclave_start_info *enclave_start_info)
{
struct ne_pci_dev_cmd_reply cmd_reply = {};
unsigned int cpu = 0;
@@ -1574,7 +1574,8 @@ static int ne_create_vm_ioctl(struct ne_pci_dev *ne_pci_dev, u64 __user *slot_ui
mutex_unlock(&ne_cpu_pool.mutex);
ne_enclave->threads_per_core = kcalloc(ne_enclave->nr_parent_vm_cores,
- sizeof(*ne_enclave->threads_per_core), GFP_KERNEL);
+ sizeof(*ne_enclave->threads_per_core),
+ GFP_KERNEL);
if (!ne_enclave->threads_per_core) {
rc = -ENOMEM;
--
2.20.1 (Apple Git-117)
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
Update the kernel config to enable the Nitro Enclaves kernel driver for
Arm64 support.
Signed-off-by: Andra Paraschiv <[email protected]>
Acked-by: Stefano Garzarella <[email protected]>
---
Changelog
v1 -> v2
* No changes.
v2 -> v3
* Move changelog after the "---" line.
---
drivers/virt/nitro_enclaves/Kconfig | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/drivers/virt/nitro_enclaves/Kconfig b/drivers/virt/nitro_enclaves/Kconfig
index 8c9387a232df8..f53740b941c0f 100644
--- a/drivers/virt/nitro_enclaves/Kconfig
+++ b/drivers/virt/nitro_enclaves/Kconfig
@@ -1,17 +1,13 @@
# SPDX-License-Identifier: GPL-2.0
#
-# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
# Amazon Nitro Enclaves (NE) support.
# Nitro is a hypervisor that has been developed by Amazon.
-# TODO: Add dependency for ARM64 once NE is supported on Arm platforms. For now,
-# the NE kernel driver can be built for aarch64 arch.
-# depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
-
config NITRO_ENCLAVES
tristate "Nitro Enclaves Support"
- depends on X86 && HOTPLUG_CPU && PCI && SMP
+ depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
help
This driver consists of support for enclave lifetime management
for Nitro Enclaves (NE).
--
2.20.1 (Apple Git-117)
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
Add references for hugepages and booting steps for Arm64.
Include info about the current supported architectures for the
NE kernel driver.
Signed-off-by: Andra Paraschiv <[email protected]>
---
Changelog
v1 -> v2
* Add information about supported architectures for the NE kernel
driver.
v2 -> v3
* Move changelog after the "---" line.
---
Documentation/virt/ne_overview.rst | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/Documentation/virt/ne_overview.rst b/Documentation/virt/ne_overview.rst
index 39b0c8fe2654a..74c2f5919c886 100644
--- a/Documentation/virt/ne_overview.rst
+++ b/Documentation/virt/ne_overview.rst
@@ -14,12 +14,15 @@ instances [1].
For example, an application that processes sensitive data and runs in a VM,
can be separated from other applications running in the same VM. This
application then runs in a separate VM than the primary VM, namely an enclave.
+It runs alongside the VM that spawned it. This setup matches low latency
+applications needs.
-An enclave runs alongside the VM that spawned it. This setup matches low latency
-applications needs. The resources that are allocated for the enclave, such as
-memory and CPUs, are carved out of the primary VM. Each enclave is mapped to a
-process running in the primary VM, that communicates with the NE driver via an
-ioctl interface.
+The current supported architectures for the NE kernel driver, available in the
+upstream Linux kernel, are x86 and ARM64.
+
+The resources that are allocated for the enclave, such as memory and CPUs, are
+carved out of the primary VM. Each enclave is mapped to a process running in the
+primary VM, that communicates with the NE kernel driver via an ioctl interface.
In this sense, there are two components:
@@ -43,8 +46,8 @@ for the enclave VM. An enclave does not have persistent storage attached.
The memory regions carved out of the primary VM and given to an enclave need to
be aligned 2 MiB / 1 GiB physically contiguous memory regions (or multiple of
this size e.g. 8 MiB). The memory can be allocated e.g. by using hugetlbfs from
-user space [2][3]. The memory size for an enclave needs to be at least 64 MiB.
-The enclave memory and CPUs need to be from the same NUMA node.
+user space [2][3][7]. The memory size for an enclave needs to be at least
+64 MiB. The enclave memory and CPUs need to be from the same NUMA node.
An enclave runs on dedicated cores. CPU 0 and its CPU siblings need to remain
available for the primary VM. A CPU pool has to be set for NE purposes by an
@@ -61,7 +64,7 @@ device is placed in memory below the typical 4 GiB.
The application that runs in the enclave needs to be packaged in an enclave
image together with the OS ( e.g. kernel, ramdisk, init ) that will run in the
enclave VM. The enclave VM has its own kernel and follows the standard Linux
-boot protocol [6].
+boot protocol [6][8].
The kernel bzImage, the kernel command line, the ramdisk(s) are part of the
Enclave Image Format (EIF); plus an EIF header including metadata such as magic
@@ -93,3 +96,5 @@ enclave process can exit.
[4] https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
[5] https://man7.org/linux/man-pages/man7/vsock.7.html
[6] https://www.kernel.org/doc/html/latest/x86/boot.html
+[7] https://www.kernel.org/doc/html/latest/arm64/hugetlbpage.html
+[8] https://www.kernel.org/doc/html/latest/arm64/booting.html
--
2.20.1 (Apple Git-117)
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
Fix the typos in the words spelling as per the checkpatch script
reports.
Signed-off-by: Andra Paraschiv <[email protected]>
---
Changelog
v1 -> v2
* No codebase changes, it was split from the patch 3 in the v1 of the
patch series.
v2 -> v3
* Move changelog after the "---" line.
---
include/uapi/linux/nitro_enclaves.h | 10 +++++-----
samples/nitro_enclaves/ne_ioctl_sample.c | 4 ++--
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/include/uapi/linux/nitro_enclaves.h b/include/uapi/linux/nitro_enclaves.h
index b945073fe544d..e808f5ba124d4 100644
--- a/include/uapi/linux/nitro_enclaves.h
+++ b/include/uapi/linux/nitro_enclaves.h
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
- * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*/
#ifndef _UAPI_LINUX_NITRO_ENCLAVES_H_
@@ -60,7 +60,7 @@
*
* Context: Process context.
* Return:
- * * 0 - Logic succesfully completed.
+ * * 0 - Logic successfully completed.
* * -1 - There was a failure in the ioctl logic.
* On failure, errno is set to:
* * EFAULT - copy_from_user() / copy_to_user() failure.
@@ -95,7 +95,7 @@
*
* Context: Process context.
* Return:
- * * 0 - Logic succesfully completed.
+ * * 0 - Logic successfully completed.
* * -1 - There was a failure in the ioctl logic.
* On failure, errno is set to:
* * EFAULT - copy_from_user() / copy_to_user() failure.
@@ -118,7 +118,7 @@
*
* Context: Process context.
* Return:
- * * 0 - Logic succesfully completed.
+ * * 0 - Logic successfully completed.
* * -1 - There was a failure in the ioctl logic.
* On failure, errno is set to:
* * EFAULT - copy_from_user() failure.
@@ -161,7 +161,7 @@
*
* Context: Process context.
* Return:
- * * 0 - Logic succesfully completed.
+ * * 0 - Logic successfully completed.
* * -1 - There was a failure in the ioctl logic.
* On failure, errno is set to:
* * EFAULT - copy_from_user() / copy_to_user() failure.
diff --git a/samples/nitro_enclaves/ne_ioctl_sample.c b/samples/nitro_enclaves/ne_ioctl_sample.c
index 480b763142b34..6a60990b2e202 100644
--- a/samples/nitro_enclaves/ne_ioctl_sample.c
+++ b/samples/nitro_enclaves/ne_ioctl_sample.c
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0
/*
- * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*/
/**
@@ -638,7 +638,7 @@ static int ne_start_enclave(int enclave_fd, struct ne_enclave_start_info *encla
}
/**
- * ne_start_enclave_check_booted() - Start the enclave and wait for a hearbeat
+ * ne_start_enclave_check_booted() - Start the enclave and wait for a heartbeat
* from it, on a newly created vsock channel,
* to check it has booted.
* @enclave_fd : The file descriptor associated with the enclave.
--
2.20.1 (Apple Git-117)
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
Fix the reported issue from the kernel-doc script, to have a comment per
identifier.
Signed-off-by: Andra Paraschiv <[email protected]>
---
Changelog
v1 -> v2
* Update comments for send / receive buffer sizes for the NE PCI device.
v2 -> v3
* Move changelog after the "---" line.
---
drivers/virt/nitro_enclaves/ne_pci_dev.h | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/virt/nitro_enclaves/ne_pci_dev.h b/drivers/virt/nitro_enclaves/ne_pci_dev.h
index 8bfbc66078185..6e9f28971a4e0 100644
--- a/drivers/virt/nitro_enclaves/ne_pci_dev.h
+++ b/drivers/virt/nitro_enclaves/ne_pci_dev.h
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: GPL-2.0 */
/*
- * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*/
#ifndef _NE_PCI_DEV_H_
@@ -84,9 +84,13 @@
*/
/**
- * NE_SEND_DATA_SIZE / NE_RECV_DATA_SIZE - 240 bytes for send / recv buffer.
+ * NE_SEND_DATA_SIZE - Size of the send buffer, in bytes.
*/
#define NE_SEND_DATA_SIZE (240)
+
+/**
+ * NE_RECV_DATA_SIZE - Size of the receive buffer, in bytes.
+ */
#define NE_RECV_DATA_SIZE (240)
/**
--
2.20.1 (Apple Git-117)
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
Update the copyright statement to include 2021, as a change has been
made over this year.
Check commit d874742f6a73 ("nitro_enclaves: Set Bus Master for the NE
PCI device") for the codebase update from this file (ne_pci_dev.c).
Signed-off-by: Andra Paraschiv <[email protected]>
---
Changelog
v1 -> v2
* No codebase changes, it was split from the patch 3 in the v1 of the
patch series.
v2 -> v3
* Move changelog after the "---" line.
---
drivers/virt/nitro_enclaves/ne_pci_dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/virt/nitro_enclaves/ne_pci_dev.c b/drivers/virt/nitro_enclaves/ne_pci_dev.c
index 143207e9b9698..40b49ec8e30b1 100644
--- a/drivers/virt/nitro_enclaves/ne_pci_dev.c
+++ b/drivers/virt/nitro_enclaves/ne_pci_dev.c
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0
/*
- * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*/
/**
--
2.20.1 (Apple Git-117)
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
Remove blank lines that are not necessary, fixing the checkpatch script
reports. While at it, add a blank line after the switch default block,
similar to the other parts of the codebase.
Signed-off-by: Andra Paraschiv <[email protected]>
---
Changelog
v1 -> v2
* No codebase changes, it was split from the patch 3 in the v1 of the
patch series.
v2 -> v3
* Move changelog after the "---" line.
---
samples/nitro_enclaves/ne_ioctl_sample.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/samples/nitro_enclaves/ne_ioctl_sample.c b/samples/nitro_enclaves/ne_ioctl_sample.c
index 6a60990b2e202..765b131c73190 100644
--- a/samples/nitro_enclaves/ne_ioctl_sample.c
+++ b/samples/nitro_enclaves/ne_ioctl_sample.c
@@ -185,7 +185,6 @@ static int ne_create_vm(int ne_dev_fd, unsigned long *slot_uid, int *enclave_fd)
return 0;
}
-
/**
* ne_poll_enclave_fd() - Thread function for polling the enclave fd.
* @data: Argument provided for the polling function.
@@ -560,8 +559,8 @@ static int ne_add_vcpu(int enclave_fd, unsigned int *vcpu_id)
default:
printf("Error in add vcpu [%m]\n");
-
}
+
return rc;
}
--
2.20.1 (Apple Git-117)
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
On Fri, Aug 27, 2021 at 06:49:30PM +0300, Andra Paraschiv wrote:
> Remove blank lines that are not necessary, fixing the checkpatch script
> reports. While at it, add a blank line after the switch default block,
> similar to the other parts of the codebase.
>
> Signed-off-by: Andra Paraschiv <[email protected]>
> ---
> Changelog
>
> v1 -> v2
>
> * No codebase changes, it was split from the patch 3 in the v1 of the
> patch series.
>
> v2 -> v3
>
> * Move changelog after the "---" line.
> ---
> samples/nitro_enclaves/ne_ioctl_sample.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/samples/nitro_enclaves/ne_ioctl_sample.c b/samples/nitro_enclaves/ne_ioctl_sample.c
> index 6a60990b2e202..765b131c73190 100644
> --- a/samples/nitro_enclaves/ne_ioctl_sample.c
> +++ b/samples/nitro_enclaves/ne_ioctl_sample.c
> @@ -185,7 +185,6 @@ static int ne_create_vm(int ne_dev_fd, unsigned long *slot_uid, int *enclave_fd)
> return 0;
> }
>
> -
> /**
> * ne_poll_enclave_fd() - Thread function for polling the enclave fd.
> * @data: Argument provided for the polling function.
> @@ -560,8 +559,8 @@ static int ne_add_vcpu(int enclave_fd, unsigned int *vcpu_id)
>
> default:
> printf("Error in add vcpu [%m]\n");
> -
> }
> +
> return rc;
> }
>
> --
> 2.20.1 (Apple Git-117)
>
Reviewed-by: George-Aurelian Popescu <[email protected]>
Nice,
George
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
On Fri, Aug 27, 2021 at 06:49:29PM +0300, Andra Paraschiv wrote:
> Fix the typos in the words spelling as per the checkpatch script
> reports.
>
> Signed-off-by: Andra Paraschiv <[email protected]>
> ---
> Changelog
>
> v1 -> v2
>
> * No codebase changes, it was split from the patch 3 in the v1 of the
> patch series.
>
> v2 -> v3
>
> * Move changelog after the "---" line.
> ---
> include/uapi/linux/nitro_enclaves.h | 10 +++++-----
> samples/nitro_enclaves/ne_ioctl_sample.c | 4 ++--
> 2 files changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/include/uapi/linux/nitro_enclaves.h b/include/uapi/linux/nitro_enclaves.h
> index b945073fe544d..e808f5ba124d4 100644
> --- a/include/uapi/linux/nitro_enclaves.h
> +++ b/include/uapi/linux/nitro_enclaves.h
> @@ -1,6 +1,6 @@
> /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
> /*
> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> */
>
> #ifndef _UAPI_LINUX_NITRO_ENCLAVES_H_
> @@ -60,7 +60,7 @@
> *
> * Context: Process context.
> * Return:
> - * * 0 - Logic succesfully completed.
> + * * 0 - Logic successfully completed.
> * * -1 - There was a failure in the ioctl logic.
> * On failure, errno is set to:
> * * EFAULT - copy_from_user() / copy_to_user() failure.
> @@ -95,7 +95,7 @@
> *
> * Context: Process context.
> * Return:
> - * * 0 - Logic succesfully completed.
> + * * 0 - Logic successfully completed.
> * * -1 - There was a failure in the ioctl logic.
> * On failure, errno is set to:
> * * EFAULT - copy_from_user() / copy_to_user() failure.
> @@ -118,7 +118,7 @@
> *
> * Context: Process context.
> * Return:
> - * * 0 - Logic succesfully completed.
> + * * 0 - Logic successfully completed.
> * * -1 - There was a failure in the ioctl logic.
> * On failure, errno is set to:
> * * EFAULT - copy_from_user() failure.
> @@ -161,7 +161,7 @@
> *
> * Context: Process context.
> * Return:
> - * * 0 - Logic succesfully completed.
> + * * 0 - Logic successfully completed.
> * * -1 - There was a failure in the ioctl logic.
> * On failure, errno is set to:
> * * EFAULT - copy_from_user() / copy_to_user() failure.
> diff --git a/samples/nitro_enclaves/ne_ioctl_sample.c b/samples/nitro_enclaves/ne_ioctl_sample.c
> index 480b763142b34..6a60990b2e202 100644
> --- a/samples/nitro_enclaves/ne_ioctl_sample.c
> +++ b/samples/nitro_enclaves/ne_ioctl_sample.c
> @@ -1,6 +1,6 @@
> // SPDX-License-Identifier: GPL-2.0
> /*
> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> */
>
> /**
> @@ -638,7 +638,7 @@ static int ne_start_enclave(int enclave_fd, struct ne_enclave_start_info *encla
> }
>
> /**
> - * ne_start_enclave_check_booted() - Start the enclave and wait for a hearbeat
> + * ne_start_enclave_check_booted() - Start the enclave and wait for a heartbeat
> * from it, on a newly created vsock channel,
> * to check it has booted.
> * @enclave_fd : The file descriptor associated with the enclave.
> --
> 2.20.1 (Apple Git-117)
>
Reviewed-by: George-Aurelian Popescu <[email protected]>
Looks ok,
George
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
On Fri, Aug 27, 2021 at 06:49:27PM +0300, Andra Paraschiv wrote:
> Update the copyright statement to include 2021, as a change has been
> made over this year.
>
> Check commit d874742f6a73 ("nitro_enclaves: Set Bus Master for the NE
> PCI device") for the codebase update from this file (ne_pci_dev.c).
>
> Signed-off-by: Andra Paraschiv <[email protected]>
> ---
> Changelog
>
> v1 -> v2
>
> * No codebase changes, it was split from the patch 3 in the v1 of the
> patch series.
>
> v2 -> v3
>
> * Move changelog after the "---" line.
> ---
> drivers/virt/nitro_enclaves/ne_pci_dev.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/virt/nitro_enclaves/ne_pci_dev.c b/drivers/virt/nitro_enclaves/ne_pci_dev.c
> index 143207e9b9698..40b49ec8e30b1 100644
> --- a/drivers/virt/nitro_enclaves/ne_pci_dev.c
> +++ b/drivers/virt/nitro_enclaves/ne_pci_dev.c
> @@ -1,6 +1,6 @@
> // SPDX-License-Identifier: GPL-2.0
> /*
> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> */
>
> /**
> --
> 2.20.1 (Apple Git-117)
>
Reviewed-by: George-Aurelian Popescu <[email protected]>
Looks ok,
George
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
On Fri, Aug 27, 2021 at 06:49:28PM +0300, Andra Paraschiv wrote:
> Update the codebase formatting to fix the reports from the checkpatch
> script, to match the open parenthesis.
>
> Signed-off-by: Andra Paraschiv <[email protected]>
> ---
> Changelog
>
> v1 -> v2
>
> * No codebase changes, it was split from the patch 3 in the v1 of the
> patch series.
>
> v2 -> v3
>
> * Move changelog after the "---" line.
> ---
> drivers/virt/nitro_enclaves/ne_misc_dev.c | 17 +++++++++--------
> 1 file changed, 9 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/virt/nitro_enclaves/ne_misc_dev.c b/drivers/virt/nitro_enclaves/ne_misc_dev.c
> index e21e1e86ad15f..8939612ee0e08 100644
> --- a/drivers/virt/nitro_enclaves/ne_misc_dev.c
> +++ b/drivers/virt/nitro_enclaves/ne_misc_dev.c
> @@ -1,6 +1,6 @@
> // SPDX-License-Identifier: GPL-2.0
> /*
> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> */
>
> /**
> @@ -284,8 +284,8 @@ static int ne_setup_cpu_pool(const char *ne_cpu_list)
> ne_cpu_pool.nr_parent_vm_cores = nr_cpu_ids / ne_cpu_pool.nr_threads_per_core;
>
> ne_cpu_pool.avail_threads_per_core = kcalloc(ne_cpu_pool.nr_parent_vm_cores,
> - sizeof(*ne_cpu_pool.avail_threads_per_core),
> - GFP_KERNEL);
> + sizeof(*ne_cpu_pool.avail_threads_per_core),
> + GFP_KERNEL);
> if (!ne_cpu_pool.avail_threads_per_core) {
> rc = -ENOMEM;
>
> @@ -735,7 +735,7 @@ static int ne_add_vcpu_ioctl(struct ne_enclave *ne_enclave, u32 vcpu_id)
> * * Negative return value on failure.
> */
> static int ne_sanity_check_user_mem_region(struct ne_enclave *ne_enclave,
> - struct ne_user_memory_region mem_region)
> + struct ne_user_memory_region mem_region)
> {
> struct ne_mem_region *ne_mem_region = NULL;
>
> @@ -771,7 +771,7 @@ static int ne_sanity_check_user_mem_region(struct ne_enclave *ne_enclave,
> u64 userspace_addr = ne_mem_region->userspace_addr;
>
> if ((userspace_addr <= mem_region.userspace_addr &&
> - mem_region.userspace_addr < (userspace_addr + memory_size)) ||
> + mem_region.userspace_addr < (userspace_addr + memory_size)) ||
> (mem_region.userspace_addr <= userspace_addr &&
> (mem_region.userspace_addr + mem_region.memory_size) > userspace_addr)) {
> dev_err_ratelimited(ne_misc_dev.this_device,
> @@ -836,7 +836,7 @@ static int ne_sanity_check_user_mem_region_page(struct ne_enclave *ne_enclave,
> * * Negative return value on failure.
> */
> static int ne_set_user_memory_region_ioctl(struct ne_enclave *ne_enclave,
> - struct ne_user_memory_region mem_region)
> + struct ne_user_memory_region mem_region)
> {
> long gup_rc = 0;
> unsigned long i = 0;
> @@ -1014,7 +1014,7 @@ static int ne_set_user_memory_region_ioctl(struct ne_enclave *ne_enclave,
> * * Negative return value on failure.
> */
> static int ne_start_enclave_ioctl(struct ne_enclave *ne_enclave,
> - struct ne_enclave_start_info *enclave_start_info)
> + struct ne_enclave_start_info *enclave_start_info)
> {
> struct ne_pci_dev_cmd_reply cmd_reply = {};
> unsigned int cpu = 0;
> @@ -1574,7 +1574,8 @@ static int ne_create_vm_ioctl(struct ne_pci_dev *ne_pci_dev, u64 __user *slot_ui
> mutex_unlock(&ne_cpu_pool.mutex);
>
> ne_enclave->threads_per_core = kcalloc(ne_enclave->nr_parent_vm_cores,
> - sizeof(*ne_enclave->threads_per_core), GFP_KERNEL);
> + sizeof(*ne_enclave->threads_per_core),
> + GFP_KERNEL);
> if (!ne_enclave->threads_per_core) {
> rc = -ENOMEM;
>
> --
> 2.20.1 (Apple Git-117)
>
Reviewed-by: George-Aurelian Popescu <[email protected]>
Looks ok,
George
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
On Fri, Aug 27, 2021 at 06:49:26PM +0300, Andra Paraschiv wrote:
> Fix the reported issue from the kernel-doc script, to have a comment per
> identifier.
>
> Signed-off-by: Andra Paraschiv <[email protected]>
> ---
> Changelog
>
> v1 -> v2
>
> * Update comments for send / receive buffer sizes for the NE PCI device.
>
> v2 -> v3
>
> * Move changelog after the "---" line.
> ---
> drivers/virt/nitro_enclaves/ne_pci_dev.h | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/virt/nitro_enclaves/ne_pci_dev.h b/drivers/virt/nitro_enclaves/ne_pci_dev.h
> index 8bfbc66078185..6e9f28971a4e0 100644
> --- a/drivers/virt/nitro_enclaves/ne_pci_dev.h
> +++ b/drivers/virt/nitro_enclaves/ne_pci_dev.h
> @@ -1,6 +1,6 @@
> /* SPDX-License-Identifier: GPL-2.0 */
> /*
> - * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> + * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> */
>
> #ifndef _NE_PCI_DEV_H_
> @@ -84,9 +84,13 @@
> */
>
> /**
> - * NE_SEND_DATA_SIZE / NE_RECV_DATA_SIZE - 240 bytes for send / recv buffer.
> + * NE_SEND_DATA_SIZE - Size of the send buffer, in bytes.
> */
> #define NE_SEND_DATA_SIZE (240)
> +
> +/**
> + * NE_RECV_DATA_SIZE - Size of the receive buffer, in bytes.
> + */
> #define NE_RECV_DATA_SIZE (240)
>
> /**
> --
> 2.20.1 (Apple Git-117)
>
Reviewed-by: George-Aurelian Popescu <[email protected]>
Looks good,
George
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
On Fri, Aug 27, 2021 at 06:49:25PM +0300, Andra Paraschiv wrote:
> Add references for hugepages and booting steps for Arm64.
>
> Include info about the current supported architectures for the
> NE kernel driver.
>
> Signed-off-by: Andra Paraschiv <[email protected]>
> ---
> Changelog
>
> v1 -> v2
>
> * Add information about supported architectures for the NE kernel
> driver.
>
> v2 -> v3
>
> * Move changelog after the "---" line.
> ---
> Documentation/virt/ne_overview.rst | 21 +++++++++++++--------
> 1 file changed, 13 insertions(+), 8 deletions(-)
>
> diff --git a/Documentation/virt/ne_overview.rst b/Documentation/virt/ne_overview.rst
> index 39b0c8fe2654a..74c2f5919c886 100644
> --- a/Documentation/virt/ne_overview.rst
> +++ b/Documentation/virt/ne_overview.rst
> @@ -14,12 +14,15 @@ instances [1].
> For example, an application that processes sensitive data and runs in a VM,
> can be separated from other applications running in the same VM. This
> application then runs in a separate VM than the primary VM, namely an enclave.
> +It runs alongside the VM that spawned it. This setup matches low latency
> +applications needs.
>
> -An enclave runs alongside the VM that spawned it. This setup matches low latency
> -applications needs. The resources that are allocated for the enclave, such as
> -memory and CPUs, are carved out of the primary VM. Each enclave is mapped to a
> -process running in the primary VM, that communicates with the NE driver via an
> -ioctl interface.
> +The current supported architectures for the NE kernel driver, available in the
> +upstream Linux kernel, are x86 and ARM64.
> +
> +The resources that are allocated for the enclave, such as memory and CPUs, are
> +carved out of the primary VM. Each enclave is mapped to a process running in the
> +primary VM, that communicates with the NE kernel driver via an ioctl interface.
>
> In this sense, there are two components:
>
> @@ -43,8 +46,8 @@ for the enclave VM. An enclave does not have persistent storage attached.
> The memory regions carved out of the primary VM and given to an enclave need to
> be aligned 2 MiB / 1 GiB physically contiguous memory regions (or multiple of
> this size e.g. 8 MiB). The memory can be allocated e.g. by using hugetlbfs from
> -user space [2][3]. The memory size for an enclave needs to be at least 64 MiB.
> -The enclave memory and CPUs need to be from the same NUMA node.
> +user space [2][3][7]. The memory size for an enclave needs to be at least
> +64 MiB. The enclave memory and CPUs need to be from the same NUMA node.
>
> An enclave runs on dedicated cores. CPU 0 and its CPU siblings need to remain
> available for the primary VM. A CPU pool has to be set for NE purposes by an
> @@ -61,7 +64,7 @@ device is placed in memory below the typical 4 GiB.
> The application that runs in the enclave needs to be packaged in an enclave
> image together with the OS ( e.g. kernel, ramdisk, init ) that will run in the
> enclave VM. The enclave VM has its own kernel and follows the standard Linux
> -boot protocol [6].
> +boot protocol [6][8].
>
> The kernel bzImage, the kernel command line, the ramdisk(s) are part of the
> Enclave Image Format (EIF); plus an EIF header including metadata such as magic
> @@ -93,3 +96,5 @@ enclave process can exit.
> [4] https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
> [5] https://man7.org/linux/man-pages/man7/vsock.7.html
> [6] https://www.kernel.org/doc/html/latest/x86/boot.html
> +[7] https://www.kernel.org/doc/html/latest/arm64/hugetlbpage.html
> +[8] https://www.kernel.org/doc/html/latest/arm64/booting.html
> --
> 2.20.1 (Apple Git-117)
>
Reviewed-by: George-Aurelian Popescu <[email protected]>
Looks good,
George
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
On Fri, Aug 27, 2021 at 06:49:24PM +0300, Andra Paraschiv wrote:
> Update the kernel config to enable the Nitro Enclaves kernel driver for
> Arm64 support.
>
> Signed-off-by: Andra Paraschiv <[email protected]>
> Acked-by: Stefano Garzarella <[email protected]>
> ---
> Changelog
>
> v1 -> v2
>
> * No changes.
>
> v2 -> v3
>
> * Move changelog after the "---" line.
> ---
> drivers/virt/nitro_enclaves/Kconfig | 8 ++------
> 1 file changed, 2 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/virt/nitro_enclaves/Kconfig b/drivers/virt/nitro_enclaves/Kconfig
> index 8c9387a232df8..f53740b941c0f 100644
> --- a/drivers/virt/nitro_enclaves/Kconfig
> +++ b/drivers/virt/nitro_enclaves/Kconfig
> @@ -1,17 +1,13 @@
> # SPDX-License-Identifier: GPL-2.0
> #
> -# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> +# Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>
> # Amazon Nitro Enclaves (NE) support.
> # Nitro is a hypervisor that has been developed by Amazon.
>
> -# TODO: Add dependency for ARM64 once NE is supported on Arm platforms. For now,
> -# the NE kernel driver can be built for aarch64 arch.
> -# depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
> -
> config NITRO_ENCLAVES
> tristate "Nitro Enclaves Support"
> - depends on X86 && HOTPLUG_CPU && PCI && SMP
> + depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
> help
> This driver consists of support for enclave lifetime management
> for Nitro Enclaves (NE).
> --
> 2.20.1 (Apple Git-117)
>
Reviewed-by: George-Aurelian Popescu <[email protected]>
Awesome,
George
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
On 30/08/2021 18:59, George-Aurelian Popescu wrote:
> On Fri, Aug 27, 2021 at 06:49:24PM +0300, Andra Paraschiv wrote:
>> Update the kernel config to enable the Nitro Enclaves kernel driver for
>> Arm64 support.
>>
>> Signed-off-by: Andra Paraschiv <[email protected]>
>> Acked-by: Stefano Garzarella <[email protected]>
>> ---
>> Changelog
>>
>> v1 -> v2
>>
>> * No changes.
>>
>> v2 -> v3
>>
>> * Move changelog after the "---" line.
>> ---
>> drivers/virt/nitro_enclaves/Kconfig | 8 ++------
>> 1 file changed, 2 insertions(+), 6 deletions(-)
>>
>> diff --git a/drivers/virt/nitro_enclaves/Kconfig b/drivers/virt/nitro_enclaves/Kconfig
>> index 8c9387a232df8..f53740b941c0f 100644
>> --- a/drivers/virt/nitro_enclaves/Kconfig
>> +++ b/drivers/virt/nitro_enclaves/Kconfig
>> @@ -1,17 +1,13 @@
>> # SPDX-License-Identifier: GPL-2.0
>> #
>> -# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>> +# Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>>
>> # Amazon Nitro Enclaves (NE) support.
>> # Nitro is a hypervisor that has been developed by Amazon.
>>
>> -# TODO: Add dependency for ARM64 once NE is supported on Arm platforms. For now,
>> -# the NE kernel driver can be built for aarch64 arch.
>> -# depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
>> -
>> config NITRO_ENCLAVES
>> tristate "Nitro Enclaves Support"
>> - depends on X86 && HOTPLUG_CPU && PCI && SMP
>> + depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
>> help
>> This driver consists of support for enclave lifetime management
>> for Nitro Enclaves (NE).
>> --
>> 2.20.1 (Apple Git-117)
>>
> Reviewed-by: George-Aurelian Popescu <[email protected]>
>
Thanks, George, for review.
Greg, let me know if other updates are needed for the patch series.
Otherwise, please include the patches in the char-misc tree and we can
target the current merge window, for v5.15. Thank you.
Andra
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
On Mon, Aug 30, 2021 at 09:30:04PM +0300, Paraschiv, Andra-Irina wrote:
>
>
> On 30/08/2021 18:59, George-Aurelian Popescu wrote:
> > On Fri, Aug 27, 2021 at 06:49:24PM +0300, Andra Paraschiv wrote:
> > > Update the kernel config to enable the Nitro Enclaves kernel driver for
> > > Arm64 support.
> > >
> > > Signed-off-by: Andra Paraschiv <[email protected]>
> > > Acked-by: Stefano Garzarella <[email protected]>
> > > ---
> > > Changelog
> > >
> > > v1 -> v2
> > >
> > > * No changes.
> > >
> > > v2 -> v3
> > >
> > > * Move changelog after the "---" line.
> > > ---
> > > drivers/virt/nitro_enclaves/Kconfig | 8 ++------
> > > 1 file changed, 2 insertions(+), 6 deletions(-)
> > >
> > > diff --git a/drivers/virt/nitro_enclaves/Kconfig b/drivers/virt/nitro_enclaves/Kconfig
> > > index 8c9387a232df8..f53740b941c0f 100644
> > > --- a/drivers/virt/nitro_enclaves/Kconfig
> > > +++ b/drivers/virt/nitro_enclaves/Kconfig
> > > @@ -1,17 +1,13 @@
> > > # SPDX-License-Identifier: GPL-2.0
> > > #
> > > -# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> > > +# Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
> > > # Amazon Nitro Enclaves (NE) support.
> > > # Nitro is a hypervisor that has been developed by Amazon.
> > > -# TODO: Add dependency for ARM64 once NE is supported on Arm platforms. For now,
> > > -# the NE kernel driver can be built for aarch64 arch.
> > > -# depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
> > > -
> > > config NITRO_ENCLAVES
> > > tristate "Nitro Enclaves Support"
> > > - depends on X86 && HOTPLUG_CPU && PCI && SMP
> > > + depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
> > > help
> > > This driver consists of support for enclave lifetime management
> > > for Nitro Enclaves (NE).
> > > --
> > > 2.20.1 (Apple Git-117)
> > >
> > Reviewed-by: George-Aurelian Popescu <[email protected]>
> >
>
> Thanks, George, for review.
>
> Greg, let me know if other updates are needed for the patch series.
> Otherwise, please include the patches in the char-misc tree and we can
> target the current merge window, for v5.15. Thank you.
It's too late for 5.15-rc1, I will queue them up after 5.15-rc1 is out,
thanks.
greg k-h
On Fri, Aug 27, 2021 at 06:49:25PM +0300, Andra Paraschiv wrote:
>Add references for hugepages and booting steps for Arm64.
>
>Include info about the current supported architectures for the
>NE kernel driver.
>
>Signed-off-by: Andra Paraschiv <[email protected]>
>---
>Changelog
>
>v1 -> v2
>
>* Add information about supported architectures for the NE kernel
>driver.
>
>v2 -> v3
>
>* Move changelog after the "---" line.
>---
> Documentation/virt/ne_overview.rst | 21 +++++++++++++--------
> 1 file changed, 13 insertions(+), 8 deletions(-)
Acked-by: Stefano Garzarella <[email protected]>
On 31/08/2021 09:43, Greg KH wrote:
> On Mon, Aug 30, 2021 at 09:30:04PM +0300, Paraschiv, Andra-Irina wrote:
>>
>> On 30/08/2021 18:59, George-Aurelian Popescu wrote:
>>> On Fri, Aug 27, 2021 at 06:49:24PM +0300, Andra Paraschiv wrote:
>>>> Update the kernel config to enable the Nitro Enclaves kernel driver for
>>>> Arm64 support.
>>>>
>>>> Signed-off-by: Andra Paraschiv <[email protected]>
>>>> Acked-by: Stefano Garzarella <[email protected]>
>>>> ---
>>>> Changelog
>>>>
>>>> v1 -> v2
>>>>
>>>> * No changes.
>>>>
>>>> v2 -> v3
>>>>
>>>> * Move changelog after the "---" line.
>>>> ---
>>>> drivers/virt/nitro_enclaves/Kconfig | 8 ++------
>>>> 1 file changed, 2 insertions(+), 6 deletions(-)
>>>>
>>>> diff --git a/drivers/virt/nitro_enclaves/Kconfig b/drivers/virt/nitro_enclaves/Kconfig
>>>> index 8c9387a232df8..f53740b941c0f 100644
>>>> --- a/drivers/virt/nitro_enclaves/Kconfig
>>>> +++ b/drivers/virt/nitro_enclaves/Kconfig
>>>> @@ -1,17 +1,13 @@
>>>> # SPDX-License-Identifier: GPL-2.0
>>>> #
>>>> -# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>>>> +# Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>>>> # Amazon Nitro Enclaves (NE) support.
>>>> # Nitro is a hypervisor that has been developed by Amazon.
>>>> -# TODO: Add dependency for ARM64 once NE is supported on Arm platforms. For now,
>>>> -# the NE kernel driver can be built for aarch64 arch.
>>>> -# depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
>>>> -
>>>> config NITRO_ENCLAVES
>>>> tristate "Nitro Enclaves Support"
>>>> - depends on X86 && HOTPLUG_CPU && PCI && SMP
>>>> + depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
>>>> help
>>>> This driver consists of support for enclave lifetime management
>>>> for Nitro Enclaves (NE).
>>>> --
>>>> 2.20.1 (Apple Git-117)
>>>>
>>> Reviewed-by: George-Aurelian Popescu <[email protected]>
>>>
>> Thanks, George, for review.
>>
>> Greg, let me know if other updates are needed for the patch series.
>> Otherwise, please include the patches in the char-misc tree and we can
>> target the current merge window, for v5.15. Thank you.
> It's too late for 5.15-rc1, I will queue them up after 5.15-rc1 is out,
> thanks.
Ack, thanks for info. Then would be the next rc, no functional codebase
changes being included. Or just let me know if other release phase would
be targeted.
Thanks,
Andra
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
On 31/08/2021 10:43, Stefano Garzarella wrote:
> On Fri, Aug 27, 2021 at 06:49:25PM +0300, Andra Paraschiv wrote:
>> Add references for hugepages and booting steps for Arm64.
>>
>> Include info about the current supported architectures for the
>> NE kernel driver.
>>
>> Signed-off-by: Andra Paraschiv <[email protected]>
>> ---
>> Changelog
>>
>> v1 -> v2
>>
>> * Add information about supported architectures for the NE kernel
>> driver.
>>
>> v2 -> v3
>>
>> * Move changelog after the "---" line.
>> ---
>> Documentation/virt/ne_overview.rst | 21 +++++++++++++--------
>> 1 file changed, 13 insertions(+), 8 deletions(-)
>
> Acked-by: Stefano Garzarella <[email protected]>
>
Thank you, Stefano.
Andra
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
On 31/08/2021 10:51, Paraschiv, Andra-Irina wrote:
>
>
> On 31/08/2021 09:43, Greg KH wrote:
>> On Mon, Aug 30, 2021 at 09:30:04PM +0300, Paraschiv, Andra-Irina wrote:
>>>
>>> On 30/08/2021 18:59, George-Aurelian Popescu wrote:
>>>> On Fri, Aug 27, 2021 at 06:49:24PM +0300, Andra Paraschiv wrote:
>>>>> Update the kernel config to enable the Nitro Enclaves kernel driver
>>>>> for
>>>>> Arm64 support.
>>>>>
>>>>> Signed-off-by: Andra Paraschiv <[email protected]>
>>>>> Acked-by: Stefano Garzarella <[email protected]>
>>>>> ---
>>>>> Changelog
>>>>>
>>>>> v1 -> v2
>>>>>
>>>>> * No changes.
>>>>>
>>>>> v2 -> v3
>>>>>
>>>>> * Move changelog after the "---" line.
>>>>> ---
>>>>> drivers/virt/nitro_enclaves/Kconfig | 8 ++------
>>>>> 1 file changed, 2 insertions(+), 6 deletions(-)
>>>>>
>>>>> diff --git a/drivers/virt/nitro_enclaves/Kconfig
>>>>> b/drivers/virt/nitro_enclaves/Kconfig
>>>>> index 8c9387a232df8..f53740b941c0f 100644
>>>>> --- a/drivers/virt/nitro_enclaves/Kconfig
>>>>> +++ b/drivers/virt/nitro_enclaves/Kconfig
>>>>> @@ -1,17 +1,13 @@
>>>>> # SPDX-License-Identifier: GPL-2.0
>>>>> #
>>>>> -# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights
>>>>> Reserved.
>>>>> +# Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All
>>>>> Rights Reserved.
>>>>> # Amazon Nitro Enclaves (NE) support.
>>>>> # Nitro is a hypervisor that has been developed by Amazon.
>>>>> -# TODO: Add dependency for ARM64 once NE is supported on Arm
>>>>> platforms. For now,
>>>>> -# the NE kernel driver can be built for aarch64 arch.
>>>>> -# depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
>>>>> -
>>>>> config NITRO_ENCLAVES
>>>>> tristate "Nitro Enclaves Support"
>>>>> - depends on X86 && HOTPLUG_CPU && PCI && SMP
>>>>> + depends on (ARM64 || X86) && HOTPLUG_CPU && PCI && SMP
>>>>> help
>>>>> This driver consists of support for enclave lifetime
>>>>> management
>>>>> for Nitro Enclaves (NE).
>>>>> --
>>>>> 2.20.1 (Apple Git-117)
>>>>>
>>>> Reviewed-by: George-Aurelian Popescu <[email protected]>
>>>>
>>> Thanks, George, for review.
>>>
>>> Greg, let me know if other updates are needed for the patch series.
>>> Otherwise, please include the patches in the char-misc tree and we can
>>> target the current merge window, for v5.15. Thank you.
>> It's too late for 5.15-rc1, I will queue them up after 5.15-rc1 is out,
>> thanks.
>
> Ack, thanks for info. Then would be the next rc, no functional codebase
> changes being included. Or just let me know if other release phase would
> be targeted.
I see the patch series has been merged into the mainline. Thanks, Greg.
Andra
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.