Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1346013imu; Wed, 9 Jan 2019 16:43:31 -0800 (PST) X-Google-Smtp-Source: ALg8bN4VedbVSAX8pYqPYuvhzGbgvjcJlw21w/vNxVNBdkH8ktoWZoGKm9glv4Jn9k6fYDpTaIk6 X-Received: by 2002:a63:2263:: with SMTP id t35mr7401607pgm.69.1547081010819; Wed, 09 Jan 2019 16:43:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547081010; cv=none; d=google.com; s=arc-20160816; b=gfwtuLyjmOilp2v9F4r8dp3yVvkfo6D7HCCFcVpMoKfy9nDaJMeOTatYfd9MqbLaa3 SueShUP4IclEs575HSZinM6Uro5zCSD8va9m3kCUvr60366Aco5g1WtFH+02ElGT7ou7 1120UovWFuUBSePGKYEk2jfjYfhTNc9BrtgCj3RFkkNJXpVT7NO1OpXlkKsfxQqbuDJS qr0zEi3TP1p7j7sliYLYMMm1581xHdNaF8BCv9LQiRZO8AbRbppE+EktcNu8mFxkkyQ9 DkchMUsHDo9cUdn7Hor/vTwkSSO7wT+W6Hl/NQQt6L+Us7E80iL4mn8LXojAUkpefUhY tNCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=rgSzlpXljyVaFjF3DuqArnP1lPyzuxfHgiG+lX/uzXk=; b=qj+BrwHbkSYgeEj3Ue5dafX9thH68XTeFjBCk9hE2wTCHy4P2Y5l3NTUm9q513dbba uNstgiAEwoh4o5k1YljK/HAZ6rQF1UOyYHHTvyEpQeNHwbvtKsg/dSCMG50V+GCIFG4i Ex1PeH+VD06Gi7h0gpaA3VURdxvSDDoX8FTqA11jwqO6JhUK6wNFYTJkDuBABGKC2NJG vRBMJcXjME+wOHDIPSz9FiXKXD5z9y+YTzVpECXNwZYp483UGA9wSZZzZudS1YkvvW/s rIAjnXnAZjro3EANWM+My2IbYTHXEFLIWefn3J+y8NKeE3JuvNf2Yo01paMy4EUrsq21 +qDw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t12si8501061plq.190.2019.01.09.16.43.15; Wed, 09 Jan 2019 16:43:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726822AbfAJAkm (ORCPT + 99 others); Wed, 9 Jan 2019 19:40:42 -0500 Received: from mga07.intel.com ([134.134.136.100]:41474 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726615AbfAJAkm (ORCPT ); Wed, 9 Jan 2019 19:40:42 -0500 X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Jan 2019 16:40:41 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,459,1539673200"; d="scan'208";a="309104230" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.154]) by fmsmga006.fm.intel.com with ESMTP; 09 Jan 2019 16:40:40 -0800 Date: Wed, 9 Jan 2019 16:40:40 -0800 From: Sean Christopherson To: "Huang, Kai" Cc: Andy Lutomirski , Jethro Beekman , Jarkko Sakkinen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "x86@kernel.org" , Dave Hansen , Peter Zijlstra , "H. Peter Anvin" , "linux-kernel@vger.kernel.org" , "linux-sgx@vger.kernel.org" , Josh Triplett , Haitao Huang , "Dr . Greg Wettstein" Subject: Re: x86/sgx: uapi change proposal Message-ID: <20190110004040.GD1697@linux.intel.com> References: <20181219091148.GA5121@linux.intel.com> <613c6814-4e71-38e5-444a-545f0e286df8@fortanix.com> <20181219144515.GA30909@linux.intel.com> <20181221162825.GB26865@linux.intel.com> <105F7BF4D0229846AF094488D65A0989355A45B6@PGSMSX112.gar.corp.intel.com> <20190108220946.GA30462@linux.intel.com> <105F7BF4D0229846AF094488D65A0989355A58F1@PGSMSX112.gar.corp.intel.com> <20190109171625.GB1821@linux.intel.com> <105F7BF4D0229846AF094488D65A0989355A994F@PGSMSX112.gar.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <105F7BF4D0229846AF094488D65A0989355A994F@PGSMSX112.gar.corp.intel.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 09, 2019 at 04:21:19PM -0800, Huang, Kai wrote: > > > > That's possible, but it has several downsides. > > > > > > > > - Duplicates a lot of code in KVM for managing memory regions. > > > > > > I don't see why there will be duplicated code. you can simply call > > > __x86_set_memory_region to create private slot. It is KVM x86 > > > equivalent to KVM_SET_USER_MEMORY_REGION from userspace. The only > > > difference is Qemu is not aware of the private slot. > > > > What about when we allow removing an EPC region? At that point you'd be > > fully duplicating KVM_SET_USER_MEMORY_REGION. And that's not a purely > > theoretical idea, it's something I'd like to support in the future, e.g. > > via the WIP virtio-mem interface. > > OK. Isn't virtio-balloon good enough for us? > > Removing EPC is not consistent with hardware behaviour, but if you really > want to support then should also be fine since we are not strictly > following HW spec anyway. Even if virtio-balloon is sufficient from a performance perspective, the virtio-mem approach can provide unique capabilities, e.g. hotplugging EPC into a VM or "I'm done with SGX, have all of my EPC back". > > > > https://events.linuxfoundation.org/wp-content/uploads/2017/12/virtio- > > mem-Paravirtualized-Memory-David-Hildenbrand-Red-Hat-1.pdf > > > > > No. EPC info is from Qemu at the beginning (size is given by > > > parameter, base is calculated by Qemu), and actually it is Qemu > > > notifies KVM EPC info, so I don't think we require additional ioctls or > > capabilities here. > > > > How does Qemu know KVM supports virtual EPC? Probing /dev/sgx doesn't > > convey any information about KVM support. Maybe you could report it via > > KVM_GET_SUPPORTED_CPUID, but that would be problematic for Qemu > > since it would have to create vCPUs before initializing the machine. > > KVM_GET_SUPPORTED_CPUID is the one. I don't think KVM_GET_SUPPORTED_CPUID > require creating vcpu prior, since it is global thing that platform supports. No? It's not a KVM requirement, but rather Qemu's code flow. It sets up the "machine" and then creates the vCPUs. The CPUID info is a CPU capability and so isn't necessarily available when the "machine" is being created. > > > > The other aspect of private memslots is that they are not exposed to L2, > > because again, from the guest's perspective, they do not exist. We can > > obviously hackaround that restriction, but it's yet another hint that shoving > > EPC into a private memslot is the wrong approach. > > But guest is aware of SGX and EPC so I don't see why it cannot be exposed > to L2 even with private slot. It's not that it can't be done, but rather we'd have to explicitly tell KVM "this private slot isn't really private, expose it to L2". See commit 3a2936dedd20 ("kvm: mmu: Don't expose private memslots to L2").