Received: by 2002:a25:2c96:0:0:0:0:0 with SMTP id s144csp1412356ybs; Mon, 25 May 2020 15:41:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy1+KTBz0yg+3J6bWj8qAEGpPl6zCC9l7SPHVSi/GCoF541ozy8Kjw+Gxl95bBE88nH62lE X-Received: by 2002:a17:906:2f8d:: with SMTP id w13mr21398677eji.102.1590446508799; Mon, 25 May 2020 15:41:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590446508; cv=none; d=google.com; s=arc-20160816; b=daDJaBu8t0wajI8sDL37e6YPvVBujwQSorOUDIUPWUNVJTIuHPKdz3tWYLyRkym9ZA +w/19ebDgz4Jog3YKBT8aA9Vl25SGiWkdpRXba86hEfkpBp+dcEmlJzjbtDio+1ztONP jtLvCjPnEbI7Cj5T3+TvwrpmBES2RfoVq5agwPUMM8pgPfUNWbEVorBp7B7uCbTEgLR/ UNMVj0Jz6vu5fEPp6zSMH47GRMsHDZlPWHmA8DFf171WzW0Iba/QUogub9qU0U2++uM5 SHptnneCah1e67vP667hfbsKsP6q6/Uyqp+qr41ezuZU5+5k9b7bZdVMM3VDWMGHY598 nlyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:dkim-signature; bh=duiSm3PLJzCNi2ELPnGHe45HGFCXUZb2/4P9jGgzUZc=; b=RoQMnMnfGN8hnUpPMn+A9bqnNaxB5McHEJlWOSH6tOoeyEckgp2lLm9MGn3gEZrtuh V6yVl6bkLxy94feTNJyCRzqsQXHCoV1DK2UW38c8INylc/UTU6tkZ+0nrg7tofFo1D9s bCnZ18xMHF0MEw0gUtVuLjfa9TAkkX93R/7lfTiaU+Qv7tg9k3NUqcmmE2EFjN7K/qRj csCZ2fex6dMgPiLcboOfHSa0Fd6i9DRpzfwzE085mUJJ9P7ZPGTyQ0ppJTDPS1kW4IVY 8jMQUivnM/WJhhz18xEyaZ9sOkzq6gc5YKm6x8SI/zvlLHh4U3PpEKyCU3OLDQVuh6Y/ t4cQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=M1EXUoGo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q23si11218153edc.366.2020.05.25.15.41.25; Mon, 25 May 2020 15:41:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=M1EXUoGo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389121AbgEYWPX (ORCPT + 99 others); Mon, 25 May 2020 18:15:23 -0400 Received: from smtp-fw-6002.amazon.com ([52.95.49.90]:13641 "EHLO smtp-fw-6002.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388907AbgEYWPX (ORCPT ); Mon, 25 May 2020 18:15:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1590444921; x=1621980921; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=duiSm3PLJzCNi2ELPnGHe45HGFCXUZb2/4P9jGgzUZc=; b=M1EXUoGoWT2OfUk5wL0GhDJ4J6aMTkzo2Ew9avJbajGwEF7zibYt4gzr 7gG1USUhyGgXnfSFCwRXfyUufFQs5i1eof3mhg2mQK4DCe9iZ4U7xMzjb +MJa32bkBiBBCKj8K/+oaoX0cNjBPO20t0YzH1s5UcndU1O35mWpphNVh 8=; IronPort-SDR: 6FwFrnoS+aeNopxtWLi2rauM8O21ZwXceRaX6xh5jpR4AmKrjSxgaZZDoCEtwg2TUO90FYSC3o 8fGa6hnWsp/w== X-IronPort-AV: E=Sophos;i="5.73,435,1583193600"; d="scan'208";a="32053554" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-1e-97fdccfd.us-east-1.amazon.com) ([10.43.8.6]) by smtp-border-fw-out-6002.iad6.amazon.com with ESMTP; 25 May 2020 22:15:21 +0000 Received: from EX13MTAUEA002.ant.amazon.com (iad55-ws-svc-p15-lb9-vlan3.iad.amazon.com [10.40.159.166]) by email-inbound-relay-1e-97fdccfd.us-east-1.amazon.com (Postfix) with ESMTPS id 9E5D9A1E72; Mon, 25 May 2020 22:15:19 +0000 (UTC) Received: from EX13D16EUB003.ant.amazon.com (10.43.166.99) by EX13MTAUEA002.ant.amazon.com (10.43.61.77) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 25 May 2020 22:15:19 +0000 Received: from 38f9d34ed3b1.ant.amazon.com (10.43.160.90) by EX13D16EUB003.ant.amazon.com (10.43.166.99) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 25 May 2020 22:15:09 +0000 From: Andra Paraschiv To: CC: Anthony Liguori , Benjamin Herrenschmidt , Colm MacCarthaigh , "Bjoern Doebel" , David Woodhouse , "Frank van der Linden" , Alexander Graf , "Martin Pohlack" , Matt Wilson , Paolo Bonzini , Balbir Singh , Stefano Garzarella , Stefan Hajnoczi , Stewart Smith , Uwe Dannowski , , , Andra Paraschiv Subject: [PATCH v3 09/18] nitro_enclaves: Add logic for enclave vcpu creation Date: Tue, 26 May 2020 01:13:25 +0300 Message-ID: <20200525221334.62966-10-andraprs@amazon.com> X-Mailer: git-send-email 2.20.1 (Apple Git-117) In-Reply-To: <20200525221334.62966-1-andraprs@amazon.com> References: <20200525221334.62966-1-andraprs@amazon.com> MIME-Version: 1.0 X-Originating-IP: [10.43.160.90] X-ClientProxiedBy: EX13D14UWC002.ant.amazon.com (10.43.162.214) To EX13D16EUB003.ant.amazon.com (10.43.166.99) Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org An enclave, before being started, has its resources set. One of its resources is CPU. Add ioctl command logic for enclave vCPU creation. Return as result a file descriptor that is associated with the enclave vCPU. Signed-off-by: Alexandru Vasile Signed-off-by: Andra Paraschiv --- Changelog v2 -> v3 * Remove the WARN_ON calls. * Update static calls sanity checks. * Update kzfree() calls to kfree(). * Remove file ops that do nothing for now - open, ioctl and release. v1 -> v2 * Add log pattern for NE. * Update goto labels to match their purpose. * Remove the BUG_ON calls. * Check if enclave state is init when setting enclave vcpu. --- drivers/virt/nitro_enclaves/ne_misc_dev.c | 190 ++++++++++++++++++++++ 1 file changed, 190 insertions(+) diff --git a/drivers/virt/nitro_enclaves/ne_misc_dev.c b/drivers/virt/nitro_enclaves/ne_misc_dev.c index 8cf1c4ee1812..6db88e128d1f 100644 --- a/drivers/virt/nitro_enclaves/ne_misc_dev.c +++ b/drivers/virt/nitro_enclaves/ne_misc_dev.c @@ -49,10 +49,200 @@ struct ne_cpu_pool { static struct ne_cpu_pool ne_cpu_pool; +static const struct file_operations ne_enclave_vcpu_fops = { + .owner = THIS_MODULE, + .llseek = noop_llseek, +}; + +/** + * ne_get_cpu_from_cpu_pool - Get a CPU from the CPU pool, if it is set. + * + * This function gets called with the ne_enclave mutex held. + * + * @ne_enclave: private data associated with the current enclave. + * @vcpu_id: id of the CPU to be associated with the given slot, apic id on x86. + * + * @returns: 0 on success, negative return value on failure. + */ +static int ne_get_cpu_from_cpu_pool(struct ne_enclave *ne_enclave, u32 *vcpu_id) +{ + unsigned int cpu = 0; + unsigned int cpu_sibling = 0; + + /* There are CPU siblings available to choose from. */ + cpu = cpumask_any(ne_enclave->cpu_siblings); + if (cpu < nr_cpu_ids) { + cpumask_clear_cpu(cpu, ne_enclave->cpu_siblings); + + *vcpu_id = cpu; + + return 0; + } + + mutex_lock(&ne_cpu_pool.mutex); + + /* Choose any CPU from the available CPU pool. */ + cpu = cpumask_any(ne_cpu_pool.avail); + if (cpu >= nr_cpu_ids) { + pr_err_ratelimited(NE "No CPUs available in CPU pool\n"); + + mutex_unlock(&ne_cpu_pool.mutex); + + return -EINVAL; + } + + cpumask_clear_cpu(cpu, ne_cpu_pool.avail); + + /* + * Make sure the CPU siblings are not marked as + * available anymore. + */ + for_each_cpu(cpu_sibling, topology_sibling_cpumask(cpu)) { + if (cpu_sibling != cpu) { + cpumask_clear_cpu(cpu_sibling, ne_cpu_pool.avail); + + cpumask_set_cpu(cpu_sibling, ne_enclave->cpu_siblings); + } + } + + mutex_unlock(&ne_cpu_pool.mutex); + + *vcpu_id = cpu; + + return 0; +} + +/** + * ne_create_vcpu_ioctl - Add vCPU to the slot associated with the current + * enclave. Create vCPU file descriptor to be further used for CPU handling. + * + * This function gets called with the ne_enclave mutex held. + * + * @ne_enclave: private data associated with the current enclave. + * @vcpu_id: id of the CPU to be associated with the given slot, apic id on x86. + * + * @returns: vCPU fd on success, negative return value on failure. + */ +static int ne_create_vcpu_ioctl(struct ne_enclave *ne_enclave, u32 vcpu_id) +{ + struct ne_pci_dev_cmd_reply cmd_reply = {}; + int fd = 0; + struct file *file = NULL; + struct ne_vcpu_id *ne_vcpu_id = NULL; + int rc = -EINVAL; + struct slot_add_vcpu_req slot_add_vcpu_req = {}; + + if (ne_enclave->mm != current->mm) + return -EIO; + + ne_vcpu_id = kzalloc(sizeof(*ne_vcpu_id), GFP_KERNEL); + if (!ne_vcpu_id) + return -ENOMEM; + + fd = get_unused_fd_flags(O_CLOEXEC); + if (fd < 0) { + rc = fd; + + pr_err_ratelimited(NE "Error in getting unused fd [rc=%d]\n", + rc); + + goto free_ne_vcpu_id; + } + + /* TODO: Include (vcpu) id in the ne-vm-vcpu naming. */ + file = anon_inode_getfile("ne-vm-vcpu", &ne_enclave_vcpu_fops, + ne_enclave, O_RDWR); + if (IS_ERR(file)) { + rc = PTR_ERR(file); + + pr_err_ratelimited(NE "Error in anon inode get file [rc=%d]\n", + rc); + + goto put_fd; + } + + slot_add_vcpu_req.slot_uid = ne_enclave->slot_uid; + slot_add_vcpu_req.vcpu_id = vcpu_id; + + rc = ne_do_request(ne_enclave->pdev, SLOT_ADD_VCPU, &slot_add_vcpu_req, + sizeof(slot_add_vcpu_req), &cmd_reply, + sizeof(cmd_reply)); + if (rc < 0) { + pr_err_ratelimited(NE "Error in slot add vcpu [rc=%d]\n", rc); + + goto put_file; + } + + ne_vcpu_id->vcpu_id = vcpu_id; + + list_add(&ne_vcpu_id->vcpu_id_list_entry, &ne_enclave->vcpu_ids_list); + + ne_enclave->nr_vcpus++; + + fd_install(fd, file); + + return fd; + +put_file: + fput(file); +put_fd: + put_unused_fd(fd); +free_ne_vcpu_id: + kfree(ne_vcpu_id); + + return rc; +} + static long ne_enclave_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { + struct ne_enclave *ne_enclave = file->private_data; + + if (!ne_enclave || !ne_enclave->pdev) + return -EINVAL; + switch (cmd) { + case KVM_CREATE_VCPU: { + int rc = -EINVAL; + u32 vcpu_id = 0; + + if (copy_from_user(&vcpu_id, (void *)arg, sizeof(vcpu_id))) { + pr_err_ratelimited(NE "Error in copy from user\n"); + + return -EFAULT; + } + + mutex_lock(&ne_enclave->enclave_info_mutex); + + if (ne_enclave->state != NE_STATE_INIT) { + pr_err_ratelimited(NE "Enclave isn't in init state\n"); + + mutex_unlock(&ne_enclave->enclave_info_mutex); + + return -EINVAL; + } + + /* Use the CPU pool for choosing a CPU for the enclave. */ + rc = ne_get_cpu_from_cpu_pool(ne_enclave, &vcpu_id); + if (rc < 0) { + pr_err_ratelimited(NE "Error in get CPU from pool\n"); + + mutex_unlock(&ne_enclave->enclave_info_mutex); + + return -EINVAL; + } + + rc = ne_create_vcpu_ioctl(ne_enclave, vcpu_id); + + /* Put back the CPU in enclave cpu pool, if add vcpu error. */ + if (rc < 0) + cpumask_set_cpu(vcpu_id, ne_enclave->cpu_siblings); + + mutex_unlock(&ne_enclave->enclave_info_mutex); + + return rc; + } + default: return -ENOTTY; } -- 2.20.1 (Apple Git-117) Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.