[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 02/15] xen: vmx: detect ENCLS VMEXIT





On 7/13/2017 6:54 AM, Jan Beulich wrote:
Andrew Cooper <andrew.cooper3@xxxxxxxxxx> 07/12/17 1:12 PM >>>
On 09/07/17 10:09, Kai Huang wrote:
If ENCLS VMEXIT is not present then we cannot support SGX virtualization.
This patch detects presence of ENCLS VMEXIT. A Xen boot boolean parameter
'sgx' is also added to manually enable/disable SGX.

Signed-off-by: Kai Huang <kai.huang@xxxxxxxxxxxxxxx>

At a minimum, you also need to modify calculate_hvm_max_policy() to hide
SGX if we don't have ENCLS intercept support.

Actually IMO this is not needed, as I added an __initcall(sgx_init) (see patch 0003), where I will call setup_clear_cpu_cap(X86_FEATURE_SGX) if for any reason boot_sgx_cpuidata (which contains common SGX cpuid info shared by all cores) doesn't have valid SGX info. if ENCLS VMEXIT is not present, then detect_sgx won't be called for any core so that X86_FEATURE_SGX will be cleared in boot_cpu_data. As init_guest_cpuid is called after all __initcalls are called, so if ENCLS VMEXIT is not present, or sgx is disabled via boot parameter, then even for host_policy, it won't have SGX.

Of course if we changed the implementation of __initcall(sgx_init), we probably need to explicitly clear SGX here. Anyway clearing SGX here doesn't have any harm, so I am completely fine to do it if you think it is necessary.


Additionally I think the command line option should default to off initially
and it needs an entry in the command line option doc.

Sure. I'll change default to 0 and change the doc as well.

Thanks,
-Kai

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.