Re: [PATCH 09/10] kvm: vmx: handle ENCLS VMEXIT

Paolo Bonzini <pbonzini@xxxxxxxxxx> · Mon, 8 May 2017 10:08:09 +0200

On 08/05/2017 07:24, Kai Huang wrote:
> This patch handles ENCLS VMEXIT. ENCLS VMEXIT doesn't need to be always turned
> on, actually it should not be turned on in most cases, as guest can run ENCLS
> perfectly in non-root mode. However there are some cases we need to trap ENCLS
> and emulate as in those cases ENCLS in guest may behavor differently with
> in native (for example, when hardware supports SGX but SGX is not exposed to
> guest, and if guest runs ENCLS deliberately, it may have different behavior to
> on native).
> 
> In case of nested SGX support, we need to turn on ENCLS VMEXIT if L1 hypervisor
> has turned on ENCLS VMEXIT, and such ENCLS VMEXIT from L2 (nested guest) will
> be handled by L1 hypervisor.
> 
> Signed-off-by: Kai Huang <kai.huang@xxxxxxxxxxxxxxx>
> ---
>  arch/x86/include/asm/vmx.h      |   2 +
>  arch/x86/include/uapi/asm/vmx.h |   4 +-
>  arch/x86/kvm/vmx.c              | 265 ++++++++++++++++++++++++++++++++++++++++

Please try to move more code to sgx.c.

Paolo

>  3 files changed, 270 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
> index f7ac249ce83d..2f24290b7f9d 100644
> --- a/arch/x86/include/asm/vmx.h
> +++ b/arch/x86/include/asm/vmx.h
> @@ -202,6 +202,8 @@ enum vmcs_field {
>  	XSS_EXIT_BITMAP_HIGH            = 0x0000202D,
>  	TSC_MULTIPLIER                  = 0x00002032,
>  	TSC_MULTIPLIER_HIGH             = 0x00002033,
> +	ENCLS_EXITING_BITMAP		= 0x0000202E,
> +	ENCLS_EXITING_BITMAP_HIGH	= 0x0000202F,
>  	GUEST_PHYSICAL_ADDRESS          = 0x00002400,
>  	GUEST_PHYSICAL_ADDRESS_HIGH     = 0x00002401,
>  	VMCS_LINK_POINTER               = 0x00002800,
> diff --git a/arch/x86/include/uapi/asm/vmx.h b/arch/x86/include/uapi/asm/vmx.h
> index 14458658e988..2bcd967d5c83 100644
> --- a/arch/x86/include/uapi/asm/vmx.h
> +++ b/arch/x86/include/uapi/asm/vmx.h
> @@ -77,6 +77,7 @@
>  #define EXIT_REASON_XSETBV              55
>  #define EXIT_REASON_APIC_WRITE          56
>  #define EXIT_REASON_INVPCID             58
> +#define EXIT_REASON_ENCLS		60
>  #define EXIT_REASON_PML_FULL            62
>  #define EXIT_REASON_XSAVES              63
>  #define EXIT_REASON_XRSTORS             64
> @@ -130,7 +131,8 @@
>  	{ EXIT_REASON_INVVPID,               "INVVPID" }, \
>  	{ EXIT_REASON_INVPCID,               "INVPCID" }, \
>  	{ EXIT_REASON_XSAVES,                "XSAVES" }, \
> -	{ EXIT_REASON_XRSTORS,               "XRSTORS" }
> +	{ EXIT_REASON_XRSTORS,               "XRSTORS" }, \
> +	{ EXIT_REASON_ENCLS,		     "ENCLS" }
>  
>  #define VMX_ABORT_SAVE_GUEST_MSR_FAIL        1
>  #define VMX_ABORT_LOAD_HOST_PDPTE_FAIL       2