Re: [PATCH 09/10] kvm: vmx: handle ENCLS VMEXIT

["Huang, Kai" <kai.huang@xxxxxxxxxxxxxxx>]

On 5/8/2017 8:08 PM, Paolo Bonzini wrote:
> On 08/05/2017 07:24, Kai Huang wrote:
> > This patch handles ENCLS VMEXIT. ENCLS VMEXIT doesn't need to be always turned
> > on, actually it should not be turned on in most cases, as guest can run ENCLS
> > perfectly in non-root mode. However there are some cases we need to trap ENCLS
> > and emulate as in those cases ENCLS in guest may behavor differently with
> > in native (for example, when hardware supports SGX but SGX is not exposed to
> > guest, and if guest runs ENCLS deliberately, it may have different behavior to
> > on native).
> >
> > In case of nested SGX support, we need to turn on ENCLS VMEXIT if L1 hypervisor
> > has turned on ENCLS VMEXIT, and such ENCLS VMEXIT from L2 (nested guest) will
> > be handled by L1 hypervisor.
> >
> > Signed-off-by: Kai Huang <kai.huang@xxxxxxxxxxxxxxx>
> > ---
> >  arch/x86/include/asm/vmx.h      |   2 +
> >  arch/x86/include/uapi/asm/vmx.h |   4 +-
> >  arch/x86/kvm/vmx.c              | 265 ++++++++++++++++++++++++++++++++++++++++
>
> Please try to move more code to sgx.c.

Hi Paolo,

Thanks for comments. Will try to do this in next version.

Thanks,
-Kai
> Paolo
>
> >  3 files changed, 270 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
> > index f7ac249ce83d..2f24290b7f9d 100644
> > --- a/arch/x86/include/asm/vmx.h
> > +++ b/arch/x86/include/asm/vmx.h
> > @@ -202,6 +202,8 @@ enum vmcs_field {
> >  	XSS_EXIT_BITMAP_HIGH            = 0x0000202D,
> >  	TSC_MULTIPLIER                  = 0x00002032,
> >  	TSC_MULTIPLIER_HIGH             = 0x00002033,
> > +	ENCLS_EXITING_BITMAP		= 0x0000202E,
> > +	ENCLS_EXITING_BITMAP_HIGH	= 0x0000202F,
> >  	GUEST_PHYSICAL_ADDRESS          = 0x00002400,
> >  	GUEST_PHYSICAL_ADDRESS_HIGH     = 0x00002401,
> >  	VMCS_LINK_POINTER               = 0x00002800,
> > diff --git a/arch/x86/include/uapi/asm/vmx.h b/arch/x86/include/uapi/asm/vmx.h
> > index 14458658e988..2bcd967d5c83 100644
> > --- a/arch/x86/include/uapi/asm/vmx.h
> > +++ b/arch/x86/include/uapi/asm/vmx.h
> > @@ -77,6 +77,7 @@
> >  #define EXIT_REASON_XSETBV              55
> >  #define EXIT_REASON_APIC_WRITE          56
> >  #define EXIT_REASON_INVPCID             58
> > +#define EXIT_REASON_ENCLS		60
> >  #define EXIT_REASON_PML_FULL            62
> >  #define EXIT_REASON_XSAVES              63
> >  #define EXIT_REASON_XRSTORS             64
> > @@ -130,7 +131,8 @@
> >  	{ EXIT_REASON_INVVPID,               "INVVPID" }, \
> >  	{ EXIT_REASON_INVPCID,               "INVPCID" }, \
> >  	{ EXIT_REASON_XSAVES,                "XSAVES" }, \
> > -	{ EXIT_REASON_XRSTORS,               "XRSTORS" }
> > +	{ EXIT_REASON_XRSTORS,               "XRSTORS" }, \
> > +	{ EXIT_REASON_ENCLS,		     "ENCLS" }
> >
> >  #define VMX_ABORT_SAVE_GUEST_MSR_FAIL        1
> >  #define VMX_ABORT_LOAD_HOST_PDPTE_FAIL       2