On 16/05/2017 01:56, Huang, Kai wrote: >>> >>> Have a percpu variable that stores the current SGXLEPUBKEYHASH along >>> with whatever lock is needed (probably just a mutex). Users of EINIT >>> will take the mutex, compare the percpu variable to the desired value, >>> and, if it's different, do WRMSR and update the percpu variable. >> >> This is exactly what I've been suggesting internally: trap EINIT and >> check the value and write conditionally. >> >> I think this would be the best starting point. > > OK. Assuming we are going to have this percpu variable for > IA32_SGXLEPUBKEYHASHn, I suppose KVM also will update guest's value to > this percpu variable after KVM writes guest's value to hardware MSR? And > host (SGX driver) need to do the same thing (check the value and write > conditionally), correct? The percpu variable is just an optimization. If EINIT is not performance critical, you could even do the WRMSR unconditionally; what matters is having a mutex that covers both WRMSR and EINIT. Thanks, Paolo
