On Tue, May 16, 2017 at 11:56:38AM +1200, Huang, Kai wrote: > > > On 5/16/2017 12:46 AM, Jarkko Sakkinen wrote: > > On Thu, May 11, 2017 at 08:28:37PM -0700, Andy Lutomirski wrote: > > > [resending due to some kind of kernel.org glitch -- sorry if anyone > > > gets duplicates] > > > > > > On Thu, May 11, 2017 at 5:32 PM, Huang, Kai <kai.huang@xxxxxxxxxxxxxxx> wrote: > > > > My current patch is based on this assumption. For KVM guest, naturally, we > > > > will write the cached value to real MSRs when vcpu is scheduled in. For > > > > host, SGX driver should write its own value to MSRs when it performs EINIT > > > > for LE. > > > > > > This seems unnecessarily slow (perhaps *extremely* slow) to me. I > > > would propose a totally different solution: > > > > > > Have a percpu variable that stores the current SGXLEPUBKEYHASH along > > > with whatever lock is needed (probably just a mutex). Users of EINIT > > > will take the mutex, compare the percpu variable to the desired value, > > > and, if it's different, do WRMSR and update the percpu variable. > > > > This is exactly what I've been suggesting internally: trap EINIT and > > check the value and write conditionally. > > > > I think this would be the best starting point. > > OK. Assuming we are going to have this percpu variable for > IA32_SGXLEPUBKEYHASHn, I suppose KVM also will update guest's value to this > percpu variable after KVM writes guest's value to hardware MSR? And host > (SGX driver) need to do the same thing (check the value and write > conditionally), correct? > > Thanks, > -Kai This how I would understand it, yes. /Jarkko
