On Thu, 2017-05-11 at 23:11 -0700, Andy Lutomirski wrote: > On Thu, May 11, 2017 at 9:56 PM, Huang, Kai <kai.huang@xxxxxxxxxxxxxxx> wrote: > > > > > Have a percpu variable that stores the current SGXLEPUBKEYHASH along > > > with whatever lock is needed (probably just a mutex). Users of EINIT > > > will take the mutex, compare the percpu variable to the desired value, > > > and, if it's different, do WRMSR and update the percpu variable. > > > > > > KVM will implement writes to SGXLEPUBKEYHASH by updating its in-memory > > > state but *not* changing the MSRs. KVM will trap and emulate EINIT to > > > support the same handling as the host. There is no action required at > > > all on KVM guest entry and exit. > > > > This is doable, but SGX driver needs to do those things and expose > > interfaces for KVM to use. In terms of the percpu data, it is nice to have, > > but I am not sure whether it is mandatory, as IMO EINIT is not even in > > performance critical path. We can simply read old value from MSRs out and > > compare whether the old equals to the new. > I think the SGX driver should probably live in arch/x86, and the > interface could be a simple percpu variable that is exported (from the > main kernel image, not from a module). Jarkko, what are your thoughts on moving the SGX code into arch/x86 and removing the option to build it as a module? This would simplify the KVM and EPC cgroup implementations.
