On Tue, Feb 02, 2021 at 10:20:47AM -0800, Sean Christopherson wrote:
> On Tue, Feb 02, 2021, Jarkko Sakkinen wrote:
> > On Mon, Feb 01, 2021 at 06:40:40PM +1300, Kai Huang wrote:
> > > On Sat, 30 Jan 2021 16:45:43 +0200 Jarkko Sakkinen wrote:
> > > > On Tue, Jan 26, 2021 at 10:31:00PM +1300, Kai Huang wrote:
> > > > > Modify sgx_init() to always try to initialize the virtual EPC driver,
> > > > > even if the bare-metal SGX driver is disabled. The bare-metal driver
> > > > > might be disabled if SGX Launch Control is in locked mode, or not
> > > > > supported in the hardware at all. This allows (non-Linux) guests that
> > > > > support non-LC configurations to use SGX.
> > > > >
> > > > > Signed-off-by: Kai Huang <kai.huang@xxxxxxxxx>
> > > > > ---
> > > > > v2->v3:
> > > > >
> > > > > - Changed from sgx_virt_epc_init() to sgx_vepc_init().
> > > > >
> > > > > ---
> > > > > arch/x86/kernel/cpu/sgx/main.c | 4 +++-
> > > > > 1 file changed, 3 insertions(+), 1 deletion(-)
> > > > >
> > > > > diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
> > > > > index 21c2ffa13870..93d249f7bff3 100644
> > > > > --- a/arch/x86/kernel/cpu/sgx/main.c
> > > > > +++ b/arch/x86/kernel/cpu/sgx/main.c
> > > > > @@ -12,6 +12,7 @@
> > > > > #include "driver.h"
> > > > > #include "encl.h"
> > > > > #include "encls.h"
> > > > > +#include "virt.h"
> > > > >
> > > > > struct sgx_epc_section sgx_epc_sections[SGX_MAX_EPC_SECTIONS];
> > > > > static int sgx_nr_epc_sections;
> > > > > @@ -712,7 +713,8 @@ static int __init sgx_init(void)
> > > > > goto err_page_cache;
> > > > > }
> > > > >
> > > > > - ret = sgx_drv_init();
> > > > > + /* Success if the native *or* virtual EPC driver initialized cleanly. */
> > > > > + ret = !!sgx_drv_init() & !!sgx_vepc_init();
> > > >
> > > > If would create more dumb code and just add
> > > >
> > > > ret = sgx_vepc_init()
> > > > if (ret)
> > > > goto err_kthread;
> > >
> > > Do you mean you want below?
> > >
> > > ret = sgx_drv_init();
> > > ret = sgx_vepc_init();
> > > if (ret)
> > > goto err_kthread;
> > >
> > > This was Sean's original code, but Dave didn't like it.
> >
> > I think it should be like:
> >
> > ret = sgx_drv_init();
> > if (ret)
> > pr_warn("Driver initialization failed with %d\n", ret);
> >
> > ret = sgx_vepc_init();
> > if (ret)
> > goto err_kthread;
>
> And that's wrong, it doesn't correctly handle the case where sgx_drv_init()
> succeeds but sgx_vepc_init() fails.
After reading all of this, I think that the only acceptable way to
to manage this is to
ret = sgx_drv_init();
if (ret && ret != -ENODEV)
goto err_kthread;
ret = sgx_vepc_init();
if (ret)
goto err_kthread;
Anything else would be a bad idea.
We do support allowing KVM when the driver does not *support* SGX,
not when something is working incorrectly. In that case it is a bad
idea to allow any SGX related initialization to continue.
Agreed that my earlier example is incorrect but so is the condition
in the original patch.
/Jarkko
