Re: [PATCH v3 05/25] x86/sgx: Introduce virtual EPC for use by KVM guests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 31 Mar 2021 21:53:45 +1300 Kai Huang wrote:
> On Wed, 31 Mar 2021 09:44:39 +0200 Boris Petkov wrote:
> > On March 31, 2021 8:51:38 AM GMT+02:00, Kai Huang <kai.huang@xxxxxxxxx> wrote:
> > >How about adding explanation to Documentation/x86/sgx.rst?
> > 
> > Sure, and then we should point users at it. The thing is also indexed by search engines so hopefully people will find it.
> 
> Thanks. Will do and send out new patch for review.
> 
Hi Boris,

Could you help to review whether below change is OK?

diff --git a/Documentation/x86/sgx.rst b/Documentation/x86/sgx.rst
index 5ec7d17e65e0..49a840718a4d 100644
--- a/Documentation/x86/sgx.rst
+++ b/Documentation/x86/sgx.rst
@@ -236,3 +236,19 @@ As a result, when this happpens, user should stop running
any new SGX workloads, (or just any new workloads), and migrate all valuable
workloads. Although a machine reboot can recover all EPC, the bug should be
reported to Linux developers.
+
+Virtual EPC
+===========
+
+Separated from SGX driver for creating and running enclaves in host, SGX core
+also supports virtual EPC driver to support KVM SGX virtualization. Unlike SGX
+driver, EPC page allocated via virtual EPC driver is "raw" EPC page and doesn't
+have specific enclave associated. This is because KVM doesn't track how guest
+uses EPC pages.
+
+As a result, SGX core page reclaimer doesn't support reclaiming EPC pages
+allocated to KVM guests via virtual EPC driver. If user wants to deploy both
+host SGX applications and KVM SGX guests on the same machine, user should
+reserve enough EPC (by taking out total virtual EPC size of all SGX VMs from
+physical EPC size) for host SGX applications so they can run with acceptable
+performance.

In my local, I have squashed above change to this patch, and also added below
paragraph to the commit message:

    Also add documenetation to explain what is virtual EPC, and suggest
    users should be aware of virtual EPC pages are not reclaimable and take
    this into account when deploying both host SGX applications and KVM SGX
    guests on the same machine.
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux