On Thu, 2017-05-11 at 23:11 -0700, Andy Lutomirski wrote:
On Thu, May 11, 2017 at 9:56 PM, Huang, Kai
> > Have a percpu variable that stores the current SGXLEPUBKEYHASH along
> > with whatever lock is needed (probably just a mutex). Users of EINIT
> > will take the mutex, compare the percpu variable to the desired value,
> > and, if it's different, do WRMSR and update the percpu variable.
> > KVM will implement writes to SGXLEPUBKEYHASH by updating its in-memory
> > state but *not* changing the MSRs. KVM will trap and emulate EINIT to
> > support the same handling as the host. There is no action required at
> > all on KVM guest entry and exit.
> This is doable, but SGX driver needs to do those things and expose
> interfaces for KVM to use. In terms of the percpu data, it is nice to have,
> but I am not sure whether it is mandatory, as IMO EINIT is not even in
> performance critical path. We can simply read old value from MSRs out and
> compare whether the old equals to the new.
I think the SGX driver should probably live in arch/x86, and the
interface could be a simple percpu variable that is exported (from the
main kernel image, not from a module).
Jarkko, what are your thoughts on moving the SGX code into arch/x86 and removing
the option to build it as a module? This would simplify the KVM and EPC cgroup