OpenCloudOS-Kernel/Documentation/x86
Sean Christopherson 540745ddbc x86/sgx: Introduce virtual EPC for use by KVM guests
Add a misc device /dev/sgx_vepc to allow userspace to allocate "raw"
Enclave Page Cache (EPC) without an associated enclave. The intended
and only known use case for raw EPC allocation is to expose EPC to a
KVM guest, hence the 'vepc' moniker, virt.{c,h} files and X86_SGX_KVM
Kconfig.

The SGX driver uses the misc device /dev/sgx_enclave to support
userspace in creating an enclave. Each file descriptor returned from
opening /dev/sgx_enclave represents an enclave. Unlike the SGX driver,
KVM doesn't control how the guest uses the EPC, therefore EPC allocated
to a KVM guest is not associated with an enclave, and /dev/sgx_enclave
is not suitable for allocating EPC for a KVM guest.

Having separate device nodes for the SGX driver and KVM virtual EPC also
allows separate permission control for running host SGX enclaves and KVM
SGX guests.

To use /dev/sgx_vepc to allocate a virtual EPC instance with particular
size, the hypervisor opens /dev/sgx_vepc, and uses mmap() with the
intended size to get an address range of virtual EPC. Then it may use
the address range to create one KVM memory slot as virtual EPC for
a guest.

Implement the "raw" EPC allocation in the x86 core-SGX subsystem via
/dev/sgx_vepc rather than in KVM. Doing so has two major advantages:

  - Does not require changes to KVM's uAPI, e.g. EPC gets handled as
    just another memory backend for guests.

  - EPC management is wholly contained in the SGX subsystem, e.g. SGX
    does not have to export any symbols, changes to reclaim flows don't
    need to be routed through KVM, SGX's dirty laundry doesn't have to
    get aired out for the world to see, and so on and so forth.

The virtual EPC pages allocated to guests are currently not reclaimable.
Reclaiming an EPC page used by enclave requires a special reclaim
mechanism separate from normal page reclaim, and that mechanism is not
supported for virutal EPC pages. Due to the complications of handling
reclaim conflicts between guest and host, reclaiming virtual EPC pages
is significantly more complex than basic support for SGX virtualization.

 [ bp:
   - Massage commit message and comments
   - use cpu_feature_enabled()
   - vertically align struct members init
   - massage Virtual EPC clarification text
   - move Kconfig prompt to Virtualization ]

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Co-developed-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Dave Hansen <dave.hansen@intel.com>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
Link: https://lkml.kernel.org/r/0c38ced8c8e5a69872db4d6a1c0dabd01e07cad7.1616136308.git.kai.huang@intel.com
2021-04-06 09:43:17 +02:00
..
i386 Documentation: x86: convert i386/IO-APIC.txt to reST 2019-05-08 14:34:11 -06:00
x86_64 A handful of late-arriving documentation fixes. 2020-10-23 17:13:53 -07:00
amd-memory-encryption.rst Documentation: x86: convert amd-memory-encryption.txt to reST 2019-05-08 14:34:10 -06:00
boot.rst Documentation/x86/boot.rst: Correct the example of SETUP_INDIRECT 2021-01-28 15:25:31 -07:00
booting-dt.rst dt: Remove booting-without-of.rst 2020-10-13 13:33:16 -05:00
cpuinfo.rst Documentation/x86: Add documentation for /proc/cpuinfo feature flags 2020-09-01 11:07:15 +02:00
earlyprintk.rst Documentation: x86: earlyprintk: drop doubled words 2020-07-13 09:47:38 -06:00
entry_64.rst Documentation: x86: convert entry_64.txt to reST 2019-05-08 14:34:09 -06:00
exception-tables.rst Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-03-31 11:04:05 -07:00
features.rst docs: archis: add a per-architecture features list 2020-12-03 15:10:15 -07:00
index.rst A much quieter cycle for documentation (happily), with, one hopes, the bulk 2020-12-14 16:55:54 -08:00
intel-iommu.rst docs: prevent warnings due to autosectionlabel 2020-03-20 17:01:29 -06:00
intel_txt.rst docs: x86: move two x86-specific files to x86 arch dir 2019-07-15 11:03:01 -03:00
kernel-stacks.rst Some late arriving documentation changes. In particular, this contains the 2019-05-10 13:24:53 -04:00
mds.rst x86/speculation/mds: Improve CPU buffer clear documentation 2019-05-16 09:05:12 +02:00
microcode.rst Documentation: x86: convert microcode.txt to reST 2019-05-08 14:34:11 -06:00
mtrr.rst Documentation: x86: convert mtrr.txt to reST 2019-05-08 14:34:10 -06:00
orc-unwinder.rst Documentation: x86: convert orc-unwinder.txt to reST 2019-05-08 14:34:11 -06:00
pat.rst remove ioremap_nocache and devm_ioremap_nocache 2020-01-06 09:45:59 +01:00
pti.rst Documentation: x86: convert pti.txt to reST 2019-05-08 14:34:10 -06:00
resctrl.rst Documentation/x86: Rename resctrl_ui.rst and add two errata to the file 2020-10-27 16:47:00 +01:00
sgx.rst x86/sgx: Introduce virtual EPC for use by KVM guests 2021-04-06 09:43:17 +02:00
sva.rst Documentation/x86: Add documentation for SVA (Shared Virtual Addressing) 2020-09-17 19:29:42 +02:00
tlb.rst Documentation: x86: convert tlb.txt to reST 2019-05-08 14:34:10 -06:00
topology.rst x86/CPU/AMD: Save AMD NodeId as cpu_die_id 2020-11-19 11:43:13 +01:00
tsx_async_abort.rst x86/speculation/taa: Add documentation for TSX Async Abort 2019-10-28 08:37:00 +01:00
usb-legacy-support.rst Documentation: x86: convert usb-legacy-support.txt to reST 2019-05-08 14:34:11 -06:00
zero-page.rst Documentation: x86: convert zero-page.txt to reST 2019-05-08 14:34:10 -06:00