[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 03/33] hostmem: Add hostmem-epc as a backend for SGX EPC
From: |
Paolo Bonzini |
Subject: |
[PULL 03/33] hostmem: Add hostmem-epc as a backend for SGX EPC |
Date: |
Tue, 28 Sep 2021 14:50:46 +0200 |
From: Sean Christopherson <sean.j.christopherson@intel.com>
EPC (Enclave Page Cahe) is a specialized type of memory used by Intel
SGX (Software Guard Extensions). The SDM desribes EPC as:
The Enclave Page Cache (EPC) is the secure storage used to store
enclave pages when they are a part of an executing enclave. For an
EPC page, hardware performs additional access control checks to
restrict access to the page. After the current page access checks
and translations are performed, the hardware checks that the EPC
page is accessible to the program currently executing. Generally an
EPC page is only accessed by the owner of the executing enclave or
an instruction which is setting up an EPC page.
Because of its unique requirements, Linux manages EPC separately from
normal memory. Similar to memfd, the device /dev/sgx_vepc can be
opened to obtain a file descriptor which can in turn be used to mmap()
EPC memory.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-3-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
backends/hostmem-epc.c | 82 +++++++++++++++++++++++++++++++++++
backends/meson.build | 1 +
include/hw/i386/hostmem-epc.h | 28 ++++++++++++
3 files changed, 111 insertions(+)
create mode 100644 backends/hostmem-epc.c
create mode 100644 include/hw/i386/hostmem-epc.h
diff --git a/backends/hostmem-epc.c b/backends/hostmem-epc.c
new file mode 100644
index 0000000000..b47f98b6a3
--- /dev/null
+++ b/backends/hostmem-epc.c
@@ -0,0 +1,82 @@
+/*
+ * QEMU host SGX EPC memory backend
+ *
+ * Copyright (C) 2019 Intel Corporation
+ *
+ * Authors:
+ * Sean Christopherson <sean.j.christopherson@intel.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include <sys/ioctl.h>
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qom/object_interfaces.h"
+#include "qapi/error.h"
+#include "sysemu/hostmem.h"
+#include "hw/i386/hostmem-epc.h"
+
+static void
+sgx_epc_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
+{
+ uint32_t ram_flags;
+ char *name;
+ int fd;
+
+ if (!backend->size) {
+ error_setg(errp, "can't create backend with size 0");
+ return;
+ }
+
+ fd = qemu_open_old("/dev/sgx_vepc", O_RDWR);
+ if (fd < 0) {
+ error_setg_errno(errp, errno,
+ "failed to open /dev/sgx_vepc to alloc SGX EPC");
+ return;
+ }
+
+ name = object_get_canonical_path(OBJECT(backend));
+ ram_flags = (backend->share ? RAM_SHARED : 0) | RAM_PROTECTED;
+ memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend),
+ name, backend->size, ram_flags,
+ fd, 0, errp);
+ g_free(name);
+}
+
+static void sgx_epc_backend_instance_init(Object *obj)
+{
+ HostMemoryBackend *m = MEMORY_BACKEND(obj);
+
+ m->share = true;
+ m->merge = false;
+ m->dump = false;
+}
+
+static void sgx_epc_backend_class_init(ObjectClass *oc, void *data)
+{
+ HostMemoryBackendClass *bc = MEMORY_BACKEND_CLASS(oc);
+
+ bc->alloc = sgx_epc_backend_memory_alloc;
+}
+
+static const TypeInfo sgx_epc_backed_info = {
+ .name = TYPE_MEMORY_BACKEND_EPC,
+ .parent = TYPE_MEMORY_BACKEND,
+ .instance_init = sgx_epc_backend_instance_init,
+ .class_init = sgx_epc_backend_class_init,
+ .instance_size = sizeof(HostMemoryBackendEpc),
+};
+
+static void register_types(void)
+{
+ int fd = qemu_open_old("/dev/sgx_vepc", O_RDWR);
+ if (fd >= 0) {
+ close(fd);
+
+ type_register_static(&sgx_epc_backed_info);
+ }
+}
+
+type_init(register_types);
diff --git a/backends/meson.build b/backends/meson.build
index d4221831fc..6e68945528 100644
--- a/backends/meson.build
+++ b/backends/meson.build
@@ -16,5 +16,6 @@ softmmu_ss.add(when: ['CONFIG_VHOST_USER', 'CONFIG_VIRTIO'],
if_true: files('vho
softmmu_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true:
files('cryptodev-vhost.c'))
softmmu_ss.add(when: ['CONFIG_VIRTIO_CRYPTO', 'CONFIG_VHOST_CRYPTO'], if_true:
files('cryptodev-vhost-user.c'))
softmmu_ss.add(when: 'CONFIG_GIO', if_true: [files('dbus-vmstate.c'), gio])
+softmmu_ss.add(when: 'CONFIG_SGX', if_true: files('hostmem-epc.c'))
subdir('tpm')
diff --git a/include/hw/i386/hostmem-epc.h b/include/hw/i386/hostmem-epc.h
new file mode 100644
index 0000000000..846c726085
--- /dev/null
+++ b/include/hw/i386/hostmem-epc.h
@@ -0,0 +1,28 @@
+/*
+ * SGX EPC backend
+ *
+ * Copyright (C) 2019 Intel Corporation
+ *
+ * Authors:
+ * Sean Christopherson <sean.j.christopherson@intel.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#ifndef QEMU_HOSTMEM_EPC_H
+#define QEMU_HOSTMEM_EPC_H
+
+#include "sysemu/hostmem.h"
+
+#define TYPE_MEMORY_BACKEND_EPC "memory-backend-epc"
+
+#define MEMORY_BACKEND_EPC(obj) \
+ OBJECT_CHECK(HostMemoryBackendEpc, (obj), TYPE_MEMORY_BACKEND_EPC)
+
+typedef struct HostMemoryBackendEpc HostMemoryBackendEpc;
+
+struct HostMemoryBackendEpc {
+ HostMemoryBackend parent_obj;
+};
+
+#endif
--
2.31.1
- [PULL 28/33] tests: qtest: bios-tables-test depends on the unpacked edk2 ROMs, (continued)
- [PULL 28/33] tests: qtest: bios-tables-test depends on the unpacked edk2 ROMs, Paolo Bonzini, 2021/09/28
- [PULL 33/33] meson_options.txt: Switch the default value for the vnc option to 'auto', Paolo Bonzini, 2021/09/28
- [PULL 02/33] Kconfig: Add CONFIG_SGX support, Paolo Bonzini, 2021/09/28
- [PULL 05/33] i386: Add 'sgx-epc' device to expose EPC sections to guest, Paolo Bonzini, 2021/09/28
- [PULL 15/33] i386: Propagate SGX CPUID sub-leafs to KVM, Paolo Bonzini, 2021/09/28
- [PULL 18/33] hw/i386/pc: Account for SGX EPC sections when calculating device memory, Paolo Bonzini, 2021/09/28
- [PULL 17/33] hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly, Paolo Bonzini, 2021/09/28
- [PULL 20/33] i386: acpi: Add SGX EPC entry to ACPI tables, Paolo Bonzini, 2021/09/28
- [PULL 19/33] i386/pc: Add e820 entry for SGX EPC section(s), Paolo Bonzini, 2021/09/28
- [PULL 29/33] target/i386: Fix memory leak in sev_read_file_base64(), Paolo Bonzini, 2021/09/28
- [PULL 03/33] hostmem: Add hostmem-epc as a backend for SGX EPC,
Paolo Bonzini <=
- [PULL 21/33] q35: Add support for SGX EPC, Paolo Bonzini, 2021/09/28
- [PULL 23/33] sgx-epc: Add the fill_device_info() callback support, Paolo Bonzini, 2021/09/28
- [PULL 27/33] meson: unpack edk2 firmware even if --disable-blobs, Paolo Bonzini, 2021/09/28
- [PULL 24/33] docs/system: Add SGX documentation to the system manual, Paolo Bonzini, 2021/09/28
- [PULL 30/33] memory: Name all the memory listeners, Paolo Bonzini, 2021/09/28
- [PULL 32/33] build-sys: add HAVE_IPPROTO_MPTCP, Paolo Bonzini, 2021/09/28
- [PULL 25/33] target/i386: Add HMP and QMP interfaces for SGX, Paolo Bonzini, 2021/09/28
- Re: [PULL 00/33] x86 and misc changes for 2021-09-28, Peter Maydell, 2021/09/29