[v5] Qemu SGX virtualization

[PATCH v5 00/26] Qemu SGX virtualization

Paolo Bonzini posted 26 patches 2 years, 7 months ago

Diff against v1 v1 v2 v3 v4
Download series mbox

Test checkpatch passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20210924112509.25061-1-pbonzini@redhat.com

Maintainers: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, David Hildenbrand <david@redhat.com>, Laurent Vivier <lvivier@redhat.com>, Markus Armbruster <armbru@redhat.com>, Eric Blake <eblake@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, Ani Sinha <ani@anisinha.ca>, Marcelo Tosatti <mtosatti@redhat.com>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, Eduardo Habkost <ehabkost@redhat.com>, Thomas Huth <thuth@redhat.com>, "Daniel P. Berrangé" <berrange@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>, Alex Williamson <alex.williamson@redhat.com>, Igor Mammedov <imammedo@redhat.com>, Peter Xu <peterx@redhat.com>

backends/hostmem-epc.c                   |  82 ++++++++++
backends/meson.build                     |   1 +
configs/devices/i386-softmmu/default.mak |   1 +
docs/system/i386/sgx.rst                 | 165 ++++++++++++++++++++
docs/system/target-i386.rst              |   1 +
hmp-commands-info.hx                     |  15 ++
hw/i386/Kconfig                          |   5 +
hw/i386/acpi-build.c                     |  22 +++
hw/i386/fw_cfg.c                         |  10 +-
hw/i386/meson.build                      |   2 +
hw/i386/pc.c                             |  15 +-
hw/i386/pc_piix.c                        |   1 +
hw/i386/pc_q35.c                         |   1 +
hw/i386/sgx-epc.c                        | 184 +++++++++++++++++++++++
hw/i386/sgx-stub.c                       |  26 ++++
hw/i386/sgx.c                            | 170 +++++++++++++++++++++
hw/i386/x86.c                            |  29 ++++
hw/vfio/common.c                         |   1 +
include/exec/memory.h                    |  15 +-
include/hw/i386/hostmem-epc.h            |  28 ++++
include/hw/i386/pc.h                     |   6 +
include/hw/i386/sgx-epc.h                |  67 +++++++++
include/hw/i386/sgx.h                    |  12 ++
include/hw/i386/x86.h                    |   1 +
include/monitor/hmp-target.h             |   1 +
monitor/hmp-cmds.c                       |  10 ++
qapi/machine.json                        |  52 ++++++-
qapi/misc-target.json                    |  61 ++++++++
qapi/qom.json                            |  19 +++
qemu-options.hx                          |  10 +-
softmmu/memory.c                         |   5 +
softmmu/physmem.c                        |   3 +-
target/i386/cpu.c                        | 167 +++++++++++++++++++-
target/i386/cpu.h                        |  16 ++
target/i386/kvm/kvm.c                    |  75 +++++++++
target/i386/kvm/kvm_i386.h               |   2 +
target/i386/machine.c                    |  20 +++
target/i386/monitor.c                    |  32 ++++
tests/qtest/qmp-cmd-test.c               |   2 +
39 files changed, 1325 insertions(+), 10 deletions(-)
create mode 100644 backends/hostmem-epc.c
create mode 100644 docs/system/i386/sgx.rst
create mode 100644 hw/i386/sgx-epc.c
create mode 100644 hw/i386/sgx-stub.c
create mode 100644 hw/i386/sgx.c
create mode 100644 include/hw/i386/hostmem-epc.h
create mode 100644 include/hw/i386/sgx-epc.h
create mode 100644 include/hw/i386/sgx.h

Expand all Fold all

[PATCH v5 00/26] Qemu SGX virtualization

Posted by Paolo Bonzini 2 years, 7 months ago

This version includes a lot of the changes that were pointed out in
the review of the previous versions.  I apologize for rushing things
in to make it before the conference break.

Paolo

----

Changes from v4:

- removed RESET handling, which will use a dedicated kernel API

- cleaned up stubs with respect to bisection, moving the definition
  of CONFIG_SGX at the beginning of the series [Philippe]

- created new header include/hw/i386/hostmem-epc.h and used
  HostMemoryBackendEpc when applicable in the API

- changed "Since" documentation from 6.1 to 6.2 [Eric]

- moved pc_machine_init_sgx_epc to patch 13 ("i386: Update SGX CPUID
  info according to hardware/KVM/user input")

- define x86_cpu_set_sgxlepubkeyhash even for user-mode emulation
  [Philippe]

- converted documentation to rST [Peter]

- cleaned up QMP/HMP commands [Daniel]

- fixed stubs for QMP/HMP commands for --disable-kvm and non-Linux builds

Gitlab CI has been tested already and passes.

----

Sean Christopherson (21):
  memory: Add RAM_PROTECTED flag to skip IOMMU mappings
  hostmem: Add hostmem-epc as a backend for SGX EPC
  i386: Add 'sgx-epc' device to expose EPC sections to guest
  vl: Add sgx compound properties to expose SGX EPC sections to guest
  i386: Add primary SGX CPUID and MSR defines
  i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX
  i386: Add SGX CPUID leaf FEAT_SGX_12_0_EBX
  i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX
  i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs
  i386: Add feature control MSR dependency when SGX is enabled
  i386: Update SGX CPUID info according to hardware/KVM/user input
  i386: kvm: Add support for exposing PROVISIONKEY to guest
  i386: Propagate SGX CPUID sub-leafs to KVM
  Adjust min CPUID level to 0x12 when SGX is enabled
  hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly
  hw/i386/pc: Account for SGX EPC sections when calculating device
    memory
  i386/pc: Add e820 entry for SGX EPC section(s)
  i386: acpi: Add SGX EPC entry to ACPI tables
  q35: Add support for SGX EPC
  i440fx: Add support for SGX EPC
  docs/system: Add SGX documentation to the system manual

Yang Zhong (5):
  Kconfig: Add CONFIG_SGX support
  qom: Add memory-backend-epc ObjectOptions support
  sgx-epc: Add the fill_device_info() callback support
  target/i386: Add HMP and QMP interfaces for SGX
  target/i386: Add the query-sgx-capabilities QMP command

 backends/hostmem-epc.c                   |  82 ++++++++++
 backends/meson.build                     |   1 +
 configs/devices/i386-softmmu/default.mak |   1 +
 docs/system/i386/sgx.rst                 | 165 ++++++++++++++++++++
 docs/system/target-i386.rst              |   1 +
 hmp-commands-info.hx                     |  15 ++
 hw/i386/Kconfig                          |   5 +
 hw/i386/acpi-build.c                     |  22 +++
 hw/i386/fw_cfg.c                         |  10 +-
 hw/i386/meson.build                      |   2 +
 hw/i386/pc.c                             |  15 +-
 hw/i386/pc_piix.c                        |   1 +
 hw/i386/pc_q35.c                         |   1 +
 hw/i386/sgx-epc.c                        | 184 +++++++++++++++++++++++
 hw/i386/sgx-stub.c                       |  26 ++++
 hw/i386/sgx.c                            | 170 +++++++++++++++++++++
 hw/i386/x86.c                            |  29 ++++
 hw/vfio/common.c                         |   1 +
 include/exec/memory.h                    |  15 +-
 include/hw/i386/hostmem-epc.h            |  28 ++++
 include/hw/i386/pc.h                     |   6 +
 include/hw/i386/sgx-epc.h                |  67 +++++++++
 include/hw/i386/sgx.h                    |  12 ++
 include/hw/i386/x86.h                    |   1 +
 include/monitor/hmp-target.h             |   1 +
 monitor/hmp-cmds.c                       |  10 ++
 qapi/machine.json                        |  52 ++++++-
 qapi/misc-target.json                    |  61 ++++++++
 qapi/qom.json                            |  19 +++
 qemu-options.hx                          |  10 +-
 softmmu/memory.c                         |   5 +
 softmmu/physmem.c                        |   3 +-
 target/i386/cpu.c                        | 167 +++++++++++++++++++-
 target/i386/cpu.h                        |  16 ++
 target/i386/kvm/kvm.c                    |  75 +++++++++
 target/i386/kvm/kvm_i386.h               |   2 +
 target/i386/machine.c                    |  20 +++
 target/i386/monitor.c                    |  32 ++++
 tests/qtest/qmp-cmd-test.c               |   2 +
 39 files changed, 1325 insertions(+), 10 deletions(-)
 create mode 100644 backends/hostmem-epc.c
 create mode 100644 docs/system/i386/sgx.rst
 create mode 100644 hw/i386/sgx-epc.c
 create mode 100644 hw/i386/sgx-stub.c
 create mode 100644 hw/i386/sgx.c
 create mode 100644 include/hw/i386/hostmem-epc.h
 create mode 100644 include/hw/i386/sgx-epc.h
 create mode 100644 include/hw/i386/sgx.h

-- 
2.31.1