Re: [PATCH 1/2] x86: sgx_vepc: extract sgx_vepc_remove_page

From: Jarkko Sakkinen
Date: Tue Sep 21 2021 - 15:44:26 EST

Next message: Rob Herring: "Re: [PATCH] Documentation, dt, numa: Add note to empty NUMA node"
Previous message: Brian Geffon: "[PATCH v3] zram: Introduce an aged idle interface"
In reply to: Paolo Bonzini: "[PATCH 1/2] x86: sgx_vepc: extract sgx_vepc_remove_page"
Next in thread: Jarkko Sakkinen: "Re: [PATCH 1/2] x86: sgx_vepc: extract sgx_vepc_remove_page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2021-09-20 at 08:54 -0400, Paolo Bonzini wrote:
> For bare-metal SGX on real hardware, the hardware provides guarantees
> SGX state at reboot. For instance, all pages start out uninitialized.
> The vepc driver provides a similar guarantee today for freshly-opened
> vepc instances, but guests such as Windows expect all pages to be in
> uninitialized state on startup, including after every guest reboot.

I would consider replacing

"For bare-metal SGX on real hardware, the hardware provides guarantees
SGX state at reboot. For instance, all pages start out uninitialized."

something like

"On bare-metal SGX, start of a power cycle zeros all of its reserved
memory. This happens after every reboot, but in addition to that
happens after waking up from any of the sleep states."

I can speculate and imagine where this might useful, but no matter how
trivial or complex it is, this patch needs to nail a concrete usage
example. I'd presume you know well the exact changes needed for QEMU, so
from that knowledge it should be easy to write the motivational part.

For instance, point out where it is needed in QEMU and why. I.e. why
you end up in the first place having to re-use vepc buffers (or whatever
they should be called) in QEMU. When that is taken care of, then there is
a red line to eventually ack these patches.

About the motivation.

In Linux we do have a mechanism to take care of this in a guest, for which
motivation was actually first and foremost kexec. It was not done to let VMM to
give a corrupted memory state to a guest.

Even to a Linux guest, since EPC should stil be represented in the state that
matches the hardware. It'd be essentially a corrupted state, even if there was
measures to resist this. Windows guests failing is essentially a side-effect
of an issue, not an issue in the Windows guests.

Since QEMU needs to reinitialize VEPC buffers for guests, it should be as
efficient as we ever can make it. Just fill the gap of understanding why
QEMU needs to do this for guest. This is exactly kind of stuff that you want
have documented in the commit log for future :-)

/Jarkko

Next message: Rob Herring: "Re: [PATCH] Documentation, dt, numa: Add note to empty NUMA node"
Previous message: Brian Geffon: "[PATCH v3] zram: Introduce an aged idle interface"
In reply to: Paolo Bonzini: "[PATCH 1/2] x86: sgx_vepc: extract sgx_vepc_remove_page"
Next in thread: Jarkko Sakkinen: "Re: [PATCH 1/2] x86: sgx_vepc: extract sgx_vepc_remove_page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]