linux/Documentation/x86
Sean Christopherson 540745ddbc x86/sgx: Introduce virtual EPC for use by KVM guests
Add a misc device /dev/sgx_vepc to allow userspace to allocate "raw"
Enclave Page Cache (EPC) without an associated enclave. The intended
and only known use case for raw EPC allocation is to expose EPC to a
KVM guest, hence the 'vepc' moniker, virt.{c,h} files and X86_SGX_KVM
Kconfig.

The SGX driver uses the misc device /dev/sgx_enclave to support
userspace in creating an enclave. Each file descriptor returned from
opening /dev/sgx_enclave represents an enclave. Unlike the SGX driver,
KVM doesn't control how the guest uses the EPC, therefore EPC allocated
to a KVM guest is not associated with an enclave, and /dev/sgx_enclave
is not suitable for allocating EPC for a KVM guest.

Having separate device nodes for the SGX driver and KVM virtual EPC also
allows separate permission control for running host SGX enclaves and KVM
SGX guests.

To use /dev/sgx_vepc to allocate a virtual EPC instance with particular
size, the hypervisor opens /dev/sgx_vepc, and uses mmap() with the
intended size to get an address range of virtual EPC. Then it may use
the address range to create one KVM memory slot as virtual EPC for
a guest.

Implement the "raw" EPC allocation in the x86 core-SGX subsystem via
/dev/sgx_vepc rather than in KVM. Doing so has two major advantages:

  - Does not require changes to KVM's uAPI, e.g. EPC gets handled as
    just another memory backend for guests.

  - EPC management is wholly contained in the SGX subsystem, e.g. SGX
    does not have to export any symbols, changes to reclaim flows don't
    need to be routed through KVM, SGX's dirty laundry doesn't have to
    get aired out for the world to see, and so on and so forth.

The virtual EPC pages allocated to guests are currently not reclaimable.
Reclaiming an EPC page used by enclave requires a special reclaim
mechanism separate from normal page reclaim, and that mechanism is not
supported for virutal EPC pages. Due to the complications of handling
reclaim conflicts between guest and host, reclaiming virtual EPC pages
is significantly more complex than basic support for SGX virtualization.

 [ bp:
   - Massage commit message and comments
   - use cpu_feature_enabled()
   - vertically align struct members init
   - massage Virtual EPC clarification text
   - move Kconfig prompt to Virtualization ]

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Co-developed-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Dave Hansen <dave.hansen@intel.com>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
Link: https://lkml.kernel.org/r/0c38ced8c8e5a69872db4d6a1c0dabd01e07cad7.1616136308.git.kai.huang@intel.com
2021-04-06 09:43:17 +02:00
..
i386
x86_64 A handful of late-arriving documentation fixes. 2020-10-23 17:13:53 -07:00
amd-memory-encryption.rst
boot.rst Documentation/x86/boot.rst: Correct the example of SETUP_INDIRECT 2021-01-28 15:25:31 -07:00
booting-dt.rst dt: Remove booting-without-of.rst 2020-10-13 13:33:16 -05:00
cpuinfo.rst Documentation/x86: Add documentation for /proc/cpuinfo feature flags 2020-09-01 11:07:15 +02:00
earlyprintk.rst Documentation: x86: earlyprintk: drop doubled words 2020-07-13 09:47:38 -06:00
entry_64.rst
exception-tables.rst Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-03-31 11:04:05 -07:00
features.rst docs: archis: add a per-architecture features list 2020-12-03 15:10:15 -07:00
index.rst A much quieter cycle for documentation (happily), with, one hopes, the bulk 2020-12-14 16:55:54 -08:00
intel_txt.rst
intel-iommu.rst docs: prevent warnings due to autosectionlabel 2020-03-20 17:01:29 -06:00
kernel-stacks.rst
mds.rst
microcode.rst
mtrr.rst
orc-unwinder.rst
pat.rst
pti.rst
resctrl.rst Documentation/x86: Rename resctrl_ui.rst and add two errata to the file 2020-10-27 16:47:00 +01:00
sgx.rst x86/sgx: Introduce virtual EPC for use by KVM guests 2021-04-06 09:43:17 +02:00
sva.rst Documentation/x86: Add documentation for SVA (Shared Virtual Addressing) 2020-09-17 19:29:42 +02:00
tlb.rst
topology.rst x86/CPU/AMD: Save AMD NodeId as cpu_die_id 2020-11-19 11:43:13 +01:00
tsx_async_abort.rst
usb-legacy-support.rst
zero-page.rst