sgx: Add mandatory id field to SgxEpcConfig

In order to uniquely identify each SGX EPC section, we introduce a
mandatory option `id` to the `--sgx-epc` parameter.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>

arch/src/x86_64/mod.rs

@@ -20,6 +20,7 @@ use linux_loader::loader::bootparam::boot_params;
 use linux_loader::loader::elf::start_info::{
     hvm_memmap_table_entry, hvm_modlist_entry, hvm_start_info,
 };
+use std::collections::BTreeMap;
 use std::mem;
 use vm_memory::{
     Address, ByteValued, Bytes, GuestAddress, GuestAddressSpace, GuestMemory, GuestMemoryAtomic,
@@ -64,7 +65,7 @@ impl SgxEpcSection {
 pub struct SgxEpcRegion {
     start: GuestAddress,
     size: GuestUsize,
-    epc_sections: Vec<SgxEpcSection>,
+    epc_sections: BTreeMap<String, SgxEpcSection>,
 }
 
 impl SgxEpcRegion {
@@ -72,7 +73,7 @@ impl SgxEpcRegion {
         SgxEpcRegion {
             start,
             size,
-            epc_sections: Vec::new(),
+            epc_sections: BTreeMap::new(),
         }
     }
     pub fn start(&self) -> GuestAddress {
@@ -81,11 +82,11 @@ impl SgxEpcRegion {
     pub fn size(&self) -> GuestUsize {
         self.size
     }
-    pub fn epc_sections(&self) -> &Vec<SgxEpcSection> {
+    pub fn epc_sections(&self) -> &BTreeMap<String, SgxEpcSection> {
         &self.epc_sections
     }
-    pub fn push(&mut self, epc_section: SgxEpcSection) {
+    pub fn insert(&mut self, id: String, epc_section: SgxEpcSection) {
-        self.epc_sections.push(epc_section);
+        self.epc_sections.insert(id, epc_section);
     }
 }
 

docs/intel_sgx.md

@@ -34,7 +34,7 @@ memory, the second one being 32MiB with no pre-allocated memory.
     --disk path=focal-server-cloudimg-amd64.raw \
     --kernel vmlinux \
     --cmdline "console=ttyS0 console=hvc0 root=/dev/vda1 rw" \
-    --sgx-epc size=64M,prefault=on size=32M,prefault=off
+    --sgx-epc id=epc0,size=64M,prefault=on id=epc1,size=32M,prefault=off
 ```
 
 Once booted, and assuming your guest kernel contains the patches from the

tests/integration.rs

@@ -6358,7 +6358,7 @@ mod tests {
                 .args(&["--cmdline", DIRECT_KERNEL_BOOT_CMDLINE])
                 .default_disks()
                 .default_net()
-                .args(&["--sgx-epc", "size=64M"])
+                .args(&["--sgx-epc", "id=epc0,size=64M"])
                 .capture_output()
                 .spawn()
                 .unwrap();

vmm/src/api/openapi/cloud-hypervisor.yaml

@@ -851,9 +851,12 @@ components:
 
     SgxEpcConfig:
       required:
+      - id
       - size
       type: object
       properties:
+        id:
+          type: string
         size:
           type: integer
           format: int64

vmm/src/config.rs

@@ -77,6 +77,9 @@ pub enum Error {
     /// Failed to parse SGX EPC parameters
     #[cfg(target_arch = "x86_64")]
     ParseSgxEpc(OptionParserError),
+    /// Missing 'id' from SGX EPC section
+    #[cfg(target_arch = "x86_64")]
+    ParseSgxEpcIdMissing,
     /// Failed to parse NUMA parameters
     ParseNuma(OptionParserError),
     /// Failed to validate configuration
@@ -215,6 +218,7 @@ impl fmt::Display for Error {
             ParseRestore(o) => write!(f, "Error parsing --restore: {}", o),
             #[cfg(target_arch = "x86_64")]
             ParseSgxEpc(o) => write!(f, "Error parsing --sgx-epc: {}", o),
+            ParseSgxEpcIdMissing => write!(f, "Error parsing --sgx-epc: id missing"),
             ParseNuma(o) => write!(f, "Error parsing --numa: {}", o),
             ParseRestoreSourceUrlMissing => {
                 write!(f, "Error parsing --restore: source_url missing")
@@ -1593,6 +1597,7 @@ impl TdxConfig {
 #[cfg(target_arch = "x86_64")]
 #[derive(Clone, Debug, PartialEq, Deserialize, Serialize, Default)]
 pub struct SgxEpcConfig {
+    pub id: String,
     #[serde(default)]
     pub size: u64,
     #[serde(default)]
@@ -1602,12 +1607,13 @@ pub struct SgxEpcConfig {
 #[cfg(target_arch = "x86_64")]
 impl SgxEpcConfig {
     pub const SYNTAX: &'static str = "SGX EPC parameters \
-        \"size=<epc_section_size>,prefault=on|off\"";
+        \"id=<epc_section_identifier>,size=<epc_section_size>,prefault=on|off\"";
     pub fn parse(sgx_epc: &str) -> Result<Self> {
         let mut parser = OptionParser::new();
-        parser.add("size").add("prefault");
+        parser.add("id").add("size").add("prefault");
         parser.parse(sgx_epc).map_err(Error::ParseSgxEpc)?;
 
+        let id = parser.get("id").ok_or(Error::ParseSgxEpcIdMissing)?;
         let size = parser
             .convert::<ByteSized>("size")
             .map_err(Error::ParseSgxEpc)?
@@ -1619,7 +1625,7 @@ impl SgxEpcConfig {
             .unwrap_or(Toggle(false))
             .0;
 
-        Ok(SgxEpcConfig { size, prefault })
+        Ok(SgxEpcConfig { id, size, prefault })
     }
 }
 

vmm/src/cpu.rs

@@ -572,7 +572,7 @@ impl CpuManager {
             .unwrap()
             .sgx_epc_region()
             .as_ref()
-            .map(|sgx_epc_region| sgx_epc_region.epc_sections().clone());
+            .map(|sgx_epc_region| sgx_epc_region.epc_sections().values().cloned().collect());
         #[cfg(target_arch = "x86_64")]
         let cpuid = {
             let phys_bits = physical_bits(config.max_phys_bits);

vmm/src/memory_manager.rs

@@ -1458,10 +1458,13 @@ impl MemoryManager {
                 false,
             )?;
 
-            sgx_epc_region.push(SgxEpcSection::new(
+            sgx_epc_region.insert(
-                GuestAddress(epc_section_start),
+                epc_section.id.clone(),
-                epc_section.size as GuestUsize,
+                SgxEpcSection::new(
-            ));
+                    GuestAddress(epc_section_start),
+                    epc_section.size as GuestUsize,
+                ),
+            );
 
             epc_section_start += epc_section.size;
         }