sgx: Add mandatory id field to SgxEpcConfig

In order to uniquely identify each SGX EPC section, we introduce a
mandatory option `id` to the `--sgx-epc` parameter.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit is contained in:
Sebastien Boeuf 2021-07-09 10:48:32 +02:00
parent 4a3cec8c1f
commit 9aedabe11e
7 changed files with 28 additions and 15 deletions

View File

@ -20,6 +20,7 @@ use linux_loader::loader::bootparam::boot_params;
use linux_loader::loader::elf::start_info::{
hvm_memmap_table_entry, hvm_modlist_entry, hvm_start_info,
};
use std::collections::BTreeMap;
use std::mem;
use vm_memory::{
Address, ByteValued, Bytes, GuestAddress, GuestAddressSpace, GuestMemory, GuestMemoryAtomic,
@ -64,7 +65,7 @@ impl SgxEpcSection {
pub struct SgxEpcRegion {
start: GuestAddress,
size: GuestUsize,
epc_sections: Vec<SgxEpcSection>,
epc_sections: BTreeMap<String, SgxEpcSection>,
}
impl SgxEpcRegion {
@ -72,7 +73,7 @@ impl SgxEpcRegion {
SgxEpcRegion {
start,
size,
epc_sections: Vec::new(),
epc_sections: BTreeMap::new(),
}
}
pub fn start(&self) -> GuestAddress {
@ -81,11 +82,11 @@ impl SgxEpcRegion {
pub fn size(&self) -> GuestUsize {
self.size
}
pub fn epc_sections(&self) -> &Vec<SgxEpcSection> {
pub fn epc_sections(&self) -> &BTreeMap<String, SgxEpcSection> {
&self.epc_sections
}
pub fn push(&mut self, epc_section: SgxEpcSection) {
self.epc_sections.push(epc_section);
pub fn insert(&mut self, id: String, epc_section: SgxEpcSection) {
self.epc_sections.insert(id, epc_section);
}
}

View File

@ -34,7 +34,7 @@ memory, the second one being 32MiB with no pre-allocated memory.
--disk path=focal-server-cloudimg-amd64.raw \
--kernel vmlinux \
--cmdline "console=ttyS0 console=hvc0 root=/dev/vda1 rw" \
--sgx-epc size=64M,prefault=on size=32M,prefault=off
--sgx-epc id=epc0,size=64M,prefault=on id=epc1,size=32M,prefault=off
```
Once booted, and assuming your guest kernel contains the patches from the

View File

@ -6358,7 +6358,7 @@ mod tests {
.args(&["--cmdline", DIRECT_KERNEL_BOOT_CMDLINE])
.default_disks()
.default_net()
.args(&["--sgx-epc", "size=64M"])
.args(&["--sgx-epc", "id=epc0,size=64M"])
.capture_output()
.spawn()
.unwrap();

View File

@ -851,9 +851,12 @@ components:
SgxEpcConfig:
required:
- id
- size
type: object
properties:
id:
type: string
size:
type: integer
format: int64

View File

@ -77,6 +77,9 @@ pub enum Error {
/// Failed to parse SGX EPC parameters
#[cfg(target_arch = "x86_64")]
ParseSgxEpc(OptionParserError),
/// Missing 'id' from SGX EPC section
#[cfg(target_arch = "x86_64")]
ParseSgxEpcIdMissing,
/// Failed to parse NUMA parameters
ParseNuma(OptionParserError),
/// Failed to validate configuration
@ -215,6 +218,7 @@ impl fmt::Display for Error {
ParseRestore(o) => write!(f, "Error parsing --restore: {}", o),
#[cfg(target_arch = "x86_64")]
ParseSgxEpc(o) => write!(f, "Error parsing --sgx-epc: {}", o),
ParseSgxEpcIdMissing => write!(f, "Error parsing --sgx-epc: id missing"),
ParseNuma(o) => write!(f, "Error parsing --numa: {}", o),
ParseRestoreSourceUrlMissing => {
write!(f, "Error parsing --restore: source_url missing")
@ -1593,6 +1597,7 @@ impl TdxConfig {
#[cfg(target_arch = "x86_64")]
#[derive(Clone, Debug, PartialEq, Deserialize, Serialize, Default)]
pub struct SgxEpcConfig {
pub id: String,
#[serde(default)]
pub size: u64,
#[serde(default)]
@ -1602,12 +1607,13 @@ pub struct SgxEpcConfig {
#[cfg(target_arch = "x86_64")]
impl SgxEpcConfig {
pub const SYNTAX: &'static str = "SGX EPC parameters \
\"size=<epc_section_size>,prefault=on|off\"";
\"id=<epc_section_identifier>,size=<epc_section_size>,prefault=on|off\"";
pub fn parse(sgx_epc: &str) -> Result<Self> {
let mut parser = OptionParser::new();
parser.add("size").add("prefault");
parser.add("id").add("size").add("prefault");
parser.parse(sgx_epc).map_err(Error::ParseSgxEpc)?;
let id = parser.get("id").ok_or(Error::ParseSgxEpcIdMissing)?;
let size = parser
.convert::<ByteSized>("size")
.map_err(Error::ParseSgxEpc)?
@ -1619,7 +1625,7 @@ impl SgxEpcConfig {
.unwrap_or(Toggle(false))
.0;
Ok(SgxEpcConfig { size, prefault })
Ok(SgxEpcConfig { id, size, prefault })
}
}

View File

@ -572,7 +572,7 @@ impl CpuManager {
.unwrap()
.sgx_epc_region()
.as_ref()
.map(|sgx_epc_region| sgx_epc_region.epc_sections().clone());
.map(|sgx_epc_region| sgx_epc_region.epc_sections().values().cloned().collect());
#[cfg(target_arch = "x86_64")]
let cpuid = {
let phys_bits = physical_bits(config.max_phys_bits);

View File

@ -1458,10 +1458,13 @@ impl MemoryManager {
false,
)?;
sgx_epc_region.push(SgxEpcSection::new(
sgx_epc_region.insert(
epc_section.id.clone(),
SgxEpcSection::new(
GuestAddress(epc_section_start),
epc_section.size as GuestUsize,
));
),
);
epc_section_start += epc_section.size;
}