mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-10-02 11:35:46 +00:00
vmm: Add option for enabling SGX EPC regions
Introducing the new CLI option --sgx-epc along with the OpenAPI structure SgxEpcConfig, so that a user can now enable one or multiple SGX Enclave Page Cache sections within a contiguous region from the guest address space. Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit is contained in:
parent
1842865823
commit
d9244e9f4c
25
src/main.rs
25
src/main.rs
@ -79,7 +79,12 @@ fn create_app<'a, 'b>(
|
|||||||
default_rng: &'a str,
|
default_rng: &'a str,
|
||||||
api_server_path: &'a str,
|
api_server_path: &'a str,
|
||||||
) -> App<'a, 'b> {
|
) -> App<'a, 'b> {
|
||||||
App::new("cloud-hypervisor")
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
let mut app: App;
|
||||||
|
#[cfg(target_arch = "aarch64")]
|
||||||
|
let app: App;
|
||||||
|
|
||||||
|
app = App::new("cloud-hypervisor")
|
||||||
// 'BUILT_VERSION' is set by the build script 'build.rs' at
|
// 'BUILT_VERSION' is set by the build script 'build.rs' at
|
||||||
// compile time
|
// compile time
|
||||||
.version(env!("BUILT_VERSION"))
|
.version(env!("BUILT_VERSION"))
|
||||||
@ -258,7 +263,21 @@ fn create_app<'a, 'b>(
|
|||||||
.takes_value(true)
|
.takes_value(true)
|
||||||
.possible_values(&["true", "false"])
|
.possible_values(&["true", "false"])
|
||||||
.default_value("true"),
|
.default_value("true"),
|
||||||
)
|
);
|
||||||
|
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
{
|
||||||
|
app = app.arg(
|
||||||
|
Arg::with_name("sgx-epc")
|
||||||
|
.long("sgx-epc")
|
||||||
|
.help(config::SgxEpcConfig::SYNTAX)
|
||||||
|
.takes_value(true)
|
||||||
|
.min_values(1)
|
||||||
|
.group("vm-config"),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
app
|
||||||
}
|
}
|
||||||
|
|
||||||
fn start_vmm(cmd_arguments: ArgMatches) {
|
fn start_vmm(cmd_arguments: ArgMatches) {
|
||||||
@ -533,6 +552,8 @@ mod unit_tests {
|
|||||||
devices: None,
|
devices: None,
|
||||||
vsock: None,
|
vsock: None,
|
||||||
iommu: false,
|
iommu: false,
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
sgx_epc: None,
|
||||||
};
|
};
|
||||||
|
|
||||||
aver_eq!(tb, expected_vm_config, result_vm_config);
|
aver_eq!(tb, expected_vm_config, result_vm_config);
|
||||||
|
@ -410,6 +410,10 @@ components:
|
|||||||
$ref: '#/components/schemas/DeviceConfig'
|
$ref: '#/components/schemas/DeviceConfig'
|
||||||
vsock:
|
vsock:
|
||||||
$ref: '#/components/schemas/VsockConfig'
|
$ref: '#/components/schemas/VsockConfig'
|
||||||
|
sgx_epc:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
$ref: '#/components/schemas/SgxEpcConfig'
|
||||||
iommu:
|
iommu:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: false
|
||||||
@ -670,6 +674,18 @@ components:
|
|||||||
id:
|
id:
|
||||||
type: string
|
type: string
|
||||||
|
|
||||||
|
SgxEpcConfig:
|
||||||
|
required:
|
||||||
|
- size
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
size:
|
||||||
|
type: integer
|
||||||
|
format: uint64
|
||||||
|
prefault:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
VmResize:
|
VmResize:
|
||||||
type: object
|
type: object
|
||||||
properties:
|
properties:
|
||||||
|
@ -64,6 +64,9 @@ pub enum Error {
|
|||||||
ParseVsock(OptionParserError),
|
ParseVsock(OptionParserError),
|
||||||
/// Failed to parse restore parameters
|
/// Failed to parse restore parameters
|
||||||
ParseRestore(OptionParserError),
|
ParseRestore(OptionParserError),
|
||||||
|
/// Failed to parse SGX EPC parameters
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
ParseSgxEpc(OptionParserError),
|
||||||
/// Failed to validate configuration
|
/// Failed to validate configuration
|
||||||
Validation(ValidationError),
|
Validation(ValidationError),
|
||||||
}
|
}
|
||||||
@ -145,6 +148,8 @@ impl fmt::Display for Error {
|
|||||||
ParseDisk(o) => write!(f, "Error parsing --disk: {}", o),
|
ParseDisk(o) => write!(f, "Error parsing --disk: {}", o),
|
||||||
ParseRNG(o) => write!(f, "Error parsing --rng: {}", o),
|
ParseRNG(o) => write!(f, "Error parsing --rng: {}", o),
|
||||||
ParseRestore(o) => write!(f, "Error parsing --restore: {}", o),
|
ParseRestore(o) => write!(f, "Error parsing --restore: {}", o),
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
ParseSgxEpc(o) => write!(f, "Error parsing --sgx-epc: {}", o),
|
||||||
ParseRestoreSourceUrlMissing => {
|
ParseRestoreSourceUrlMissing => {
|
||||||
write!(f, "Error parsing --restore: source_url missing")
|
write!(f, "Error parsing --restore: source_url missing")
|
||||||
}
|
}
|
||||||
@ -170,6 +175,8 @@ pub struct VmParams<'a> {
|
|||||||
pub console: &'a str,
|
pub console: &'a str,
|
||||||
pub devices: Option<Vec<&'a str>>,
|
pub devices: Option<Vec<&'a str>>,
|
||||||
pub vsock: Option<&'a str>,
|
pub vsock: Option<&'a str>,
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
pub sgx_epc: Option<Vec<&'a str>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<'a> VmParams<'a> {
|
impl<'a> VmParams<'a> {
|
||||||
@ -191,6 +198,8 @@ impl<'a> VmParams<'a> {
|
|||||||
let pmem: Option<Vec<&str>> = args.values_of("pmem").map(|x| x.collect());
|
let pmem: Option<Vec<&str>> = args.values_of("pmem").map(|x| x.collect());
|
||||||
let devices: Option<Vec<&str>> = args.values_of("device").map(|x| x.collect());
|
let devices: Option<Vec<&str>> = args.values_of("device").map(|x| x.collect());
|
||||||
let vsock: Option<&str> = args.value_of("vsock");
|
let vsock: Option<&str> = args.value_of("vsock");
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
let sgx_epc: Option<Vec<&str>> = args.values_of("sgx-epc").map(|x| x.collect());
|
||||||
|
|
||||||
VmParams {
|
VmParams {
|
||||||
cpus,
|
cpus,
|
||||||
@ -207,6 +216,8 @@ impl<'a> VmParams<'a> {
|
|||||||
console,
|
console,
|
||||||
devices,
|
devices,
|
||||||
vsock,
|
vsock,
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
sgx_epc,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1080,6 +1091,39 @@ impl VsockConfig {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
#[derive(Clone, Debug, PartialEq, Deserialize, Serialize, Default)]
|
||||||
|
pub struct SgxEpcConfig {
|
||||||
|
#[serde(default)]
|
||||||
|
pub size: u64,
|
||||||
|
#[serde(default)]
|
||||||
|
pub prefault: bool,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
impl SgxEpcConfig {
|
||||||
|
pub const SYNTAX: &'static str = "SGX EPC parameters \
|
||||||
|
\"size=<epc_section_size>,prefault=on|off\"";
|
||||||
|
pub fn parse(sgx_epc: &str) -> Result<Self> {
|
||||||
|
let mut parser = OptionParser::new();
|
||||||
|
parser.add("size").add("prefault");
|
||||||
|
parser.parse(sgx_epc).map_err(Error::ParseSgxEpc)?;
|
||||||
|
|
||||||
|
let size = parser
|
||||||
|
.convert::<ByteSized>("size")
|
||||||
|
.map_err(Error::ParseSgxEpc)?
|
||||||
|
.unwrap_or(ByteSized(0))
|
||||||
|
.0;
|
||||||
|
let prefault = parser
|
||||||
|
.convert::<Toggle>("prefault")
|
||||||
|
.map_err(Error::ParseSgxEpc)?
|
||||||
|
.unwrap_or(Toggle(false))
|
||||||
|
.0;
|
||||||
|
|
||||||
|
Ok(SgxEpcConfig { size, prefault })
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Clone, Debug, PartialEq, Deserialize, Serialize, Default)]
|
#[derive(Clone, Debug, PartialEq, Deserialize, Serialize, Default)]
|
||||||
pub struct RestoreConfig {
|
pub struct RestoreConfig {
|
||||||
pub source_url: PathBuf,
|
pub source_url: PathBuf,
|
||||||
@ -1139,6 +1183,8 @@ pub struct VmConfig {
|
|||||||
pub vsock: Option<VsockConfig>,
|
pub vsock: Option<VsockConfig>,
|
||||||
#[serde(default)]
|
#[serde(default)]
|
||||||
pub iommu: bool,
|
pub iommu: bool,
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
pub sgx_epc: Option<Vec<SgxEpcConfig>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl VmConfig {
|
impl VmConfig {
|
||||||
@ -1301,6 +1347,21 @@ impl VmConfig {
|
|||||||
}
|
}
|
||||||
vsock = Some(vsock_config);
|
vsock = Some(vsock_config);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
let mut sgx_epc: Option<Vec<SgxEpcConfig>> = None;
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
{
|
||||||
|
if let Some(sgx_epc_list) = &vm_params.sgx_epc {
|
||||||
|
let mut sgx_epc_config_list = Vec::new();
|
||||||
|
for item in sgx_epc_list.iter() {
|
||||||
|
let sgx_epc_config = SgxEpcConfig::parse(item)?;
|
||||||
|
sgx_epc_config_list.push(sgx_epc_config);
|
||||||
|
}
|
||||||
|
sgx_epc = Some(sgx_epc_config_list);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
let mut kernel: Option<KernelConfig> = None;
|
let mut kernel: Option<KernelConfig> = None;
|
||||||
if let Some(k) = vm_params.kernel {
|
if let Some(k) = vm_params.kernel {
|
||||||
kernel = Some(KernelConfig {
|
kernel = Some(KernelConfig {
|
||||||
@ -1331,6 +1392,8 @@ impl VmConfig {
|
|||||||
devices,
|
devices,
|
||||||
vsock,
|
vsock,
|
||||||
iommu,
|
iommu,
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
sgx_epc,
|
||||||
};
|
};
|
||||||
config.validate().map_err(Error::Validation)?;
|
config.validate().map_err(Error::Validation)?;
|
||||||
Ok(config)
|
Ok(config)
|
||||||
@ -1907,6 +1970,8 @@ mod tests {
|
|||||||
devices: None,
|
devices: None,
|
||||||
vsock: None,
|
vsock: None,
|
||||||
iommu: false,
|
iommu: false,
|
||||||
|
#[cfg(target_arch = "x86_64")]
|
||||||
|
sgx_epc: None,
|
||||||
};
|
};
|
||||||
|
|
||||||
assert!(valid_config.validate().is_ok());
|
assert!(valid_config.validate().is_ok());
|
||||||
|
Loading…
Reference in New Issue
Block a user