From ec81f377b6bd98d9d7f225e056183c87fa44455a Mon Sep 17 00:00:00 2001
From: Rob Bradford <robert.bradford@intel.com>
Date: Fri, 29 Oct 2021 09:30:01 +0100
Subject: [PATCH] vmm: Refactor SGX setup to inside MemoryManager::new()

This makes it possible to manually allocate the SGX region after the end
of RAM region.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
---
 vmm/src/memory_manager.rs | 16 ++++++++++------
 vmm/src/vm.rs             | 19 ++++++++-----------
 2 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/vmm/src/memory_manager.rs b/vmm/src/memory_manager.rs
index f6ba91315..0a30f8413 100644
--- a/vmm/src/memory_manager.rs
+++ b/vmm/src/memory_manager.rs
@@ -820,6 +820,7 @@ impl MemoryManager {
         phys_bits: u8,
         #[cfg(feature = "tdx")] tdx_enabled: bool,
         restore_data: Option<&MemoryManagerSnapshotData>,
+        #[cfg(target_arch = "x86_64")] sgx_epc_config: Option<Vec<SgxEpcConfig>>,
     ) -> Result<Arc<Mutex<MemoryManager>>, Error> {
         let user_provided_zones = config.size == 0;
 
@@ -1047,6 +1048,10 @@ impl MemoryManager {
         };
 
         memory_manager.allocate_address_space()?;
+        #[cfg(target_arch = "x86_64")]
+        if let Some(sgx_epc_config) = sgx_epc_config {
+            memory_manager.setup_sgx(sgx_epc_config)?;
+        }
 
         Ok(Arc::new(Mutex::new(memory_manager)))
     }
@@ -1075,6 +1080,8 @@ impl MemoryManager {
                 #[cfg(feature = "tdx")]
                 false,
                 Some(&mem_snapshot),
+                #[cfg(target_arch = "x86_64")]
+                None,
             )?;
 
             mm.lock()
@@ -1585,16 +1592,13 @@ impl MemoryManager {
     }
 
     #[cfg(target_arch = "x86_64")]
-    pub fn setup_sgx(
-        &mut self,
-        sgx_epc_config: Vec<SgxEpcConfig>,
-        vm: &Arc<dyn hypervisor::Vm>,
-    ) -> Result<(), Error> {
+    pub fn setup_sgx(&mut self, sgx_epc_config: Vec<SgxEpcConfig>) -> Result<(), Error> {
         let file = OpenOptions::new()
             .read(true)
             .open("/dev/sgx_provision")
             .map_err(Error::SgxProvisionOpen)?;
-        vm.enable_sgx_attribute(file)
+        self.vm
+            .enable_sgx_attribute(file)
             .map_err(Error::SgxEnableProvisioning)?;
 
         // Go over each EPC section and verify its size is a 4k multiple. At
diff --git a/vmm/src/vm.rs b/vmm/src/vm.rs
index c918f3ee9..e88653e40 100644
--- a/vmm/src/vm.rs
+++ b/vmm/src/vm.rs
@@ -745,6 +745,10 @@ impl Vm {
         #[cfg(target_arch = "x86_64")]
         vm.enable_split_irq().unwrap();
         let phys_bits = physical_bits(config.lock().unwrap().cpus.max_phys_bits);
+
+        #[cfg(target_arch = "x86_64")]
+        let sgx_epc_config = config.lock().unwrap().sgx_epc.clone();
+
         let memory_manager = MemoryManager::new(
             vm.clone(),
             &config.lock().unwrap().memory.clone(),
@@ -753,20 +757,11 @@ impl Vm {
             #[cfg(feature = "tdx")]
             tdx_enabled,
             None,
+            #[cfg(target_arch = "x86_64")]
+            sgx_epc_config,
         )
         .map_err(Error::MemoryManager)?;
 
-        #[cfg(target_arch = "x86_64")]
-        {
-            if let Some(sgx_epc_config) = config.lock().unwrap().sgx_epc.clone() {
-                memory_manager
-                    .lock()
-                    .unwrap()
-                    .setup_sgx(sgx_epc_config, &vm)
-                    .map_err(Error::MemoryManager)?;
-            }
-        }
-
         let new_vm = Vm::new_from_memory_manager(
             config,
             memory_manager,
@@ -871,6 +866,8 @@ impl Vm {
             #[cfg(feature = "tdx")]
             false,
             Some(memory_manager_data),
+            #[cfg(target_arch = "x86_64")]
+            None,
         )
         .map_err(Error::MemoryManager)?;