External/cloud-hypervisor
1
0
Fork 0
mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2025-01-08 22:05:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

vmm: Refactor SGX setup to inside MemoryManager::new()

Browse Source 
This makes it possible to manually allocate the SGX region after the end
of RAM region.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
This commit is contained in:
Rob Bradford 2021-10-29 09:30:01 +01:00
parent 438be0dad5
commit ec81f377b6
2 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
vmm/src/memory_manager.rs
View File

@ -820,6 +820,7 @@ impl MemoryManager {
phys_bits: u8, phys_bits: u8,
#[cfg(feature = "tdx")] tdx_enabled: bool, #[cfg(feature = "tdx")] tdx_enabled: bool,
restore_data: Option<&MemoryManagerSnapshotData>, restore_data: Option<&MemoryManagerSnapshotData>,
#[cfg(target_arch = "x86_64")] sgx_epc_config: Option<Vec<SgxEpcConfig>>,
) -> Result<Arc<Mutex<MemoryManager>>, Error> { ) -> Result<Arc<Mutex<MemoryManager>>, Error> {
let user_provided_zones = config.size == 0; let user_provided_zones = config.size == 0;
@ -1047,6 +1048,10 @@ impl MemoryManager {
}; };
memory_manager.allocate_address_space()?; memory_manager.allocate_address_space()?;
#[cfg(target_arch = "x86_64")]
if let Some(sgx_epc_config) = sgx_epc_config {
memory_manager.setup_sgx(sgx_epc_config)?;
}
Ok(Arc::new(Mutex::new(memory_manager))) Ok(Arc::new(Mutex::new(memory_manager)))
} }
@ -1075,6 +1080,8 @@ impl MemoryManager {
#[cfg(feature = "tdx")] #[cfg(feature = "tdx")]
false, false,
Some(&mem_snapshot), Some(&mem_snapshot),
#[cfg(target_arch = "x86_64")]
None,
)?; )?;
mm.lock() mm.lock()
@ -1585,16 +1592,13 @@ impl MemoryManager {
} }
#[cfg(target_arch = "x86_64")] #[cfg(target_arch = "x86_64")]
pub fn setup_sgx( pub fn setup_sgx(&mut self, sgx_epc_config: Vec<SgxEpcConfig>) -> Result<(), Error> {
&mut self,
sgx_epc_config: Vec<SgxEpcConfig>,
vm: &Arc<dyn hypervisor::Vm>,
) -> Result<(), Error> {
let file = OpenOptions::new() let file = OpenOptions::new()
.read(true) .read(true)
.open("/dev/sgx_provision") .open("/dev/sgx_provision")
.map_err(Error::SgxProvisionOpen)?; .map_err(Error::SgxProvisionOpen)?;
vm.enable_sgx_attribute(file) self.vm
.enable_sgx_attribute(file)
.map_err(Error::SgxEnableProvisioning)?; .map_err(Error::SgxEnableProvisioning)?;
// Go over each EPC section and verify its size is a 4k multiple. At // Go over each EPC section and verify its size is a 4k multiple. At

19
vmm/src/vm.rs
View File

@ -745,6 +745,10 @@ impl Vm {
#[cfg(target_arch = "x86_64")] #[cfg(target_arch = "x86_64")]
vm.enable_split_irq().unwrap(); vm.enable_split_irq().unwrap();
let phys_bits = physical_bits(config.lock().unwrap().cpus.max_phys_bits); let phys_bits = physical_bits(config.lock().unwrap().cpus.max_phys_bits);
#[cfg(target_arch = "x86_64")]
let sgx_epc_config = config.lock().unwrap().sgx_epc.clone();
let memory_manager = MemoryManager::new( let memory_manager = MemoryManager::new(
vm.clone(), vm.clone(),
&config.lock().unwrap().memory.clone(), &config.lock().unwrap().memory.clone(),
@ -753,20 +757,11 @@ impl Vm {
#[cfg(feature = "tdx")] #[cfg(feature = "tdx")]
tdx_enabled, tdx_enabled,
None, None,
#[cfg(target_arch = "x86_64")]
sgx_epc_config,
) )
.map_err(Error::MemoryManager)?; .map_err(Error::MemoryManager)?;
#[cfg(target_arch = "x86_64")]
{
if let Some(sgx_epc_config) = config.lock().unwrap().sgx_epc.clone() {
memory_manager
.lock()
.unwrap()
.setup_sgx(sgx_epc_config, &vm)
.map_err(Error::MemoryManager)?;
}
}
let new_vm = Vm::new_from_memory_manager( let new_vm = Vm::new_from_memory_manager(
config, config,
memory_manager, memory_manager,
@ -871,6 +866,8 @@ impl Vm {
#[cfg(feature = "tdx")] #[cfg(feature = "tdx")]
false, false,
Some(memory_manager_data), Some(memory_manager_data),
#[cfg(target_arch = "x86_64")]
None,
) )
.map_err(Error::MemoryManager)?; .map_err(Error::MemoryManager)?;