mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-12-22 21:55:20 +00:00
vmm: Refactor SGX setup to inside MemoryManager::new()
This makes it possible to manually allocate the SGX region after the end of RAM region. Signed-off-by: Rob Bradford <robert.bradford@intel.com>
This commit is contained in:
parent
438be0dad5
commit
ec81f377b6
@ -820,6 +820,7 @@ impl MemoryManager {
|
||||
phys_bits: u8,
|
||||
#[cfg(feature = "tdx")] tdx_enabled: bool,
|
||||
restore_data: Option<&MemoryManagerSnapshotData>,
|
||||
#[cfg(target_arch = "x86_64")] sgx_epc_config: Option<Vec<SgxEpcConfig>>,
|
||||
) -> Result<Arc<Mutex<MemoryManager>>, Error> {
|
||||
let user_provided_zones = config.size == 0;
|
||||
|
||||
@ -1047,6 +1048,10 @@ impl MemoryManager {
|
||||
};
|
||||
|
||||
memory_manager.allocate_address_space()?;
|
||||
#[cfg(target_arch = "x86_64")]
|
||||
if let Some(sgx_epc_config) = sgx_epc_config {
|
||||
memory_manager.setup_sgx(sgx_epc_config)?;
|
||||
}
|
||||
|
||||
Ok(Arc::new(Mutex::new(memory_manager)))
|
||||
}
|
||||
@ -1075,6 +1080,8 @@ impl MemoryManager {
|
||||
#[cfg(feature = "tdx")]
|
||||
false,
|
||||
Some(&mem_snapshot),
|
||||
#[cfg(target_arch = "x86_64")]
|
||||
None,
|
||||
)?;
|
||||
|
||||
mm.lock()
|
||||
@ -1585,16 +1592,13 @@ impl MemoryManager {
|
||||
}
|
||||
|
||||
#[cfg(target_arch = "x86_64")]
|
||||
pub fn setup_sgx(
|
||||
&mut self,
|
||||
sgx_epc_config: Vec<SgxEpcConfig>,
|
||||
vm: &Arc<dyn hypervisor::Vm>,
|
||||
) -> Result<(), Error> {
|
||||
pub fn setup_sgx(&mut self, sgx_epc_config: Vec<SgxEpcConfig>) -> Result<(), Error> {
|
||||
let file = OpenOptions::new()
|
||||
.read(true)
|
||||
.open("/dev/sgx_provision")
|
||||
.map_err(Error::SgxProvisionOpen)?;
|
||||
vm.enable_sgx_attribute(file)
|
||||
self.vm
|
||||
.enable_sgx_attribute(file)
|
||||
.map_err(Error::SgxEnableProvisioning)?;
|
||||
|
||||
// Go over each EPC section and verify its size is a 4k multiple. At
|
||||
|
@ -745,6 +745,10 @@ impl Vm {
|
||||
#[cfg(target_arch = "x86_64")]
|
||||
vm.enable_split_irq().unwrap();
|
||||
let phys_bits = physical_bits(config.lock().unwrap().cpus.max_phys_bits);
|
||||
|
||||
#[cfg(target_arch = "x86_64")]
|
||||
let sgx_epc_config = config.lock().unwrap().sgx_epc.clone();
|
||||
|
||||
let memory_manager = MemoryManager::new(
|
||||
vm.clone(),
|
||||
&config.lock().unwrap().memory.clone(),
|
||||
@ -753,20 +757,11 @@ impl Vm {
|
||||
#[cfg(feature = "tdx")]
|
||||
tdx_enabled,
|
||||
None,
|
||||
#[cfg(target_arch = "x86_64")]
|
||||
sgx_epc_config,
|
||||
)
|
||||
.map_err(Error::MemoryManager)?;
|
||||
|
||||
#[cfg(target_arch = "x86_64")]
|
||||
{
|
||||
if let Some(sgx_epc_config) = config.lock().unwrap().sgx_epc.clone() {
|
||||
memory_manager
|
||||
.lock()
|
||||
.unwrap()
|
||||
.setup_sgx(sgx_epc_config, &vm)
|
||||
.map_err(Error::MemoryManager)?;
|
||||
}
|
||||
}
|
||||
|
||||
let new_vm = Vm::new_from_memory_manager(
|
||||
config,
|
||||
memory_manager,
|
||||
@ -871,6 +866,8 @@ impl Vm {
|
||||
#[cfg(feature = "tdx")]
|
||||
false,
|
||||
Some(memory_manager_data),
|
||||
#[cfg(target_arch = "x86_64")]
|
||||
None,
|
||||
)
|
||||
.map_err(Error::MemoryManager)?;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user