On 19/01/2021 05:30, Longpeng(Mike) wrote:
According the PCI spec:
Bus Master Enable – Controls the ability of a PCI Express
Endpoint to issue Memory and I/O Read/Write Requests, and
the ability of a Root or Switch Port to forward Memory and
I/O Read/Write Requests in the Upstream d
On 14/12/2020 19:09, Stefano Garzarella wrote:
On Mon, Dec 14, 2020 at 06:11:17PM +0200, Andra Paraschiv wrote:
vsock enables communication between virtual machines and the host
they are
running on. Nested VMs can be setup to use vsock channels, as the multi
transport support has been availa
On 14/12/2020 10:13, Stefano Garzarella wrote:
On Sat, Dec 12, 2020 at 09:16:08AM -0800, Jakub Kicinski wrote:
On Fri, 11 Dec 2020 16:24:13 +0100 Stefano Garzarella wrote:
On Fri, Dec 11, 2020 at 12:32:37PM +0200, Andra Paraschiv wrote:
>vsock enables communication between virtual machines a
On 11/12/2020 17:24, Stefano Garzarella wrote:
Hi Andra,
On Fri, Dec 11, 2020 at 12:32:37PM +0200, Andra Paraschiv wrote:
vsock enables communication between virtual machines and the host
they are
running on. Nested VMs can be setup to use vsock channels, as the multi
transport support has
On 09/12/2020 19:30, Jakub Kicinski wrote:
On Wed, 9 Dec 2020 17:17:56 +0200 Paraschiv, Andra-Irina wrote:
I agree that could be a problem, but here some considerations:
- I checked some applications (qemu-guest-agent, ncat, iperf-vsock) and
all use the same pattern: allocate memory
On 09/12/2020 12:48, Stefano Garzarella wrote:
On Tue, Dec 08, 2020 at 10:42:22AM -0800, Jakub Kicinski wrote:
On Tue, 8 Dec 2020 20:23:24 +0200 Paraschiv, Andra-Irina wrote:
>> --- a/include/uapi/linux/vm_sockets.h
>> +++ b/include/uapi/linux/vm_sockets.h
>>
On 07/12/2020 23:29, Jakub Kicinski wrote:
On Fri, 4 Dec 2020 19:02:32 +0200 Andra Paraschiv wrote:
diff --git a/include/uapi/linux/vm_sockets.h b/include/uapi/linux/vm_sockets.h
index fd0ed7221645d..46735376a57a8 100644
--- a/include/uapi/linux/vm_sockets.h
+++ b/include/uapi/linux/vm_sockets
On 07/12/2020 12:00, Stefano Garzarella wrote:
On Fri, Dec 04, 2020 at 07:02:35PM +0200, Andra Paraschiv wrote:
The vsock flags field can be set in the connect and (listen) receive
paths.
When the vsock transport is assigned, the remote CID is used to
distinguish between types of connection.
On 07/12/2020 11:59, Stefano Garzarella wrote:
On Fri, Dec 04, 2020 at 07:02:33PM +0200, Andra Paraschiv wrote:
Add VMADDR_FLAG_TO_HOST vsock flag that is used to setup a vsock
connection where all the packets are forwarded to the host.
Then, using this type of vsock channel, vsock communica
On 07/12/2020 11:59, Stefano Garzarella wrote:
On Fri, Dec 04, 2020 at 07:02:32PM +0200, Andra Paraschiv wrote:
vsock enables communication between virtual machines and the host they
are running on. With the multi transport support (guest->host and
host->guest), nested VMs can also use vsock
On 07/12/2020 12:05, Stefano Garzarella wrote:
Hi Andra,
On Fri, Dec 04, 2020 at 07:02:31PM +0200, Andra Paraschiv wrote:
vsock enables communication between virtual machines and the host
they are
running on. Nested VMs can be setup to use vsock channels, as the multi
transport support has
On 03/12/2020 15:38, Stefano Garzarella wrote:
On Thu, Dec 03, 2020 at 12:32:08PM +0200, Paraschiv, Andra-Irina wrote:
On 03/12/2020 11:21, Stefan Hajnoczi wrote:
On Tue, Dec 01, 2020 at 05:25:03PM +0200, Andra Paraschiv wrote:
vsock enables communication between virtual machines and the
On 03/12/2020 11:21, Stefan Hajnoczi wrote:
On Tue, Dec 01, 2020 at 05:25:03PM +0200, Andra Paraschiv wrote:
vsock enables communication between virtual machines and the host they
are running on. With the multi transport support (guest->host and
host->guest), nested VMs can also use vsock cha
On 02/12/2020 15:37, Stefano Garzarella wrote:
Hi Andra,
On Tue, Dec 01, 2020 at 05:25:02PM +0200, Andra Paraschiv wrote:
vsock enables communication between virtual machines and the host
they are
running on. Nested VMs can be setup to use vsock channels, as the multi
transport support has
On 01/12/2020 18:23, Stefano Garzarella wrote:
On Tue, Dec 01, 2020 at 05:25:05PM +0200, Andra Paraschiv wrote:
The vsock flag has been set in the connect and (listen) receive paths.
When the vsock transport is assigned, the remote CID is used to
distinguish between types of connection.
Use
On 01/12/2020 18:22, Stefano Garzarella wrote:
On Tue, Dec 01, 2020 at 05:25:04PM +0200, Andra Paraschiv wrote:
The vsock flag can be set during the connect() setup logic, when
initializing the vsock address data structure variable. Then the vsock
transport is assigned, also considering this
On 01/12/2020 18:09, Stefano Garzarella wrote:
On Tue, Dec 01, 2020 at 05:25:03PM +0200, Andra Paraschiv wrote:
vsock enables communication between virtual machines and the host they
are running on. With the multi transport support (guest->host and
host->guest), nested VMs can also use vsock
On 01/12/2020 18:27, Stefano Garzarella wrote:
Hi Andra,
On Tue, Dec 01, 2020 at 05:25:02PM +0200, Andra Paraschiv wrote:
vsock enables communication between virtual machines and the host
they are
running on. Nested VMs can be setup to use vsock channels, as the multi
transport support has
On 02/11/2020 19:50, Alexander Graf wrote:
On 02.11.20 18:36, Andra Paraschiv wrote:
Update the assigned value of the poll result to be EPOLLHUP instead of
POLLHUP to match the __poll_t type.
While at it, simplify the logic of setting the mask result of the poll
function.
Changelog
v1 ->
On 02/11/2020 18:16, Alexander Graf wrote:
On 14.10.20 11:05, Andra Paraschiv wrote:
Update the assigned value of the poll result to be EPOLLHUP instead of
POLLHUP to match the __poll_t type.
Signed-off-by: Andra Paraschiv
Reported-by: kernel test robot
---
drivers/virt/nitro_enclaves/
On 22/09/2020 19:20, Greg KH wrote:
On Tue, Sep 22, 2020 at 05:13:02PM +0300, Paraschiv, Andra-Irina wrote:
On 21/09/2020 15:34, Paraschiv, Andra-Irina wrote:
On 14/09/2020 20:23, Paraschiv, Andra-Irina wrote:
On 14/09/2020 18:59, Greg KH wrote:
On Fri, Sep 11, 2020 at 05:11:37PM +0300
On 21/09/2020 15:34, Paraschiv, Andra-Irina wrote:
On 14/09/2020 20:23, Paraschiv, Andra-Irina wrote:
On 14/09/2020 18:59, Greg KH wrote:
On Fri, Sep 11, 2020 at 05:11:37PM +0300, Andra Paraschiv wrote:
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
I can't take pa
On 14/09/2020 20:23, Paraschiv, Andra-Irina wrote:
On 14/09/2020 18:59, Greg KH wrote:
On Fri, Sep 11, 2020 at 05:11:37PM +0300, Andra Paraschiv wrote:
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
I can't take patches without any changelog text at all, sorry.
Same
On 14/09/2020 18:59, Greg KH wrote:
On Fri, Sep 11, 2020 at 05:11:37PM +0300, Andra Paraschiv wrote:
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
I can't take patches without any changelog text at all, sorry.
Same for a few other patches in this series :(
I can move the ch
On 07/09/2020 18:13, Paraschiv, Andra-Irina wrote:
On 07/09/2020 17:08, Greg KH wrote:
On Mon, Sep 07, 2020 at 04:43:11PM +0300, Paraschiv, Andra-Irina wrote:
On 07/09/2020 12:01, Greg KH wrote:
On Fri, Sep 04, 2020 at 08:37:17PM +0300, Andra Paraschiv wrote:
Signed-off-by: Andra
On 11/09/2020 18:12, Greg KH wrote:
On Fri, Sep 11, 2020 at 05:56:10PM +0300, Paraschiv, Andra-Irina wrote:
On 07/09/2020 18:13, Paraschiv, Andra-Irina wrote:
On 07/09/2020 17:08, Greg KH wrote:
On Mon, Sep 07, 2020 at 04:43:11PM +0300, Paraschiv, Andra-Irina wrote:
On 07/09/2020 12:01
On 07/09/2020 12:00, Greg KH wrote:
On Fri, Sep 04, 2020 at 08:37:15PM +0300, Andra Paraschiv wrote:
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
---
Changelog
v7 -> v8
* No changes.
v6 -> v7
* No changes.
v5 -> v6
* No changes.
v4 -> v5
* No changes.
v3 -> v4
* No
On 07/09/2020 17:08, Greg KH wrote:
On Mon, Sep 07, 2020 at 04:35:23PM +0300, Paraschiv, Andra-Irina wrote:
On 07/09/2020 12:00, Greg KH wrote:
On Fri, Sep 04, 2020 at 08:37:15PM +0300, Andra Paraschiv wrote:
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
---
Changelog
v7
On 07/09/2020 17:08, Greg KH wrote:
On Mon, Sep 07, 2020 at 04:43:11PM +0300, Paraschiv, Andra-Irina wrote:
On 07/09/2020 12:01, Greg KH wrote:
On Fri, Sep 04, 2020 at 08:37:17PM +0300, Andra Paraschiv wrote:
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
---
Changelog
v7
On 07/09/2020 12:01, Greg KH wrote:
On Fri, Sep 04, 2020 at 08:37:17PM +0300, Andra Paraschiv wrote:
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
---
Changelog
v7 -> v8
* Add info about the primary / parent VM CID value.
* Update reference link for huge pages.
* Add referenc
On 07/09/2020 11:58, Greg KH wrote:
On Fri, Sep 04, 2020 at 08:37:09PM +0300, Andra Paraschiv wrote:
An enclave, before being started, has its resources set. One of its
resources is CPU.
A NE CPU pool is set and enclave CPUs are chosen from it. Offline the
CPUs from the NE CPU pool during th
On 07/09/2020 11:57, Greg KH wrote:
On Fri, Sep 04, 2020 at 08:37:08PM +0300, Andra Paraschiv wrote:
+static long ne_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+{
+ switch (cmd) {
+ case NE_CREATE_VM: {
+ int enclave_fd = -1;
+ struct file *e
On 04/09/2020 19:13, Greg KH wrote:
On Mon, Aug 31, 2020 at 11:19:19AM +0300, Paraschiv, Andra-Irina wrote:
On 19/08/2020 14:26, Greg KH wrote:
On Wed, Aug 19, 2020 at 01:15:59PM +0200, Alexander Graf wrote:
On 17.08.20 15:09, Andra Paraschiv wrote:
Nitro Enclaves (NE) is a new Amazon
On 19/08/2020 14:26, Greg KH wrote:
On Wed, Aug 19, 2020 at 01:15:59PM +0200, Alexander Graf wrote:
On 17.08.20 15:09, Andra Paraschiv wrote:
Nitro Enclaves (NE) is a new Amazon Elastic Compute Cloud (EC2) capability
that allows customers to carve out isolated compute environments within EC
On 19/08/2020 14:26, Greg KH wrote:
On Wed, Aug 19, 2020 at 01:15:59PM +0200, Alexander Graf wrote:
On 17.08.20 15:09, Andra Paraschiv wrote:
Nitro Enclaves (NE) is a new Amazon Elastic Compute Cloud (EC2) capability
that allows customers to carve out isolated compute environments within EC
On 10/08/2020 12:57, Alexander Graf wrote:
On 05.08.20 11:10, Andra Paraschiv wrote:
Before setting the memory regions for the enclave, the enclave image
needs to be placed in memory. After the memory regions are set, this
memory cannot be used anymore by the VM, being carved out.
Add ioct
On 10/08/2020 10:33, Alexander Graf wrote:
On 05.08.20 11:10, Andra Paraschiv wrote:
An enclave, before being started, has its resources set. One of its
resources is CPU.
A NE CPU pool is set and enclave CPUs are chosen from it. Offline the
CPUs from the NE CPU pool during the pool setup a
On 10/08/2020 09:11, Alexander Graf wrote:
On 05.08.20 11:10, Andra Paraschiv wrote:
Add ioctl command logic for enclave VM creation. It triggers a slot
allocation. The enclave resources will be associated with this slot and
it will be used as an identifier for triggering enclave run.
Retu
On 10/08/2020 08:22, Alexander Graf wrote:
On 05.08.20 11:10, Andra Paraschiv wrote:
The Nitro Enclaves driver provides an ioctl interface to the user space
for enclave lifetime management e.g. enclave creation / termination and
setting enclave resources such as memory and CPU.
This ioctl
On 05/08/2020 17:23, kernel test robot wrote:
Hi Andra,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on linux/master]
[also build test ERROR on linus/master v5.8 next-20200805]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when subm
On 24/07/2020 02:04, Alexander Graf wrote:
On 23.07.20 20:21, Paraschiv, Andra-Irina wrote:
On 23/07/2020 13:54, Greg KH wrote:
On Thu, Jul 23, 2020 at 12:23:56PM +0300, Paraschiv, Andra-Irina wrote:
On 22/07/2020 12:57, Greg KH wrote:
On Wed, Jul 22, 2020 at 11:27:29AM +0300
On 23/07/2020 13:54, Greg KH wrote:
On Thu, Jul 23, 2020 at 12:23:56PM +0300, Paraschiv, Andra-Irina wrote:
On 22/07/2020 12:57, Greg KH wrote:
On Wed, Jul 22, 2020 at 11:27:29AM +0300, Paraschiv, Andra-Irina wrote:
+#ifndef _UAPI_LINUX_NITRO_ENCLAVES_H_
+#define
On 22/07/2020 12:57, Greg KH wrote:
On Wed, Jul 22, 2020 at 11:27:29AM +0300, Paraschiv, Andra-Irina wrote:
+#ifndef _UAPI_LINUX_NITRO_ENCLAVES_H_
+#define _UAPI_LINUX_NITRO_ENCLAVES_H_
+
+#include
+
+/* Nitro Enclaves (NE) Kernel Driver Interface */
+
+#define NE_API_VERSION (1)
Why do you
On 21/07/2020 15:12, Greg KH wrote:
On Wed, Jul 15, 2020 at 10:45:23PM +0300, Andra Paraschiv wrote:
The Nitro Enclaves driver handles the enclave lifetime management. This
includes enclave creation, termination and setting up its resources such
as memory and CPU.
An enclave runs alongside th
On 21/07/2020 13:17, Alexander Graf wrote:
On 15.07.20 21:45, Andra Paraschiv wrote:
The Nitro Enclaves PCI device exposes a MMIO space that this driver
uses to submit command requests and to receive command replies e.g. for
enclave creation / termination or setting enclave resources.
Add
On 20/07/2020 17:24, Alexander Graf wrote:
On 15.07.20 21:45, Andra Paraschiv wrote:
The Nitro Enclaves PCI device is used by the kernel driver as a means of
communication with the hypervisor on the host where the primary VM and
the enclaves run. It handles requests with regard to enclave l
On 16/07/2020 11:30, Stefan Hajnoczi wrote:
On Wed, Jul 15, 2020 at 10:45:23PM +0300, Andra Paraschiv wrote:
+ * A NE CPU pool has be set before calling this function. The pool can be set
s/has be/has to be/
Fixed.
Thanks, this looks good!
Reviewed-by: Stefan Hajnoczi
Thanks for rev
On 09/07/2020 11:40, Alexander Graf wrote:
On 09.07.20 09:36, Paraschiv, Andra-Irina wrote:
On 06/07/2020 13:46, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
Another resource that is being set for an enclave is memory. User
space
memory regions, that need to be
On 06/07/2020 13:46, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
Another resource that is being set for an enclave is memory. User space
memory regions, that need to be backed by contiguous memory regions,
are associated with the enclave.
One solution for allocating / r
On 06/07/2020 13:12, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
An enclave, before being started, has its resources set. One of its
resources is CPU.
The NE CPU pool is set for choosing CPUs for enclaves from it. Offline
the CPUs from the NE CPU pool during the pool se
On 06/07/2020 14:39, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* Update usage details to match the updates in v4.
* Update NE ioctl interface usage.
v2 -> v3
* Remove the includ
On 06/07/2020 14:21, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
After all the enclave resources are set, the enclave is ready for
beginning to run.
Add ioctl command logic for starting an enclave after all its resources,
memory regions and CPUs, have been set.
The enc
On 06/07/2020 14:26, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
An enclave is associated with an fd that is returned after the enclave
creation logic is completed. This enclave fd is further used to setup
enclave resources. Once the enclave needs to be terminated, the e
On 06/07/2020 14:30, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
Added. Thank you.
Andra
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar
Street, UBC5, floor 2, Iasi, Iasi Co
On 06/07/2020 14:28, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* Add PCI and SMP dependencies.
v2 -> v3
* Remove the GPL additional wording as SPDX-License-Identifier is
already in place.
v1 -> v2
* Update
On 06/07/2020 13:16, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
Before setting the memory regions for the enclave, the enclave image
needs to be placed in memory. After the memory regions are set, this
memory cannot be used anymore by the VM, being carved out.
Add ioct
On 06/07/2020 10:53, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
Add ioctl command logic for enclave VM creation. It triggers a slot
allocation. The enclave resources will be associated with this slot and
it will be used as an identifier for triggering enclave run.
Retu
On 06/07/2020 11:01, Alexander Graf wrote:
On 06.07.20 09:49, Paraschiv, Andra-Irina wrote:
On 06/07/2020 10:13, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
The Nitro Enclaves driver provides an ioctl interface to the user
space
for enclave lifetime management e.g
On 06/07/2020 10:13, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
The Nitro Enclaves driver provides an ioctl interface to the user space
for enclave lifetime management e.g. enclave creation / termination and
setting enclave resources such as memory and CPU.
This ioctl
On 02/07/2020 18:24, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
In addition to the replies sent by the Nitro Enclaves PCI device in
response to command requests, out-of-band enclave events can happen e.g.
an enclave crashes. In this case, the Nitro Enclaves driver needs
On 02/07/2020 18:19, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
The Nitro Enclaves PCI device exposes a MMIO space that this driver
uses to submit command requests and to receive command replies e.g. for
enclave creation / termination or setting enclave resources.
Add
On 02/07/2020 18:09, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
The Nitro Enclaves PCI device is used by the kernel driver as a means of
communication with the hypervisor on the host where the primary VM and
the enclaves run. It handles requests with regard to enclave l
On 02/07/2020 18:24, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
The Nitro Enclaves driver keeps an internal info per each enclave.
This is needed to be able to manage enclave resources state, enclave
notifications and have a reference of the PCI device that handles
com
On 02/07/2020 18:24, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
The Nitro Enclaves (NE) driver communicates with a new PCI device, that
is exposed to a virtual machine (VM) and handles commands meant for
handling enclaves lifetime e.g. creation, termination, setting mem
On 02/07/2020 18:24, Alexander Graf wrote:
On 22.06.20 22:03, Andra Paraschiv wrote:
The Nitro Enclaves driver handles the enclave lifetime management. This
includes enclave creation, termination and setting up its resources such
as memory and CPU.
An enclave runs alongside the VM that spa
On 30/06/2020 11:05, Greg KH wrote:
On Mon, Jun 29, 2020 at 08:45:25PM +0300, Paraschiv, Andra-Irina wrote:
On 29/06/2020 19:20, Greg KH wrote:
On Mon, Jun 22, 2020 at 11:03:18PM +0300, Andra Paraschiv wrote:
+static int __init ne_init(void)
+{
+ struct pci_dev *pdev = pci_get_device
On 29/06/2020 19:20, Greg KH wrote:
On Mon, Jun 22, 2020 at 11:03:18PM +0300, Andra Paraschiv wrote:
+static int __init ne_init(void)
+{
+ struct pci_dev *pdev = pci_get_device(PCI_VENDOR_ID_AMAZON,
+ PCI_DEVICE_ID_NE, NULL);
+ int rc = -EINVA
On 25/06/2020 16:29, Stefan Hajnoczi wrote:
On Wed, Jun 24, 2020 at 05:02:54PM +0300, Paraschiv, Andra-Irina wrote:
On 23/06/2020 11:56, Stefan Hajnoczi wrote:
On Mon, Jun 22, 2020 at 11:03:12PM +0300, Andra Paraschiv wrote:
+/* User memory region flags */
+
+/* Memory region for enclave
On 25/06/2020 16:10, Stefan Hajnoczi wrote:
On Wed, Jun 24, 2020 at 05:39:39PM +0300, Paraschiv, Andra-Irina wrote:
On 23/06/2020 11:59, Stefan Hajnoczi wrote:
On Mon, Jun 22, 2020 at 11:03:28PM +0300, Andra Paraschiv wrote:
+The kernel bzImage, the kernel command line, the ramdisk(s) are
On 23/06/2020 11:59, Stefan Hajnoczi wrote:
On Mon, Jun 22, 2020 at 11:03:28PM +0300, Andra Paraschiv wrote:
+The kernel bzImage, the kernel command line, the ramdisk(s) are part of the
+Enclave Image Format (EIF); plus an EIF header including metadata such as magic
+number, eif version, imag
On 23/06/2020 11:56, Stefan Hajnoczi wrote:
On Mon, Jun 22, 2020 at 11:03:12PM +0300, Andra Paraschiv wrote:
diff --git a/include/uapi/linux/nitro_enclaves.h
b/include/uapi/linux/nitro_enclaves.h
new file mode 100644
index ..3270eb939a97
--- /dev/null
+++ b/include/uapi/linux/nit
On 05/06/2020 11:15, Stefan Hajnoczi wrote:
On Mon, Jun 01, 2020 at 10:20:18AM +0300, Paraschiv, Andra-Irina wrote:
On 01/06/2020 06:02, Benjamin Herrenschmidt wrote:
On Wed, 2020-05-27 at 09:49 +0100, Stefan Hajnoczi wrote:
What about feature bits or a API version number field? If you
On 01/06/2020 06:02, Benjamin Herrenschmidt wrote:
On Wed, 2020-05-27 at 09:49 +0100, Stefan Hajnoczi wrote:
What about feature bits or a API version number field? If you add
features to the NE driver, how will userspace detect them?
Even if you intend to always compile userspace against the
On 01/06/2020 05:59, Benjamin Herrenschmidt wrote:
On Wed, 2020-05-27 at 00:21 +0200, Greg KH wrote:
There are a couple of data structures with more than one member and multiple
field sizes. And for the ones that are not, gathered as feedback from
previous rounds of review that should consider
On 01/06/2020 05:55, Benjamin Herrenschmidt wrote:
On Tue, 2020-05-26 at 21:35 +0300, Paraschiv, Andra-Irina wrote:
This was needed to have an identifier for the overall NE logic - PCI
dev, ioctl and misc dev.
The ioctl and misc dev logic has pr_* logs, but I can update them to
dev_* with
On 27/05/2020 11:49, Stefan Hajnoczi wrote:
On Tue, May 26, 2020 at 01:13:17AM +0300, Andra Paraschiv wrote:
The Nitro Enclaves driver handles the enclave lifetime management. This
includes enclave creation, termination and setting up its resources such
as memory and CPU.
An enclave runs alo
On 28/05/2020 16:12, Greg KH wrote:
On Thu, May 28, 2020 at 03:01:36PM +0200, Alexander Graf wrote:
On 27.05.20 00:24, Greg KH wrote:
On Tue, May 26, 2020 at 03:44:30PM +0200, Alexander Graf wrote:
On 26.05.20 15:17, Greg KH wrote:
On Tue, May 26, 2020 at 02:44:18PM +0200, Alexander Graf
On 27/05/2020 01:21, Greg KH wrote:
On Tue, May 26, 2020 at 08:01:36PM +0300, Paraschiv, Andra-Irina wrote:
On 26/05/2020 09:44, Greg KH wrote:
On Tue, May 26, 2020 at 01:13:18AM +0300, Andra Paraschiv wrote:
+struct enclave_get_slot_req {
+ /* Context ID (CID) for the enclave vsock
On 27/05/2020 01:19, Greg KH wrote:
On Tue, May 26, 2020 at 09:35:33PM +0300, Paraschiv, Andra-Irina wrote:
On 26/05/2020 09:48, Greg KH wrote:
On Tue, May 26, 2020 at 01:13:20AM +0300, Andra Paraschiv wrote:
The Nitro Enclaves PCI device is used by the kernel driver as a means of
On 26/05/2020 09:48, Greg KH wrote:
On Tue, May 26, 2020 at 01:13:20AM +0300, Andra Paraschiv wrote:
The Nitro Enclaves PCI device is used by the kernel driver as a means of
communication with the hypervisor on the host where the primary VM and
the enclaves run. It handles requests with regard
On 26/05/2020 09:46, Greg KH wrote:
On Tue, May 26, 2020 at 01:13:19AM +0300, Andra Paraschiv wrote:
+/* Nitro Enclaves (NE) misc device */
+extern struct miscdevice ne_miscdevice;
Why does your misc device need to be in a .h file?
Having the patch series like this (add random .h files, and
On 26/05/2020 09:44, Greg KH wrote:
On Tue, May 26, 2020 at 01:13:18AM +0300, Andra Paraschiv wrote:
+struct enclave_get_slot_req {
+ /* Context ID (CID) for the enclave vsock device. */
+ u64 enclave_cid;
+} __attribute__ ((__packed__));
Can you really "pack" a single member stru
On 26/05/2020 15:33, Greg KH wrote:
On Tue, May 26, 2020 at 01:42:41PM +0200, Alexander Graf wrote:
On 26.05.20 08:51, Greg KH wrote:
On Tue, May 26, 2020 at 01:13:23AM +0300, Andra Paraschiv wrote:
+#define NE "nitro_enclaves: "
Again, no need for this.
+#define NE_DEV_NAME "nitro_encla
On 26/05/2020 09:42, Greg KH wrote:
On Mon, May 25, 2020 at 11:49:50PM +0300, Paraschiv, Andra-Irina wrote:
On 22/05/2020 10:07, Greg KH wrote:
On Fri, May 22, 2020 at 09:29:35AM +0300, Andra Paraschiv wrote:
+static char *ne_cpus;
+module_param(ne_cpus, charp, 0644);
+MODULE_PARM_DESC
On 26/05/2020 09:41, Greg KH wrote:
On Mon, May 25, 2020 at 11:57:26PM +0300, Paraschiv, Andra-Irina wrote:
On 22/05/2020 10:08, Greg KH wrote:
On Fri, May 22, 2020 at 09:29:44AM +0300, Andra Paraschiv wrote:
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
I know I don&#
On 22/05/2020 10:11, Greg KH wrote:
On Fri, May 22, 2020 at 09:29:44AM +0300, Andra Paraschiv wrote:
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
No changelog?
I included the changelog in v3.
---
samples/nitro_enclaves/.gitignore | 2 +
samples/nitro
On 22/05/2020 10:09, Greg KH wrote:
On Fri, May 22, 2020 at 09:29:45AM +0300, Andra Paraschiv wrote:
Signed-off-by: Andra Paraschiv
No changelog?
I included the changelog in v3.
Thanks,
Andra
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar
Street, UBC5, flo
On 22/05/2020 10:09, Greg KH wrote:
On Fri, May 22, 2020 at 09:29:43AM +0300, Andra Paraschiv wrote:
Signed-off-by: Andra Paraschiv
Changelog is needed
I included it in v3.
Thanks,
Andra
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar
Street, UBC5, floor 2
On 22/05/2020 10:09, Greg KH wrote:
On Fri, May 22, 2020 at 09:29:42AM +0300, Andra Paraschiv wrote:
Signed-off-by: Andra Paraschiv
changelog is needed.
I included it in v3.
Thanks,
Andra
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar
Street, UBC5, floor
On 22/05/2020 10:08, Greg KH wrote:
On Fri, May 22, 2020 at 09:29:44AM +0300, Andra Paraschiv wrote:
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
I know I don't take commits with no changelog text :(
Included in v3 the changelog for each patch in the series, in addition
On 22/05/2020 10:08, Greg KH wrote:
On Fri, May 22, 2020 at 09:29:36AM +0300, Andra Paraschiv wrote:
Add ioctl command logic for enclave VM creation. It triggers a slot
allocation. The enclave resources will be associated with this slot and
it will be used as an identifier for triggering encla
On 22/05/2020 10:07, Greg KH wrote:
On Fri, May 22, 2020 at 09:29:35AM +0300, Andra Paraschiv wrote:
+static char *ne_cpus;
+module_param(ne_cpus, charp, 0644);
+MODULE_PARM_DESC(ne_cpus, " - CPU pool used for Nitro Enclaves");
This is not the 1990's, don't use module parameters if you can he
On 24/05/2020 09:32, Greg KH wrote:
On Sat, May 23, 2020 at 10:25:25PM +0200, Alexander Graf wrote:
Hey Greg,
On 22.05.20 09:04, Greg KH wrote:
On Fri, May 22, 2020 at 09:29:32AM +0300, Andra Paraschiv wrote:
+/**
+ * ne_setup_msix - Setup MSI-X vectors for the PCI device.
+ *
+ * @pdev: PC
On 22/05/2020 10:04, Greg KH wrote:
On Fri, May 22, 2020 at 09:29:32AM +0300, Andra Paraschiv wrote:
+/**
+ * ne_setup_msix - Setup MSI-X vectors for the PCI device.
+ *
+ * @pdev: PCI device to setup the MSI-X for.
+ *
+ * @returns: 0 on success, negative return value on failure.
+ */
+static
On 22/05/2020 10:03, Joe Perches wrote:
On Fri, 2020-05-22 at 09:29 +0300, Andra Paraschiv wrote:
trivia:
diff --git a/MAINTAINERS b/MAINTAINERS
[]
@@ -11956,6 +11956,19 @@ S: Maintained
T:git git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2.git
F:arch/nios2/
+N
On 22/05/2020 10:00, Greg KH wrote:
On Fri, May 22, 2020 at 09:29:29AM +0300, Andra Paraschiv wrote:
--- /dev/null
+++ b/include/uapi/linux/nitro_enclaves.h
@@ -0,0 +1,77 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/*
+ * Copyright 2020 Amazon.com, Inc. or its affiliat
On 22/05/2020 09:29, Andra Paraschiv wrote:
Nitro Enclaves (NE) is a new Amazon Elastic Compute Cloud (EC2) capability
that allows customers to carve out isolated compute environments within EC2
instances [1].
For example, an application that processes sensitive data and runs in a VM,
can be s
On 10/05/2020 12:57, Li Qiang wrote:
Paraschiv, Andra-Irina <mailto:andra...@amazon.com>> 于2020年4月24日周五 下午10:03写道:
On 24/04/2020 12:59, Tian, Kevin wrote:
>
>> From: Paraschiv, Andra-Irina
>> Sent: Thursday, April 23, 2020 9:20 PM
>>
On 10/05/2020 14:02, Herrenschmidt, Benjamin wrote:
On Sat, 2020-05-09 at 21:21 +0200, Pavel Machek wrote:
On Fri 2020-05-08 10:00:27, Paraschiv, Andra-Irina wrote:
On 07/05/2020 20:44, Pavel Machek wrote:
Hi!
it uses its own memory and CPUs + its virtio-vsock emulated device for
On 07/05/2020 20:44, Pavel Machek wrote:
Hi!
it uses its own memory and CPUs + its virtio-vsock emulated device for
communication with the primary VM.
The memory and CPUs are carved out of the primary VM, they are dedicated
for the enclave. The Nitro hypervisor running on the host ensures m
1 - 100 of 103 matches
Mail list logo
