lude more context on the NE overall.
* Add fix for the enclave / vcpu fd creation error cleanup path.
* Add fix reported by kbuild test robot .
* v1: https://lore.kernel.org/lkml/20200421184150.68011-1-andra...@amazon.com/
---
Andra Paraschiv (18):
nitro_enclaves: Add ioctl interface definition
interacts with
the NE driver, that exposes an ioctl interface for creating an enclave
and setting up its resources.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
Reviewed-by: Stefan Hajnoczi
---
Changelog
v5 -> v6
* Fix typo in the description about
as private
data for the PCI device driver and the function for the PCI device
command requests handling.
Signed-off-by: Alexandru-Catalin Vasile
Signed-off-by: Alexandru Ciobotaru
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
---
Changelog
v5 -> v6
* Update documentation to ker
MSI-X interrupt vector for command reply notifications to
handle this type of communication events.
Signed-off-by: Alexandru-Catalin Vasile
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
---
Changelog
v5 -> v6
* Update documentation to kernel-doc format.
v4 -> v5
* Remove
: Alexandru-Catalin Vasile
Signed-off-by: Alexandru Ciobotaru
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
---
Changelog
v5 -> v6
* Update documentation to kernel-doc format.
v4 -> v5
* Remove sanity checks for situations that shouldn't happen, only if
buggy syste
the out-of-band events. Notify user space
enclave process that is using a polling mechanism on the enclave fd.
Signed-off-by: Alexandru-Catalin Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v5 -> v6
* Update documentation to kernel-doc format.
v4 -> v5
* Remove sanity chec
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
---
Changelog
v5 -> v6
* Update documentation to kernel-doc format.
* Include in the enclave memory region data structure the user space
address and size for duplicate user space memory regions checks.
v4 -> v5
* Include enclave
The Nitro Enclaves driver provides an ioctl interface to the user space
for enclave lifetime management e.g. enclave creation / termination and
setting enclave resources such as memory and CPU.
This ioctl interface is mapped to a Nitro Enclaves misc device.
Signed-off-by: Andra Paraschiv
: Andra Paraschiv
---
Changelog
v5 -> v6
* Check for max number of pages allocated for the internal data
structure for pages.
* Check for invalid memory region flags.
* Check for aligned physical memory regions.
* Update documentation to kernel-doc format.
* Check for duplicate user space mem
same NUMA node. CPU
0 and its siblings have to remain available to the primary / parent VM.
Add ioctl command logic for setting an enclave vCPU.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v5 -> v6
* Check CPUs are from the same NUMA node before going through
: Andra Paraschiv
Reviewed-by: Alexander Graf
---
Changelog
v5 -> v6
* Update the code base to init the ioctl function in this patch.
* Update documentation to kernel-doc format.
v4 -> v5
* Release the reference to the NE PCI device on create VM error.
* Close enclave fd on copy_t
associated with the enclave.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v5 -> v6
* Check for invalid enclave start flags.
* Update documentation to kernel-doc format.
v4 -> v5
* Add early exit on enclave start ioctl function call error.
* Move sanity che
the user space tooling copies the enclave
image in the memory using the given memory offset.
Signed-off-by: Andra Paraschiv
---
Changelog
v5 -> v6
* Check for invalid enclave image load flags.
v4 -> v5
* Check for the enclave not being started when invoking this ioctl call.
* Remove
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v5 -> v6
* Remove "rc" mentioning when printing errno string.
* Remove the ioctl to query API version.
* Include usage info for NUMA-aware hugetlb configuration.
* Update documentation to kernel-doc
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
---
Changelog
v5 -> v6
* No changes.
v4 -> v5
* No changes.
v3 -> v4
* No changes.
v2 -> v3
* Remove the GPL additional wording as SPDX-License-Identifier is
already in place.
v1 -> v2
* Update path to Makefi
Signed-off-by: Andra Paraschiv
---
Changelog
v5 -> v6
* No changes.
v4 -> v5
* No changes.
v3 -> v4
* No changes.
v2 -> v3
* Update file entries to be in alphabetical order.
v1 -> v2
* No changes.
---
MAINTAINERS | 13 +
1 file changed, 13 insertions(+
Signed-off-by: Andra Paraschiv
---
Changelog
v5 -> v6
* No changes.
v4 -> v5
* No changes.
v3 -> v4
* Update doc type from .txt to .rst.
* Update documentation based on the changes from v4.
v2 -> v3
* No changes.
v1 -> v2
* New in v2.
---
Documentation/nitro_enclaves/
Signed-off-by: Andra Paraschiv
---
Changelog
v5 -> v6
* No changes.
v4 -> v5
* Add arch dependency for Arm / x86.
v3 -> v4
* Add PCI and SMP dependencies.
v2 -> v3
* Remove the GPL additional wording as SPDX-License-Identifier is
already in place.
v1 -> v2
* Update pat
release callback. Free the internal enclave info used for bookkeeping.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
---
Changelog
v5 -> v6
* Update documentation to kernel-doc format.
* Use directly put_page() instead of unpin_user_pages(), to ma
> v2
* Update the field name to "svm_flags".
* Split the current patch in 2 patches.
Signed-off-by: Andra Paraschiv
Reviewed-by: Stefano Garzarella
---
include/uapi/linux/vm_sockets.h | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/vm_sock
VMADDR_CID_HOST.
Changelog
v2 -> v3
* No changes.
v1 -> v2
* Set the vsock flag on the receive path in the vsock transport
assignment logic.
* Use bitwise operator for the vsock flag setup.
* Use the updated "VMADDR_FLAG_TO_HOST" flag naming.
Signed-off-by: Andra Paraschiv
Revi
ged.
Changelog
v2 -> v3
* Update bitwise check logic to not compare result to the flag value.
v1 -> v2
* Use bitwise operator to check the vsock flag.
* Use the updated "VMADDR_FLAG_TO_HOST" flag naming.
* Merge the checks for the g2h transport assignment in one "if"
twise operators to setup and check the vsock flag.
* Set the vsock flag on the receive path in the vsock transport assignment
logic.
* Merge the checks for the g2h transport assignment in one "if" block.
* v1: https://lore.kernel.org/lkml/20201201152505.19445-1-andra...@amazon.com/
---
lag is set in the connect and
listen paths.
v1 -> v2
* New patch in v2, it was split from the first patch in the series.
* Remove the default value for the vsock flags field.
* Update the naming for the vsock flag to "VMADDR_FLAG_TO_HOST".
Signed-off-by: Andra Paraschiv
---
in
-> v2
* Update the field name to "svm_flags".
* Split the current patch in 2 patches.
Signed-off-by: Andra Paraschiv
---
include/uapi/linux/vm_sockets.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/vm_sockets.h b/include/uapi/linux/
the first patch in the series.
* Remove the default value for the vsock flags field.
* Update the naming for the vsock flag to "VMADDR_FLAG_TO_HOST".
Signed-off-by: Andra Paraschiv
---
include/uapi/linux/vm_sockets.h | 15 +++
1 file changed, 15 insertions(+)
diff --git a
VMADDR_CID_HOST.
Changelog
v1 -> v2
* Set the vsock flag on the receive path in the vsock transport
assignment logic.
* Use bitwise operator for the vsock flag setup.
* Use the updated "VMADDR_FLAG_TO_HOST" flag naming.
Signed-off-by: Andra Paraschiv
---
net/vmw_vsock/af_vsock.c | 12 +++
tor to check the vsock flag.
* Use the updated "VMADDR_FLAG_TO_HOST" flag naming.
* Merge the checks for the g2h transport assignment in one "if" block.
Signed-off-by: Andra Paraschiv
---
net/vmw_vsock/af_vsock.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
ecks for the g2h transport assignment in one "if" block.
* v1: https://lore.kernel.org/lkml/20201201152505.19445-1-andra...@amazon.com/
---
Andra Paraschiv (4):
vm_sockets: Include flags field in the vsock address data structure
vm_sockets: Add VMADDR_FLAG_TO_HOST vsock flag
af_vsock:
or the latest version of the patch series:
* https://github.com/andraprs/linux/tree/vsock-flag-sibling-comm-v1
---
Andra Paraschiv (3):
vm_sockets: Include flag field in the vsock address data structure
virtio_transport_common: Set sibling VMs flag on the receive path
af_vsock: Assign the vs
instead. This flag can be set when initializing the vsock address
variable used for the connect() call.
Signed-off-by: Andra Paraschiv
---
include/uapi/linux/vm_sockets.h | 18 +-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/vm_sockets.h b
use case.
Set the vsock flag of the remote address to the one targeted for sibling
VMs communication if the following conditions are met:
* The source CID of the packet is higher than VMADDR_CID_HOST.
* The destination CID of the packet is higher than VMADDR_CID_HOST.
Signed-off-by: Andra Paraschiv
sibling VMs use case,
all the vsock packets need to be forwarded to the host, so always assign
the guest->host transport if the vsock flag is set. For the other use
cases, the vsock transport assignment logic is not changed.
Signed-off-by: Andra Paraschiv
---
net/vmw_vsock/af_vsock.c |
he vsock flag.
* Use the updated "VMADDR_FLAG_TO_HOST" flag naming.
* Merge the checks for the g2h transport assignment in one "if" block.
Signed-off-by: Andra Paraschiv
Reviewed-by: Stefano Garzarella
---
net/vmw_vsock/af_vsock.c | 9 +++--
1 file changed, 7 insertions(+), 2 d
> v3
* Add "svm_flags" as a new field, not reusing "svm_reserved1".
v1 -> v2
* Update the field name to "svm_flags".
* Split the current patch in 2 patches.
Signed-off-by: Andra Paraschiv
Reviewed-by: Stefano Garzarella
---
include/uapi/linux/vm_sockets
VMADDR_CID_HOST.
Changelog
v3 -> v4
* No changes.
v2 -> v3
* No changes.
v1 -> v2
* Set the vsock flag on the receive path in the vsock transport
assignment logic.
* Use bitwise operator for the vsock flag setup.
* Use the updated "VMADDR_FLAG_TO_HOST" flag naming.
Signed-off-
on the receive path in the vsock transport assignment
logic.
* Merge the checks for the g2h transport assignment in one "if" block.
* v1: https://lore.kernel.org/lkml/20201201152505.19445-1-andra...@amazon.com/
---
Andra Paraschiv (5):
vm_sockets: Add flags field in the vsock
field.
* Update the naming for the vsock flag to "VMADDR_FLAG_TO_HOST".
Signed-off-by: Andra Paraschiv
Reviewed-by: Stefano Garzarella
---
include/uapi/linux/vm_sockets.h | 20
1 file changed, 20 insertions(+)
diff --git a/include/uapi/linux/vm_sockets.h b/include/
Check if the provided flags value from the vsock address data structure
includes the supported flags in the corresponding kernel version.
The first byte of the "svm_zero" field is used as "svm_flags", so add
the flags check instead.
Changelog
v3 -> v4
* New patch in v4
ore context on the NE overall.
* Add fix for the enclave / vcpu fd creation error cleanup path.
* Add fix reported by kbuild test robot .
* v1: https://lore.kernel.org/lkml/20200421184150.68011-1-andra...@amazon.com/
---
Andra Paraschiv (18):
nitro_enclaves: Add ioctl interface definition
nit
private
data for the PCI device driver and the functions for the PCI device init
/ uninit and command requests handling.
Signed-off-by: Alexandru-Catalin Vasile
Signed-off-by: Alexandru Ciobotaru
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* Remove the "packed" attribut
MSI-X interrupt vector for command reply notifications to
handle this type of communication events.
Signed-off-by: Alexandru-Catalin Vasile
Signed-off-by: Andra Paraschiv
Fix issue reported in:
https://lore.kernel.org/lkml/202004231644.xtmn4z1z%25...@intel.com/
Reported-by: kbuild test robot
interacts with
the NE driver, that exposes an ioctl interface for creating an enclave
and setting up its resources.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* Decouple NE ioctl interface from KVM API.
* Add NE API version and the corresponding ioctl c
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* Add NUMA node field for an enclave metadata as the enclave memory and
CPUs need to be from the same NUMA node.
v2 -> v3
* Remove the GPL additional wording as SPDX-License-Identifier is
already in place.
v1 -> v2
* Add encla
The Nitro Enclaves driver provides an ioctl interface to the user space
for enclave lifetime management e.g. enclave creation / termination and
setting enclave resources such as memory and CPU.
This ioctl interface is mapped to a Nitro Enclaves misc device.
Signed-off-by: Andra Paraschiv
: Andra Paraschiv
---
Changelog
v3 -> v4
* Use dev_err instead of custom NE log pattern.
* Update the NE ioctl call to match the decoupling from the KVM API.
* Add metadata for the NUMA node for the enclave memory and CPUs.
v2 -> v3
* Remove the WARN_ON calls.
* Update static calls
: Alexandru-Catalin Vasile
Signed-off-by: Alexandru Ciobotaru
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* Use dev_err instead of custom NE log pattern.
* Update NE PCI driver name to "nitro_enclaves".
v2 -> v3
* Remove the GPL additional wording as SPDX-Licen
the out-of-band events. Notify user space
enclave process that is using a polling mechanism on the enclave fd.
Signed-off-by: Alexandru-Catalin Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* Use dev_err instead of custom NE log pattern.
* Return IRQ_NONE when interrupts are
cores and from the same NUMA node. CPU
0 and its siblings have to remain available to the primary / parent VM.
Add ioctl command logic for enclave vCPU creation. Return as result a
file descriptor that is associated with the enclave vCPU.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra
release callback. Free the internal enclave info used for bookkeeping.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* Use dev_err instead of custom NE log pattern.
v2 -> v3
* Remove the WARN_ON calls.
* Update static calls sanity checks.
* Update
associated with the enclave.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* Use dev_err instead of custom NE log pattern.
* Update the naming for the ioctl command from metadata to info.
* Check for minimum enclave memory size.
v2 -> v3
* Remo
the user space tooling copies the enclave
image in the memory using the given memory offset.
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* Use dev_err instead of custom NE log pattern.
* Set enclave image load offset based on flags.
* Update the naming for the ioctl command f
: Andra Paraschiv
---
Changelog
v3 -> v4
* Check enclave memory regions are from the same NUMA node as the
enclave CPUs.
* Use dev_err instead of custom NE log pattern.
* Update the NE ioctl call to match the decoupling from the KVM API.
v2 -> v3
* Remove the WARN_ON calls.
* Update
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* No changes.
v2 -> v3
* Update file entries to be in alphabetical order.
v1 -> v2
* No changes.
---
MAINTAINERS | 13 +
1 file changed, 13 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 7b5
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* Update usage details to match the updates in v4.
* Update NE ioctl interface usage.
v2 -> v3
* Remove the include directory to use the uapi from the kernel.
* Remove the GPL additional wording a
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* No changes.
v2 -> v3
* Remove the GPL additional wording as SPDX-License-Identifier is
already in place.
v1 -> v2
* Update path to Makefile to match the drivers/virt/nitro_enclaves
directory.
---
drivers/virt
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* Add PCI and SMP dependencies.
v2 -> v3
* Remove the GPL additional wording as SPDX-License-Identifier is
already in place.
v1 -> v2
* Update path to Kconfig to match the drivers/virt/nitro_enclaves
directory.
* Updat
Signed-off-by: Andra Paraschiv
---
Changelog
v3 -> v4
* Update doc type from .txt to .rst.
* Update documentation based on the changes from v4.
v2 -> v3
* No changes.
v1 -> v2
* New in v2.
---
Documentation/nitro_enclaves/ne_overview.rst | 87
1 file ch
interacts with
the NE driver, that exposes an ioctl interface for creating an enclave
and setting up its resources.
Include part of the KVM ioctls in the provided ioctl interface, with
additional NE ioctl commands that e.g. triggers the enclave run.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra
Signed-off-by: Andra Paraschiv
---
Changelog
v2 -> v3
* Remove the GPL additional wording as SPDX-License-Identifier is already in
place.
v1 -> v2
* Add enclave memory regions and vcpus count for enclave bookkeeping.
* Update ne_state comments to reflect NE_START_ENCLAVE ioctl naming
p path.
* Add fix reported by kbuild test robot .
* v1: https://lore.kernel.org/lkml/20200421184150.68011-1-andra...@amazon.com/
---
Andra Paraschiv (18):
nitro_enclaves: Add ioctl interface definition
nitro_enclaves: Define the PCI device interface
nitro_enclaves: Define enclave info for i
private
data for the PCI device driver and the functions for the PCI device init
/ uninit and command requests handling.
Signed-off-by: Alexandru-Catalin Vasile
Signed-off-by: Alexandru Ciobotaru
Signed-off-by: Andra Paraschiv
---
Changelog
v2 -> v3
* Remove the GPL additional wording as S
: Alexandru-Catalin Vasile
Signed-off-by: Alexandru Ciobotaru
Signed-off-by: Andra Paraschiv
---
Changelog
v2 -> v3
* Remove the GPL additional wording as SPDX-License-Identifier is already in
place.
* Remove the WARN_ON calls.
* Remove linux/bug include that is not needed.
* Update static ca
the out-of-band events. Notify user space
enclave process that is using a polling mechanism on the enclave fd. The
enclave fd is returned as a result of KVM_CREATE_VM ioctl call.
Signed-off-by: Alexandru-Catalin Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v2 -> v3
* Remove the WARN
MSI-X interrupt vector for command reply notifications to
handle this type of communication events.
Signed-off-by: Alexandru-Catalin Vasile
Signed-off-by: Andra Paraschiv
Fix issue reported in:
https://lore.kernel.org/lkml/202004231644.xtmn4z1z%25...@intel.com/
Reported-by: kbuild test robot
The Nitro Enclaves driver provides an ioctl interface to the user space
for enclave lifetime management e.g. enclave creation / termination and
setting enclave resources such as memory and CPU.
This ioctl interface is mapped to a Nitro Enclaves misc device.
Signed-off-by: Andra Paraschiv
An enclave, before being started, has its resources set. One of its
resources is CPU.
Add ioctl command logic for enclave vCPU creation. Return as result a
file descriptor that is associated with the enclave vCPU.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v2
: Andra Paraschiv
---
Changelog
v2 -> v3
* Remove the WARN_ON calls.
* Update static calls sanity checks.
* Update kzfree() calls to kfree().
* Remove file ops that do nothing for now - open.
v1 -> v2
* Add log pattern for NE.
* Update goto labels to match their purpose.
* Remove the
the user space tooling copies the enclave
image in the memory using the giveni memory offset.
Signed-off-by: Andra Paraschiv
---
Changelog
v2 -> v3
* No changes.
v1 -> v2
* New in v2.
---
drivers/virt/nitro_enclaves/ne_misc_dev.c | 24 +++
1 file changed, 24 inse
Signed-off-by: Andra Paraschiv
---
Changelog
v2 -> v3
* Remove the GPL additional wording as SPDX-License-Identifier is already in
place.
v1 -> v2
* Update path to Kconfig to match the drivers/virt/nitro_enclaves directory.
* Update help in Kconfig.
---
drivers/virt/K
release callback. Free the internal enclave info used for bookkeeping.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v2 -> v3
* Remove the WARN_ON calls.
* Update static calls sanity checks.
* Update kzfree() calls to kfree().
v1 -> v2
* Add log pattern
associated with the enclave.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v2 -> v3
* Remove the WARN_ON calls.
* Update static calls sanity checks.
v1 -> v2
* Add log pattern for NE.
* Check if enclave state is init when starting an enclave.
* Remove the
Signed-off-by: Andra Paraschiv
---
Changelog
v2 -> v3
* Remove the GPL additional wording as SPDX-License-Identifier is already in
place.
v1 -> v2
* Update path to Makefile to match the drivers/virt/nitro_enclaves directory.
---
drivers/virt/Makefile| 2 ++
driver
space process that is
associated with the enclave passes to the driver these memory regions.
Add ioctl command logic for setting user space memory region for an
enclave.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v2 -> v3
* Remove the WARN_ON calls.
* Upd
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
Changelog
v2 -> v3
* Remove the include directory to use the uapi from the kernel.
* Remove the GPL additional wording as SPDX-License-Identifier is already in
place.
v1 -> v2
* New in v2.
---
samples/nitro_en
Signed-off-by: Andra Paraschiv
---
Changelog
v2 -> v3
* Update file entries to be in alphabetical order.
v1 -> v2
* No changes.
---
MAINTAINERS | 13 +
1 file changed, 13 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 50659d76976b..56d529256ba4 100644
Signed-off-by: Andra Paraschiv
---
Changelog
v2 -> v3
* No changes.
v1 -> v2
* New in v2.
---
Documentation/nitro_enclaves/ne_overview.txt | 86
1 file changed, 86 insertions(+)
create mode 100644 Documentation/nitro_enclaves/ne_overview.txt
diff --git a/Documen
enclave / vcpu fd creation error cleanup path.
* Add fix reported by kbuild test robot .
* v1: https://lore.kernel.org/lkml/20200421184150.68011-1-andra...@amazon.com/
---
Andra Paraschiv (18):
nitro_enclaves: Add ioctl interface definition
nitro_enclaves: Define the PCI device interface
nitr
: Alexandru-Catalin Vasile
Signed-off-by: Alexandru Ciobotaru
Signed-off-by: Andra Paraschiv
---
drivers/virt/nitro_enclaves/ne_pci_dev.c | 303 +++
1 file changed, 303 insertions(+)
create mode 100644 drivers/virt/nitro_enclaves/ne_pci_dev.c
diff --git a/drivers/virt
The Nitro Enclaves driver provides an ioctl interface to the user space
for enclave lifetime management e.g. enclave creation / termination and
setting enclave resources such as memory and CPU.
This ioctl interface is mapped to a Nitro Enclaves misc device.
Signed-off-by: Andra Paraschiv
interacts with
the NE driver, that exposes an ioctl interface for creating an enclave
and setting up its resources.
Include part of the KVM ioctls in the provided ioctl interface, with
additional NE ioctl commands that e.g. triggers the enclave run.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra
private
data for the PCI device driver and the functions for the PCI device init
/ uninit and command requests handling.
Signed-off-by: Alexandru-Catalin Vasile
Signed-off-by: Alexandru Ciobotaru
Signed-off-by: Andra Paraschiv
---
drivers/virt/nitro_enclaves/ne_pci_dev.h | 266
the out-of-band events. Notify user space
enclave process that is using a polling mechanism on the enclave fd. The
enclave fd is returned as a result of KVM_CREATE_VM ioctl call.
Signed-off-by: Alexandru-Catalin Vasile
Signed-off-by: Andra Paraschiv
---
drivers/virt/nitro_enclaves/ne_pci_dev.c
MSI-X interrupt vector for command reply notifications to
handle this type of communication events.
Signed-off-by: Alexandru-Catalin Vasile
Signed-off-by: Andra Paraschiv
Fix issue reported in:
https://lore.kernel.org/lkml/202004231644.xtmn4z1z%25...@intel.com/
Reported-by: kbuild test robot
An enclave, before being started, has its resources set. One of its
resources is CPU.
Add ioctl command logic for enclave vCPU creation. Return as result a
file descriptor that is associated with the enclave vCPU.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
drivers/virt
Signed-off-by: Andra Paraschiv
---
drivers/virt/nitro_enclaves/ne_misc_dev.h | 121 ++
1 file changed, 121 insertions(+)
create mode 100644 drivers/virt/nitro_enclaves/ne_misc_dev.h
diff --git a/drivers/virt/nitro_enclaves/ne_misc_dev.h
b/drivers/virt/nitro_enclaves
: Andra Paraschiv
---
drivers/virt/nitro_enclaves/ne_misc_dev.c | 169 ++
1 file changed, 169 insertions(+)
diff --git a/drivers/virt/nitro_enclaves/ne_misc_dev.c
b/drivers/virt/nitro_enclaves/ne_misc_dev.c
index e1866fac8220..1036221238f4 100644
--- a/drivers/virt
release callback. Free the internal enclave info used for bookkeeping.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
drivers/virt/nitro_enclaves/ne_misc_dev.c | 177 ++
1 file changed, 177 insertions(+)
diff --git a/drivers/virt/nitro_enclaves
Signed-off-by: Andra Paraschiv
---
drivers/virt/Kconfig| 2 ++
drivers/virt/nitro_enclaves/Kconfig | 28
2 files changed, 30 insertions(+)
create mode 100644 drivers/virt/nitro_enclaves/Kconfig
diff --git a/drivers/virt/Kconfig b/drivers/virt
the user space tooling copies the enclave
image in the memory using the giveni memory offset.
Signed-off-by: Andra Paraschiv
---
drivers/virt/nitro_enclaves/ne_misc_dev.c | 24 +++
1 file changed, 24 insertions(+)
diff --git a/drivers/virt/nitro_enclaves/ne_misc_dev.c
b
Signed-off-by: Andra Paraschiv
---
drivers/virt/Makefile| 2 ++
drivers/virt/nitro_enclaves/Makefile | 23 +++
2 files changed, 25 insertions(+)
create mode 100644 drivers/virt/nitro_enclaves/Makefile
diff --git a/drivers/virt/Makefile b/drivers/virt
associated with the enclave.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
drivers/virt/nitro_enclaves/ne_misc_dev.c | 107 ++
1 file changed, 107 insertions(+)
diff --git a/drivers/virt/nitro_enclaves/ne_misc_dev.c
b/drivers/virt/nitro_enclaves
space process that is
associated with the enclave passes to the driver these memory regions.
Add ioctl command logic for setting user space memory region for an
enclave.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
drivers/virt/nitro_enclaves/ne_misc_dev.c | 256
Signed-off-by: Andra Paraschiv
---
MAINTAINERS | 13 +
1 file changed, 13 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index ecc0749810b0..69fe37999a9e 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -11956,6 +11956,19 @@ S: Maintained
T: git git://git.kernel.org/pub
Signed-off-by: Andra Paraschiv
---
Documentation/nitro_enclaves/ne_overview.txt | 86
1 file changed, 86 insertions(+)
create mode 100644 Documentation/nitro_enclaves/ne_overview.txt
diff --git a/Documentation/nitro_enclaves/ne_overview.txt
b/Documentation/nitro_enclaves
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
---
samples/nitro_enclaves/.gitignore | 2 +
samples/nitro_enclaves/Makefile | 28 +
.../include/linux/nitro_enclaves.h| 23 +
.../include/uapi/linux/nitro_enclaves.h | 77
to include more context on the NE overall.
* Add fix for the enclave / vcpu fd creation error cleanup path.
* Add fix reported by kbuild test robot .
* v1: https://lore.kernel.org/lkml/20200421184150.68011-1-andra...@amazon.com/
---
Andra Paraschiv (18):
nitro_enclaves: Add ioctl interface defi
interacts with
the NE driver, that exposes an ioctl interface for creating an enclave
and setting up its resources.
Signed-off-by: Alexandru Vasile
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
Reviewed-by: Stefan Hajnoczi
---
Changelog
v7 -> v8
* Add NE custom error codes for u
as private
data for the PCI device driver and the function for the PCI device
command requests handling.
Signed-off-by: Alexandru-Catalin Vasile
Signed-off-by: Alexandru Ciobotaru
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
---
Changelog
v7 -> v8
* No changes.
v6 -&
Signed-off-by: Andra Paraschiv
Reviewed-by: Alexander Graf
---
Changelog
v7 -> v8
* No changes.
v6 -> v7
* Update the naming and add more comments to make more clear the logic
of handling full CPU cores and dedicating them to the enclave.
v5 -> v6
* Update documentation to kernel-d
1 - 100 of 174 matches
Mail list logo
