summaryrefslogtreecommitdiffstats
path: root/hw/i386/sgx-epc.c
diff options
context:
space:
mode:
authorSean Christopherson2021-09-28 10:40:58 +0200
committerPaolo Bonzini2021-09-30 14:50:20 +0200
commitdfce81f1b931352af0fcfe966c115a09646bd15a (patch)
tree734da8b1e65cb0a6884b09a132d3e921922f66a6 /hw/i386/sgx-epc.c
parenti386: Add 'sgx-epc' device to expose EPC sections to guest (diff)
downloadqemu-dfce81f1b931352af0fcfe966c115a09646bd15a.tar.gz
qemu-dfce81f1b931352af0fcfe966c115a09646bd15a.tar.xz
qemu-dfce81f1b931352af0fcfe966c115a09646bd15a.zip
vl: Add sgx compound properties to expose SGX EPC sections to guest
Because SGX EPC is enumerated through CPUID, EPC "devices" need to be realized prior to realizing the vCPUs themselves, i.e. long before generic devices are parsed and realized. From a virtualization perspective, the CPUID aspect also means that EPC sections cannot be hotplugged without paravirtualizing the guest kernel (hardware does not support hotplugging as EPC sections must be locked down during pre-boot to provide EPC's security properties). So even though EPC sections could be realized through the generic -devices command, they need to be created much earlier for them to actually be usable by the guest. Place all EPC sections in a contiguous block, somewhat arbitrarily starting after RAM above 4g. Ensuring EPC is in a contiguous region simplifies calculations, e.g. device memory base, PCI hole, etc..., allows dynamic calculation of the total EPC size, e.g. exposing EPC to guests does not require -maxmem, and last but not least allows all of EPC to be enumerated in a single ACPI entry, which is expected by some kernels, e.g. Windows 7 and 8. The new compound properties command for sgx like below: ...... -object memory-backend-epc,id=mem1,size=28M,prealloc=on \ -object memory-backend-epc,id=mem2,size=10M \ -M sgx-epc.0.memdev=mem1,sgx-epc.1.memdev=mem2 Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Message-Id: <20210719112136.57018-6-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/i386/sgx-epc.c')
-rw-r--r--hw/i386/sgx-epc.c20
1 files changed, 14 insertions, 6 deletions
diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
index c584acc17b..6677dc74b5 100644
--- a/hw/i386/sgx-epc.c
+++ b/hw/i386/sgx-epc.c
@@ -14,13 +14,8 @@
#include "hw/i386/sgx-epc.h"
#include "hw/mem/memory-device.h"
#include "hw/qdev-properties.h"
-#include "monitor/qdev.h"
#include "qapi/error.h"
#include "qapi/visitor.h"
-#include "qemu/config-file.h"
-#include "qemu/error-report.h"
-#include "qemu/option.h"
-#include "qemu/units.h"
#include "target/i386/cpu.h"
#include "exec/address-spaces.h"
@@ -56,6 +51,8 @@ static void sgx_epc_realize(DeviceState *dev, Error **errp)
{
PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
X86MachineState *x86ms = X86_MACHINE(pcms);
+ MemoryDeviceState *md = MEMORY_DEVICE(dev);
+ SGXEPCState *sgx_epc = &pcms->sgx_epc;
SGXEPCDevice *epc = SGX_EPC(dev);
HostMemoryBackend *hostmem;
const char *path;
@@ -77,7 +74,18 @@ static void sgx_epc_realize(DeviceState *dev, Error **errp)
return;
}
- error_setg(errp, "'" TYPE_SGX_EPC "' not supported");
+ epc->addr = sgx_epc->base + sgx_epc->size;
+
+ memory_region_add_subregion(&sgx_epc->mr, epc->addr - sgx_epc->base,
+ host_memory_backend_get_memory(hostmem));
+
+ host_memory_backend_set_mapped(hostmem, true);
+
+ sgx_epc->sections = g_renew(SGXEPCDevice *, sgx_epc->sections,
+ sgx_epc->nr_sections + 1);
+ sgx_epc->sections[sgx_epc->nr_sections++] = epc;
+
+ sgx_epc->size += memory_device_get_region_size(md, errp);
}
static void sgx_epc_unrealize(DeviceState *dev)