Re: [RESEND PATCH 05/32] vl: Add "sgx-epc" option to expose SGX EPC sections to guest

[Sean Christopherson]

On Mon, May 03, 2021, Paolo Bonzini wrote:
> On 30/04/21 08:24, Yang Zhong wrote:
> > +void pc_machine_init_sgx_epc(PCMachineState *pcms)
> > +{
> > +    SGXEPCState *sgx_epc;
> > +    X86MachineState *x86ms = X86_MACHINE(pcms);
> > +
> > +    sgx_epc = g_malloc0(sizeof(*sgx_epc));
> > +    pcms->sgx_epc = sgx_epc;
> > +
> > +    sgx_epc->base = 0x100000000ULL + x86ms->above_4g_mem_size;
> > +
> > +    memory_region_init(&sgx_epc->mr, OBJECT(pcms), "sgx-epc", UINT64_MAX);
> > +    memory_region_add_subregion(get_system_memory(), sgx_epc->base,
> > +                                &sgx_epc->mr);
> > +
> > +    qemu_opts_foreach(qemu_find_opts("sgx-epc"), sgx_epc_init_func, NULL,
> > +                      &error_fatal);
> > +
> > +    if ((sgx_epc->base + sgx_epc->size) < sgx_epc->base) {
> > +        error_report("Size of all 'sgx-epc' =0x%"PRIu64" causes EPC to 
> > wrap",
> > +                     sgx_epc->size);
> > +        exit(EXIT_FAILURE);
> 
> Or perhaps even drop completely the options and just do "-device
> sgx-epc,backend=epc1"?

Is there a way to process "-device sgx-epc..." before vCPUs are realized?  The
ordering problem was the only reason I added a dedicated option.

>From the changelog:

  Because SGX EPC is enumerated through CPUID, EPC "devices" need to be
  realized prior to realizing the vCPUs themselves, i.e. long before
  generic devices are parsed and realized.

  So even though EPC sections could be realized through the generic
  -devices command, they need to be created much earlier for them to
  actually be usable by the guest.