Extend to confidential computing

[jarkkojs]

Motivation for this is written down here:

enarx/enarx#2580

Mappings identified from Enarx sources:

• mmap(): anonymous RW
• mmap(): device with 0 permissions (SGX).
• mmap(): devoce withMAP_FIXED and arbitrary permissions (SGX).
• mprotect(): full control to prot.

These are required to host KVM, SGX and SEV-SNP. In our case the system booting is not necessarily under SNP sealing (not restriction but requires "2nd SNP gen" ENYX obviously for nested operation). Enarx initializes SNP VM per WASM payload.

So I'm looking for advice what would be best way to refine the existing API's in this project. I could write the patches then to realize those changes.

[jarkkojs]

I'm happy to provide the code but I need help proposing API that would work for vm-memory.

@bonzini my hovering here was related to this earlier this week. I just did not know exactly even which Rust crate I was looking for... I think this is the right one.

[jarkkojs]

One super basic question that I had no time look at and not sure if I fully understand what it is and how I should take into account: what is this Bitmap?

[jarkkojs]

One additional but relevant motivational factor for vm-memory to be aligned with this work: a confidential wasm run-time is a complex project but still factors simpler than a full-fledged VMM.

So I think for vm-memory Enarx would be an excellent test workload.

[roypat]

Hi @jarkkojs,
Could you explain your usecase a bit more? Just from your list at the top, it looks like you might be able to use the existing methods on MmapRegionBuilder to construct the mappings you want, potentially falling back onto with_raw_mmap_pointer. For the mprotect case, you could use get_ptr to get a pointer to the vm-memory mmap area, and then call mprotect on that.

[jarkkojs]

Hi @jarkkojs, Could you explain your usecase a bit more? Just from your list at the top, it looks like you might be able to use the existing methods on MmapRegionBuilder to construct the mappings you want, potentially falling back onto with_raw_mmap_pointer. For the mprotect case, you could use get_ptr to get a pointer to the vm-memory mmap area, and then call mprotect on that.

OK, I'll look into this next week, thank you, and provide more details.

[jarkkojs]

I think I found a working pattern. For anonymous:

    let bitmap = AtomicBitmap::new(SIZE, unsafe { NonZeroUsize::new_unchecked(0x1000) });
    let region = MmapRegionBuilder::new_with_bitmap(SIZE, bitmap)
        .with_mmap_prot(libc::PROT_READ | libc::PROT_EXEC)
        .with_mmap_flags(libc::MAP_ANONYMOUS | libc::MAP_PRIVATE)
        .build()?;

And for device files with_file_offset(). I'll try from this angle and see how it goes.

[In actual code enclave/guest would get first large RW mapping which is then sliced with MAP_FIXED mappings.]