Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp2690522imd; Fri, 2 Nov 2018 16:16:11 -0700 (PDT) X-Google-Smtp-Source: AJdET5df/3w+5u42h6lbUo7Nm35+mcS2hUqaFbDNFWTRVra2SNG1KGuHymiDJTkuKmDVGfzvH79G X-Received: by 2002:a17:902:7682:: with SMTP id m2-v6mr13570948pll.89.1541200571101; Fri, 02 Nov 2018 16:16:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541200571; cv=none; d=google.com; s=arc-20160816; b=Jh1NYvPUKt5X4aKQZYqZNe1C/SFKn6U8X8pmTetFKPCueGzXJRX761VUaHWivvbp0p ytWeB9pDqBekdFq389Ja+feYFKnOZK50aH9u0j2YtUVEfYD4f9/48zWeKsSfWduTbE6Z Xt4opEO6RxVe7qaZOF85wIIt5t7nX37fZe1zvlMH3RVw8UeUaemBRD2qqQcGQGDlKdAz s3caELPpqz6fZhrP/GwswjkKYkkL0ugqdf18b+9k1luDUBzr4ui/n+grvCzkTtvngkly rGAp2Yn0zgJMSk7Af+MVm6EZD4RYdF4ZCoq37aXMreF3dQYjlJCsO61c3+kymPmE8MOX FxFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=BXONc/nJ9Dgk/WR8mVeNd7epoNUfiP2rIHXhpCa+uP8=; b=tBQNmeKZvEpu82z8g9EqB2w2pXFZmHpUnjhL5H9DmHdWQKWnPlxd/qOodix7jszp9J bmsmL9a7Yk+8OZXPSYPZLI3DLlbfr9UGd8qwFHsSKK+0bn8G85/piRTcIZOaOsVyx9vC LgMXsCkBZg/XjABTArpZupTI3MSl6++hE3E/+Ho4A7XZlfTYxGrQkGBp6EidDmzORQ7W k/DY7p0q8EJgQ/qhNXeZpU0WhSlXHMcNLQVokCYKCHBCTT+eFEU67deKXdoWJIwGK/cs KGkIbyvH+AY5d27G+nicdCvF03FemXiKrR9jDs8YY6xPRl0vV7GwRyagpicaPHEYW5uH uMQQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h70si17146769pge.221.2018.11.02.16.15.56; Fri, 02 Nov 2018 16:16:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728589AbeKCIYA (ORCPT + 99 others); Sat, 3 Nov 2018 04:24:00 -0400 Received: from mga03.intel.com ([134.134.136.65]:2203 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726705AbeKCIYA (ORCPT ); Sat, 3 Nov 2018 04:24:00 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Nov 2018 16:14:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,457,1534834800"; d="scan'208";a="270987722" Received: from btyborox-mobl.ger.corp.intel.com (HELO localhost) ([10.249.254.138]) by orsmga005.jf.intel.com with ESMTP; 02 Nov 2018 16:14:43 -0700 From: Jarkko Sakkinen To: x86@kernel.org, platform-driver-x86@vger.kernel.org, linux-sgx@vger.kernel.org Cc: dave.hansen@intel.com, sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, haitao.huang@intel.com, mark.shanahan@intel.com, andriy.shevchenko@linux.intel.com, Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Konrad Rzeszutek Wilk , David Woodhouse , David Wang , "Kirill A. Shutemov" , "Levin, Alexander (Sasha Levin)" , Jia Zhang , linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)) Subject: [PATCH v15 05/23] x86/cpu/intel: Detect SGX support and update caps appropriately Date: Sat, 3 Nov 2018 01:11:04 +0200 Message-Id: <20181102231320.29164-6-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181102231320.29164-1-jarkko.sakkinen@linux.intel.com> References: <20181102231320.29164-1-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson Similar to other large Intel features such as VMX and TXT, SGX must be explicitly enabled in IA32_FEATURE_CONTROL MSR to be truly usable. Clear all SGX related capabilities if SGX is not fully enabled in IA32_FEATURE_CONTROL or if the SGX1 instruction set isn't supported (impossible on bare metal, theoretically possible in a VM if the VMM is doing something weird). Signed-off-by: Sean Christopherson --- arch/x86/kernel/cpu/intel.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index fc3c07fe7df5..9bf8fe2c04ac 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -596,6 +596,30 @@ static void detect_tme(struct cpuinfo_x86 *c) c->x86_phys_bits -= keyid_bits; } +static void detect_sgx(struct cpuinfo_x86 *c) +{ + bool unsupported = false; + unsigned long long fc; + + rdmsrl(MSR_IA32_FEATURE_CONTROL, fc); + if (!(fc & FEATURE_CONTROL_LOCKED)) { + pr_err_once("sgx: IA32_FEATURE_CONTROL MSR is not locked\n"); + unsupported = true; + } else if (!(fc & FEATURE_CONTROL_SGX_ENABLE)) { + pr_err_once("sgx: not enabled in IA32_FEATURE_CONTROL MSR\n"); + unsupported = true; + } else if (!cpu_has(c, X86_FEATURE_SGX1)) { + pr_err_once("sgx: SGX1 instruction set not supported\n"); + unsupported = true; + } + + if (unsupported) { + setup_clear_cpu_cap(X86_FEATURE_SGX); + setup_clear_cpu_cap(X86_FEATURE_SGX1); + setup_clear_cpu_cap(X86_FEATURE_SGX2); + } +} + static void init_intel_energy_perf(struct cpuinfo_x86 *c) { u64 epb; @@ -763,6 +787,9 @@ static void init_intel(struct cpuinfo_x86 *c) if (cpu_has(c, X86_FEATURE_TME)) detect_tme(c); + if (cpu_has(c, X86_FEATURE_SGX)) + detect_sgx(c); + init_intel_energy_perf(c); init_intel_misc_features(c); -- 2.19.1