Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp3979411ybg; Mon, 28 Oct 2019 23:51:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqyoRGlLDht5JB4NuAqaRUWwc4pWX14eUuVU5HoNo7IOuuK0OGhjFkhpm0vuY2eCvhVM1wt5 X-Received: by 2002:aa7:d3cd:: with SMTP id o13mr16311747edr.267.1572331873055; Mon, 28 Oct 2019 23:51:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572331873; cv=none; d=google.com; s=arc-20160816; b=V8atX48vDANGUDsfrVHZGVjAhEsJtL/lI89BEHi2/tpcBf228wbKy+Y2Be1omzf2hH S/DktYBTCNYmO61SLXvTwJD57/TKJh8MbberyViT/aDXt/U246F7VI+P/Idm4dtlEJkU UhpRh+UK4yXjHVTwOsfSvzP/bhgsg5DuMGUBZ51p48F47fgDXL7xt+1Qdo6n9KSxf5Jn 9iMn5HgesFOtjTVhLSqEG5a3blrzsfs1/NFi/i21lJkPU2lJ77lAYAqPAQHwMOK7jbjR B6/61RjcGDMpWJwLMXBa2BbV3di7CAjWmJepirtqKqCdX686FT3DOUd9+kBlonbmxmzj AIUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=kAjM5HEsspBlNijVuICPZiEaBHnx+8T3ds57+wyhk8Y=; b=S5yMeiLOfE1iD6eATWU6X/qtEe3IEQkEgtamN9tA4uZYkw+OStH0bElODQxB2fnMAL XmgFnY08jyM0Wlb7YiuIL5qSApaEHxAMzeIMoYepY3MWJ7QMzG6A2A097Qx1So/6GD2J uv6LEG1CU2PVD4tjR+0E+e64nA6K1vosgZAJQKDz8kITgGW4ToKfMbJOrZGpuXW5XJr4 dhRoTFPi74Zsm3nl7iuzePs908Qbk5DwpQitYMea6Yg3s6fGEqUSKr4yuF3fZYoozmlC dW2NC80cUtcNuia796eMUR6QPYPcJ4OZ8TYWFU2t171YSUXuhbxFMKs0sg45MxPtmJ7Y dYAg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a6si1103039eju.72.2019.10.28.23.50.49; Mon, 28 Oct 2019 23:51:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388853AbfJ1VEA (ORCPT + 99 others); Mon, 28 Oct 2019 17:04:00 -0400 Received: from mga07.intel.com ([134.134.136.100]:17673 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728441AbfJ1VEA (ORCPT ); Mon, 28 Oct 2019 17:04:00 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Oct 2019 14:03:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,241,1569308400"; d="scan'208";a="189731934" Received: from shrehore-mobl1.ti.intel.com (HELO localhost) ([10.251.82.5]) by orsmga007.jf.intel.com with ESMTP; 28 Oct 2019 14:03:48 -0700 From: Jarkko Sakkinen To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-sgx@vger.kernel.org Cc: akpm@linux-foundation.org, dave.hansen@intel.com, sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, haitao.huang@intel.com, andriy.shevchenko@linux.intel.com, tglx@linutronix.de, kai.svahn@intel.com, bp@alien8.de, josh@joshtriplett.org, luto@kernel.org, kai.huang@intel.com, rientjes@google.com, cedric.xing@intel.com, puiterwijk@redhat.com, Jarkko Sakkinen Subject: [PATCH v23 02/24] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits Date: Mon, 28 Oct 2019 23:03:02 +0200 Message-Id: <20191028210324.12475-3-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191028210324.12475-1-jarkko.sakkinen@linux.intel.com> References: <20191028210324.12475-1-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson Add X86_FEATURE_SGX from CPUID.(EAX=7, ECX=1), which informs whether the CPU has SGX. Add X86_FEATURE_SGX1 and X86_FEATURE_SGX2 from CPUID.(EAX=12H, ECX=0), which describe the level of SGX support available [1]. Remap CPUID.(EAX=12H, ECX=0) bits to the Linux fake CPUID 8 in order to conserve some space. Keep the bit positions intact because KVM requires this. Reserve bits 0-7 for SGX in order to maintain this invariant also when new SGX specific feature bits get added. Add IA32_FEATURE_CONTROL_SGX_ENABLE. BIOS can use this bit to opt-in SGX before locking the feature control MSR [2]. [1] Intel SDM: 36.7.2 IntelĀ® SGX Resource Enumeration Leaves [2] Intel SDM: 36.7.1 IntelĀ® SGX Opt-In Configuration Signed-off-by: Sean Christopherson Co-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- arch/x86/include/asm/cpufeatures.h | 23 +++++++++++++++++------ arch/x86/include/asm/disabled-features.h | 14 ++++++++++++-- arch/x86/include/asm/msr-index.h | 1 + arch/x86/kernel/cpu/scattered.c | 2 ++ tools/arch/x86/include/asm/cpufeatures.h | 21 +++++++++++++++------ 5 files changed, 47 insertions(+), 14 deletions(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 0652d3eed9bd..0872fec45534 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -221,12 +221,22 @@ #define X86_FEATURE_L1TF_PTEINV ( 7*32+29) /* "" L1TF workaround PTE inversion */ #define X86_FEATURE_IBRS_ENHANCED ( 7*32+30) /* Enhanced IBRS */ -/* Virtualization flags: Linux defined, word 8 */ -#define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ -#define X86_FEATURE_VNMI ( 8*32+ 1) /* Intel Virtual NMI */ -#define X86_FEATURE_FLEXPRIORITY ( 8*32+ 2) /* Intel FlexPriority */ -#define X86_FEATURE_EPT ( 8*32+ 3) /* Intel Extended Page Table */ -#define X86_FEATURE_VPID ( 8*32+ 4) /* Intel Virtual Processor ID */ +/* + * Scattered Intel features: Linux defined, word 8. + * + * Note that the bit location of the SGX features is meaningful as KVM expects + * the Linux defined bit to match the Intel defined bit, e.g. X86_FEATURE_SGX1 + * must remain at bit 0, SGX2 at bit 1, etc... + */ +#define X86_FEATURE_SGX1 ( 8*32+ 0) /* SGX1 leaf functions */ +#define X86_FEATURE_SGX2 ( 8*32+ 1) /* SGX2 leaf functions */ +/* Bits [0:7] are reserved for SGX */ + +#define X86_FEATURE_TPR_SHADOW ( 8*32+ 8) /* Intel TPR Shadow */ +#define X86_FEATURE_VNMI ( 8*32+ 9) /* Intel Virtual NMI */ +#define X86_FEATURE_FLEXPRIORITY ( 8*32+10) /* Intel FlexPriority */ +#define X86_FEATURE_EPT ( 8*32+11) /* Intel Extended Page Table */ +#define X86_FEATURE_VPID ( 8*32+12) /* Intel Virtual Processor ID */ #define X86_FEATURE_VMMCALL ( 8*32+15) /* Prefer VMMCALL to VMCALL */ #define X86_FEATURE_XENPV ( 8*32+16) /* "" Xen paravirtual guest */ @@ -237,6 +247,7 @@ /* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */ #define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/ #define X86_FEATURE_TSC_ADJUST ( 9*32+ 1) /* TSC adjustment MSR 0x3B */ +#define X86_FEATURE_SGX ( 9*32+ 2) /* Software Guard Extensions */ #define X86_FEATURE_BMI1 ( 9*32+ 3) /* 1st group bit manipulation extensions */ #define X86_FEATURE_HLE ( 9*32+ 4) /* Hardware Lock Elision */ #define X86_FEATURE_AVX2 ( 9*32+ 5) /* AVX2 instructions */ diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h index a5ea841cc6d2..926f9dc4d75a 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -34,12 +34,16 @@ # define DISABLE_CYRIX_ARR (1<<(X86_FEATURE_CYRIX_ARR & 31)) # define DISABLE_CENTAUR_MCR (1<<(X86_FEATURE_CENTAUR_MCR & 31)) # define DISABLE_PCID 0 +# define DISABLE_SGX1 0 +# define DISABLE_SGX2 0 #else # define DISABLE_VME 0 # define DISABLE_K6_MTRR 0 # define DISABLE_CYRIX_ARR 0 # define DISABLE_CENTAUR_MCR 0 # define DISABLE_PCID (1<<(X86_FEATURE_PCID & 31)) +# define DISABLE_SGX1 (1<<(X86_FEATURE_SGX1 & 31)) +# define DISABLE_SGX2 (1<<(X86_FEATURE_SGX2 & 31)) #endif /* CONFIG_X86_64 */ #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS @@ -62,6 +66,12 @@ # define DISABLE_PTI (1 << (X86_FEATURE_PTI & 31)) #endif +#ifdef CONFIG_INTEL_SGX +# define DISABLE_SGX_CORE 0 +#else +# define DISABLE_SGX_CORE (1 << (X86_FEATURE_SGX & 31)) +#endif + /* * Make sure to add features to the correct mask */ @@ -73,8 +83,8 @@ #define DISABLED_MASK5 0 #define DISABLED_MASK6 0 #define DISABLED_MASK7 (DISABLE_PTI) -#define DISABLED_MASK8 0 -#define DISABLED_MASK9 (DISABLE_MPX|DISABLE_SMAP) +#define DISABLED_MASK8 (DISABLE_SGX1|DISABLE_SGX2) +#define DISABLED_MASK9 (DISABLE_MPX|DISABLE_SMAP|DISABLE_SGX_CORE) #define DISABLED_MASK10 0 #define DISABLED_MASK11 0 #define DISABLED_MASK12 0 diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 20ce682a2540..975a957a791a 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -551,6 +551,7 @@ #define FEATURE_CONTROL_LOCKED (1<<0) #define FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX (1<<1) #define FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX (1<<2) +#define FEATURE_CONTROL_SGX_ENABLE (1<<18) #define FEATURE_CONTROL_LMCE (1<<20) #define MSR_IA32_APICBASE 0x0000001b diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c index adf9b71386ef..9aea45c0b494 100644 --- a/arch/x86/kernel/cpu/scattered.c +++ b/arch/x86/kernel/cpu/scattered.c @@ -35,6 +35,8 @@ static const struct cpuid_bit cpuid_bits[] = { { X86_FEATURE_CDP_L3, CPUID_ECX, 2, 0x00000010, 1 }, { X86_FEATURE_CDP_L2, CPUID_ECX, 2, 0x00000010, 2 }, { X86_FEATURE_MBA, CPUID_EBX, 3, 0x00000010, 0 }, + { X86_FEATURE_SGX1, CPUID_EAX, 0, 0x00000012, 0 }, + { X86_FEATURE_SGX2, CPUID_EAX, 1, 0x00000012, 0 }, { X86_FEATURE_HW_PSTATE, CPUID_EDX, 7, 0x80000007, 0 }, { X86_FEATURE_CPB, CPUID_EDX, 9, 0x80000007, 0 }, { X86_FEATURE_PROC_FEEDBACK, CPUID_EDX, 11, 0x80000007, 0 }, diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/include/asm/cpufeatures.h index 0652d3eed9bd..ed691ada4244 100644 --- a/tools/arch/x86/include/asm/cpufeatures.h +++ b/tools/arch/x86/include/asm/cpufeatures.h @@ -221,12 +221,21 @@ #define X86_FEATURE_L1TF_PTEINV ( 7*32+29) /* "" L1TF workaround PTE inversion */ #define X86_FEATURE_IBRS_ENHANCED ( 7*32+30) /* Enhanced IBRS */ -/* Virtualization flags: Linux defined, word 8 */ -#define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ -#define X86_FEATURE_VNMI ( 8*32+ 1) /* Intel Virtual NMI */ -#define X86_FEATURE_FLEXPRIORITY ( 8*32+ 2) /* Intel FlexPriority */ -#define X86_FEATURE_EPT ( 8*32+ 3) /* Intel Extended Page Table */ -#define X86_FEATURE_VPID ( 8*32+ 4) /* Intel Virtual Processor ID */ +/* + * Scattered Intel features: Linux defined, word 8. + * + * Note that the bit numbers of the SGX features are meaningful as KVM expects + * the Linux defined bit to match the Intel defined bit, e.g. X86_FEATURE_SGX1 + * must remain at bit 0, SGX2 at bit 1, etc... + */ +#define X86_FEATURE_SGX1 ( 8*32+ 0) /* SGX1 leaf functions */ +#define X86_FEATURE_SGX2 ( 8*32+ 1) /* SGX2 leaf functions */ + +#define X86_FEATURE_TPR_SHADOW ( 8*32+ 8) /* Intel TPR Shadow */ +#define X86_FEATURE_VNMI ( 8*32+ 9) /* Intel Virtual NMI */ +#define X86_FEATURE_FLEXPRIORITY ( 8*32+10) /* Intel FlexPriority */ +#define X86_FEATURE_EPT ( 8*32+11) /* Intel Extended Page Table */ +#define X86_FEATURE_VPID ( 8*32+12) /* Intel Virtual Processor ID */ #define X86_FEATURE_VMMCALL ( 8*32+15) /* Prefer VMMCALL to VMCALL */ #define X86_FEATURE_XENPV ( 8*32+16) /* "" Xen paravirtual guest */ -- 2.20.1