Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1588069pxa; Thu, 6 Aug 2020 10:58:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxP1vVj0P2tXP12GcXIPEMdDIVIH2XPLTporJeYAv876tN3xwCfi2zZhFSnuFnkSbVE3OIU X-Received: by 2002:a50:9316:: with SMTP id m22mr5382149eda.178.1596736723275; Thu, 06 Aug 2020 10:58:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596736723; cv=none; d=google.com; s=arc-20160816; b=yOLyD/3jgMlTITT2Wyl1/YukNP8f4CsQhrMssYeE708n5u9l6cbG9yywMUQOh4lzEn MHhsZaWpUPbtHpkugS+7KJYvrDpCARNWI5sEPYWnC7IGn2xJeENHtjgR+E3wKTr1PHxb nKjB8nYKuY1EG4gUuvctFWEW341dwHAXYCnvgKpDEkqi8ScfqZpWjMvewFrrhP2MYm9x 9Uzu60HHpDBpHTUBtFPtBahYKkAog/dK7SxD01IHmxgA13JjWVnB4sfOqPJMHrkszkqw Hyt3ZYiby7yyyq/KhFA8AQxEY3SFTDniF2RyeJl9yq6yo6k2TLh7VXpgzsx9yeZb0SCe sfTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:dkim-signature; bh=xeQh4UwI5BYb0rFkOfOqf85p8ALQ3Km95tWCw+dneU0=; b=s9setNt2TrfRprAa8P2uW7ADM9ZjQIs8vcFElokw7A6xntqgFDqsIke9L6+6GzLdpi TvAERXjdYwVDOM7JjkkcZeoAmE03NiwbRrSwXVb/o92aB1C32se/J0GS4Yg2qWLYXcDV wzKud5qgK82UNSzUV0MI+sX8Cl3k9Riyatcw7cZ4ov10uL0Xr4fNRNdQqQVIbo8OMTQ9 HvnNPt0UAXUO1LsQQNyGQI1NBUdEluTKxEbu7Souf3mwc+DiVcvc2mnPmuqcIaKwZfO5 LP5QBfGbeCqy3ythxSuR1+NR1FnICJiaMNLbWdW517bc7AIFVB+ronTe9Evv5Zclmo+E w4bw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=V4GqZD3E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p12si1578193edy.553.2020.08.06.10.58.20; Thu, 06 Aug 2020 10:58:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=V4GqZD3E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727858AbgHFR6L (ORCPT + 99 others); Thu, 6 Aug 2020 13:58:11 -0400 Received: from aserp2120.oracle.com ([141.146.126.78]:49682 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725272AbgHFR6K (ORCPT ); Thu, 6 Aug 2020 13:58:10 -0400 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 076D27CE176546; Thu, 6 Aug 2020 13:17:57 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type; s=corp-2020-01-29; bh=xeQh4UwI5BYb0rFkOfOqf85p8ALQ3Km95tWCw+dneU0=; b=V4GqZD3E80QaR3bTb+QGtayZjdsIoQKe5MeCDAW2nKaiOSWZb/GCKMD2eNBIaQKeT9Q1 YXwYXaln8m7XAaQr54etsrv/obofZQbCIK9lWM7Gi+YtHKuiqpGxmf2J+uBisydwsSmW PcBWXVpV62OaJ3g4+bG2OKI7hPlSvRy6nfBrSp5cLB7aaw4rx8w+uKl5zf5ZWCJVn34J R+SUItZpWq00NrHAgY87XnHyZLZ5nbWAUi8cX23lLKDR4KQ4MoALI7M6zRdcC8AjPEKW 0zLc8BhNX18GxGsJKoln9+ndvvhcpB4mNoDSubSWgD5rkV3FBRk/gAPfArXOGu5OCLQ3 xw== Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by aserp2120.oracle.com with ESMTP id 32r6ep2uph-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 06 Aug 2020 13:17:57 +0000 Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 076Cwxmu172996; Thu, 6 Aug 2020 13:17:56 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserp3020.oracle.com with ESMTP id 32pdnwc24c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 06 Aug 2020 13:17:56 +0000 Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id 076DHrHX018618; Thu, 6 Aug 2020 13:17:54 GMT Received: from starbug-mbp.localdomain (/79.97.215.145) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 06 Aug 2020 06:17:53 -0700 Received: by starbug-mbp.localdomain (Postfix, from userid 501) id D1895F04A2B; Thu, 6 Aug 2020 14:17:47 +0100 (IST) From: Darren Kenny To: Jarkko Sakkinen , x86@kernel.org, linux-sgx@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Sean Christopherson , Jethro Beekman , Jarkko Sakkinen , akpm@linux-foundation.org, andriy.shevchenko@linux.intel.com, asapek@google.com, bp@alien8.de, cedric.xing@intel.com, chenalexchen@google.com, conradparker@google.com, cyhanish@google.com, dave.hansen@intel.com, haitao.huang@intel.com, josh@joshtriplett.org, kai.huang@intel.com, kai.svahn@intel.com, kmoy@google.com, ludloff@google.com, luto@kernel.org, nhorman@redhat.com, npmccallum@redhat.com, puiterwijk@redhat.com, rientjes@google.com, tglx@linutronix.de, yaozhangx@google.com Subject: Re: [PATCH v36 06/24] x86/cpu/intel: Detect SGX support In-Reply-To: <20200716135303.276442-7-jarkko.sakkinen@linux.intel.com> References: <20200716135303.276442-1-jarkko.sakkinen@linux.intel.com> <20200716135303.276442-7-jarkko.sakkinen@linux.intel.com> Date: Thu, 06 Aug 2020 14:17:47 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9704 signatures=668679 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 spamscore=0 mlxscore=0 bulkscore=0 adultscore=0 phishscore=0 malwarescore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2008060094 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9704 signatures=668679 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 bulkscore=0 malwarescore=0 clxscore=1015 mlxscore=0 priorityscore=1501 adultscore=0 impostorscore=0 lowpriorityscore=0 phishscore=0 spamscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2008060094 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thursday, 2020-07-16 at 16:52:45 +03, Jarkko Sakkinen wrote: > From: Sean Christopherson > > Configure SGX as part of feature control MSR initialization and update > the associated X86_FEATURE flags accordingly. Because the kernel will > require the LE hash MSRs to be writable when running native enclaves, > disable X86_FEATURE_SGX (and all derivatives) if SGX Launch Control is > not (or cannot) be fully enabled via feature control MSR. > > The check is done for every CPU, not just BSP, in order to verify that > MSR_IA32_FEATURE_CONTROL is correctly configured on all CPUs. The other > parts of the kernel, like the enclave driver, expect the same > configuration from all CPUs. > > Note, unlike VMX, clear the X86_FEATURE_SGX* flags for all CPUs if any > CPU lacks SGX support as the kernel expects SGX to be available on all > CPUs. X86_FEATURE_VMX is intentionally cleared only for the current CPU > so that KVM can provide additional information if KVM fails to load, > e.g. print which CPU doesn't support VMX. KVM/VMX requires additional > per-CPU enabling, e.g. to set CR4.VMXE and do VMXON, and so already has > the necessary infrastructure to do per-CPU checks. SGX on the other > hand doesn't require additional enabling, so clearing the feature flags > on all CPUs means the SGX subsystem doesn't need to manually do support > checks on a per-CPU basis. > > Acked-by: Jethro Beekman > Signed-off-by: Sean Christopherson > Co-developed-by: Jarkko Sakkinen > Signed-off-by: Jarkko Sakkinen Reviewed-by: Darren Kenny > --- > arch/x86/kernel/cpu/feat_ctl.c | 32 +++++++++++++++++++++++++++++++- > 1 file changed, 31 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c > index 29a3bedabd06..c3afcd2e4342 100644 > --- a/arch/x86/kernel/cpu/feat_ctl.c > +++ b/arch/x86/kernel/cpu/feat_ctl.c > @@ -93,16 +93,35 @@ static void init_vmx_capabilities(struct cpuinfo_x86 *c) > } > #endif /* CONFIG_X86_VMX_FEATURE_NAMES */ > > +static void clear_sgx_caps(void) > +{ > + setup_clear_cpu_cap(X86_FEATURE_SGX); > + setup_clear_cpu_cap(X86_FEATURE_SGX_LC); > + setup_clear_cpu_cap(X86_FEATURE_SGX1); > + setup_clear_cpu_cap(X86_FEATURE_SGX2); > +} > + > void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > { > bool tboot = tboot_enabled(); > + bool enable_sgx; > u64 msr; > > if (rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr)) { > clear_cpu_cap(c, X86_FEATURE_VMX); > + clear_sgx_caps(); > return; > } > > + /* > + * Enable SGX if and only if the kernel supports SGX and Launch Control > + * is supported, i.e. disable SGX if the LE hash MSRs can't be written. > + */ > + enable_sgx = cpu_has(c, X86_FEATURE_SGX) && > + cpu_has(c, X86_FEATURE_SGX1) && > + cpu_has(c, X86_FEATURE_SGX_LC) && > + IS_ENABLED(CONFIG_INTEL_SGX); > + > if (msr & FEAT_CTL_LOCKED) > goto update_caps; > > @@ -124,13 +143,16 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX; > } > > + if (enable_sgx) > + msr |= FEAT_CTL_SGX_ENABLED | FEAT_CTL_SGX_LC_ENABLED; > + > wrmsrl(MSR_IA32_FEAT_CTL, msr); > > update_caps: > set_cpu_cap(c, X86_FEATURE_MSR_IA32_FEAT_CTL); > > if (!cpu_has(c, X86_FEATURE_VMX)) > - return; > + goto update_sgx; > > if ( (tboot && !(msr & FEAT_CTL_VMX_ENABLED_INSIDE_SMX)) || > (!tboot && !(msr & FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX))) { > @@ -143,4 +165,12 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > init_vmx_capabilities(c); > #endif > } > + > +update_sgx: > + if (!(msr & FEAT_CTL_SGX_ENABLED) || > + !(msr & FEAT_CTL_SGX_LC_ENABLED) || !enable_sgx) { > + if (enable_sgx) > + pr_err_once("SGX disabled by BIOS\n"); > + clear_sgx_caps(); > + } > } > -- > 2.25.1