From: kernel test robot <lkp@intel.com>
To: Kai Huang <kai.huang@intel.com>,
kvm@vger.kernel.org, linux-sgx@vger.kernel.org
Cc: kbuild-all@lists.01.org, seanjc@google.com, pbonzini@redhat.com,
bp@alien8.de, jarkko@kernel.org, dave.hansen@intel.com,
luto@kernel.org, rick.p.edgecombe@intel.com,
haitao.huang@intel.com
Subject: Re: [PATCH v5 11/11] KVM: x86: Add capability to grant VM access to privileged SGX attribute
Date: Mon, 12 Apr 2021 19:28:12 +0800 [thread overview]
Message-ID: <202104121922.ek26ZlXx-lkp@intel.com> (raw)
In-Reply-To: <0b099d65e933e068e3ea934b0523bab070cb8cea.1618196135.git.kai.huang@intel.com>
[-- Attachment #1: Type: text/plain, Size: 17068 bytes --]
Hi Kai,
I love your patch! Yet something to improve:
[auto build test ERROR on kvm/queue]
[cannot apply to vhost/linux-next v5.12-rc7 next-20210409]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Kai-Huang/KVM-SGX-virtualization-support-KVM-part/20210412-122425
base: https://git.kernel.org/pub/scm/virt/kvm/kvm.git queue
config: x86_64-rhel-8.3-kselftests (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
# https://github.com/0day-ci/linux/commit/ee406a5de64531c5ec7886a5097f5a832ad2b1e4
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Kai-Huang/KVM-SGX-virtualization-support-KVM-part/20210412-122425
git checkout ee406a5de64531c5ec7886a5097f5a832ad2b1e4
# save the attached .config to linux build tree
make W=1 ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
In file included from arch/x86/kvm/cpuid.c:22:
arch/x86/kvm/cpuid.h: In function '__feature_translate':
arch/x86/kvm/cpuid.h:128:21: error: 'X86_FEATURE_SGX1' undeclared (first use in this function); did you mean 'X86_FEATURE_SGX'?
128 | if (x86_feature == X86_FEATURE_SGX1)
| ^~~~~~~~~~~~~~~~
| X86_FEATURE_SGX
arch/x86/kvm/cpuid.h:128:21: note: each undeclared identifier is reported only once for each function it appears in
arch/x86/kvm/cpuid.h:130:26: error: 'X86_FEATURE_SGX2' undeclared (first use in this function); did you mean 'X86_FEATURE_SGX'?
130 | else if (x86_feature == X86_FEATURE_SGX2)
| ^~~~~~~~~~~~~~~~
| X86_FEATURE_SGX
In file included from arch/x86/include/asm/thread_info.h:53,
from include/linux/thread_info.h:58,
from arch/x86/include/asm/preempt.h:7,
from include/linux/preempt.h:78,
from include/linux/percpu.h:6,
from include/linux/context_tracking_state.h:5,
from include/linux/hardirq.h:5,
from include/linux/kvm_host.h:7,
from arch/x86/kvm/cpuid.c:12:
arch/x86/kvm/cpuid.c: In function 'kvm_set_cpu_caps':
arch/x86/kvm/cpuid.c:57:32: error: 'X86_FEATURE_SGX1' undeclared (first use in this function); did you mean 'X86_FEATURE_SGX'?
57 | #define SF(name) (boot_cpu_has(X86_FEATURE_##name) ? F(name) : 0)
| ^~~~~~~~~~~~
arch/x86/include/asm/cpufeature.h:121:24: note: in definition of macro 'cpu_has'
121 | (__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 : \
| ^~~
arch/x86/kvm/cpuid.c:57:19: note: in expansion of macro 'boot_cpu_has'
57 | #define SF(name) (boot_cpu_has(X86_FEATURE_##name) ? F(name) : 0)
| ^~~~~~~~~~~~
arch/x86/kvm/cpuid.c:500:3: note: in expansion of macro 'SF'
500 | SF(SGX1) | SF(SGX2)
| ^~
arch/x86/kvm/cpuid.c:57:32: error: 'X86_FEATURE_SGX2' undeclared (first use in this function); did you mean 'X86_FEATURE_SGX'?
57 | #define SF(name) (boot_cpu_has(X86_FEATURE_##name) ? F(name) : 0)
| ^~~~~~~~~~~~
arch/x86/include/asm/cpufeature.h:121:24: note: in definition of macro 'cpu_has'
121 | (__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 : \
| ^~~
arch/x86/kvm/cpuid.c:57:19: note: in expansion of macro 'boot_cpu_has'
57 | #define SF(name) (boot_cpu_has(X86_FEATURE_##name) ? F(name) : 0)
| ^~~~~~~~~~~~
arch/x86/kvm/cpuid.c:500:14: note: in expansion of macro 'SF'
500 | SF(SGX1) | SF(SGX2)
| ^~
arch/x86/kvm/cpuid.c: In function '__do_cpuid_func':
arch/x86/kvm/cpuid.c:838:17: error: 'SGX_MISC_EXINFO' undeclared (first use in this function)
838 | entry->ebx &= SGX_MISC_EXINFO;
| ^~~~~~~~~~~~~~~
arch/x86/kvm/cpuid.c:851:17: error: 'SGX_ATTR_DEBUG' undeclared (first use in this function)
851 | entry->eax &= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT |
| ^~~~~~~~~~~~~~
arch/x86/kvm/cpuid.c:851:34: error: 'SGX_ATTR_MODE64BIT' undeclared (first use in this function)
851 | entry->eax &= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT |
| ^~~~~~~~~~~~~~~~~~
>> arch/x86/kvm/cpuid.c:852:10: error: 'SGX_ATTR_PROVISIONKEY' undeclared (first use in this function)
852 | SGX_ATTR_PROVISIONKEY | SGX_ATTR_EINITTOKENKEY |
| ^~~~~~~~~~~~~~~~~~~~~
arch/x86/kvm/cpuid.c:852:34: error: 'SGX_ATTR_EINITTOKENKEY' undeclared (first use in this function)
852 | SGX_ATTR_PROVISIONKEY | SGX_ATTR_EINITTOKENKEY |
| ^~~~~~~~~~~~~~~~~~~~~~
arch/x86/kvm/cpuid.c:853:10: error: 'SGX_ATTR_KSS' undeclared (first use in this function)
853 | SGX_ATTR_KSS;
| ^~~~~~~~~~~~
vim +/SGX_ATTR_PROVISIONKEY +852 arch/x86/kvm/cpuid.c
643
644 static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function)
645 {
646 struct kvm_cpuid_entry2 *entry;
647 int r, i, max_idx;
648
649 /* all calls to cpuid_count() should be made on the same cpu */
650 get_cpu();
651
652 r = -E2BIG;
653
654 entry = do_host_cpuid(array, function, 0);
655 if (!entry)
656 goto out;
657
658 switch (function) {
659 case 0:
660 /* Limited to the highest leaf implemented in KVM. */
661 entry->eax = min(entry->eax, 0x1fU);
662 break;
663 case 1:
664 cpuid_entry_override(entry, CPUID_1_EDX);
665 cpuid_entry_override(entry, CPUID_1_ECX);
666 break;
667 case 2:
668 /*
669 * On ancient CPUs, function 2 entries are STATEFUL. That is,
670 * CPUID(function=2, index=0) may return different results each
671 * time, with the least-significant byte in EAX enumerating the
672 * number of times software should do CPUID(2, 0).
673 *
674 * Modern CPUs, i.e. every CPU KVM has *ever* run on are less
675 * idiotic. Intel's SDM states that EAX & 0xff "will always
676 * return 01H. Software should ignore this value and not
677 * interpret it as an informational descriptor", while AMD's
678 * APM states that CPUID(2) is reserved.
679 *
680 * WARN if a frankenstein CPU that supports virtualization and
681 * a stateful CPUID.0x2 is encountered.
682 */
683 WARN_ON_ONCE((entry->eax & 0xff) > 1);
684 break;
685 /* functions 4 and 0x8000001d have additional index. */
686 case 4:
687 case 0x8000001d:
688 /*
689 * Read entries until the cache type in the previous entry is
690 * zero, i.e. indicates an invalid entry.
691 */
692 for (i = 1; entry->eax & 0x1f; ++i) {
693 entry = do_host_cpuid(array, function, i);
694 if (!entry)
695 goto out;
696 }
697 break;
698 case 6: /* Thermal management */
699 entry->eax = 0x4; /* allow ARAT */
700 entry->ebx = 0;
701 entry->ecx = 0;
702 entry->edx = 0;
703 break;
704 /* function 7 has additional index. */
705 case 7:
706 entry->eax = min(entry->eax, 1u);
707 cpuid_entry_override(entry, CPUID_7_0_EBX);
708 cpuid_entry_override(entry, CPUID_7_ECX);
709 cpuid_entry_override(entry, CPUID_7_EDX);
710
711 /* KVM only supports 0x7.0 and 0x7.1, capped above via min(). */
712 if (entry->eax == 1) {
713 entry = do_host_cpuid(array, function, 1);
714 if (!entry)
715 goto out;
716
717 cpuid_entry_override(entry, CPUID_7_1_EAX);
718 entry->ebx = 0;
719 entry->ecx = 0;
720 entry->edx = 0;
721 }
722 break;
723 case 9:
724 break;
725 case 0xa: { /* Architectural Performance Monitoring */
726 struct x86_pmu_capability cap;
727 union cpuid10_eax eax;
728 union cpuid10_edx edx;
729
730 perf_get_x86_pmu_capability(&cap);
731
732 /*
733 * Only support guest architectural pmu on a host
734 * with architectural pmu.
735 */
736 if (!cap.version)
737 memset(&cap, 0, sizeof(cap));
738
739 eax.split.version_id = min(cap.version, 2);
740 eax.split.num_counters = cap.num_counters_gp;
741 eax.split.bit_width = cap.bit_width_gp;
742 eax.split.mask_length = cap.events_mask_len;
743
744 edx.split.num_counters_fixed = min(cap.num_counters_fixed, MAX_FIXED_COUNTERS);
745 edx.split.bit_width_fixed = cap.bit_width_fixed;
746 edx.split.anythread_deprecated = 1;
747 edx.split.reserved1 = 0;
748 edx.split.reserved2 = 0;
749
750 entry->eax = eax.full;
751 entry->ebx = cap.events_mask;
752 entry->ecx = 0;
753 entry->edx = edx.full;
754 break;
755 }
756 /*
757 * Per Intel's SDM, the 0x1f is a superset of 0xb,
758 * thus they can be handled by common code.
759 */
760 case 0x1f:
761 case 0xb:
762 /*
763 * Populate entries until the level type (ECX[15:8]) of the
764 * previous entry is zero. Note, CPUID EAX.{0x1f,0xb}.0 is
765 * the starting entry, filled by the primary do_host_cpuid().
766 */
767 for (i = 1; entry->ecx & 0xff00; ++i) {
768 entry = do_host_cpuid(array, function, i);
769 if (!entry)
770 goto out;
771 }
772 break;
773 case 0xd:
774 entry->eax &= supported_xcr0;
775 entry->ebx = xstate_required_size(supported_xcr0, false);
776 entry->ecx = entry->ebx;
777 entry->edx &= supported_xcr0 >> 32;
778 if (!supported_xcr0)
779 break;
780
781 entry = do_host_cpuid(array, function, 1);
782 if (!entry)
783 goto out;
784
785 cpuid_entry_override(entry, CPUID_D_1_EAX);
786 if (entry->eax & (F(XSAVES)|F(XSAVEC)))
787 entry->ebx = xstate_required_size(supported_xcr0 | supported_xss,
788 true);
789 else {
790 WARN_ON_ONCE(supported_xss != 0);
791 entry->ebx = 0;
792 }
793 entry->ecx &= supported_xss;
794 entry->edx &= supported_xss >> 32;
795
796 for (i = 2; i < 64; ++i) {
797 bool s_state;
798 if (supported_xcr0 & BIT_ULL(i))
799 s_state = false;
800 else if (supported_xss & BIT_ULL(i))
801 s_state = true;
802 else
803 continue;
804
805 entry = do_host_cpuid(array, function, i);
806 if (!entry)
807 goto out;
808
809 /*
810 * The supported check above should have filtered out
811 * invalid sub-leafs. Only valid sub-leafs should
812 * reach this point, and they should have a non-zero
813 * save state size. Furthermore, check whether the
814 * processor agrees with supported_xcr0/supported_xss
815 * on whether this is an XCR0- or IA32_XSS-managed area.
816 */
817 if (WARN_ON_ONCE(!entry->eax || (entry->ecx & 0x1) != s_state)) {
818 --array->nent;
819 continue;
820 }
821 entry->edx = 0;
822 }
823 break;
824 case 0x12:
825 /* Intel SGX */
826 if (!kvm_cpu_cap_has(X86_FEATURE_SGX)) {
827 entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
828 break;
829 }
830
831 /*
832 * Index 0: Sub-features, MISCSELECT (a.k.a extended features)
833 * and max enclave sizes. The SGX sub-features and MISCSELECT
834 * are restricted by kernel and KVM capabilities (like most
835 * feature flags), while enclave size is unrestricted.
836 */
837 cpuid_entry_override(entry, CPUID_12_EAX);
838 entry->ebx &= SGX_MISC_EXINFO;
839
840 entry = do_host_cpuid(array, function, 1);
841 if (!entry)
842 goto out;
843
844 /*
845 * Index 1: SECS.ATTRIBUTES. ATTRIBUTES are restricted a la
846 * feature flags. Advertise all supported flags, including
847 * privileged attributes that require explicit opt-in from
848 * userspace. ATTRIBUTES.XFRM is not adjusted as userspace is
849 * expected to derive it from supported XCR0.
850 */
851 entry->eax &= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT |
> 852 SGX_ATTR_PROVISIONKEY | SGX_ATTR_EINITTOKENKEY |
853 SGX_ATTR_KSS;
854 entry->ebx &= 0;
855 break;
856 /* Intel PT */
857 case 0x14:
858 if (!kvm_cpu_cap_has(X86_FEATURE_INTEL_PT)) {
859 entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
860 break;
861 }
862
863 for (i = 1, max_idx = entry->eax; i <= max_idx; ++i) {
864 if (!do_host_cpuid(array, function, i))
865 goto out;
866 }
867 break;
868 case KVM_CPUID_SIGNATURE: {
869 static const char signature[12] = "KVMKVMKVM\0\0";
870 const u32 *sigptr = (const u32 *)signature;
871 entry->eax = KVM_CPUID_FEATURES;
872 entry->ebx = sigptr[0];
873 entry->ecx = sigptr[1];
874 entry->edx = sigptr[2];
875 break;
876 }
877 case KVM_CPUID_FEATURES:
878 entry->eax = (1 << KVM_FEATURE_CLOCKSOURCE) |
879 (1 << KVM_FEATURE_NOP_IO_DELAY) |
880 (1 << KVM_FEATURE_CLOCKSOURCE2) |
881 (1 << KVM_FEATURE_ASYNC_PF) |
882 (1 << KVM_FEATURE_PV_EOI) |
883 (1 << KVM_FEATURE_CLOCKSOURCE_STABLE_BIT) |
884 (1 << KVM_FEATURE_PV_UNHALT) |
885 (1 << KVM_FEATURE_PV_TLB_FLUSH) |
886 (1 << KVM_FEATURE_ASYNC_PF_VMEXIT) |
887 (1 << KVM_FEATURE_PV_SEND_IPI) |
888 (1 << KVM_FEATURE_POLL_CONTROL) |
889 (1 << KVM_FEATURE_PV_SCHED_YIELD) |
890 (1 << KVM_FEATURE_ASYNC_PF_INT);
891
892 if (sched_info_on())
893 entry->eax |= (1 << KVM_FEATURE_STEAL_TIME);
894
895 entry->ebx = 0;
896 entry->ecx = 0;
897 entry->edx = 0;
898 break;
899 case 0x80000000:
900 entry->eax = min(entry->eax, 0x8000001f);
901 break;
902 case 0x80000001:
903 cpuid_entry_override(entry, CPUID_8000_0001_EDX);
904 cpuid_entry_override(entry, CPUID_8000_0001_ECX);
905 break;
906 case 0x80000006:
907 /* L2 cache and TLB: pass through host info. */
908 break;
909 case 0x80000007: /* Advanced power management */
910 /* invariant TSC is CPUID.80000007H:EDX[8] */
911 entry->edx &= (1 << 8);
912 /* mask against host */
913 entry->edx &= boot_cpu_data.x86_power;
914 entry->eax = entry->ebx = entry->ecx = 0;
915 break;
916 case 0x80000008: {
917 unsigned g_phys_as = (entry->eax >> 16) & 0xff;
918 unsigned virt_as = max((entry->eax >> 8) & 0xff, 48U);
919 unsigned phys_as = entry->eax & 0xff;
920
921 if (!g_phys_as)
922 g_phys_as = phys_as;
923 entry->eax = g_phys_as | (virt_as << 8);
924 entry->edx = 0;
925 cpuid_entry_override(entry, CPUID_8000_0008_EBX);
926 break;
927 }
928 case 0x8000000A:
929 if (!kvm_cpu_cap_has(X86_FEATURE_SVM)) {
930 entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
931 break;
932 }
933 entry->eax = 1; /* SVM revision 1 */
934 entry->ebx = 8; /* Lets support 8 ASIDs in case we add proper
935 ASID emulation to nested SVM */
936 entry->ecx = 0; /* Reserved */
937 cpuid_entry_override(entry, CPUID_8000_000A_EDX);
938 break;
939 case 0x80000019:
940 entry->ecx = entry->edx = 0;
941 break;
942 case 0x8000001a:
943 case 0x8000001e:
944 break;
945 /* Support memory encryption cpuid if host supports it */
946 case 0x8000001F:
947 if (!boot_cpu_has(X86_FEATURE_SEV))
948 entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
949 break;
950 /*Add support for Centaur's CPUID instruction*/
951 case 0xC0000000:
952 /*Just support up to 0xC0000004 now*/
953 entry->eax = min(entry->eax, 0xC0000004);
954 break;
955 case 0xC0000001:
956 cpuid_entry_override(entry, CPUID_C000_0001_EDX);
957 break;
958 case 3: /* Processor serial number */
959 case 5: /* MONITOR/MWAIT */
960 case 0xC0000002:
961 case 0xC0000003:
962 case 0xC0000004:
963 default:
964 entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
965 break;
966 }
967
968 r = 0;
969
970 out:
971 put_cpu();
972
973 return r;
974 }
975
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 41481 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: kernel test robot <lkp@intel.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH v5 11/11] KVM: x86: Add capability to grant VM access to privileged SGX attribute
Date: Mon, 12 Apr 2021 19:28:12 +0800 [thread overview]
Message-ID: <202104121922.ek26ZlXx-lkp@intel.com> (raw)
In-Reply-To: <0b099d65e933e068e3ea934b0523bab070cb8cea.1618196135.git.kai.huang@intel.com>
[-- Attachment #1: Type: text/plain, Size: 17502 bytes --]
Hi Kai,
I love your patch! Yet something to improve:
[auto build test ERROR on kvm/queue]
[cannot apply to vhost/linux-next v5.12-rc7 next-20210409]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Kai-Huang/KVM-SGX-virtualization-support-KVM-part/20210412-122425
base: https://git.kernel.org/pub/scm/virt/kvm/kvm.git queue
config: x86_64-rhel-8.3-kselftests (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
# https://github.com/0day-ci/linux/commit/ee406a5de64531c5ec7886a5097f5a832ad2b1e4
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Kai-Huang/KVM-SGX-virtualization-support-KVM-part/20210412-122425
git checkout ee406a5de64531c5ec7886a5097f5a832ad2b1e4
# save the attached .config to linux build tree
make W=1 ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
In file included from arch/x86/kvm/cpuid.c:22:
arch/x86/kvm/cpuid.h: In function '__feature_translate':
arch/x86/kvm/cpuid.h:128:21: error: 'X86_FEATURE_SGX1' undeclared (first use in this function); did you mean 'X86_FEATURE_SGX'?
128 | if (x86_feature == X86_FEATURE_SGX1)
| ^~~~~~~~~~~~~~~~
| X86_FEATURE_SGX
arch/x86/kvm/cpuid.h:128:21: note: each undeclared identifier is reported only once for each function it appears in
arch/x86/kvm/cpuid.h:130:26: error: 'X86_FEATURE_SGX2' undeclared (first use in this function); did you mean 'X86_FEATURE_SGX'?
130 | else if (x86_feature == X86_FEATURE_SGX2)
| ^~~~~~~~~~~~~~~~
| X86_FEATURE_SGX
In file included from arch/x86/include/asm/thread_info.h:53,
from include/linux/thread_info.h:58,
from arch/x86/include/asm/preempt.h:7,
from include/linux/preempt.h:78,
from include/linux/percpu.h:6,
from include/linux/context_tracking_state.h:5,
from include/linux/hardirq.h:5,
from include/linux/kvm_host.h:7,
from arch/x86/kvm/cpuid.c:12:
arch/x86/kvm/cpuid.c: In function 'kvm_set_cpu_caps':
arch/x86/kvm/cpuid.c:57:32: error: 'X86_FEATURE_SGX1' undeclared (first use in this function); did you mean 'X86_FEATURE_SGX'?
57 | #define SF(name) (boot_cpu_has(X86_FEATURE_##name) ? F(name) : 0)
| ^~~~~~~~~~~~
arch/x86/include/asm/cpufeature.h:121:24: note: in definition of macro 'cpu_has'
121 | (__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 : \
| ^~~
arch/x86/kvm/cpuid.c:57:19: note: in expansion of macro 'boot_cpu_has'
57 | #define SF(name) (boot_cpu_has(X86_FEATURE_##name) ? F(name) : 0)
| ^~~~~~~~~~~~
arch/x86/kvm/cpuid.c:500:3: note: in expansion of macro 'SF'
500 | SF(SGX1) | SF(SGX2)
| ^~
arch/x86/kvm/cpuid.c:57:32: error: 'X86_FEATURE_SGX2' undeclared (first use in this function); did you mean 'X86_FEATURE_SGX'?
57 | #define SF(name) (boot_cpu_has(X86_FEATURE_##name) ? F(name) : 0)
| ^~~~~~~~~~~~
arch/x86/include/asm/cpufeature.h:121:24: note: in definition of macro 'cpu_has'
121 | (__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 : \
| ^~~
arch/x86/kvm/cpuid.c:57:19: note: in expansion of macro 'boot_cpu_has'
57 | #define SF(name) (boot_cpu_has(X86_FEATURE_##name) ? F(name) : 0)
| ^~~~~~~~~~~~
arch/x86/kvm/cpuid.c:500:14: note: in expansion of macro 'SF'
500 | SF(SGX1) | SF(SGX2)
| ^~
arch/x86/kvm/cpuid.c: In function '__do_cpuid_func':
arch/x86/kvm/cpuid.c:838:17: error: 'SGX_MISC_EXINFO' undeclared (first use in this function)
838 | entry->ebx &= SGX_MISC_EXINFO;
| ^~~~~~~~~~~~~~~
arch/x86/kvm/cpuid.c:851:17: error: 'SGX_ATTR_DEBUG' undeclared (first use in this function)
851 | entry->eax &= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT |
| ^~~~~~~~~~~~~~
arch/x86/kvm/cpuid.c:851:34: error: 'SGX_ATTR_MODE64BIT' undeclared (first use in this function)
851 | entry->eax &= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT |
| ^~~~~~~~~~~~~~~~~~
>> arch/x86/kvm/cpuid.c:852:10: error: 'SGX_ATTR_PROVISIONKEY' undeclared (first use in this function)
852 | SGX_ATTR_PROVISIONKEY | SGX_ATTR_EINITTOKENKEY |
| ^~~~~~~~~~~~~~~~~~~~~
arch/x86/kvm/cpuid.c:852:34: error: 'SGX_ATTR_EINITTOKENKEY' undeclared (first use in this function)
852 | SGX_ATTR_PROVISIONKEY | SGX_ATTR_EINITTOKENKEY |
| ^~~~~~~~~~~~~~~~~~~~~~
arch/x86/kvm/cpuid.c:853:10: error: 'SGX_ATTR_KSS' undeclared (first use in this function)
853 | SGX_ATTR_KSS;
| ^~~~~~~~~~~~
vim +/SGX_ATTR_PROVISIONKEY +852 arch/x86/kvm/cpuid.c
643
644 static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function)
645 {
646 struct kvm_cpuid_entry2 *entry;
647 int r, i, max_idx;
648
649 /* all calls to cpuid_count() should be made on the same cpu */
650 get_cpu();
651
652 r = -E2BIG;
653
654 entry = do_host_cpuid(array, function, 0);
655 if (!entry)
656 goto out;
657
658 switch (function) {
659 case 0:
660 /* Limited to the highest leaf implemented in KVM. */
661 entry->eax = min(entry->eax, 0x1fU);
662 break;
663 case 1:
664 cpuid_entry_override(entry, CPUID_1_EDX);
665 cpuid_entry_override(entry, CPUID_1_ECX);
666 break;
667 case 2:
668 /*
669 * On ancient CPUs, function 2 entries are STATEFUL. That is,
670 * CPUID(function=2, index=0) may return different results each
671 * time, with the least-significant byte in EAX enumerating the
672 * number of times software should do CPUID(2, 0).
673 *
674 * Modern CPUs, i.e. every CPU KVM has *ever* run on are less
675 * idiotic. Intel's SDM states that EAX & 0xff "will always
676 * return 01H. Software should ignore this value and not
677 * interpret it as an informational descriptor", while AMD's
678 * APM states that CPUID(2) is reserved.
679 *
680 * WARN if a frankenstein CPU that supports virtualization and
681 * a stateful CPUID.0x2 is encountered.
682 */
683 WARN_ON_ONCE((entry->eax & 0xff) > 1);
684 break;
685 /* functions 4 and 0x8000001d have additional index. */
686 case 4:
687 case 0x8000001d:
688 /*
689 * Read entries until the cache type in the previous entry is
690 * zero, i.e. indicates an invalid entry.
691 */
692 for (i = 1; entry->eax & 0x1f; ++i) {
693 entry = do_host_cpuid(array, function, i);
694 if (!entry)
695 goto out;
696 }
697 break;
698 case 6: /* Thermal management */
699 entry->eax = 0x4; /* allow ARAT */
700 entry->ebx = 0;
701 entry->ecx = 0;
702 entry->edx = 0;
703 break;
704 /* function 7 has additional index. */
705 case 7:
706 entry->eax = min(entry->eax, 1u);
707 cpuid_entry_override(entry, CPUID_7_0_EBX);
708 cpuid_entry_override(entry, CPUID_7_ECX);
709 cpuid_entry_override(entry, CPUID_7_EDX);
710
711 /* KVM only supports 0x7.0 and 0x7.1, capped above via min(). */
712 if (entry->eax == 1) {
713 entry = do_host_cpuid(array, function, 1);
714 if (!entry)
715 goto out;
716
717 cpuid_entry_override(entry, CPUID_7_1_EAX);
718 entry->ebx = 0;
719 entry->ecx = 0;
720 entry->edx = 0;
721 }
722 break;
723 case 9:
724 break;
725 case 0xa: { /* Architectural Performance Monitoring */
726 struct x86_pmu_capability cap;
727 union cpuid10_eax eax;
728 union cpuid10_edx edx;
729
730 perf_get_x86_pmu_capability(&cap);
731
732 /*
733 * Only support guest architectural pmu on a host
734 * with architectural pmu.
735 */
736 if (!cap.version)
737 memset(&cap, 0, sizeof(cap));
738
739 eax.split.version_id = min(cap.version, 2);
740 eax.split.num_counters = cap.num_counters_gp;
741 eax.split.bit_width = cap.bit_width_gp;
742 eax.split.mask_length = cap.events_mask_len;
743
744 edx.split.num_counters_fixed = min(cap.num_counters_fixed, MAX_FIXED_COUNTERS);
745 edx.split.bit_width_fixed = cap.bit_width_fixed;
746 edx.split.anythread_deprecated = 1;
747 edx.split.reserved1 = 0;
748 edx.split.reserved2 = 0;
749
750 entry->eax = eax.full;
751 entry->ebx = cap.events_mask;
752 entry->ecx = 0;
753 entry->edx = edx.full;
754 break;
755 }
756 /*
757 * Per Intel's SDM, the 0x1f is a superset of 0xb,
758 * thus they can be handled by common code.
759 */
760 case 0x1f:
761 case 0xb:
762 /*
763 * Populate entries until the level type (ECX[15:8]) of the
764 * previous entry is zero. Note, CPUID EAX.{0x1f,0xb}.0 is
765 * the starting entry, filled by the primary do_host_cpuid().
766 */
767 for (i = 1; entry->ecx & 0xff00; ++i) {
768 entry = do_host_cpuid(array, function, i);
769 if (!entry)
770 goto out;
771 }
772 break;
773 case 0xd:
774 entry->eax &= supported_xcr0;
775 entry->ebx = xstate_required_size(supported_xcr0, false);
776 entry->ecx = entry->ebx;
777 entry->edx &= supported_xcr0 >> 32;
778 if (!supported_xcr0)
779 break;
780
781 entry = do_host_cpuid(array, function, 1);
782 if (!entry)
783 goto out;
784
785 cpuid_entry_override(entry, CPUID_D_1_EAX);
786 if (entry->eax & (F(XSAVES)|F(XSAVEC)))
787 entry->ebx = xstate_required_size(supported_xcr0 | supported_xss,
788 true);
789 else {
790 WARN_ON_ONCE(supported_xss != 0);
791 entry->ebx = 0;
792 }
793 entry->ecx &= supported_xss;
794 entry->edx &= supported_xss >> 32;
795
796 for (i = 2; i < 64; ++i) {
797 bool s_state;
798 if (supported_xcr0 & BIT_ULL(i))
799 s_state = false;
800 else if (supported_xss & BIT_ULL(i))
801 s_state = true;
802 else
803 continue;
804
805 entry = do_host_cpuid(array, function, i);
806 if (!entry)
807 goto out;
808
809 /*
810 * The supported check above should have filtered out
811 * invalid sub-leafs. Only valid sub-leafs should
812 * reach this point, and they should have a non-zero
813 * save state size. Furthermore, check whether the
814 * processor agrees with supported_xcr0/supported_xss
815 * on whether this is an XCR0- or IA32_XSS-managed area.
816 */
817 if (WARN_ON_ONCE(!entry->eax || (entry->ecx & 0x1) != s_state)) {
818 --array->nent;
819 continue;
820 }
821 entry->edx = 0;
822 }
823 break;
824 case 0x12:
825 /* Intel SGX */
826 if (!kvm_cpu_cap_has(X86_FEATURE_SGX)) {
827 entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
828 break;
829 }
830
831 /*
832 * Index 0: Sub-features, MISCSELECT (a.k.a extended features)
833 * and max enclave sizes. The SGX sub-features and MISCSELECT
834 * are restricted by kernel and KVM capabilities (like most
835 * feature flags), while enclave size is unrestricted.
836 */
837 cpuid_entry_override(entry, CPUID_12_EAX);
838 entry->ebx &= SGX_MISC_EXINFO;
839
840 entry = do_host_cpuid(array, function, 1);
841 if (!entry)
842 goto out;
843
844 /*
845 * Index 1: SECS.ATTRIBUTES. ATTRIBUTES are restricted a la
846 * feature flags. Advertise all supported flags, including
847 * privileged attributes that require explicit opt-in from
848 * userspace. ATTRIBUTES.XFRM is not adjusted as userspace is
849 * expected to derive it from supported XCR0.
850 */
851 entry->eax &= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT |
> 852 SGX_ATTR_PROVISIONKEY | SGX_ATTR_EINITTOKENKEY |
853 SGX_ATTR_KSS;
854 entry->ebx &= 0;
855 break;
856 /* Intel PT */
857 case 0x14:
858 if (!kvm_cpu_cap_has(X86_FEATURE_INTEL_PT)) {
859 entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
860 break;
861 }
862
863 for (i = 1, max_idx = entry->eax; i <= max_idx; ++i) {
864 if (!do_host_cpuid(array, function, i))
865 goto out;
866 }
867 break;
868 case KVM_CPUID_SIGNATURE: {
869 static const char signature[12] = "KVMKVMKVM\0\0";
870 const u32 *sigptr = (const u32 *)signature;
871 entry->eax = KVM_CPUID_FEATURES;
872 entry->ebx = sigptr[0];
873 entry->ecx = sigptr[1];
874 entry->edx = sigptr[2];
875 break;
876 }
877 case KVM_CPUID_FEATURES:
878 entry->eax = (1 << KVM_FEATURE_CLOCKSOURCE) |
879 (1 << KVM_FEATURE_NOP_IO_DELAY) |
880 (1 << KVM_FEATURE_CLOCKSOURCE2) |
881 (1 << KVM_FEATURE_ASYNC_PF) |
882 (1 << KVM_FEATURE_PV_EOI) |
883 (1 << KVM_FEATURE_CLOCKSOURCE_STABLE_BIT) |
884 (1 << KVM_FEATURE_PV_UNHALT) |
885 (1 << KVM_FEATURE_PV_TLB_FLUSH) |
886 (1 << KVM_FEATURE_ASYNC_PF_VMEXIT) |
887 (1 << KVM_FEATURE_PV_SEND_IPI) |
888 (1 << KVM_FEATURE_POLL_CONTROL) |
889 (1 << KVM_FEATURE_PV_SCHED_YIELD) |
890 (1 << KVM_FEATURE_ASYNC_PF_INT);
891
892 if (sched_info_on())
893 entry->eax |= (1 << KVM_FEATURE_STEAL_TIME);
894
895 entry->ebx = 0;
896 entry->ecx = 0;
897 entry->edx = 0;
898 break;
899 case 0x80000000:
900 entry->eax = min(entry->eax, 0x8000001f);
901 break;
902 case 0x80000001:
903 cpuid_entry_override(entry, CPUID_8000_0001_EDX);
904 cpuid_entry_override(entry, CPUID_8000_0001_ECX);
905 break;
906 case 0x80000006:
907 /* L2 cache and TLB: pass through host info. */
908 break;
909 case 0x80000007: /* Advanced power management */
910 /* invariant TSC is CPUID.80000007H:EDX[8] */
911 entry->edx &= (1 << 8);
912 /* mask against host */
913 entry->edx &= boot_cpu_data.x86_power;
914 entry->eax = entry->ebx = entry->ecx = 0;
915 break;
916 case 0x80000008: {
917 unsigned g_phys_as = (entry->eax >> 16) & 0xff;
918 unsigned virt_as = max((entry->eax >> 8) & 0xff, 48U);
919 unsigned phys_as = entry->eax & 0xff;
920
921 if (!g_phys_as)
922 g_phys_as = phys_as;
923 entry->eax = g_phys_as | (virt_as << 8);
924 entry->edx = 0;
925 cpuid_entry_override(entry, CPUID_8000_0008_EBX);
926 break;
927 }
928 case 0x8000000A:
929 if (!kvm_cpu_cap_has(X86_FEATURE_SVM)) {
930 entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
931 break;
932 }
933 entry->eax = 1; /* SVM revision 1 */
934 entry->ebx = 8; /* Lets support 8 ASIDs in case we add proper
935 ASID emulation to nested SVM */
936 entry->ecx = 0; /* Reserved */
937 cpuid_entry_override(entry, CPUID_8000_000A_EDX);
938 break;
939 case 0x80000019:
940 entry->ecx = entry->edx = 0;
941 break;
942 case 0x8000001a:
943 case 0x8000001e:
944 break;
945 /* Support memory encryption cpuid if host supports it */
946 case 0x8000001F:
947 if (!boot_cpu_has(X86_FEATURE_SEV))
948 entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
949 break;
950 /*Add support for Centaur's CPUID instruction*/
951 case 0xC0000000:
952 /*Just support up to 0xC0000004 now*/
953 entry->eax = min(entry->eax, 0xC0000004);
954 break;
955 case 0xC0000001:
956 cpuid_entry_override(entry, CPUID_C000_0001_EDX);
957 break;
958 case 3: /* Processor serial number */
959 case 5: /* MONITOR/MWAIT */
960 case 0xC0000002:
961 case 0xC0000003:
962 case 0xC0000004:
963 default:
964 entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
965 break;
966 }
967
968 r = 0;
969
970 out:
971 put_cpu();
972
973 return r;
974 }
975
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 41481 bytes --]
next prev parent reply other threads:[~2021-04-12 11:29 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-12 4:21 [PATCH v5 00/11] KVM SGX virtualization support (KVM part) Kai Huang
2021-04-12 4:21 ` [PATCH v5 01/11] KVM: x86: Export kvm_mmu_gva_to_gpa_{read,write}() for SGX (VMX) Kai Huang
2021-04-12 4:21 ` [PATCH v5 02/11] KVM: x86: Define new #PF SGX error code bit Kai Huang
2021-04-12 4:21 ` [PATCH v5 03/11] KVM: x86: Add support for reverse CPUID lookup of scattered features Kai Huang
2021-04-17 13:39 ` Paolo Bonzini
2021-04-12 4:21 ` [PATCH v5 04/11] KVM: x86: Add reverse-CPUID lookup support for scattered SGX features Kai Huang
2021-04-17 13:39 ` Paolo Bonzini
2021-04-12 4:21 ` [PATCH v5 05/11] KVM: VMX: Add basic handling of VM-Exit from SGX enclave Kai Huang
2021-04-12 4:21 ` [PATCH v5 06/11] KVM: VMX: Frame in ENCLS handler for SGX virtualization Kai Huang
2021-04-12 4:21 ` [PATCH v5 07/11] KVM: VMX: Add SGX ENCLS[ECREATE] handler to enforce CPUID restrictions Kai Huang
2021-04-12 4:21 ` [PATCH v5 08/11] KVM: VMX: Add emulation of SGX Launch Control LE hash MSRs Kai Huang
2021-04-17 13:55 ` Paolo Bonzini
2021-04-12 4:21 ` [PATCH v5 09/11] KVM: VMX: Add ENCLS[EINIT] handler to support SGX Launch Control (LC) Kai Huang
2021-04-12 4:21 ` [PATCH v5 10/11] KVM: VMX: Enable SGX virtualization for SGX1, SGX2 and LC Kai Huang
2021-04-12 9:51 ` kernel test robot
2021-04-12 9:51 ` kernel test robot
2021-04-12 10:47 ` Kai Huang
2021-04-12 10:47 ` Kai Huang
2021-04-17 14:11 ` Paolo Bonzini
2021-04-19 11:44 ` Kai Huang
2021-04-19 15:16 ` Sean Christopherson
2021-04-19 17:14 ` Paolo Bonzini
2021-04-12 4:21 ` [PATCH v5 11/11] KVM: x86: Add capability to grant VM access to privileged SGX attribute Kai Huang
2021-04-12 11:28 ` kernel test robot [this message]
2021-04-12 11:28 ` kernel test robot
2021-04-13 14:51 ` [PATCH v5 00/11] KVM SGX virtualization support (KVM part) Paolo Bonzini
2021-04-13 15:01 ` Borislav Petkov
2021-04-13 21:47 ` Kai Huang
2021-04-17 14:15 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202104121922.ek26ZlXx-lkp@intel.com \
--to=lkp@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=haitao.huang@intel.com \
--cc=jarkko@kernel.org \
--cc=kai.huang@intel.com \
--cc=kbuild-all@lists.01.org \
--cc=kvm@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=luto@kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.