From: Sean Christopherson <sean.j.christopherson@intel.com> To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>, <x86@kernel.org>, <platform-driver-x86@vger.kernel.org>, <linux-sgx@vger.kernel.org> Cc: <dave.hansen@intel.com>, <nhorman@redhat.com>, <npmccallum@redhat.com>, <serge.ayoun@intel.com>, <shay.katz-zamir@intel.com>, <haitao.huang@intel.com>, <andriy.shevchenko@linux.intel.com>, <tglx@linutronix.de>, <kai.svahn@intel.com>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>, "Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>, David Woodhouse <dwmw@amazon.co.uk>, "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, David Wang <davidwang@zhaoxin.com>, "Levin, Alexander (Sasha Levin)" <alexander.levin@verizon.com>, Jia Zhang <qianyue.zj@alibaba-inc.com>, "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <linux-kernel@vger.kernel.org> Subject: Re: [PATCH v16 06/22] x86/cpu/intel: Detect SGX support and update caps appropriately Date: Tue, 6 Nov 2018 05:58:01 -0800 [thread overview] Message-ID: <1541512681.7839.14.camel@intel.com> (raw) In-Reply-To: <20181106134758.10572-7-jarkko.sakkinen@linux.intel.com> On Tue, 2018-11-06 at 15:45 +0200, Jarkko Sakkinen wrote: > From: Sean Christopherson <sean.j.christopherson@intel.com> > > Similar to other large Intel features such as VMX and TXT, SGX must be > explicitly enabled in IA32_FEATURE_CONTROL MSR to be truly usable. > Clear all SGX related capabilities if SGX is not fully enabled in > IA32_FEATURE_CONTROL or if the SGX1 instruction set isn't supported > (impossible on bare metal, theoretically possible in a VM if the VMM is > doing something weird). > > Like SGX itself, SGX Launch Control must be explicitly enabled via a > flag in IA32_FEATURE_CONTROL. Clear the SGX_LC capability if Launch > Control is not fully enabled (or obviously if SGX itself is disabled). > > Note that clearing X86_FEATURE_SGX_LC creates a bit of a conundrum > regarding the SGXLEPUBKEYHASH MSRs, as it may be desirable to read the > MSRs even if they are not writable, e.g. to query the configured key, > but clearing the capability leaves no breadcrum for discerning whether > or not the MSRs exist. But, such usage will be rare (KVM is the only > known case at this time) and not performance critical, so it's not > unreasonable to require the use of rdmsr_safe(). Clearing the cap bit > eliminates the need for an additional flag to track whether or not > Launch Control is truly enabled, which is what we care about the vast > majority of the time. > > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> > Co-developed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > --- > arch/x86/kernel/cpu/intel.c | 37 +++++++++++++++++++++++++++++++++++++ > 1 file changed, 37 insertions(+) > > diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c > index fc3c07fe7df5..8a20a193d399 100644 > --- a/arch/x86/kernel/cpu/intel.c > +++ b/arch/x86/kernel/cpu/intel.c > @@ -596,6 +596,40 @@ static void detect_tme(struct cpuinfo_x86 *c) > c->x86_phys_bits -= keyid_bits; > } > > +static void detect_sgx(struct cpuinfo_x86 *c) > +{ > + unsigned long long fc; > + > + rdmsrl(MSR_IA32_FEATURE_CONTROL, fc); > + if (!(fc & FEATURE_CONTROL_LOCKED)) { > + pr_err_once("sgx: IA32_FEATURE_CONTROL MSR is not locked\n"); > + goto out_unsupported; > + } > + > + if (!(fc & FEATURE_CONTROL_SGX_ENABLE)) { > + pr_err_once("sgx: not enabled in IA32_FEATURE_CONTROL MSR\n"); > + goto out_unsupported; > + } > + > + if (!cpu_has(c, X86_FEATURE_SGX1)) { > + pr_err_once("sgx: SGX1 instruction set not supported\n"); > + goto out_unsupported; > + } > + > + if (!(fc & FEATURE_CONTROL_SGX_LE_WR)) { FEATURE_CONTROL_SGX_LE_WR isn't added until patch 13/22. The patch can simply be moved earlier in the series if you want to introduce the full detect_sgx() in a single patch. The only reason SGX_LE_WR was added later in the series was to bundle the Launch Control stuff together. > + pr_info_once("sgx: launch control MSRs are not writable\n"); > + goto out_msrs_rdonly; > + } > + > + return; > +out_unsupported: > + setup_clear_cpu_cap(X86_FEATURE_SGX); > + setup_clear_cpu_cap(X86_FEATURE_SGX1); > + setup_clear_cpu_cap(X86_FEATURE_SGX2); > +out_msrs_rdonly: > + setup_clear_cpu_cap(X86_FEATURE_SGX_LC); > +} > + > static void init_intel_energy_perf(struct cpuinfo_x86 *c) > { > u64 epb; > @@ -763,6 +797,9 @@ static void init_intel(struct cpuinfo_x86 *c) > if (cpu_has(c, X86_FEATURE_TME)) > detect_tme(c); > > + if (cpu_has(c, X86_FEATURE_SGX)) > + detect_sgx(c); > + > init_intel_energy_perf(c); > > init_intel_misc_features(c);
WARNING: multiple messages have this Message-ID (diff)
From: Sean Christopherson <sean.j.christopherson@intel.com> To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>, x86@kernel.org, platform-driver-x86@vger.kernel.org, linux-sgx@vger.kernel.org Cc: dave.hansen@intel.com, nhorman@redhat.com, npmccallum@redhat.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, haitao.huang@intel.com, andriy.shevchenko@linux.intel.com, tglx@linutronix.de, kai.svahn@intel.com, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>, David Woodhouse <dwmw@amazon.co.uk>, "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, David Wang <davidwang@zhaoxin.com>, "Levin, Alexander (Sasha Levin)" <alexander.levin@verizon.com>, Jia Zhang <qianyue.zj@alibaba-inc.com>, "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <linux-kernel@vger.kernel.org> Subject: Re: [PATCH v16 06/22] x86/cpu/intel: Detect SGX support and update caps appropriately Date: Tue, 06 Nov 2018 05:58:01 -0800 [thread overview] Message-ID: <1541512681.7839.14.camel@intel.com> (raw) Message-ID: <20181106135801.lWqBA8egFzE2HjH8gDUqaVV9Iv1Z-DmV61DPyQkJoNA@z> (raw) In-Reply-To: <20181106134758.10572-7-jarkko.sakkinen@linux.intel.com> On Tue, 2018-11-06 at 15:45 +0200, Jarkko Sakkinen wrote: > From: Sean Christopherson <sean.j.christopherson@intel.com> > > Similar to other large Intel features such as VMX and TXT, SGX must be > explicitly enabled in IA32_FEATURE_CONTROL MSR to be truly usable. > Clear all SGX related capabilities if SGX is not fully enabled in > IA32_FEATURE_CONTROL or if the SGX1 instruction set isn't supported > (impossible on bare metal, theoretically possible in a VM if the VMM is > doing something weird). > > Like SGX itself, SGX Launch Control must be explicitly enabled via a > flag in IA32_FEATURE_CONTROL. Clear the SGX_LC capability if Launch > Control is not fully enabled (or obviously if SGX itself is disabled). > > Note that clearing X86_FEATURE_SGX_LC creates a bit of a conundrum > regarding the SGXLEPUBKEYHASH MSRs, as it may be desirable to read the > MSRs even if they are not writable, e.g. to query the configured key, > but clearing the capability leaves no breadcrum for discerning whether > or not the MSRs exist. But, such usage will be rare (KVM is the only > known case at this time) and not performance critical, so it's not > unreasonable to require the use of rdmsr_safe(). Clearing the cap bit > eliminates the need for an additional flag to track whether or not > Launch Control is truly enabled, which is what we care about the vast > majority of the time. > > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> > Co-developed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > --- > arch/x86/kernel/cpu/intel.c | 37 +++++++++++++++++++++++++++++++++++++ > 1 file changed, 37 insertions(+) > > diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c > index fc3c07fe7df5..8a20a193d399 100644 > --- a/arch/x86/kernel/cpu/intel.c > +++ b/arch/x86/kernel/cpu/intel.c > @@ -596,6 +596,40 @@ static void detect_tme(struct cpuinfo_x86 *c) > c->x86_phys_bits -= keyid_bits; > } > > +static void detect_sgx(struct cpuinfo_x86 *c) > +{ > + unsigned long long fc; > + > + rdmsrl(MSR_IA32_FEATURE_CONTROL, fc); > + if (!(fc & FEATURE_CONTROL_LOCKED)) { > + pr_err_once("sgx: IA32_FEATURE_CONTROL MSR is not locked\n"); > + goto out_unsupported; > + } > + > + if (!(fc & FEATURE_CONTROL_SGX_ENABLE)) { > + pr_err_once("sgx: not enabled in IA32_FEATURE_CONTROL MSR\n"); > + goto out_unsupported; > + } > + > + if (!cpu_has(c, X86_FEATURE_SGX1)) { > + pr_err_once("sgx: SGX1 instruction set not supported\n"); > + goto out_unsupported; > + } > + > + if (!(fc & FEATURE_CONTROL_SGX_LE_WR)) { FEATURE_CONTROL_SGX_LE_WR isn't added until patch 13/22. The patch can simply be moved earlier in the series if you want to introduce the full detect_sgx() in a single patch. The only reason SGX_LE_WR was added later in the series was to bundle the Launch Control stuff together. > + pr_info_once("sgx: launch control MSRs are not writable\n"); > + goto out_msrs_rdonly; > + } > + > + return; > +out_unsupported: > + setup_clear_cpu_cap(X86_FEATURE_SGX); > + setup_clear_cpu_cap(X86_FEATURE_SGX1); > + setup_clear_cpu_cap(X86_FEATURE_SGX2); > +out_msrs_rdonly: > + setup_clear_cpu_cap(X86_FEATURE_SGX_LC); > +} > + > static void init_intel_energy_perf(struct cpuinfo_x86 *c) > { > u64 epb; > @@ -763,6 +797,9 @@ static void init_intel(struct cpuinfo_x86 *c) > if (cpu_has(c, X86_FEATURE_TME)) > detect_tme(c); > > + if (cpu_has(c, X86_FEATURE_SGX)) > + detect_sgx(c); > + > init_intel_energy_perf(c); > > init_intel_misc_features(c);
next prev parent reply other threads:[~2018-11-06 13:58 UTC|newest] Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-11-06 13:45 [PATCH v16 00/22] Intel SGX1 support Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 01/22] x86/sgx: Update MAINTAINERS Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 02/22] x86/cpufeatures: Add Intel-defined SGX feature bit Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 03/22] x86/cpufeatures: Add SGX sub-features (as Linux-defined bits) Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 04/22] x86/msr: Add IA32_FEATURE_CONTROL.SGX_ENABLE definition Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 05/22] x86/cpufeatures: Add Intel-defined SGX_LC feature bit Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 06/22] x86/cpu/intel: Detect SGX support and update caps appropriately Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:58 ` Sean Christopherson [this message] 2018-11-06 13:58 ` Sean Christopherson 2018-11-07 15:58 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 07/22] x86/mm: x86/sgx: Add new 'PF_SGX' page fault error code bit Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 08/22] x86/mm: x86/sgx: Signal SIGSEGV for userspace #PFs w/ PF_SGX Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 09/22] x86/sgx: Define SGX1 and SGX2 ENCLS leafs Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 10/22] x86/sgx: Add ENCLS architectural error codes Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 11/22] x86/sgx: Add SGX1 and SGX2 architectural data structures Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 12/22] x86/sgx: Add definitions for SGX's CPUID leaf and variable sub-leafs Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 13/22] x86/msr: Add SGX Launch Control MSR definitions Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 14/22] x86/sgx: Add wrappers for ENCLS leaf functions Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 15/22] x86/sgx: Enumerate and track EPC sections Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 16/22] x86/sgx: Add functions to allocate and free EPC pages Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 17/22] x86/sgx: Add sgx_einit() for initializing enclaves Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 18/22] platform/x86: Intel SGX driver Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 16:40 ` Sean Christopherson 2018-11-06 16:57 ` Dave Hansen 2018-11-07 16:37 ` Jarkko Sakkinen 2018-11-07 18:00 ` Sean Christopherson 2018-11-07 18:00 ` Sean Christopherson 2018-11-08 14:46 ` Jarkko Sakkinen 2018-11-15 20:00 ` Jarkko Sakkinen 2018-11-15 20:04 ` Jarkko Sakkinen 2018-11-15 20:16 ` Jarkko Sakkinen 2018-11-21 11:46 ` Jarkko Sakkinen 2018-11-07 10:29 ` David Laight 2018-11-06 13:45 ` [PATCH v16 19/22] platform/x86: sgx: Add swapping functionality to the " Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:45 ` [PATCH v16 20/22] x86/sgx: Add a simple swapper for the EPC memory manager Jarkko Sakkinen 2018-11-06 13:45 ` Jarkko Sakkinen 2018-11-06 13:46 ` [PATCH v16 21/22] platform/x86: ptrace() support for the SGX driver Jarkko Sakkinen 2018-11-06 13:46 ` Jarkko Sakkinen 2018-11-06 13:46 ` [PATCH v16 22/22] x86/sgx: SGX documentation Jarkko Sakkinen 2018-11-06 13:46 ` Jarkko Sakkinen 2018-11-27 20:13 ` Pavel Machek
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1541512681.7839.14.camel@intel.com \ --to=sean.j.christopherson@intel.com \ --cc=alexander.levin@verizon.com \ --cc=andriy.shevchenko@linux.intel.com \ --cc=bp@alien8.de \ --cc=dave.hansen@intel.com \ --cc=davidwang@zhaoxin.com \ --cc=dwmw@amazon.co.uk \ --cc=haitao.huang@intel.com \ --cc=hpa@zytor.com \ --cc=jarkko.sakkinen@linux.intel.com \ --cc=kai.svahn@intel.com \ --cc=kirill.shutemov@linux.intel.com \ --cc=konrad.wilk@oracle.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-sgx@vger.kernel.org \ --cc=mingo@redhat.com \ --cc=nhorman@redhat.com \ --cc=npmccallum@redhat.com \ --cc=platform-driver-x86@vger.kernel.org \ --cc=qianyue.zj@alibaba-inc.com \ --cc=serge.ayoun@intel.com \ --cc=shay.katz-zamir@intel.com \ --cc=tglx@linutronix.de \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).