From: Yang Zhong <yang.zhong@intel.com>
To: qemu-devel@nongnu.org
Cc: yang.zhong@intel.com, seanjc@google.com, kai.huang@intel.com,
jarkko@kernel.org, pbonzini@redhat.com, eblake@redhat.com
Subject: [PATCH v4 10/33] i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs
Date: Mon, 19 Jul 2021 19:21:13 +0800 [thread overview]
Message-ID: <20210719112136.57018-11-yang.zhong@intel.com> (raw)
In-Reply-To: <20210719112136.57018-1-yang.zhong@intel.com>
From: Sean Christopherson <sean.j.christopherson@intel.com>
On real hardware, on systems that supports SGX Launch Control, those
MSRs are initialized to digest of Intel's signing key; on systems that
don't support SGX Launch Control, those MSRs are not available but
hardware always uses digest of Intel's signing key in EINIT.
KVM advertises SGX LC via CPUID if and only if the MSRs are writable.
Unconditionally initialize those MSRs to digest of Intel's signing key
when CPU is realized and reset to reflect the fact. This avoids
potential bug in case kvm_arch_put_registers() is called before
kvm_arch_get_registers() is called, in which case guest's virtual
SGX_LEPUBKEYHASH MSRs will be set to 0, although KVM initializes those
to digest of Intel's signing key by default, since KVM allows those MSRs
to be updated by Qemu to support live migration.
Save/restore the SGX Launch Enclave Public Key Hash MSRs if SGX Launch
Control (LC) is exposed to the guest. Likewise, migrate the MSRs if they
are writable by the guest.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
---
target/i386/cpu.c | 17 ++++++++++++++++-
target/i386/cpu.h | 1 +
target/i386/kvm/kvm.c | 22 ++++++++++++++++++++++
target/i386/machine.c | 20 ++++++++++++++++++++
4 files changed, 59 insertions(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 840f825431..cea4307930 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5673,6 +5673,16 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
}
}
+#ifndef CONFIG_USER_ONLY
+static void x86_cpu_set_sgxlepubkeyhash(CPUX86State *env)
+{
+ env->msr_ia32_sgxlepubkeyhash[0] = 0xa6053e051270b7acULL;
+ env->msr_ia32_sgxlepubkeyhash[1] = 0x6cfbe8ba8b3b413dULL;
+ env->msr_ia32_sgxlepubkeyhash[2] = 0xc4916d99f2b3735dULL;
+ env->msr_ia32_sgxlepubkeyhash[3] = 0xd4f8c05909f9bb3bULL;
+}
+#endif
+
static void x86_cpu_reset(DeviceState *dev)
{
CPUState *s = CPU(dev);
@@ -5804,6 +5814,8 @@ static void x86_cpu_reset(DeviceState *dev)
if (kvm_enabled()) {
kvm_arch_reset_vcpu(cpu);
}
+
+ x86_cpu_set_sgxlepubkeyhash(env);
#endif
}
@@ -6186,6 +6198,10 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
& CPUID_EXT2_AMD_ALIASES);
}
+#ifndef CONFIG_USER_ONLY
+ x86_cpu_set_sgxlepubkeyhash(env);
+#endif
+
/*
* note: the call to the framework needs to happen after feature expansion,
* but before the checks/modifications to ucode_rev, mwait, phys_bits.
@@ -6871,7 +6887,6 @@ static const TypeInfo x86_cpu_type_info = {
.class_init = x86_cpu_common_class_init,
};
-
/* "base" CPU model, used by query-cpu-model-expansion */
static void x86_cpu_base_class_init(ObjectClass *oc, void *data)
{
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index e4d46cca80..892c0dfab4 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1499,6 +1499,7 @@ typedef struct CPUX86State {
uint64_t mcg_status;
uint64_t msr_ia32_misc_enable;
uint64_t msr_ia32_feature_control;
+ uint64_t msr_ia32_sgxlepubkeyhash[4];
uint64_t msr_fixed_ctr_ctrl;
uint64_t msr_global_ctrl;
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 59ed8327ac..d4bf054ebe 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -3096,6 +3096,17 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
}
}
+ if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC) {
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH0,
+ env->msr_ia32_sgxlepubkeyhash[0]);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH1,
+ env->msr_ia32_sgxlepubkeyhash[1]);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH2,
+ env->msr_ia32_sgxlepubkeyhash[2]);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH3,
+ env->msr_ia32_sgxlepubkeyhash[3]);
+ }
+
/* Note: MSR_IA32_FEATURE_CONTROL is written separately, see
* kvm_put_msr_feature_control. */
}
@@ -3435,6 +3446,13 @@ static int kvm_get_msrs(X86CPU *cpu)
}
}
+ if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC) {
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH0, 0);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH1, 0);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH2, 0);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH3, 0);
+ }
+
ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_MSRS, cpu->kvm_msr_buf);
if (ret < 0) {
return ret;
@@ -3724,6 +3742,10 @@ static int kvm_get_msrs(X86CPU *cpu)
case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B:
env->msr_rtit_addrs[index - MSR_IA32_RTIT_ADDR0_A] = msrs[i].data;
break;
+ case MSR_IA32_SGXLEPUBKEYHASH0 ... MSR_IA32_SGXLEPUBKEYHASH3:
+ env->msr_ia32_sgxlepubkeyhash[index - MSR_IA32_SGXLEPUBKEYHASH0] =
+ msrs[i].data;
+ break;
}
}
diff --git a/target/i386/machine.c b/target/i386/machine.c
index f6f094f1c9..099a4c36f7 100644
--- a/target/i386/machine.c
+++ b/target/i386/machine.c
@@ -1396,6 +1396,25 @@ static const VMStateDescription vmstate_msr_tsx_ctrl = {
}
};
+static bool intel_sgx_msrs_needed(void *opaque)
+{
+ X86CPU *cpu = opaque;
+ CPUX86State *env = &cpu->env;
+
+ return !!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC);
+}
+
+static const VMStateDescription vmstate_msr_intel_sgx = {
+ .name = "cpu/intel_sgx",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = intel_sgx_msrs_needed,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64_ARRAY(env.msr_ia32_sgxlepubkeyhash, X86CPU, 4),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
const VMStateDescription vmstate_x86_cpu = {
.name = "cpu",
.version_id = 12,
@@ -1531,6 +1550,7 @@ const VMStateDescription vmstate_x86_cpu = {
&vmstate_nested_state,
#endif
&vmstate_msr_tsx_ctrl,
+ &vmstate_msr_intel_sgx,
NULL
}
};
next prev parent reply other threads:[~2021-07-19 11:42 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-19 11:21 [PATCH v4 00/33] Qemu SGX virtualization Yang Zhong
2021-07-19 11:21 ` [PATCH v4 01/33] memory: Add RAM_PROTECTED flag to skip IOMMU mappings Yang Zhong
2021-07-19 11:21 ` [PATCH v4 02/33] hostmem: Add hostmem-epc as a backend for SGX EPC Yang Zhong
2021-07-19 11:21 ` [PATCH v4 03/33] qom: Add memory-backend-epc ObjectOptions support Yang Zhong
2021-07-19 11:21 ` [PATCH v4 04/33] i386: Add 'sgx-epc' device to expose EPC sections to guest Yang Zhong
2021-09-14 6:36 ` Philippe Mathieu-Daudé
2021-09-16 1:29 ` Yang Zhong
2021-07-19 11:21 ` [PATCH v4 05/33] vl: Add sgx compound properties to expose SGX " Yang Zhong
2021-07-19 11:21 ` [PATCH v4 06/33] i386: Add primary SGX CPUID and MSR defines Yang Zhong
2021-07-19 11:21 ` [PATCH v4 07/33] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX Yang Zhong
2021-07-19 11:21 ` [PATCH v4 08/33] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EBX Yang Zhong
2021-07-19 11:21 ` [PATCH v4 09/33] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX Yang Zhong
2021-07-19 11:21 ` Yang Zhong [this message]
2021-09-14 6:38 ` [PATCH v4 10/33] i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs Philippe Mathieu-Daudé
2021-09-16 6:08 ` Yang Zhong
2021-09-16 6:35 ` Philippe Mathieu-Daudé
2021-07-19 11:21 ` [PATCH v4 11/33] i386: Add feature control MSR dependency when SGX is enabled Yang Zhong
2021-07-19 11:21 ` [PATCH v4 12/33] i386: Update SGX CPUID info according to hardware/KVM/user input Yang Zhong
2021-07-19 11:21 ` [PATCH v4 13/33] i386: kvm: Add support for exposing PROVISIONKEY to guest Yang Zhong
2021-07-19 11:21 ` [PATCH v4 14/33] i386: Propagate SGX CPUID sub-leafs to KVM Yang Zhong
2021-07-19 11:21 ` [PATCH v4 15/33] Adjust min CPUID level to 0x12 when SGX is enabled Yang Zhong
2021-07-19 11:21 ` [PATCH v4 16/33] hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly Yang Zhong
2021-07-19 11:21 ` [PATCH v4 17/33] hw/i386/pc: Account for SGX EPC sections when calculating device memory Yang Zhong
2021-07-19 11:21 ` [PATCH v4 18/33] i386/pc: Add e820 entry for SGX EPC section(s) Yang Zhong
2021-07-19 11:21 ` [PATCH v4 19/33] i386: acpi: Add SGX EPC entry to ACPI tables Yang Zhong
2021-07-19 11:21 ` [PATCH v4 20/33] q35: Add support for SGX EPC Yang Zhong
2021-07-19 11:21 ` [PATCH v4 21/33] i440fx: " Yang Zhong
2021-07-19 11:21 ` [PATCH v4 22/33] hostmem-epc: Add the reset interface for EPC backend reset Yang Zhong
2021-09-10 15:10 ` Paolo Bonzini
2021-09-10 15:34 ` Sean Christopherson
2021-09-10 17:09 ` Paolo Bonzini
2021-09-10 17:34 ` Sean Christopherson
2021-09-10 19:51 ` Paolo Bonzini
2021-09-10 20:21 ` Sean Christopherson
2021-09-10 20:57 ` Paolo Bonzini
2021-09-13 20:17 ` Jarkko Sakkinen
2021-09-13 20:37 ` Sean Christopherson
2021-09-13 21:23 ` Jarkko Sakkinen
2021-07-19 11:21 ` [PATCH v4 23/33] sgx-epc: Add the reset interface for sgx-epc virt device Yang Zhong
2021-09-10 15:13 ` Paolo Bonzini
2021-09-14 6:53 ` Philippe Mathieu-Daudé
2021-09-15 11:33 ` Yang Zhong
2021-07-19 11:21 ` [PATCH v4 24/33] sgx-epc: Avoid bios reset during sgx epc initialization Yang Zhong
2021-07-19 11:21 ` [PATCH v4 25/33] hostmem-epc: Make prealloc consistent with qemu cmdline during reset Yang Zhong
2021-07-19 11:21 ` [PATCH v4 26/33] qmp: Add query-sgx command Yang Zhong
2021-07-19 11:21 ` [PATCH v4 27/33] hmp: Add 'info sgx' command Yang Zhong
2021-07-19 11:21 ` [PATCH v4 28/33] i386: Add sgx_get_info() interface Yang Zhong
2021-07-19 11:21 ` [PATCH v4 29/33] bitops: Support 32 and 64 bit mask macro Yang Zhong
2021-07-19 11:21 ` [PATCH v4 30/33] qmp: Add the qmp_query_sgx_capabilities() Yang Zhong
2021-07-19 11:21 ` [PATCH v4 31/33] Kconfig: Add CONFIG_SGX support Yang Zhong
2021-07-19 11:21 ` [PATCH v4 32/33] sgx-epc: Add the fill_device_info() callback support Yang Zhong
2021-07-19 11:21 ` [PATCH v4 33/33] doc: Add the SGX doc Yang Zhong
2021-07-28 15:57 ` [PATCH v4 00/33] Qemu SGX virtualization Paolo Bonzini
2021-07-29 12:27 ` Yang Zhong
2021-09-06 13:13 ` Paolo Bonzini
2021-09-07 2:24 ` Yang Zhong
2021-09-07 9:51 ` Yang Zhong
2021-09-07 13:35 ` Jarkko Sakkinen
2021-09-08 6:00 ` Paolo Bonzini
2021-09-14 6:51 ` Philippe Mathieu-Daudé
2021-09-15 12:24 ` Yang Zhong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210719112136.57018-11-yang.zhong@intel.com \
--to=yang.zhong@intel.com \
--cc=eblake@redhat.com \
--cc=jarkko@kernel.org \
--cc=kai.huang@intel.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.