From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com ([134.134.136.65]:2203 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726705AbeKCIYA (ORCPT ); Sat, 3 Nov 2018 04:24:00 -0400 From: Jarkko Sakkinen To: , , CC: , , , , , , , , , "Thomas Gleixner" , Ingo Molnar , "Borislav Petkov" , "H. Peter Anvin" , "Konrad Rzeszutek Wilk" , David Woodhouse , "David Wang" , "Kirill A. Shutemov" , "Levin, Alexander (Sasha Levin)" , Jia Zhang , "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" Subject: [PATCH v15 05/23] x86/cpu/intel: Detect SGX support and update caps appropriately Date: Sat, 3 Nov 2018 01:11:04 +0200 Message-ID: <20181102231320.29164-6-jarkko.sakkinen@linux.intel.com> In-Reply-To: <20181102231320.29164-1-jarkko.sakkinen@linux.intel.com> References: <20181102231320.29164-1-jarkko.sakkinen@linux.intel.com> Sender: List-ID: Content-Type: text/plain Return-Path: linux-sgx-owner@vger.kernel.org MIME-Version: 1.0 From: Sean Christopherson Similar to other large Intel features such as VMX and TXT, SGX must be explicitly enabled in IA32_FEATURE_CONTROL MSR to be truly usable. Clear all SGX related capabilities if SGX is not fully enabled in IA32_FEATURE_CONTROL or if the SGX1 instruction set isn't supported (impossible on bare metal, theoretically possible in a VM if the VMM is doing something weird). Signed-off-by: Sean Christopherson --- arch/x86/kernel/cpu/intel.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index fc3c07fe7df5..9bf8fe2c04ac 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -596,6 +596,30 @@ static void detect_tme(struct cpuinfo_x86 *c) c->x86_phys_bits -= keyid_bits; } +static void detect_sgx(struct cpuinfo_x86 *c) +{ + bool unsupported = false; + unsigned long long fc; + + rdmsrl(MSR_IA32_FEATURE_CONTROL, fc); + if (!(fc & FEATURE_CONTROL_LOCKED)) { + pr_err_once("sgx: IA32_FEATURE_CONTROL MSR is not locked\n"); + unsupported = true; + } else if (!(fc & FEATURE_CONTROL_SGX_ENABLE)) { + pr_err_once("sgx: not enabled in IA32_FEATURE_CONTROL MSR\n"); + unsupported = true; + } else if (!cpu_has(c, X86_FEATURE_SGX1)) { + pr_err_once("sgx: SGX1 instruction set not supported\n"); + unsupported = true; + } + + if (unsupported) { + setup_clear_cpu_cap(X86_FEATURE_SGX); + setup_clear_cpu_cap(X86_FEATURE_SGX1); + setup_clear_cpu_cap(X86_FEATURE_SGX2); + } +} + static void init_intel_energy_perf(struct cpuinfo_x86 *c) { u64 epb; @@ -763,6 +787,9 @@ static void init_intel(struct cpuinfo_x86 *c) if (cpu_has(c, X86_FEATURE_TME)) detect_tme(c); + if (cpu_has(c, X86_FEATURE_SGX)) + detect_sgx(c); + init_intel_energy_perf(c); init_intel_misc_features(c); -- 2.19.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C4CFC65C22 for ; Fri, 2 Nov 2018 23:14:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2930A20657 for ; Fri, 2 Nov 2018 23:14:54 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2930A20657 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-sgx-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728575AbeKCIYA (ORCPT ); Sat, 3 Nov 2018 04:24:00 -0400 Received: from mga03.intel.com ([134.134.136.65]:2203 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726705AbeKCIYA (ORCPT ); Sat, 3 Nov 2018 04:24:00 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Nov 2018 16:14:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,457,1534834800"; d="scan'208";a="270987722" Received: from btyborox-mobl.ger.corp.intel.com (HELO localhost) ([10.249.254.138]) by orsmga005.jf.intel.com with ESMTP; 02 Nov 2018 16:14:43 -0700 From: Jarkko Sakkinen To: x86@kernel.org, platform-driver-x86@vger.kernel.org, linux-sgx@vger.kernel.org Cc: dave.hansen@intel.com, sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, haitao.huang@intel.com, mark.shanahan@intel.com, andriy.shevchenko@linux.intel.com, Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Konrad Rzeszutek Wilk , David Woodhouse , David Wang , "Kirill A. Shutemov" , "Levin, Alexander (Sasha Levin)" , Jia Zhang , linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)) Subject: [PATCH v15 05/23] x86/cpu/intel: Detect SGX support and update caps appropriately Date: Sat, 3 Nov 2018 01:11:04 +0200 Message-Id: <20181102231320.29164-6-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181102231320.29164-1-jarkko.sakkinen@linux.intel.com> References: <20181102231320.29164-1-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org Message-ID: <20181102231104.QQhB7wjuorAGrpo30y0FLTJwDSxwCEKxsuwMPgYJn8c@z> From: Sean Christopherson Similar to other large Intel features such as VMX and TXT, SGX must be explicitly enabled in IA32_FEATURE_CONTROL MSR to be truly usable. Clear all SGX related capabilities if SGX is not fully enabled in IA32_FEATURE_CONTROL or if the SGX1 instruction set isn't supported (impossible on bare metal, theoretically possible in a VM if the VMM is doing something weird). Signed-off-by: Sean Christopherson --- arch/x86/kernel/cpu/intel.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index fc3c07fe7df5..9bf8fe2c04ac 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -596,6 +596,30 @@ static void detect_tme(struct cpuinfo_x86 *c) c->x86_phys_bits -= keyid_bits; } +static void detect_sgx(struct cpuinfo_x86 *c) +{ + bool unsupported = false; + unsigned long long fc; + + rdmsrl(MSR_IA32_FEATURE_CONTROL, fc); + if (!(fc & FEATURE_CONTROL_LOCKED)) { + pr_err_once("sgx: IA32_FEATURE_CONTROL MSR is not locked\n"); + unsupported = true; + } else if (!(fc & FEATURE_CONTROL_SGX_ENABLE)) { + pr_err_once("sgx: not enabled in IA32_FEATURE_CONTROL MSR\n"); + unsupported = true; + } else if (!cpu_has(c, X86_FEATURE_SGX1)) { + pr_err_once("sgx: SGX1 instruction set not supported\n"); + unsupported = true; + } + + if (unsupported) { + setup_clear_cpu_cap(X86_FEATURE_SGX); + setup_clear_cpu_cap(X86_FEATURE_SGX1); + setup_clear_cpu_cap(X86_FEATURE_SGX2); + } +} + static void init_intel_energy_perf(struct cpuinfo_x86 *c) { u64 epb; @@ -763,6 +787,9 @@ static void init_intel(struct cpuinfo_x86 *c) if (cpu_has(c, X86_FEATURE_TME)) detect_tme(c); + if (cpu_has(c, X86_FEATURE_SGX)) + detect_sgx(c); + init_intel_energy_perf(c); init_intel_misc_features(c); -- 2.19.1