From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-sgx-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 78036C433E0
	for <linux-sgx@archiver.kernel.org>; Mon,  1 Feb 2021 01:20:47 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 466E364E22
	for <linux-sgx@archiver.kernel.org>; Mon,  1 Feb 2021 01:20:47 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230439AbhBABUC (ORCPT <rfc822;linux-sgx@archiver.kernel.org>);
        Sun, 31 Jan 2021 20:20:02 -0500
Received: from mga17.intel.com ([192.55.52.151]:59986 "EHLO mga17.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S231142AbhBABSM (ORCPT <rfc822;linux-sgx@vger.kernel.org>);
        Sun, 31 Jan 2021 20:18:12 -0500
IronPort-SDR: xixqrOVTz7BirzcvtVbTJjOWQu8RxxUVl3/OYrj+aW0FTJbzC4Ol9l/AP5pj8pqNmp+ViQzehx
 9jnz+dl2U5Qw==
X-IronPort-AV: E=McAfee;i="6000,8403,9881"; a="160386674"
X-IronPort-AV: E=Sophos;i="5.79,391,1602572400"; 
   d="scan'208";a="160386674"
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jan 2021 17:17:25 -0800
IronPort-SDR: ZjUrABCH9VeaMNX6B/bn0Qv7tEKrvdRUR403IqJV6+DhpEPP4RR8KzOpJ4N1CPumLY4Z8dkA5k
 Ggl98LrgkxxA==
X-IronPort-AV: E=Sophos;i="5.79,391,1602572400"; 
   d="scan'208";a="580477903"
Received: from kpeng-mobl1.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.252.130.129])
  by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jan 2021 17:17:22 -0800
Date:   Mon, 1 Feb 2021 14:17:20 +1300
From:   Kai Huang <kai.huang@intel.com>
To:     Jarkko Sakkinen <jarkko@kernel.org>
Cc:     linux-sgx@vger.kernel.org, kvm@vger.kernel.org, x86@kernel.org,
        seanjc@google.com, luto@kernel.org, dave.hansen@intel.com,
        haitao.huang@intel.com, pbonzini@redhat.com, bp@alien8.de,
        tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com
Subject: Re: [RFC PATCH v3 13/27] x86/sgx: Add helper to update
 SGX_LEPUBKEYHASHn MSRs
Message-Id: <20210201141720.2249c9aef5b3f5ed9fda3f81@intel.com>
In-Reply-To: <YBVx8P1QfRspUvkC@kernel.org>
References: <cover.1611634586.git.kai.huang@intel.com>
        <db965546668e24857627a6695ee739aac5c15d3a.1611634586.git.kai.huang@intel.com>
        <YBVx8P1QfRspUvkC@kernel.org>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-redhat-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-sgx.vger.kernel.org>
X-Mailing-List: linux-sgx@vger.kernel.org

On Sat, 30 Jan 2021 16:49:20 +0200 Jarkko Sakkinen wrote:
> On Tue, Jan 26, 2021 at 10:31:05PM +1300, Kai Huang wrote:
> > Add a helper to update SGX_LEPUBKEYHASHn MSRs.  SGX virtualization also
> > needs to update those MSRs based on guest's "virtual" SGX_LEPUBKEYHASHn
> > before EINIT from guest.
> > 
> > Signed-off-by: Kai Huang <kai.huang@intel.com>
> 
> 
> Acked-by: Jarkko Sakkinen <jarkko@kernel.org>

Thanks Jarkko.

Hi Dave,

This patch originally had your Acked-by, but since I added a comment, I removed
it. May I still have your Acked-by?

> 
> /Jarkko
> 
> > ---
> > v2->v3:
> > 
> >  - Added comment for sgx_update_lepubkeyhash(), per Jarkko and Dave.
> > 
> > ---
> >  arch/x86/kernel/cpu/sgx/ioctl.c |  5 ++---
> >  arch/x86/kernel/cpu/sgx/main.c  | 15 +++++++++++++++
> >  arch/x86/kernel/cpu/sgx/sgx.h   |  2 ++
> >  3 files changed, 19 insertions(+), 3 deletions(-)
> > 
> > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
> > index e5977752c7be..1bae754268d1 100644
> > --- a/arch/x86/kernel/cpu/sgx/ioctl.c
> > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c
> > @@ -495,7 +495,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct,
> >  			 void *token)
> >  {
> >  	u64 mrsigner[4];
> > -	int i, j, k;
> > +	int i, j;
> >  	void *addr;
> >  	int ret;
> >  
> > @@ -544,8 +544,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct,
> >  
> >  			preempt_disable();
> >  
> > -			for (k = 0; k < 4; k++)
> > -				wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + k, mrsigner[k]);
> > +			sgx_update_lepubkeyhash(mrsigner);
> >  
> >  			ret = __einit(sigstruct, token, addr);
> >  
> > diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
> > index 93d249f7bff3..b456899a9532 100644
> > --- a/arch/x86/kernel/cpu/sgx/main.c
> > +++ b/arch/x86/kernel/cpu/sgx/main.c
> > @@ -697,6 +697,21 @@ static bool __init sgx_page_cache_init(void)
> >  	return true;
> >  }
> >  
> > +
> > +/*
> > + * Update the SGX_LEPUBKEYHASH MSRs to the values specified by caller.
> > + * Bare-metal driver requires to update them to hash of enclave's signer
> > + * before EINIT. KVM needs to update them to guest's virtual MSR values
> > + * before doing EINIT from guest.
> > + */
> > +void sgx_update_lepubkeyhash(u64 *lepubkeyhash)
> > +{
> > +	int i;
> > +
> > +	for (i = 0; i < 4; i++)
> > +		wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + i, lepubkeyhash[i]);
> > +}
> > +
> >  static int __init sgx_init(void)
> >  {
> >  	int ret;
> > diff --git a/arch/x86/kernel/cpu/sgx/sgx.h b/arch/x86/kernel/cpu/sgx/sgx.h
> > index 509f2af33e1d..ccd4f145c464 100644
> > --- a/arch/x86/kernel/cpu/sgx/sgx.h
> > +++ b/arch/x86/kernel/cpu/sgx/sgx.h
> > @@ -83,4 +83,6 @@ void sgx_mark_page_reclaimable(struct sgx_epc_page *page);
> >  int sgx_unmark_page_reclaimable(struct sgx_epc_page *page);
> >  struct sgx_epc_page *sgx_alloc_epc_page(void *owner, bool reclaim);
> >  
> > +void sgx_update_lepubkeyhash(u64 *lepubkeyhash);
> > +
> >  #endif /* _X86_SGX_H */
> > -- 
> > 2.29.2
> > 
> >