From: Darren Kenny <darren.kenny@oracle.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
x86@kernel.org, linux-sgx@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Sean Christopherson <sean.j.christopherson@intel.com>,
Borislav Petkov <bp@alien8.de>,
Jethro Beekman <jethro@fortanix.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
akpm@linux-foundation.org, andriy.shevchenko@linux.intel.com,
asapek@google.com, cedric.xing@intel.com,
chenalexchen@google.com, conradparker@google.com,
cyhanish@google.com, dave.hansen@intel.com,
haitao.huang@intel.com, josh@joshtriplett.org,
kai.huang@intel.com, kai.svahn@intel.com, kmoy@google.com,
ludloff@google.com, luto@kernel.org, nhorman@redhat.com,
npmccallum@redhat.com, puiterwijk@redhat.com,
rientjes@google.com, tglx@linutronix.de, yaozhangx@google.com
Subject: Re: [PATCH v36 01/24] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits
Date: Thu, 06 Aug 2020 14:13:28 +0100 [thread overview]
Message-ID: <m2ft8zsyrr.fsf@oracle.com> (raw)
In-Reply-To: <20200716135303.276442-2-jarkko.sakkinen@linux.intel.com>
On Thursday, 2020-07-16 at 16:52:40 +03, Jarkko Sakkinen wrote:
> From: Sean Christopherson <sean.j.christopherson@intel.com>
>
> Add X86_FEATURE_SGX from CPUID.(EAX=7, ECX=1), which informs whether the
> CPU has SGX.
>
> Add X86_FEATURE_SGX1 and X86_FEATURE_SGX2 from CPUID.(EAX=12H, ECX=0),
> which describe the level of SGX support available [1].
>
> Add IA32_FEATURE_CONTROL.SGX_ENABLE. BIOS can use this bit to opt-in SGX
> before locking the feature control MSR [2].
>
> [1] Intel SDM: 36.7.2 Intel® SGX Resource Enumeration Leaves
> [2] Intel SDM: 36.7.1 Intel® SGX Opt-In Configuration
>
> Reviewed-by: Borislav Petkov <bp@alien8.de>
> Acked-by: Jethro Beekman <jethro@fortanix.com>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> Co-developed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> ---
> arch/x86/include/asm/cpufeature.h | 5 +++--
> arch/x86/include/asm/cpufeatures.h | 7 ++++++-
> arch/x86/include/asm/disabled-features.h | 18 +++++++++++++++---
> arch/x86/include/asm/msr-index.h | 1 +
> arch/x86/include/asm/required-features.h | 2 +-
> arch/x86/kernel/cpu/common.c | 4 ++++
> 6 files changed, 30 insertions(+), 7 deletions(-)
>
> diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
> index 59bf91c57aa8..efbdba5170a3 100644
> --- a/arch/x86/include/asm/cpufeature.h
> +++ b/arch/x86/include/asm/cpufeature.h
> @@ -30,6 +30,7 @@ enum cpuid_leafs
> CPUID_7_ECX,
> CPUID_8000_0007_EBX,
> CPUID_7_EDX,
> + CPUID_12_EAX,
> };
>
> #ifdef CONFIG_X86_FEATURE_NAMES
> @@ -89,7 +90,7 @@ extern const char * const x86_bug_flags[NBUGINTS*32];
> CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 17, feature_bit) || \
> CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 18, feature_bit) || \
> REQUIRED_MASK_CHECK || \
> - BUILD_BUG_ON_ZERO(NCAPINTS != 19))
> + BUILD_BUG_ON_ZERO(NCAPINTS != 20))
>
> #define DISABLED_MASK_BIT_SET(feature_bit) \
> ( CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 0, feature_bit) || \
> @@ -112,7 +113,7 @@ extern const char * const x86_bug_flags[NBUGINTS*32];
> CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 17, feature_bit) || \
> CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 18, feature_bit) || \
> DISABLED_MASK_CHECK || \
> - BUILD_BUG_ON_ZERO(NCAPINTS != 19))
> + BUILD_BUG_ON_ZERO(NCAPINTS != 20))
>
> #define cpu_has(c, bit) \
> (__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 : \
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index 02dabc9e77b0..545ac3e0e269 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -13,7 +13,7 @@
> /*
> * Defines x86 CPU feature bits
> */
> -#define NCAPINTS 19 /* N 32-bit words worth of info */
> +#define NCAPINTS 20 /* N 32-bit words worth of info */
> #define NBUGINTS 1 /* N 32-bit bug flags */
>
> /*
> @@ -238,6 +238,7 @@
> /* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */
> #define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/
> #define X86_FEATURE_TSC_ADJUST ( 9*32+ 1) /* TSC adjustment MSR 0x3B */
> +#define X86_FEATURE_SGX ( 9*32+ 2) /* Software Guard Extensions */
> #define X86_FEATURE_BMI1 ( 9*32+ 3) /* 1st group bit manipulation extensions */
> #define X86_FEATURE_HLE ( 9*32+ 4) /* Hardware Lock Elision */
> #define X86_FEATURE_AVX2 ( 9*32+ 5) /* AVX2 instructions */
> @@ -373,6 +374,10 @@
> #define X86_FEATURE_CORE_CAPABILITIES (18*32+30) /* "" IA32_CORE_CAPABILITIES MSR */
> #define X86_FEATURE_SPEC_CTRL_SSBD (18*32+31) /* "" Speculative Store Bypass Disable */
>
> +/* Intel-defined SGX features, CPUID level 0x00000012:0 (EAX), word 19 */
> +#define X86_FEATURE_SGX1 (19*32+ 0) /* SGX1 leaf functions */
> +#define X86_FEATURE_SGX2 (19*32+ 1) /* SGX2 leaf functions */
> +
> /*
> * BUG word(s)
> */
> diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
> index 4ea8584682f9..dbe534d5153f 100644
> --- a/arch/x86/include/asm/disabled-features.h
> +++ b/arch/x86/include/asm/disabled-features.h
> @@ -28,13 +28,18 @@
> # define DISABLE_CYRIX_ARR (1<<(X86_FEATURE_CYRIX_ARR & 31))
> # define DISABLE_CENTAUR_MCR (1<<(X86_FEATURE_CENTAUR_MCR & 31))
> # define DISABLE_PCID 0
> +# define DISABLE_SGX1 0
> +# define DISABLE_SGX2 0
> #else
> # define DISABLE_VME 0
> # define DISABLE_K6_MTRR 0
> # define DISABLE_CYRIX_ARR 0
> # define DISABLE_CENTAUR_MCR 0
> # define DISABLE_PCID (1<<(X86_FEATURE_PCID & 31))
> -#endif /* CONFIG_X86_64 */
> +# define DISABLE_SGX1 (1<<(X86_FEATURE_SGX1 & 31))
> +# define DISABLE_SGX2 (1<<(X86_FEATURE_SGX2 & 31))
> + #endif /* CONFIG_X86_64 */
> +
>
> #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
> # define DISABLE_PKU 0
> @@ -56,6 +61,12 @@
> # define DISABLE_PTI (1 << (X86_FEATURE_PTI & 31))
> #endif
>
> +#ifdef CONFIG_INTEL_SGX
> +# define DISABLE_SGX 0
> +#else
> +# define DISABLE_SGX (1 << (X86_FEATURE_SGX & 31))
> +#endif
> +
> /*
> * Make sure to add features to the correct mask
> */
> @@ -68,7 +79,7 @@
> #define DISABLED_MASK6 0
> #define DISABLED_MASK7 (DISABLE_PTI)
> #define DISABLED_MASK8 0
> -#define DISABLED_MASK9 (DISABLE_SMAP)
> +#define DISABLED_MASK9 (DISABLE_SMAP|DISABLE_SGX)
> #define DISABLED_MASK10 0
> #define DISABLED_MASK11 0
> #define DISABLED_MASK12 0
> @@ -78,6 +89,7 @@
> #define DISABLED_MASK16 (DISABLE_PKU|DISABLE_OSPKE|DISABLE_LA57|DISABLE_UMIP)
> #define DISABLED_MASK17 0
> #define DISABLED_MASK18 0
> -#define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 19)
> +#define DISABLED_MASK19 (DISABLE_SGX1|DISABLE_SGX2)
> +#define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 20)
>
> #endif /* _ASM_X86_DISABLED_FEATURES_H */
> diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
> index e8370e64a155..18e08da19f16 100644
> --- a/arch/x86/include/asm/msr-index.h
> +++ b/arch/x86/include/asm/msr-index.h
> @@ -582,6 +582,7 @@
> #define FEAT_CTL_LOCKED BIT(0)
> #define FEAT_CTL_VMX_ENABLED_INSIDE_SMX BIT(1)
> #define FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX BIT(2)
> +#define FEAT_CTL_SGX_ENABLED BIT(18)
> #define FEAT_CTL_LMCE_ENABLED BIT(20)
>
> #define MSR_IA32_TSC_ADJUST 0x0000003b
> diff --git a/arch/x86/include/asm/required-features.h b/arch/x86/include/asm/required-features.h
> index 6847d85400a8..039e58be2fe6 100644
> --- a/arch/x86/include/asm/required-features.h
> +++ b/arch/x86/include/asm/required-features.h
> @@ -101,6 +101,6 @@
> #define REQUIRED_MASK16 0
> #define REQUIRED_MASK17 0
> #define REQUIRED_MASK18 0
> -#define REQUIRED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 19)
> +#define REQUIRED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 20)
>
> #endif /* _ASM_X86_REQUIRED_FEATURES_H */
> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
> index 95c090a45b4b..7aecf5d07c70 100644
> --- a/arch/x86/kernel/cpu/common.c
> +++ b/arch/x86/kernel/cpu/common.c
> @@ -914,6 +914,10 @@ void get_cpu_cap(struct cpuinfo_x86 *c)
> c->x86_capability[CPUID_D_1_EAX] = eax;
> }
>
> + /* Additional Intel-defined SGX flags: level 0x00000012 */
> + if (c->cpuid_level >= 0x00000012)
> + c->x86_capability[CPUID_12_EAX] = cpuid_eax(0x00000012);
> +
> /* AMD-defined flags: level 0x80000001 */
> eax = cpuid_eax(0x80000000);
> c->extended_cpuid_level = eax;
> --
> 2.25.1
next prev parent reply other threads:[~2020-08-06 19:07 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-16 13:52 [PATCH v36 00/24] Intel SGX foundations Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 01/24] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits Jarkko Sakkinen
2020-08-06 13:13 ` Darren Kenny [this message]
2020-07-16 13:52 ` [PATCH v36 02/24] x86/cpufeatures: x86/msr: Add Intel SGX Launch Control " Jarkko Sakkinen
2020-08-06 13:14 ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 03/24] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX Jarkko Sakkinen
2020-08-06 13:16 ` Darren Kenny
2020-08-20 15:31 ` Borislav Petkov
2020-08-21 17:35 ` Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 04/24] x86/sgx: Add SGX microarchitectural data structures Jarkko Sakkinen
2020-08-06 13:14 ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 05/24] x86/sgx: Add wrappers for ENCLS leaf functions Jarkko Sakkinen
2020-08-07 9:37 ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 06/24] x86/cpu/intel: Detect SGX support Jarkko Sakkinen
2020-08-06 13:17 ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 07/24] x86/cpu/intel: Add nosgx kernel parameter Jarkko Sakkinen
2020-08-06 13:18 ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 08/24] x86/sgx: Initialize metadata for Enclave Page Cache (EPC) sections Jarkko Sakkinen
2020-08-06 13:27 ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 09/24] x86/sgx: Add __sgx_alloc_epc_page() and sgx_free_epc_page() Jarkko Sakkinen
2020-08-06 13:29 ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 10/24] mm: Add vm_ops->mprotect() Jarkko Sakkinen
2020-08-06 13:35 ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 11/24] x86/sgx: Add SGX enclave driver Jarkko Sakkinen
2020-08-06 13:59 ` Darren Kenny
2020-08-25 16:44 ` Borislav Petkov
2020-08-26 13:46 ` Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 12/24] x86/sgx: Add SGX_IOC_ENCLAVE_CREATE Jarkko Sakkinen
2020-08-06 15:40 ` Darren Kenny
2020-08-26 14:52 ` Borislav Petkov
2020-08-27 13:24 ` Jarkko Sakkinen
2020-08-27 16:15 ` Borislav Petkov
2020-08-28 23:39 ` Jarkko Sakkinen
2020-08-29 0:21 ` Jarkko Sakkinen
2020-09-01 16:41 ` Haitao Huang
2020-09-04 11:55 ` Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES Jarkko Sakkinen
2020-08-06 16:29 ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT Jarkko Sakkinen
2020-08-06 16:40 ` Darren Kenny
2020-07-16 13:52 ` [PATCH v36 15/24] x86/sgx: Allow a limited use of ATTRIBUTE.PROVISIONKEY for attestation Jarkko Sakkinen
2020-08-06 17:00 ` Darren Kenny
2020-08-18 13:30 ` Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 16/24] x86/sgx: Add a page reclaimer Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 17/24] x86/sgx: ptrace() support for the SGX driver Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 18/24] x86/vdso: Add support for exception fixup in vDSO functions Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 19/24] x86/fault: Add helper function to sanitize error code Jarkko Sakkinen
2020-07-16 13:52 ` [PATCH v36 20/24] x86/traps: Attempt to fixup exceptions in vDSO before signaling Jarkko Sakkinen
2020-07-16 13:53 ` [PATCH v36 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call Jarkko Sakkinen
2020-08-06 14:55 ` Nathaniel McCallum
2020-08-10 22:23 ` Sean Christopherson
2020-08-11 7:16 ` Jethro Beekman
2020-08-11 14:54 ` Sean Christopherson
2020-08-18 14:52 ` Jarkko Sakkinen
2020-08-18 15:06 ` Jarkko Sakkinen
2020-08-18 15:15 ` Nathaniel McCallum
2020-08-18 16:43 ` Jarkko Sakkinen
2020-08-19 13:33 ` Nathaniel McCallum
2020-08-19 14:00 ` Jethro Beekman
2020-08-19 21:23 ` Jarkko Sakkinen
2020-08-10 23:08 ` Andy Lutomirski
2020-08-10 23:48 ` Sean Christopherson
2020-08-11 0:52 ` Andy Lutomirski
2020-08-11 15:16 ` Andy Lutomirski
2020-08-13 19:38 ` Sean Christopherson
2020-08-17 13:12 ` Nathaniel McCallum
2020-08-17 15:01 ` Andy Lutomirski
2020-08-18 15:15 ` Jarkko Sakkinen
2020-08-20 0:19 ` Andy Lutomirski
2020-08-18 14:26 ` Jarkko Sakkinen
2020-07-16 13:53 ` [PATCH v36 22/24] selftests/x86: Add a selftest for SGX Jarkko Sakkinen
2020-08-27 4:47 ` Nathaniel McCallum
2020-08-27 15:20 ` Sean Christopherson
2020-08-28 23:27 ` Jarkko Sakkinen
2020-07-16 13:53 ` [PATCH v36 23/24] docs: x86/sgx: Document SGX micro architecture and kernel internals Jarkko Sakkinen
2020-07-28 21:35 ` Pavel Machek
2020-08-06 10:21 ` Dr. Greg
2020-08-08 22:18 ` Pavel Machek
2020-08-19 20:55 ` Jarkko Sakkinen
2020-07-16 13:53 ` [PATCH v36 24/24] x86/sgx: Update MAINTAINERS Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2ft8zsyrr.fsf@oracle.com \
--to=darren.kenny@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=asapek@google.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=chenalexchen@google.com \
--cc=conradparker@google.com \
--cc=cyhanish@google.com \
--cc=dave.hansen@intel.com \
--cc=haitao.huang@intel.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jethro@fortanix.com \
--cc=josh@joshtriplett.org \
--cc=kai.huang@intel.com \
--cc=kai.svahn@intel.com \
--cc=kmoy@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=ludloff@google.com \
--cc=luto@kernel.org \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=puiterwijk@redhat.com \
--cc=rientjes@google.com \
--cc=sean.j.christopherson@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=yaozhangx@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.