From: Kai Huang <kai.huang@intel.com>
To: linux-sgx@vger.kernel.org
Cc: dave.hansen@linux.intel.com, seanjc@google.com,
jarkko@kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v2] x86/intel: Clear SGX feature bit if both SGX driver and KVM SGX are not enabled
Date: Fri, 9 Sep 2022 23:13:31 +1200 [thread overview]
Message-ID: <20220909111331.558936-1-kai.huang@intel.com> (raw)
Currently on platform which has SGX enabled, if CONFIG_X86_SGX is not
enabled, the X86_FEATURE_SGX bit is not cleared in init_ia32_feat_ctl().
This results in /proc/cpuinfo still showing "sgx" feature when the
kernel doesn't support SGX at all, which is not desired.
Clear SGX feature bit if both SGX driver and KVM SGX are not enabled in
init_ia32_feat_ctl().
Signed-off-by: Kai Huang <kai.huang@intel.com>
---
Hi Dave, Sean, Jarkko,
Could you help to review? Tested on SGX (BIOS) enabled machine with
CONFIG_X86_SGX unset.
This patch is generated on latest tip/master, but it applies to
tip/x86/sgx cleanly as well.
v1 -> v2:
- Move the check down after checking X86_FEATURE_VMX which may set
enable_sgx_kvm to false.
- Slightly improve changelog.
- Change "Clear SGX bit" to "Clear SGX feature bit" in patch title.
---
arch/x86/kernel/cpu/feat_ctl.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c
index 993697e71854..79d18caebff1 100644
--- a/arch/x86/kernel/cpu/feat_ctl.c
+++ b/arch/x86/kernel/cpu/feat_ctl.c
@@ -200,6 +200,19 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
enable_sgx_kvm = 0;
}
+ /*
+ * By reaching here, it is certain that:
+ * - CPU supports SGX.
+ * - SGX is enabled by BIOS.
+ *
+ * However if both SGX driver and KVM SGX are not enabled, just
+ * need to clear SGX feature bit.
+ */
+ if (!enable_sgx_driver && !enable_sgx_kvm) {
+ clear_cpu_cap(c, X86_FEATURE_SGX);
+ return;
+ }
+
if (!(msr & FEAT_CTL_SGX_LC_ENABLED) && enable_sgx_driver) {
if (!enable_sgx_kvm) {
pr_err_once("SGX Launch Control is locked. Disable SGX.\n");
base-commit: b8b09110cf290fdab4006b717da7a776ffb0cb73
--
2.37.1
reply other threads:[~2022-09-09 11:14 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220909111331.558936-1-kai.huang@intel.com \
--to=kai.huang@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=jarkko@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.