| Message ID | 20200123130746.20377-1-jarkko.sakkinen@linux.intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86/sgx: Uncoditionally disallow SGX if MSRs are not writable | expand |
On Thu, Jan 23, 2020 at 03:07:46PM +0200, Jarkko Sakkinen wrote: > As suggested by Borislav, disallow SGX if the PK MSRs are not writable. > > Link: https://patchwork.kernel.org/patch/11267757/#23072371 > Cc: Sean Christopherson <sean.j.christopherson@intel.com> > Suggested-by: Borislav Petkov <bp@alien8.de> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > --- > Just a sanity check before merge, please ack that this is what you > wanted. > arch/x86/kernel/cpu/intel.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c > index 06252c82b8f7..0d57e9666de0 100644 > --- a/arch/x86/kernel/cpu/intel.c > +++ b/arch/x86/kernel/cpu/intel.c > @@ -600,7 +600,7 @@ static void __maybe_unused detect_sgx(struct cpuinfo_x86 *c) > > if (!(fc & FEATURE_CONTROL_SGX_LE_WR)) { > pr_info_once("sgx: The launch control MSRs are not writable\n"); > - goto err_msrs_rdonly; > + goto err_unsupported; > } > > return; > @@ -609,8 +609,6 @@ static void __maybe_unused detect_sgx(struct cpuinfo_x86 *c) > setup_clear_cpu_cap(X86_FEATURE_SGX); > setup_clear_cpu_cap(X86_FEATURE_SGX1); > setup_clear_cpu_cap(X86_FEATURE_SGX2); > - > -err_msrs_rdonly: > setup_clear_cpu_cap(X86_FEATURE_SGX_LC); > } > > -- Yap, looks about right. Thx.
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 06252c82b8f7..0d57e9666de0 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -600,7 +600,7 @@ static void __maybe_unused detect_sgx(struct cpuinfo_x86 *c) if (!(fc & FEATURE_CONTROL_SGX_LE_WR)) { pr_info_once("sgx: The launch control MSRs are not writable\n"); - goto err_msrs_rdonly; + goto err_unsupported; } return; @@ -609,8 +609,6 @@ static void __maybe_unused detect_sgx(struct cpuinfo_x86 *c) setup_clear_cpu_cap(X86_FEATURE_SGX); setup_clear_cpu_cap(X86_FEATURE_SGX1); setup_clear_cpu_cap(X86_FEATURE_SGX2); - -err_msrs_rdonly: setup_clear_cpu_cap(X86_FEATURE_SGX_LC); }
As suggested by Borislav, disallow SGX if the PK MSRs are not writable. Link: https://patchwork.kernel.org/patch/11267757/#23072371 Cc: Sean Christopherson <sean.j.christopherson@intel.com> Suggested-by: Borislav Petkov <bp@alien8.de> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> --- Just a sanity check before merge, please ack that this is what you wanted. arch/x86/kernel/cpu/intel.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)