| Message ID | 20180814155312.19267-1-sean.j.christopherson@intel.com (mailing list archive) |
|---|---|
| Headers | show
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
[172.30.200.125])
by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CD038139A
for <patchwork-kvm@patchwork.kernel.org>;
Tue, 14 Aug 2018 15:54:17 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BE6C12A337
for <patchwork-kvm@patchwork.kernel.org>;
Tue, 14 Aug 2018 15:54:17 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
id B1B3A2A35D; Tue, 14 Aug 2018 15:54:17 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
pdx-wl-mail.web.codeaurora.org
X-Spam-Level:
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 301582A337
for <patchwork-kvm@patchwork.kernel.org>;
Tue, 14 Aug 2018 15:54:17 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1732072AbeHNSlx (ORCPT
<rfc822;patchwork-kvm@patchwork.kernel.org>);
Tue, 14 Aug 2018 14:41:53 -0400
Received: from mga18.intel.com ([134.134.136.126]:19665 "EHLO mga18.intel.com"
rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
id S1728978AbeHNSlx (ORCPT <rfc822;kvm@vger.kernel.org>);
Tue, 14 Aug 2018 14:41:53 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga001.jf.intel.com ([10.7.209.18])
by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
14 Aug 2018 08:54:10 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.53,238,1531810800";
d="scan'208";a="81699483"
Received: from sjchrist-coffee.jf.intel.com ([10.54.74.132])
by orsmga001.jf.intel.com with ESMTP; 14 Aug 2018 08:54:09 -0700
From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
=?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>
Cc: sean.j.christopherson@intel.com, kvm@vger.kernel.org
Subject: [PATCH 0/2] KVM: vmx: Inject #UD for SGX ENCLS instructions
Date: Tue, 14 Aug 2018 08:53:10 -0700
Message-Id: <20180814155312.19267-1-sean.j.christopherson@intel.com>
X-Mailer: git-send-email 2.18.0
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP
|
| Series |
KVM: vmx: Inject #UD for SGX ENCLS instructions
|
expand
|
Intel Software Guard Extensions (SGX) provides hardware-based capabilities to protect a userspace application's secrets. SGX defines a new CPL0 instruction, ENCLS[1], for use by the kernel to support and manage SGX. Because SGX does not have a true software enable bit, e.g. there is no CR4.SGXE bit, ENCLS isn't guaranteed to #UD in a guest kernel, e.g. ENCLS will #GP if the SGX enable bit in Feature Control MSR is not set (and the CPU supports ENCLS). Ensure a guest sees consistent and expected fault behavior by intercepting ENCLS and injecting #UD. This series does not add support for exposing SGX to a guest. Virtualization of SGX depends on Enclave Page Cache (EPC) management that is not yet available in the kernel, i.e. KVM support for exposing SGX to a guest cannot be added until basic SGX functionality is upstreamed, which is a WIP[2]. [1] ENCLS is really multiple instructions, referred to as leaf functions, that are bundled under a singled opcode, a la VMFUNC or GETSEC. [2] https://www.spinics.net/lists/kvm/msg171333.html or https://lkml.org/lkml/2018/7/3/879 Sean Christopherson (2): KVM: vmx: Add defines for SGX ENCLS exiting KVM: vmx: Inject #UD for SGX ENCLS instruction in guest arch/x86/include/asm/vmx.h | 3 +++ arch/x86/kvm/vmx.c | 30 +++++++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-)