[v28,07/22] x86/cpu/intel: Detect SGX supprt

Message ID	20200303233609.713348-8-jarkko.sakkinen@linux.intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=VHel=4U=vger.kernel.org=linux-sgx-owner@kernel.org> From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-sgx@vger.kernel.org Cc: akpm@linux-foundation.org, dave.hansen@intel.com, sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, haitao.huang@intel.com, andriy.shevchenko@linux.intel.com, tglx@linutronix.de, kai.svahn@intel.com, bp@alien8.de, josh@joshtriplett.org, luto@kernel.org, kai.huang@intel.com, rientjes@google.com, cedric.xing@intel.com, puiterwijk@redhat.com, Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Subject: [PATCH v28 07/22] x86/cpu/intel: Detect SGX supprt Date: Wed, 4 Mar 2020 01:35:54 +0200 Message-Id: <20200303233609.713348-8-jarkko.sakkinen@linux.intel.com> In-Reply-To: <20200303233609.713348-1-jarkko.sakkinen@linux.intel.com> References: <20200303233609.713348-1-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk
Series	Intel SGX foundations \| expand [v28,00/22] Intel SGX foundations [v28,01/22] x86/sgx: Update MAINTAINERS [v28,02/22] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits [v28,03/22] x86/cpufeatures: x86/msr: Intel SGX Launch Control hardware bits [v28,04/22] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX [v28,05/22] x86/sgx: Add SGX microarchitectural data structures [v28,06/22] x86/sgx: Add wrappers for ENCLS leaf functions [v28,07/22] x86/cpu/intel: Detect SGX supprt [v28,08/22] x86/sgx: Enumerate and track EPC sections [v28,09/22] x86/sgx: Add functions to allocate and free EPC pages [v28,10/22] mm: Introduce vm_ops->may_mprotect() [v28,11/22] x86/sgx: Linux Enclave Driver [v28,12/22] docs: x86/sgx: Document SGX micro architecture and kernel internals [v28,13/22] selftests/x86: Recurse into subdirectories [v28,14/22] selftests/x86: Add a selftest for SGX [v28,15/22] x86/sgx: Add provisioning [v28,16/22] x86/sgx: Add a page reclaimer [v28,17/22] x86/sgx: ptrace() support for the SGX driver [v28,18/22] x86/vdso: Add support for exception fixup in vDSO functions [v28,19/22] x86/fault: Add helper function to sanitize error code [v28,20/22] x86/traps: Attempt to fixup exceptions in vDSO before signaling [v28,21/22] x86/vdso: Implement a vDSO for Intel SGX enclave call [v28,22/22] selftests/x86: Add vDSO selftest for SGX

Message ID

20200303233609.713348-8-jarkko.sakkinen@linux.intel.com (mailing list archive)

State

New, archived

Headers

From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org,
        linux-sgx@vger.kernel.org
Cc: akpm@linux-foundation.org, dave.hansen@intel.com,
        sean.j.christopherson@intel.com, nhorman@redhat.com,
        npmccallum@redhat.com, haitao.huang@intel.com,
        andriy.shevchenko@linux.intel.com, tglx@linutronix.de,
        kai.svahn@intel.com, bp@alien8.de, josh@joshtriplett.org,
        luto@kernel.org, kai.huang@intel.com, rientjes@google.com,
        cedric.xing@intel.com, puiterwijk@redhat.com,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Subject: [PATCH v28 07/22] x86/cpu/intel: Detect SGX supprt
Date: Wed,  4 Mar 2020 01:35:54 +0200
Message-Id: <20200303233609.713348-8-jarkko.sakkinen@linux.intel.com>
In-Reply-To: <20200303233609.713348-1-jarkko.sakkinen@linux.intel.com>
References: <20200303233609.713348-1-jarkko.sakkinen@linux.intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-sgx-owner@vger.kernel.org
Precedence: bulk

Series

Intel SGX foundations | expand

Commit Message

Jarkko Sakkinen March 3, 2020, 11:35 p.m. UTC

From: Sean Christopherson <sean.j.christopherson@intel.com>

Configure SGX as part of feature control MSR initialization and update
the associated X86_FEATURE flags accordingly.  Because the kernel will
require the LE hash MSRs to be writable when running native enclaves,
disable X86_FEATURE_SGX (and all derivatives) if SGX Launch Control is
not (or cannot) be fully enabled via feature control MSR.

The check is done for every CPU, not just BSP, in order to verify that
MSR_IA32_FEATURE_CONTROL is correctly configured on all CPUs. The other
parts of the kernel, like the enclave driver, expect the same
configuration from all CPUs.

Note, unlike VMX, clear the X86_FEATURE_SGX* flags for all CPUs if any
CPU lacks SGX support as the kernel expects SGX to be available on all
CPUs.  X86_FEATURE_VMX is intentionally cleared only for the current CPU
so that KVM can provide additional information if KVM fails to load,
e.g. print which CPU doesn't support VMX.  KVM/VMX requires additional
per-CPU enabling, e.g. to set CR4.VMXE and do VMXON, and so already has
the necessary infrastructure to do per-CPU checks.  SGX on the other
hand doesn't require additional enabling, so clearing the feature flags
on all CPUs means the SGX subsystem doesn't need to manually do support
checks on a per-CPU basis.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Co-developed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 arch/x86/kernel/cpu/feat_ctl.c | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

Comments

Sean Christopherson March 9, 2020, 9:56 p.m. UTC | #1

s/supprt/support

On Wed, Mar 04, 2020 at 01:35:54AM +0200, Jarkko Sakkinen wrote:
> @@ -123,13 +132,21 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
>  			msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX;
>  	}
>  
> +	/*
> +	 * Enable SGX if and only if the kernel supports SGX and Launch Control
> +	 * is supported, i.e. disable SGX if the LE hash MSRs can't be written.
> +	 */
> +	if (cpu_has(c, X86_FEATURE_SGX) && cpu_has(c, X86_FEATURE_SGX_LC) &&
> +	    IS_ENABLED(CONFIG_INTEL_SGX))

This should probably check X86_FEATURE_SGX1 to handle the (unlikely) case
where SGX is supported but is soft disabled, e.g. due to a (corrected) #MC.

> +		msr |= FEAT_CTL_SGX_ENABLED | FEAT_CTL_SGX_LC_ENABLED;
> +
>  	wrmsrl(MSR_IA32_FEAT_CTL, msr);
>  
>  update_caps:
>  	set_cpu_cap(c, X86_FEATURE_MSR_IA32_FEAT_CTL);
>  
>  	if (!cpu_has(c, X86_FEATURE_VMX))
> -		return;
> +		goto update_sgx;
>  
>  	if ( (tboot && !(msr & FEAT_CTL_VMX_ENABLED_INSIDE_SMX)) ||
>  	    (!tboot && !(msr & FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX))) {
> @@ -142,4 +159,14 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
>  		init_vmx_capabilities(c);
>  #endif
>  	}
> +
> +update_sgx:
> +	if (!cpu_has(c, X86_FEATURE_SGX) || !cpu_has(c, X86_FEATURE_SGX_LC)) {

Same thing here for SGX1.  Since the checks are getting rather lengthy, it
probably makes sense to consolidate the logic using a local bool, e.g. as a
delta patch:

---
 arch/x86/kernel/cpu/feat_ctl.c | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c
index b16b71a6da74..ef4ddd6c8630 100644
--- a/arch/x86/kernel/cpu/feat_ctl.c
+++ b/arch/x86/kernel/cpu/feat_ctl.c
@@ -103,6 +103,7 @@ static void clear_sgx_caps(void)
 void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
 {
 	bool tboot = tboot_enabled();
+	bool enable_sgx;
 	u64 msr;
 
 	if (rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr)) {
@@ -111,6 +112,15 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
 		return;
 	}
 
+	/*
+	 * Enable SGX if and only if the kernel supports SGX and Launch Control
+	 * is supported, i.e. disable SGX if the LE hash MSRs can't be written.
+	 */
+	enable_sgx = cpu_has(c, X86_FEATURE_SGX) &&
+		     cpu_has(c, X86_FEATURE_SGX1) &&
+		     cpu_has(c, X86_FEATURE_SGX_LC) &&
+		     IS_ENABLED(CONFIG_INTEL_SGX);
+
 	if (msr & FEAT_CTL_LOCKED)
 		goto update_caps;
 
@@ -132,12 +142,7 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
 			msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX;
 	}
 
-	/*
-	 * Enable SGX if and only if the kernel supports SGX and Launch Control
-	 * is supported, i.e. disable SGX if the LE hash MSRs can't be written.
-	 */
-	if (cpu_has(c, X86_FEATURE_SGX) && cpu_has(c, X86_FEATURE_SGX_LC) &&
-	    IS_ENABLED(CONFIG_INTEL_SGX))
+	if (enable_sgx)
 		msr |= FEAT_CTL_SGX_ENABLED | FEAT_CTL_SGX_LC_ENABLED;
 
 	wrmsrl(MSR_IA32_FEAT_CTL, msr);
@@ -161,11 +166,9 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
 	}
 
 update_sgx:
-	if (!cpu_has(c, X86_FEATURE_SGX) || !cpu_has(c, X86_FEATURE_SGX_LC)) {
-		clear_sgx_caps();
-	} else if (!(msr & FEAT_CTL_SGX_ENABLED) ||
-		   !(msr & FEAT_CTL_SGX_LC_ENABLED)) {
-		if (IS_ENABLED(CONFIG_INTEL_SGX))
+	if (!(msr & FEAT_CTL_SGX_ENABLED) ||
+	    !(msr & FEAT_CTL_SGX_LC_ENABLED) || !enable_sgx) {
+		if (enable_sgx)
 			pr_err_once("SGX disabled by BIOS\n");
 		clear_sgx_caps();
 	}

Jarkko Sakkinen March 11, 2020, 5:03 p.m. UTC | #2

On Mon, Mar 09, 2020 at 02:56:22PM -0700, Sean Christopherson wrote:
> s/supprt/support

Summary:

* Selftest: document FCW and MXCSR settings in the XSAVE template.
* Use WARN_ONCE() in ENCLS_WARN() instead of WARN().
* Use ENCLS_WARN() instead of WARN() in sgx_reclaimer_write().
* Clean up SGX detection and explicitly check SGX1 support.

to address the findings. The GIT tree is in sync with these updates.

/Jarkko

diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c
index 0268185bef94..b16b71a6da74 100644
--- a/arch/x86/kernel/cpu/feat_ctl.c
+++ b/arch/x86/kernel/cpu/feat_ctl.c
@@ -92,6 +92,14 @@  static void init_vmx_capabilities(struct cpuinfo_x86 *c)
 }
 #endif /* CONFIG_X86_VMX_FEATURE_NAMES */
 
+static void clear_sgx_caps(void)
+{
+	setup_clear_cpu_cap(X86_FEATURE_SGX);
+	setup_clear_cpu_cap(X86_FEATURE_SGX_LC);
+	setup_clear_cpu_cap(X86_FEATURE_SGX1);
+	setup_clear_cpu_cap(X86_FEATURE_SGX2);
+}
+
 void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
 {
 	bool tboot = tboot_enabled();
@@ -99,6 +107,7 @@  void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
 
 	if (rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr)) {
 		clear_cpu_cap(c, X86_FEATURE_VMX);
+		clear_sgx_caps();
 		return;
 	}
 
@@ -123,13 +132,21 @@  void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
 			msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX;
 	}
 
+	/*
+	 * Enable SGX if and only if the kernel supports SGX and Launch Control
+	 * is supported, i.e. disable SGX if the LE hash MSRs can't be written.
+	 */
+	if (cpu_has(c, X86_FEATURE_SGX) && cpu_has(c, X86_FEATURE_SGX_LC) &&
+	    IS_ENABLED(CONFIG_INTEL_SGX))
+		msr |= FEAT_CTL_SGX_ENABLED | FEAT_CTL_SGX_LC_ENABLED;
+
 	wrmsrl(MSR_IA32_FEAT_CTL, msr);
 
 update_caps:
 	set_cpu_cap(c, X86_FEATURE_MSR_IA32_FEAT_CTL);
 
 	if (!cpu_has(c, X86_FEATURE_VMX))
-		return;
+		goto update_sgx;
 
 	if ( (tboot && !(msr & FEAT_CTL_VMX_ENABLED_INSIDE_SMX)) ||
 	    (!tboot && !(msr & FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX))) {
@@ -142,4 +159,14 @@  void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
 		init_vmx_capabilities(c);
 #endif
 	}
+
+update_sgx:
+	if (!cpu_has(c, X86_FEATURE_SGX) || !cpu_has(c, X86_FEATURE_SGX_LC)) {
+		clear_sgx_caps();
+	} else if (!(msr & FEAT_CTL_SGX_ENABLED) ||
+		   !(msr & FEAT_CTL_SGX_LC_ENABLED)) {
+		if (IS_ENABLED(CONFIG_INTEL_SGX))
+			pr_err_once("SGX disabled by BIOS\n");
+		clear_sgx_caps();
+	}
 }

[v28,07/22] x86/cpu/intel: Detect SGX supprt

Commit Message

Comments

Patch