[01/15] xen: x86: expose SGX to HVM domain in CPU featureset
diff mbox

Message ID e7bdd8a0b15a1b64ee480f6318258a405f8b2adf.1499586046.git.kai.huang@linux.intel.com
State New, archived
Headers show

Commit Message

Kai Huang July 9, 2017, 8:04 a.m. UTC
Expose SGX in CPU featureset for HVM domain. SGX will not be supported for
PV domain, as ENCLS (which SGX driver in guest essentially runs) must run
in ring 0, while PV kernel runs in ring 3. Theoretically we can support SGX
in PV domain via either emulating #GP caused by ENCLS running in ring 3, or
by PV ENCLS but it is really not necessary at this stage. And currently SGX
is only exposed to HAP HVM domain (we can add for shadow in the future).

SGX Launch Control is also exposed in CPU featureset for HVM domain. SGX
Launch Control depends on SGX.

Signed-off-by: Kai Huang <kai.huang@linux.intel.com>
---
 xen/include/public/arch-x86/cpufeatureset.h | 3 ++-
 xen/tools/gen-cpuid.py                      | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

Comments

Andrew Cooper July 12, 2017, 11:09 a.m. UTC | #1
On 09/07/17 10:04, Kai Huang wrote:
> Expose SGX in CPU featureset for HVM domain. SGX will not be supported for
> PV domain, as ENCLS (which SGX driver in guest essentially runs) must run
> in ring 0, while PV kernel runs in ring 3. Theoretically we can support SGX
> in PV domain via either emulating #GP caused by ENCLS running in ring 3, or
> by PV ENCLS but it is really not necessary at this stage. And currently SGX
> is only exposed to HAP HVM domain (we can add for shadow in the future).
>
> SGX Launch Control is also exposed in CPU featureset for HVM domain. SGX
> Launch Control depends on SGX.
>
> Signed-off-by: Kai Huang <kai.huang@linux.intel.com>

I think its perfectly reasonable to restrict to HVM guests to start 
with, although I don't see how shadow vs HAP has any impact at this 
stage?  All that matters is that the EPC pages appear in the guests p2m.

~Andrew
Kai Huang July 17, 2017, 6:20 a.m. UTC | #2
On 7/12/2017 11:09 PM, Andrew Cooper wrote:
> On 09/07/17 10:04, Kai Huang wrote:
>> Expose SGX in CPU featureset for HVM domain. SGX will not be supported 
>> for
>> PV domain, as ENCLS (which SGX driver in guest essentially runs) must run
>> in ring 0, while PV kernel runs in ring 3. Theoretically we can 
>> support SGX
>> in PV domain via either emulating #GP caused by ENCLS running in ring 
>> 3, or
>> by PV ENCLS but it is really not necessary at this stage. And 
>> currently SGX
>> is only exposed to HAP HVM domain (we can add for shadow in the future).
>>
>> SGX Launch Control is also exposed in CPU featureset for HVM domain. SGX
>> Launch Control depends on SGX.
>>
>> Signed-off-by: Kai Huang <kai.huang@linux.intel.com>
> 
> I think its perfectly reasonable to restrict to HVM guests to start 
> with, although I don't see how shadow vs HAP has any impact at this 
> stage?  All that matters is that the EPC pages appear in the guests p2m.

Hmm it seems I forgot replying this one. Sorry. Actually there's no 
difference between shadow and HAP SGX, as currently SGX functionality is 
not depending on EPT. I didn't expose SGX to shadow as I haven't got 
chance to implement and test shadow part. I will add shadow support in 
next version.

Thanks,
-Kai
> 
> ~Andrew
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> https://lists.xen.org/xen-devel
Andrew Cooper July 18, 2017, 10:12 a.m. UTC | #3
On 09/07/17 09:04, Kai Huang wrote:
> Expose SGX in CPU featureset for HVM domain. SGX will not be supported for
> PV domain, as ENCLS (which SGX driver in guest essentially runs) must run
> in ring 0, while PV kernel runs in ring 3. Theoretically we can support SGX
> in PV domain via either emulating #GP caused by ENCLS running in ring 3, or
> by PV ENCLS but it is really not necessary at this stage. And currently SGX
> is only exposed to HAP HVM domain (we can add for shadow in the future).
>
> SGX Launch Control is also exposed in CPU featureset for HVM domain. SGX
> Launch Control depends on SGX.
>
> Signed-off-by: Kai Huang <kai.huang@linux.intel.com>
> ---
>  xen/include/public/arch-x86/cpufeatureset.h | 3 ++-
>  xen/tools/gen-cpuid.py                      | 3 +++
>  2 files changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h
> index 97dd3534c5..b6c54e654e 100644
> --- a/xen/include/public/arch-x86/cpufeatureset.h
> +++ b/xen/include/public/arch-x86/cpufeatureset.h
> @@ -193,7 +193,7 @@ XEN_CPUFEATURE(XSAVES,        4*32+ 3) /*S  XSAVES/XRSTORS instructions */
>  /* Intel-defined CPU features, CPUID level 0x00000007:0.ebx, word 5 */
>  XEN_CPUFEATURE(FSGSBASE,      5*32+ 0) /*A  {RD,WR}{FS,GS}BASE instructions */
>  XEN_CPUFEATURE(TSC_ADJUST,    5*32+ 1) /*S  TSC_ADJUST MSR available */
> -XEN_CPUFEATURE(SGX,           5*32+ 2) /*   Software Guard extensions */
> +XEN_CPUFEATURE(SGX,           5*32+ 2) /*H  Intel Software Guard extensions */
>  XEN_CPUFEATURE(BMI1,          5*32+ 3) /*A  1st bit manipulation extensions */
>  XEN_CPUFEATURE(HLE,           5*32+ 4) /*A  Hardware Lock Elision */
>  XEN_CPUFEATURE(AVX2,          5*32+ 5) /*A  AVX2 instructions */
> @@ -229,6 +229,7 @@ XEN_CPUFEATURE(PKU,           6*32+ 3) /*H  Protection Keys for Userspace */
>  XEN_CPUFEATURE(OSPKE,         6*32+ 4) /*!  OS Protection Keys Enable */
>  XEN_CPUFEATURE(AVX512_VPOPCNTDQ, 6*32+14) /*A  POPCNT for vectors of DW/QW */
>  XEN_CPUFEATURE(RDPID,         6*32+22) /*A  RDPID instruction */
> +XEN_CPUFEATURE(SGX_LAUNCH_CONTROL, 6*32+30) /*H Intel SGX Launch Control */

Could we abbreviate this to SGX_LC ?  It is certainly rather shorter to
write, and appears to be used elsewhere.

~Andrew
Kai Huang July 18, 2017, 10:41 p.m. UTC | #4
On 7/18/2017 10:12 PM, Andrew Cooper wrote:
> On 09/07/17 09:04, Kai Huang wrote:
>> Expose SGX in CPU featureset for HVM domain. SGX will not be supported for
>> PV domain, as ENCLS (which SGX driver in guest essentially runs) must run
>> in ring 0, while PV kernel runs in ring 3. Theoretically we can support SGX
>> in PV domain via either emulating #GP caused by ENCLS running in ring 3, or
>> by PV ENCLS but it is really not necessary at this stage. And currently SGX
>> is only exposed to HAP HVM domain (we can add for shadow in the future).
>>
>> SGX Launch Control is also exposed in CPU featureset for HVM domain. SGX
>> Launch Control depends on SGX.
>>
>> Signed-off-by: Kai Huang <kai.huang@linux.intel.com>
>> ---
>>   xen/include/public/arch-x86/cpufeatureset.h | 3 ++-
>>   xen/tools/gen-cpuid.py                      | 3 +++
>>   2 files changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h
>> index 97dd3534c5..b6c54e654e 100644
>> --- a/xen/include/public/arch-x86/cpufeatureset.h
>> +++ b/xen/include/public/arch-x86/cpufeatureset.h
>> @@ -193,7 +193,7 @@ XEN_CPUFEATURE(XSAVES,        4*32+ 3) /*S  XSAVES/XRSTORS instructions */
>>   /* Intel-defined CPU features, CPUID level 0x00000007:0.ebx, word 5 */
>>   XEN_CPUFEATURE(FSGSBASE,      5*32+ 0) /*A  {RD,WR}{FS,GS}BASE instructions */
>>   XEN_CPUFEATURE(TSC_ADJUST,    5*32+ 1) /*S  TSC_ADJUST MSR available */
>> -XEN_CPUFEATURE(SGX,           5*32+ 2) /*   Software Guard extensions */
>> +XEN_CPUFEATURE(SGX,           5*32+ 2) /*H  Intel Software Guard extensions */
>>   XEN_CPUFEATURE(BMI1,          5*32+ 3) /*A  1st bit manipulation extensions */
>>   XEN_CPUFEATURE(HLE,           5*32+ 4) /*A  Hardware Lock Elision */
>>   XEN_CPUFEATURE(AVX2,          5*32+ 5) /*A  AVX2 instructions */
>> @@ -229,6 +229,7 @@ XEN_CPUFEATURE(PKU,           6*32+ 3) /*H  Protection Keys for Userspace */
>>   XEN_CPUFEATURE(OSPKE,         6*32+ 4) /*!  OS Protection Keys Enable */
>>   XEN_CPUFEATURE(AVX512_VPOPCNTDQ, 6*32+14) /*A  POPCNT for vectors of DW/QW */
>>   XEN_CPUFEATURE(RDPID,         6*32+22) /*A  RDPID instruction */
>> +XEN_CPUFEATURE(SGX_LAUNCH_CONTROL, 6*32+30) /*H Intel SGX Launch Control */
> 
> Could we abbreviate this to SGX_LC ?  It is certainly rather shorter to
> write, and appears to be used elsewhere.

Sure. Will do.

Thanks,
-Kai
> 
> ~Andrew
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> https://lists.xen.org/xen-devel
>

Patch
diff mbox

diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h
index 97dd3534c5..b6c54e654e 100644
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -193,7 +193,7 @@  XEN_CPUFEATURE(XSAVES,        4*32+ 3) /*S  XSAVES/XRSTORS instructions */
 /* Intel-defined CPU features, CPUID level 0x00000007:0.ebx, word 5 */
 XEN_CPUFEATURE(FSGSBASE,      5*32+ 0) /*A  {RD,WR}{FS,GS}BASE instructions */
 XEN_CPUFEATURE(TSC_ADJUST,    5*32+ 1) /*S  TSC_ADJUST MSR available */
-XEN_CPUFEATURE(SGX,           5*32+ 2) /*   Software Guard extensions */
+XEN_CPUFEATURE(SGX,           5*32+ 2) /*H  Intel Software Guard extensions */
 XEN_CPUFEATURE(BMI1,          5*32+ 3) /*A  1st bit manipulation extensions */
 XEN_CPUFEATURE(HLE,           5*32+ 4) /*A  Hardware Lock Elision */
 XEN_CPUFEATURE(AVX2,          5*32+ 5) /*A  AVX2 instructions */
@@ -229,6 +229,7 @@  XEN_CPUFEATURE(PKU,           6*32+ 3) /*H  Protection Keys for Userspace */
 XEN_CPUFEATURE(OSPKE,         6*32+ 4) /*!  OS Protection Keys Enable */
 XEN_CPUFEATURE(AVX512_VPOPCNTDQ, 6*32+14) /*A  POPCNT for vectors of DW/QW */
 XEN_CPUFEATURE(RDPID,         6*32+22) /*A  RDPID instruction */
+XEN_CPUFEATURE(SGX_LAUNCH_CONTROL, 6*32+30) /*H Intel SGX Launch Control */
 
 /* AMD-defined CPU features, CPUID level 0x80000007.edx, word 7 */
 XEN_CPUFEATURE(ITSC,          7*32+ 8) /*   Invariant TSC */
diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py
index 9ec4486f2b..1301eee310 100755
--- a/xen/tools/gen-cpuid.py
+++ b/xen/tools/gen-cpuid.py
@@ -256,6 +256,9 @@  def crunch_numbers(state):
         AVX512F: [AVX512DQ, AVX512IFMA, AVX512PF, AVX512ER, AVX512CD,
                   AVX512BW, AVX512VL, AVX512VBMI, AVX512_4VNNIW,
                   AVX512_4FMAPS, AVX512_VPOPCNTDQ],
+
+        # SGX Launch Control depends on SGX
+        SGX: [SGX_LAUNCH_CONTROL],
     }
 
     deep_features = tuple(sorted(deps.keys()))