| Message ID | ae05882235e61fd8e7a56e37b0d9c044781bd767.1611634586.git.kai.huang@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM SGX virtualization support | expand |
On 1/26/21 1:30 AM, Kai Huang wrote: > --- a/arch/x86/kernel/cpu/feat_ctl.c > +++ b/arch/x86/kernel/cpu/feat_ctl.c > @@ -105,7 +105,8 @@ early_param("nosgx", nosgx); > void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > { > bool tboot = tboot_enabled(); > - bool enable_sgx; > + bool enable_vmx; > + bool enable_sgx_any, enable_sgx_kvm, enable_sgx_driver; > u64 msr; > > if (rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr)) { > @@ -114,13 +115,22 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > return; > } > > + enable_vmx = cpu_has(c, X86_FEATURE_VMX) && > + IS_ENABLED(CONFIG_KVM_INTEL); The reason it's called 'enable_sgx' below is because this code is actually going to "enable sgx". This code does not "enable vmx". That makes this a badly-named variable. "vmx_enabled" or "vmx_available" would be better. > /* > - * Enable SGX if and only if the kernel supports SGX and Launch Control > - * is supported, i.e. disable SGX if the LE hash MSRs can't be written. > + * Enable SGX if and only if the kernel supports SGX. Require Launch > + * Control support if SGX virtualization is *not* supported, i.e. > + * disable SGX if the LE hash MSRs can't be written and SGX can't be > + * exposed to a KVM guest (which might support non-LC configurations). > */ I hate this comment. /* * Separate out bare-metal SGX enabling from KVM. This allows * KVM guests to use SGX even if the kernel refuses to use it on * bare-metal. This happens if flexible Faunch Control is not * available. * > - enable_sgx = cpu_has(c, X86_FEATURE_SGX) && > - cpu_has(c, X86_FEATURE_SGX_LC) && > - IS_ENABLED(CONFIG_X86_SGX); > + enable_sgx_any = cpu_has(c, X86_FEATURE_SGX) && > + cpu_has(c, X86_FEATURE_SGX1) && > + IS_ENABLED(CONFIG_X86_SGX); The X86_FEATURE_SGX1 check seems to have snuck in here. Why? > + enable_sgx_driver = enable_sgx_any && > + cpu_has(c, X86_FEATURE_SGX_LC); > + enable_sgx_kvm = enable_sgx_any && enable_vmx && > + IS_ENABLED(CONFIG_X86_SGX_KVM); > > if (msr & FEAT_CTL_LOCKED) > goto update_caps; > @@ -136,15 +146,18 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > * i.e. KVM is enabled, to avoid unnecessarily adding an attack vector > * for the kernel, e.g. using VMX to hide malicious code. > */ > - if (cpu_has(c, X86_FEATURE_VMX) && IS_ENABLED(CONFIG_KVM_INTEL)) { > + if (enable_vmx) { > msr |= FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX; > > if (tboot) > msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX; > } > > - if (enable_sgx) > - msr |= FEAT_CTL_SGX_ENABLED | FEAT_CTL_SGX_LC_ENABLED; > + if (enable_sgx_kvm || enable_sgx_driver) { > + msr |= FEAT_CTL_SGX_ENABLED; > + if (enable_sgx_driver) > + msr |= FEAT_CTL_SGX_LC_ENABLED; > + } > > wrmsrl(MSR_IA32_FEAT_CTL, msr); > > @@ -167,10 +180,29 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > } > > update_sgx: > - if (!(msr & FEAT_CTL_SGX_ENABLED) || > - !(msr & FEAT_CTL_SGX_LC_ENABLED) || !enable_sgx) { > - if (enable_sgx) > - pr_err_once("SGX disabled by BIOS\n"); > + if (!(msr & FEAT_CTL_SGX_ENABLED)) { > + if (enable_sgx_kvm || enable_sgx_driver) > + pr_err_once("SGX disabled by BIOS.\n"); > clear_cpu_cap(c, X86_FEATURE_SGX); > + return; > + } Isn't there a pr_fmt here already? Won't these just look like: sgx: SGX disabled by BIOS. That seems a bit silly.
On Tue, Jan 26, 2021, Dave Hansen wrote: > > - enable_sgx = cpu_has(c, X86_FEATURE_SGX) && > > - cpu_has(c, X86_FEATURE_SGX_LC) && > > - IS_ENABLED(CONFIG_X86_SGX); > > + enable_sgx_any = cpu_has(c, X86_FEATURE_SGX) && > > + cpu_has(c, X86_FEATURE_SGX1) && > > + IS_ENABLED(CONFIG_X86_SGX); > > The X86_FEATURE_SGX1 check seems to have snuck in here. Why? It's a best effort check to handle the scenario where SGX is enabled by BIOS, but was disabled by hardware in response to a machine check bank being disabled. Adding a check on SGX1 should be in a different patch. I thought we had a dicscussion about why the check was omitted in the merge of bare metal support, but I can't find any such thread. > > + enable_sgx_driver = enable_sgx_any && > > + cpu_has(c, X86_FEATURE_SGX_LC); > > + enable_sgx_kvm = enable_sgx_any && enable_vmx && > > + IS_ENABLED(CONFIG_X86_SGX_KVM); > > > > if (msr & FEAT_CTL_LOCKED) > > goto update_caps; > > @@ -136,15 +146,18 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > * i.e. KVM is enabled, to avoid unnecessarily adding an attack vector > > * for the kernel, e.g. using VMX to hide malicious code. > > */ > > - if (cpu_has(c, X86_FEATURE_VMX) && IS_ENABLED(CONFIG_KVM_INTEL)) { > > + if (enable_vmx) { > > msr |= FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX; > > > > if (tboot) > > msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX; > > } > > > > - if (enable_sgx) > > - msr |= FEAT_CTL_SGX_ENABLED | FEAT_CTL_SGX_LC_ENABLED; > > + if (enable_sgx_kvm || enable_sgx_driver) { > > + msr |= FEAT_CTL_SGX_ENABLED; > > + if (enable_sgx_driver) > > + msr |= FEAT_CTL_SGX_LC_ENABLED; > > + } > > > > wrmsrl(MSR_IA32_FEAT_CTL, msr); > > > > @@ -167,10 +180,29 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > } > > > > update_sgx: > > - if (!(msr & FEAT_CTL_SGX_ENABLED) || > > - !(msr & FEAT_CTL_SGX_LC_ENABLED) || !enable_sgx) { > > - if (enable_sgx) > > - pr_err_once("SGX disabled by BIOS\n"); > > + if (!(msr & FEAT_CTL_SGX_ENABLED)) { > > + if (enable_sgx_kvm || enable_sgx_driver) > > + pr_err_once("SGX disabled by BIOS.\n"); > > clear_cpu_cap(c, X86_FEATURE_SGX); > > + return; > > + } > > > Isn't there a pr_fmt here already? Won't these just look like: > > sgx: SGX disabled by BIOS. > > That seems a bit silly. Eh, I like the explicit "SGX" to clarify that the hardware feature was disabled.
On Tue, 26 Jan 2021 09:00:45 -0800 Sean Christopherson wrote: > On Tue, Jan 26, 2021, Dave Hansen wrote: > > > - enable_sgx = cpu_has(c, X86_FEATURE_SGX) && > > > - cpu_has(c, X86_FEATURE_SGX_LC) && > > > - IS_ENABLED(CONFIG_X86_SGX); > > > + enable_sgx_any = cpu_has(c, X86_FEATURE_SGX) && > > > + cpu_has(c, X86_FEATURE_SGX1) && > > > + IS_ENABLED(CONFIG_X86_SGX); > > > > The X86_FEATURE_SGX1 check seems to have snuck in here. Why? > > It's a best effort check to handle the scenario where SGX is enabled by BIOS, > but was disabled by hardware in response to a machine check bank being disabled. > Adding a check on SGX1 should be in a different patch. I thought we had a > dicscussion about why the check was omitted in the merge of bare metal support, > but I can't find any such thread. Hi Dave, This is the link we discussed when in RFC v1. This should provide some info of why using SGX1 here. https://www.spinics.net/lists/linux-sgx/msg03990.html And Dave, Sean, If we want another separate patch for fixing SGX1 bit here, I'd like to let Sean or Jarkko to do that, since it is not quite related to KVM SGX virtualization here. I can remove SGX1 check here if you all agree. Comment? > > > > + enable_sgx_driver = enable_sgx_any && > > > + cpu_has(c, X86_FEATURE_SGX_LC); > > > + enable_sgx_kvm = enable_sgx_any && enable_vmx && > > > + IS_ENABLED(CONFIG_X86_SGX_KVM); > > > > > > if (msr & FEAT_CTL_LOCKED) > > > goto update_caps; > > > @@ -136,15 +146,18 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > > * i.e. KVM is enabled, to avoid unnecessarily adding an attack vector > > > * for the kernel, e.g. using VMX to hide malicious code. > > > */ > > > - if (cpu_has(c, X86_FEATURE_VMX) && IS_ENABLED(CONFIG_KVM_INTEL)) { > > > + if (enable_vmx) { > > > msr |= FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX; > > > > > > if (tboot) > > > msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX; > > > } > > > > > > - if (enable_sgx) > > > - msr |= FEAT_CTL_SGX_ENABLED | FEAT_CTL_SGX_LC_ENABLED; > > > + if (enable_sgx_kvm || enable_sgx_driver) { > > > + msr |= FEAT_CTL_SGX_ENABLED; > > > + if (enable_sgx_driver) > > > + msr |= FEAT_CTL_SGX_LC_ENABLED; > > > + } > > > > > > wrmsrl(MSR_IA32_FEAT_CTL, msr); > > > > > > @@ -167,10 +180,29 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > > } > > > > > > update_sgx: > > > - if (!(msr & FEAT_CTL_SGX_ENABLED) || > > > - !(msr & FEAT_CTL_SGX_LC_ENABLED) || !enable_sgx) { > > > - if (enable_sgx) > > > - pr_err_once("SGX disabled by BIOS\n"); > > > + if (!(msr & FEAT_CTL_SGX_ENABLED)) { > > > + if (enable_sgx_kvm || enable_sgx_driver) > > > + pr_err_once("SGX disabled by BIOS.\n"); > > > clear_cpu_cap(c, X86_FEATURE_SGX); > > > + return; > > > + } > > > > > > Isn't there a pr_fmt here already? Won't these just look like: > > > > sgx: SGX disabled by BIOS. > > > > That seems a bit silly. > > Eh, I like the explicit "SGX" to clarify that the hardware feature was disabled. Hi Dave, The pr_fmt is: #undef pr_fmt #define pr_fmt(fmt) "x86/cpu: " fmt So, it will have x86/cpu: SGX disabled by BIOS.
On Tue, 26 Jan 2021 08:26:21 -0800 Dave Hansen wrote: > On 1/26/21 1:30 AM, Kai Huang wrote: > > --- a/arch/x86/kernel/cpu/feat_ctl.c > > +++ b/arch/x86/kernel/cpu/feat_ctl.c > > @@ -105,7 +105,8 @@ early_param("nosgx", nosgx); > > void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > { > > bool tboot = tboot_enabled(); > > - bool enable_sgx; > > + bool enable_vmx; > > + bool enable_sgx_any, enable_sgx_kvm, enable_sgx_driver; > > u64 msr; > > > > if (rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr)) { > > @@ -114,13 +115,22 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > return; > > } > > > > + enable_vmx = cpu_has(c, X86_FEATURE_VMX) && > > + IS_ENABLED(CONFIG_KVM_INTEL); > > The reason it's called 'enable_sgx' below is because this code is > actually going to "enable sgx". This code does not "enable vmx". That > makes this a badly-named variable. "vmx_enabled" or "vmx_available" > would be better. It will also try to enable VMX if feature control MSR is not locked by BIOS. Please see below code: " > > - if (cpu_has(c, X86_FEATURE_VMX) && IS_ENABLED(CONFIG_KVM_INTEL)) { > > + if (enable_vmx) { > > msr |= FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX; > > > > if (tboot) > > msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX; > > } " And if feature control MSR is locked, kernel cannot truly enable anything, but can only print out msg in case BIOS disabled either VMX, or SGX, or SGX_LC, and kernel wants to support that. Does this make sense to you? > > > /* > > - * Enable SGX if and only if the kernel supports SGX and Launch Control > > - * is supported, i.e. disable SGX if the LE hash MSRs can't be written. > > + * Enable SGX if and only if the kernel supports SGX. Require Launch > > + * Control support if SGX virtualization is *not* supported, i.e. > > + * disable SGX if the LE hash MSRs can't be written and SGX can't be > > + * exposed to a KVM guest (which might support non-LC configurations). > > */ > > I hate this comment. > > /* > * Separate out bare-metal SGX enabling from KVM. This allows > * KVM guests to use SGX even if the kernel refuses to use it on > * bare-metal. This happens if flexible Faunch Control is not > * available. > * Thanks. > > > - enable_sgx = cpu_has(c, X86_FEATURE_SGX) && > > - cpu_has(c, X86_FEATURE_SGX_LC) && > > - IS_ENABLED(CONFIG_X86_SGX); > > + enable_sgx_any = cpu_has(c, X86_FEATURE_SGX) && > > + cpu_has(c, X86_FEATURE_SGX1) && > > + IS_ENABLED(CONFIG_X86_SGX); > > The X86_FEATURE_SGX1 check seems to have snuck in here. Why? Please see my reply to Sean's reply. > > > + enable_sgx_driver = enable_sgx_any && > > + cpu_has(c, X86_FEATURE_SGX_LC); > > + enable_sgx_kvm = enable_sgx_any && enable_vmx && > > + IS_ENABLED(CONFIG_X86_SGX_KVM); > > > > if (msr & FEAT_CTL_LOCKED) > > goto update_caps; > > @@ -136,15 +146,18 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > * i.e. KVM is enabled, to avoid unnecessarily adding an attack vector > > * for the kernel, e.g. using VMX to hide malicious code. > > */ > > - if (cpu_has(c, X86_FEATURE_VMX) && IS_ENABLED(CONFIG_KVM_INTEL)) { > > + if (enable_vmx) { > > msr |= FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX; > > > > if (tboot) > > msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX; > > } > > > > - if (enable_sgx) > > - msr |= FEAT_CTL_SGX_ENABLED | FEAT_CTL_SGX_LC_ENABLED; > > + if (enable_sgx_kvm || enable_sgx_driver) { > > + msr |= FEAT_CTL_SGX_ENABLED; > > + if (enable_sgx_driver) > > + msr |= FEAT_CTL_SGX_LC_ENABLED; > > + } > > > > wrmsrl(MSR_IA32_FEAT_CTL, msr); > > > > @@ -167,10 +180,29 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > } > > > > update_sgx: > > - if (!(msr & FEAT_CTL_SGX_ENABLED) || > > - !(msr & FEAT_CTL_SGX_LC_ENABLED) || !enable_sgx) { > > - if (enable_sgx) > > - pr_err_once("SGX disabled by BIOS\n"); > > + if (!(msr & FEAT_CTL_SGX_ENABLED)) { > > + if (enable_sgx_kvm || enable_sgx_driver) > > + pr_err_once("SGX disabled by BIOS.\n"); > > clear_cpu_cap(c, X86_FEATURE_SGX); > > + return; > > + } > > > Isn't there a pr_fmt here already? Won't these just look like: > > sgx: SGX disabled by BIOS. > > That seems a bit silly. Please see my reply to Sean's reply.
On 1/26/21 3:56 PM, Kai Huang wrote: > On Tue, 26 Jan 2021 08:26:21 -0800 Dave Hansen wrote: >> On 1/26/21 1:30 AM, Kai Huang wrote: >>> --- a/arch/x86/kernel/cpu/feat_ctl.c >>> +++ b/arch/x86/kernel/cpu/feat_ctl.c >>> @@ -105,7 +105,8 @@ early_param("nosgx", nosgx); >>> void init_ia32_feat_ctl(struct cpuinfo_x86 *c) >>> { >>> bool tboot = tboot_enabled(); >>> - bool enable_sgx; >>> + bool enable_vmx; >>> + bool enable_sgx_any, enable_sgx_kvm, enable_sgx_driver; >>> u64 msr; >>> >>> if (rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr)) { >>> @@ -114,13 +115,22 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) >>> return; >>> } >>> >>> + enable_vmx = cpu_has(c, X86_FEATURE_VMX) && >>> + IS_ENABLED(CONFIG_KVM_INTEL); >> >> The reason it's called 'enable_sgx' below is because this code is >> actually going to "enable sgx". This code does not "enable vmx". That >> makes this a badly-named variable. "vmx_enabled" or "vmx_available" >> would be better. > > It will also try to enable VMX if feature control MSR is not locked by BIOS. > Please see below code: Ahh, I forgot this is non-SGX code. It's mucking with all kinds of other stuff in the same MSR. Oh, well, I guess that's what you get for dumping a bunch of refactoring in the same patch as the new code. >>> - enable_sgx = cpu_has(c, X86_FEATURE_SGX) && >>> - cpu_has(c, X86_FEATURE_SGX_LC) && >>> - IS_ENABLED(CONFIG_X86_SGX); >>> + enable_sgx_any = cpu_has(c, X86_FEATURE_SGX) && >>> + cpu_has(c, X86_FEATURE_SGX1) && >>> + IS_ENABLED(CONFIG_X86_SGX); >> >> The X86_FEATURE_SGX1 check seems to have snuck in here. Why? > > Please see my reply to Sean's reply. ... yes, so you're breaking out the fix into a separate patch,. >>> update_sgx: >>> - if (!(msr & FEAT_CTL_SGX_ENABLED) || >>> - !(msr & FEAT_CTL_SGX_LC_ENABLED) || !enable_sgx) { >>> - if (enable_sgx) >>> - pr_err_once("SGX disabled by BIOS\n"); >>> + if (!(msr & FEAT_CTL_SGX_ENABLED)) { >>> + if (enable_sgx_kvm || enable_sgx_driver) >>> + pr_err_once("SGX disabled by BIOS.\n"); >>> clear_cpu_cap(c, X86_FEATURE_SGX); >>> + return; >>> + } >> >> >> Isn't there a pr_fmt here already? Won't these just look like: >> >> sgx: SGX disabled by BIOS. >> >> That seems a bit silly. > > Please see my reply to Sean's reply. Got it. I was thinking this was in the SGX code, not in the generic CPU setup code.
On Tue, 26 Jan 2021 16:18:31 -0800 Dave Hansen wrote: > On 1/26/21 3:56 PM, Kai Huang wrote: > > On Tue, 26 Jan 2021 08:26:21 -0800 Dave Hansen wrote: > >> On 1/26/21 1:30 AM, Kai Huang wrote: > >>> --- a/arch/x86/kernel/cpu/feat_ctl.c > >>> +++ b/arch/x86/kernel/cpu/feat_ctl.c > >>> @@ -105,7 +105,8 @@ early_param("nosgx", nosgx); > >>> void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > >>> { > >>> bool tboot = tboot_enabled(); > >>> - bool enable_sgx; > >>> + bool enable_vmx; > >>> + bool enable_sgx_any, enable_sgx_kvm, enable_sgx_driver; > >>> u64 msr; > >>> > >>> if (rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr)) { > >>> @@ -114,13 +115,22 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > >>> return; > >>> } > >>> > >>> + enable_vmx = cpu_has(c, X86_FEATURE_VMX) && > >>> + IS_ENABLED(CONFIG_KVM_INTEL); > >> > >> The reason it's called 'enable_sgx' below is because this code is > >> actually going to "enable sgx". This code does not "enable vmx". That > >> makes this a badly-named variable. "vmx_enabled" or "vmx_available" > >> would be better. > > > > It will also try to enable VMX if feature control MSR is not locked by BIOS. > > Please see below code: > > Ahh, I forgot this is non-SGX code. It's mucking with all kinds of > other stuff in the same MSR. Oh, well, I guess that's what you get for > dumping a bunch of refactoring in the same patch as the new code. > > > >>> - enable_sgx = cpu_has(c, X86_FEATURE_SGX) && > >>> - cpu_has(c, X86_FEATURE_SGX_LC) && > >>> - IS_ENABLED(CONFIG_X86_SGX); > >>> + enable_sgx_any = cpu_has(c, X86_FEATURE_SGX) && > >>> + cpu_has(c, X86_FEATURE_SGX1) && > >>> + IS_ENABLED(CONFIG_X86_SGX); > >> > >> The X86_FEATURE_SGX1 check seems to have snuck in here. Why? > > > > Please see my reply to Sean's reply. > > ... yes, so you're breaking out the fix into a separate patch,. For the separate patch to fix SGX1 check, if I understand correctly, SGX driver should be changed too. I feel I am not the best person to do it. Jarkko or Sean is. So I'll remove SGX1 here in the next version, but I won't include another patch to fix the SGX1 logic. If Jarkko or Sean sent out that patch, and it is merged quickly, I can rebase on top of that. Does this make sense?
On Wed, Jan 27, 2021, Kai Huang wrote: > On Tue, 26 Jan 2021 16:18:31 -0800 Dave Hansen wrote: > > On 1/26/21 3:56 PM, Kai Huang wrote: > > > On Tue, 26 Jan 2021 08:26:21 -0800 Dave Hansen wrote: > > >> On 1/26/21 1:30 AM, Kai Huang wrote: > > >>> --- a/arch/x86/kernel/cpu/feat_ctl.c > > >>> +++ b/arch/x86/kernel/cpu/feat_ctl.c > > >>> @@ -105,7 +105,8 @@ early_param("nosgx", nosgx); > > >>> void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > >>> { > > >>> bool tboot = tboot_enabled(); > > >>> - bool enable_sgx; > > >>> + bool enable_vmx; > > >>> + bool enable_sgx_any, enable_sgx_kvm, enable_sgx_driver; > > >>> u64 msr; > > >>> > > >>> if (rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr)) { > > >>> @@ -114,13 +115,22 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > >>> return; > > >>> } > > >>> > > >>> + enable_vmx = cpu_has(c, X86_FEATURE_VMX) && > > >>> + IS_ENABLED(CONFIG_KVM_INTEL); > > >> > > >> The reason it's called 'enable_sgx' below is because this code is > > >> actually going to "enable sgx". This code does not "enable vmx". That > > >> makes this a badly-named variable. "vmx_enabled" or "vmx_available" > > >> would be better. > > > > > > It will also try to enable VMX if feature control MSR is not locked by BIOS. > > > Please see below code: > > > > Ahh, I forgot this is non-SGX code. It's mucking with all kinds of > > other stuff in the same MSR. Oh, well, I guess that's what you get for > > dumping a bunch of refactoring in the same patch as the new code. > > > > > > >>> - enable_sgx = cpu_has(c, X86_FEATURE_SGX) && > > >>> - cpu_has(c, X86_FEATURE_SGX_LC) && > > >>> - IS_ENABLED(CONFIG_X86_SGX); > > >>> + enable_sgx_any = cpu_has(c, X86_FEATURE_SGX) && > > >>> + cpu_has(c, X86_FEATURE_SGX1) && > > >>> + IS_ENABLED(CONFIG_X86_SGX); > > >> > > >> The X86_FEATURE_SGX1 check seems to have snuck in here. Why? > > > > > > Please see my reply to Sean's reply. > > > > ... yes, so you're breaking out the fix into a separate patch,. > > For the separate patch to fix SGX1 check, if I understand correctly, SGX driver > should be changed too. I feel I am not the best person to do it. Jarkko or Sean > is. SGX driver doesn't need to be changed, just this core feat_ctl.c code. > So I'll remove SGX1 here in the next version, but I won't include another > patch to fix the SGX1 logic. If Jarkko or Sean sent out that patch, and it is > merged quickly, I can rebase on top of that. > > Does this make sense? Yep, adding a check on SGX1 is definitely not mandatory for this series.
On Tue, Jan 26, 2021 at 10:30:54PM +1300, Kai Huang wrote: > From: Sean Christopherson <sean.j.christopherson@intel.com> > > The kernel will currently disable all SGX support if the hardware does > not support launch control. Make it more permissive to allow SGX > virtualization on systems without Launch Control support. This will > allow KVM to expose SGX to guests that have less-strict requirements on > the availability of flexible launch control. > > Improve error message to distinguish between three cases. There are two > cases where SGX support is completely disabled: > 1) SGX has been disabled completely by the BIOS > 2) SGX LC is locked by the BIOS. Bare-metal support is disabled because > of LC unavailability. SGX virtualization is unavailable (because of > Kconfig). > One where it is partially available: > 3) SGX LC is locked by the BIOS. Bare-metal support is disabled because > of LC unavailability. SGX virtualization is supported. > > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> > Co-developed-by: Kai Huang <kai.huang@intel.com> > Signed-off-by: Kai Huang <kai.huang@intel.com> > --- > v2->v3: > > - Added to use 'enable_sgx_any', per Dave. > - Changed to call clear_cpu_cap() directly, rather than using clear_sgx_caps() > and clear_sgx_lc(). > - Changed to use CONFIG_X86_SGX_KVM, instead of CONFIG_X86_SGX_VIRTUALIZATION. > > v1->v2: > > - Refined commit message per Dave's comments. > - Added check to only enable SGX virtualization when VMX is supported, per > Dave's comment. > - Refined error msg print to explicitly call out SGX virtualization will be > supported when LC is locked by BIOS, per Dave's comment. > > --- > arch/x86/kernel/cpu/feat_ctl.c | 58 ++++++++++++++++++++++++++-------- > 1 file changed, 45 insertions(+), 13 deletions(-) > > diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c > index 27533a6e04fa..0fc202550fcc 100644 > --- a/arch/x86/kernel/cpu/feat_ctl.c > +++ b/arch/x86/kernel/cpu/feat_ctl.c > @@ -105,7 +105,8 @@ early_param("nosgx", nosgx); > void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > { > bool tboot = tboot_enabled(); > - bool enable_sgx; > + bool enable_vmx; > + bool enable_sgx_any, enable_sgx_kvm, enable_sgx_driver; Move the declaration first (reverse christmas tree). > u64 msr; > > if (rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr)) { > @@ -114,13 +115,22 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > return; > } > > + enable_vmx = cpu_has(c, X86_FEATURE_VMX) && > + IS_ENABLED(CONFIG_KVM_INTEL); > + > /* > - * Enable SGX if and only if the kernel supports SGX and Launch Control > - * is supported, i.e. disable SGX if the LE hash MSRs can't be written. > + * Enable SGX if and only if the kernel supports SGX. Require Launch > + * Control support if SGX virtualization is *not* supported, i.e. > + * disable SGX if the LE hash MSRs can't be written and SGX can't be > + * exposed to a KVM guest (which might support non-LC configurations). > */ > - enable_sgx = cpu_has(c, X86_FEATURE_SGX) && > - cpu_has(c, X86_FEATURE_SGX_LC) && > - IS_ENABLED(CONFIG_X86_SGX); > + enable_sgx_any = cpu_has(c, X86_FEATURE_SGX) && > + cpu_has(c, X86_FEATURE_SGX1) && > + IS_ENABLED(CONFIG_X86_SGX); > + enable_sgx_driver = enable_sgx_any && > + cpu_has(c, X86_FEATURE_SGX_LC); > + enable_sgx_kvm = enable_sgx_any && enable_vmx && > + IS_ENABLED(CONFIG_X86_SGX_KVM); > > if (msr & FEAT_CTL_LOCKED) > goto update_caps; > @@ -136,15 +146,18 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > * i.e. KVM is enabled, to avoid unnecessarily adding an attack vector > * for the kernel, e.g. using VMX to hide malicious code. > */ > - if (cpu_has(c, X86_FEATURE_VMX) && IS_ENABLED(CONFIG_KVM_INTEL)) { > + if (enable_vmx) { > msr |= FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX; > > if (tboot) > msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX; > } > > - if (enable_sgx) > - msr |= FEAT_CTL_SGX_ENABLED | FEAT_CTL_SGX_LC_ENABLED; > + if (enable_sgx_kvm || enable_sgx_driver) { > + msr |= FEAT_CTL_SGX_ENABLED; > + if (enable_sgx_driver) > + msr |= FEAT_CTL_SGX_LC_ENABLED; > + } > > wrmsrl(MSR_IA32_FEAT_CTL, msr); > > @@ -167,10 +180,29 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > } > > update_sgx: > - if (!(msr & FEAT_CTL_SGX_ENABLED) || > - !(msr & FEAT_CTL_SGX_LC_ENABLED) || !enable_sgx) { > - if (enable_sgx) > - pr_err_once("SGX disabled by BIOS\n"); > + if (!(msr & FEAT_CTL_SGX_ENABLED)) { > + if (enable_sgx_kvm || enable_sgx_driver) > + pr_err_once("SGX disabled by BIOS.\n"); > clear_cpu_cap(c, X86_FEATURE_SGX); > + return; > + } > + > + /* > + * VMX feature bit may be cleared due to being disabled in BIOS, > + * in which case SGX virtualization cannot be supported either. > + */ > + if (!cpu_has(c, X86_FEATURE_VMX) && enable_sgx_kvm) { > + pr_err_once("SGX virtualization disabled due to lack of VMX.\n"); > + enable_sgx_kvm = 0; > + } > + > + if (!(msr & FEAT_CTL_SGX_LC_ENABLED) && enable_sgx_driver) { > + if (!enable_sgx_kvm) { > + pr_err_once("SGX Launch Control is locked. Disable SGX.\n"); > + clear_cpu_cap(c, X86_FEATURE_SGX); > + } else { > + pr_err_once("SGX Launch Control is locked. Support SGX virtualization only.\n"); > + clear_cpu_cap(c, X86_FEATURE_SGX_LC); > + } > } > } > -- > 2.29.2 > > /Jarkko
On Sat, 30 Jan 2021 16:42:56 +0200 Jarkko Sakkinen wrote: > On Tue, Jan 26, 2021 at 10:30:54PM +1300, Kai Huang wrote: > > From: Sean Christopherson <sean.j.christopherson@intel.com> > > > > The kernel will currently disable all SGX support if the hardware does > > not support launch control. Make it more permissive to allow SGX > > virtualization on systems without Launch Control support. This will > > allow KVM to expose SGX to guests that have less-strict requirements on > > the availability of flexible launch control. > > > > Improve error message to distinguish between three cases. There are two > > cases where SGX support is completely disabled: > > 1) SGX has been disabled completely by the BIOS > > 2) SGX LC is locked by the BIOS. Bare-metal support is disabled because > > of LC unavailability. SGX virtualization is unavailable (because of > > Kconfig). > > One where it is partially available: > > 3) SGX LC is locked by the BIOS. Bare-metal support is disabled because > > of LC unavailability. SGX virtualization is supported. > > > > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> > > Co-developed-by: Kai Huang <kai.huang@intel.com> > > Signed-off-by: Kai Huang <kai.huang@intel.com> > > --- > > v2->v3: > > > > - Added to use 'enable_sgx_any', per Dave. > > - Changed to call clear_cpu_cap() directly, rather than using clear_sgx_caps() > > and clear_sgx_lc(). > > - Changed to use CONFIG_X86_SGX_KVM, instead of CONFIG_X86_SGX_VIRTUALIZATION. > > > > v1->v2: > > > > - Refined commit message per Dave's comments. > > - Added check to only enable SGX virtualization when VMX is supported, per > > Dave's comment. > > - Refined error msg print to explicitly call out SGX virtualization will be > > supported when LC is locked by BIOS, per Dave's comment. > > > > --- > > arch/x86/kernel/cpu/feat_ctl.c | 58 ++++++++++++++++++++++++++-------- > > 1 file changed, 45 insertions(+), 13 deletions(-) > > > > diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c > > index 27533a6e04fa..0fc202550fcc 100644 > > --- a/arch/x86/kernel/cpu/feat_ctl.c > > +++ b/arch/x86/kernel/cpu/feat_ctl.c > > @@ -105,7 +105,8 @@ early_param("nosgx", nosgx); > > void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > { > > bool tboot = tboot_enabled(); > > - bool enable_sgx; > > + bool enable_vmx; > > + bool enable_sgx_any, enable_sgx_kvm, enable_sgx_driver; > > Move the declaration first (reverse christmas tree). Will do. Thanks. > > > u64 msr; > > > > if (rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr)) { > > @@ -114,13 +115,22 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > return; > > } > > > > + enable_vmx = cpu_has(c, X86_FEATURE_VMX) && > > + IS_ENABLED(CONFIG_KVM_INTEL); > > + > > /* > > - * Enable SGX if and only if the kernel supports SGX and Launch Control > > - * is supported, i.e. disable SGX if the LE hash MSRs can't be written. > > + * Enable SGX if and only if the kernel supports SGX. Require Launch > > + * Control support if SGX virtualization is *not* supported, i.e. > > + * disable SGX if the LE hash MSRs can't be written and SGX can't be > > + * exposed to a KVM guest (which might support non-LC configurations). > > */ > > - enable_sgx = cpu_has(c, X86_FEATURE_SGX) && > > - cpu_has(c, X86_FEATURE_SGX_LC) && > > - IS_ENABLED(CONFIG_X86_SGX); > > + enable_sgx_any = cpu_has(c, X86_FEATURE_SGX) && > > + cpu_has(c, X86_FEATURE_SGX1) && > > + IS_ENABLED(CONFIG_X86_SGX); > > + enable_sgx_driver = enable_sgx_any && > > + cpu_has(c, X86_FEATURE_SGX_LC); > > + enable_sgx_kvm = enable_sgx_any && enable_vmx && > > + IS_ENABLED(CONFIG_X86_SGX_KVM); > > > > if (msr & FEAT_CTL_LOCKED) > > goto update_caps; > > @@ -136,15 +146,18 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > * i.e. KVM is enabled, to avoid unnecessarily adding an attack vector > > * for the kernel, e.g. using VMX to hide malicious code. > > */ > > - if (cpu_has(c, X86_FEATURE_VMX) && IS_ENABLED(CONFIG_KVM_INTEL)) { > > + if (enable_vmx) { > > msr |= FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX; > > > > if (tboot) > > msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX; > > } > > > > - if (enable_sgx) > > - msr |= FEAT_CTL_SGX_ENABLED | FEAT_CTL_SGX_LC_ENABLED; > > + if (enable_sgx_kvm || enable_sgx_driver) { > > + msr |= FEAT_CTL_SGX_ENABLED; > > + if (enable_sgx_driver) > > + msr |= FEAT_CTL_SGX_LC_ENABLED; > > + } > > > > wrmsrl(MSR_IA32_FEAT_CTL, msr); > > > > @@ -167,10 +180,29 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) > > } > > > > update_sgx: > > - if (!(msr & FEAT_CTL_SGX_ENABLED) || > > - !(msr & FEAT_CTL_SGX_LC_ENABLED) || !enable_sgx) { > > - if (enable_sgx) > > - pr_err_once("SGX disabled by BIOS\n"); > > + if (!(msr & FEAT_CTL_SGX_ENABLED)) { > > + if (enable_sgx_kvm || enable_sgx_driver) > > + pr_err_once("SGX disabled by BIOS.\n"); > > clear_cpu_cap(c, X86_FEATURE_SGX); > > + return; > > + } > > + > > + /* > > + * VMX feature bit may be cleared due to being disabled in BIOS, > > + * in which case SGX virtualization cannot be supported either. > > + */ > > + if (!cpu_has(c, X86_FEATURE_VMX) && enable_sgx_kvm) { > > + pr_err_once("SGX virtualization disabled due to lack of VMX.\n"); > > + enable_sgx_kvm = 0; > > + } > > + > > + if (!(msr & FEAT_CTL_SGX_LC_ENABLED) && enable_sgx_driver) { > > + if (!enable_sgx_kvm) { > > + pr_err_once("SGX Launch Control is locked. Disable SGX.\n"); > > + clear_cpu_cap(c, X86_FEATURE_SGX); > > + } else { > > + pr_err_once("SGX Launch Control is locked. Support SGX virtualization only.\n"); > > + clear_cpu_cap(c, X86_FEATURE_SGX_LC); > > + } > > } > > } > > -- > > 2.29.2 > > > > > > /Jarkko
diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c index 27533a6e04fa..0fc202550fcc 100644 --- a/arch/x86/kernel/cpu/feat_ctl.c +++ b/arch/x86/kernel/cpu/feat_ctl.c @@ -105,7 +105,8 @@ early_param("nosgx", nosgx); void init_ia32_feat_ctl(struct cpuinfo_x86 *c) { bool tboot = tboot_enabled(); - bool enable_sgx; + bool enable_vmx; + bool enable_sgx_any, enable_sgx_kvm, enable_sgx_driver; u64 msr; if (rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr)) { @@ -114,13 +115,22 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) return; } + enable_vmx = cpu_has(c, X86_FEATURE_VMX) && + IS_ENABLED(CONFIG_KVM_INTEL); + /* - * Enable SGX if and only if the kernel supports SGX and Launch Control - * is supported, i.e. disable SGX if the LE hash MSRs can't be written. + * Enable SGX if and only if the kernel supports SGX. Require Launch + * Control support if SGX virtualization is *not* supported, i.e. + * disable SGX if the LE hash MSRs can't be written and SGX can't be + * exposed to a KVM guest (which might support non-LC configurations). */ - enable_sgx = cpu_has(c, X86_FEATURE_SGX) && - cpu_has(c, X86_FEATURE_SGX_LC) && - IS_ENABLED(CONFIG_X86_SGX); + enable_sgx_any = cpu_has(c, X86_FEATURE_SGX) && + cpu_has(c, X86_FEATURE_SGX1) && + IS_ENABLED(CONFIG_X86_SGX); + enable_sgx_driver = enable_sgx_any && + cpu_has(c, X86_FEATURE_SGX_LC); + enable_sgx_kvm = enable_sgx_any && enable_vmx && + IS_ENABLED(CONFIG_X86_SGX_KVM); if (msr & FEAT_CTL_LOCKED) goto update_caps; @@ -136,15 +146,18 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) * i.e. KVM is enabled, to avoid unnecessarily adding an attack vector * for the kernel, e.g. using VMX to hide malicious code. */ - if (cpu_has(c, X86_FEATURE_VMX) && IS_ENABLED(CONFIG_KVM_INTEL)) { + if (enable_vmx) { msr |= FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX; if (tboot) msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX; } - if (enable_sgx) - msr |= FEAT_CTL_SGX_ENABLED | FEAT_CTL_SGX_LC_ENABLED; + if (enable_sgx_kvm || enable_sgx_driver) { + msr |= FEAT_CTL_SGX_ENABLED; + if (enable_sgx_driver) + msr |= FEAT_CTL_SGX_LC_ENABLED; + } wrmsrl(MSR_IA32_FEAT_CTL, msr); @@ -167,10 +180,29 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) } update_sgx: - if (!(msr & FEAT_CTL_SGX_ENABLED) || - !(msr & FEAT_CTL_SGX_LC_ENABLED) || !enable_sgx) { - if (enable_sgx) - pr_err_once("SGX disabled by BIOS\n"); + if (!(msr & FEAT_CTL_SGX_ENABLED)) { + if (enable_sgx_kvm || enable_sgx_driver) + pr_err_once("SGX disabled by BIOS.\n"); clear_cpu_cap(c, X86_FEATURE_SGX); + return; + } + + /* + * VMX feature bit may be cleared due to being disabled in BIOS, + * in which case SGX virtualization cannot be supported either. + */ + if (!cpu_has(c, X86_FEATURE_VMX) && enable_sgx_kvm) { + pr_err_once("SGX virtualization disabled due to lack of VMX.\n"); + enable_sgx_kvm = 0; + } + + if (!(msr & FEAT_CTL_SGX_LC_ENABLED) && enable_sgx_driver) { + if (!enable_sgx_kvm) { + pr_err_once("SGX Launch Control is locked. Disable SGX.\n"); + clear_cpu_cap(c, X86_FEATURE_SGX); + } else { + pr_err_once("SGX Launch Control is locked. Support SGX virtualization only.\n"); + clear_cpu_cap(c, X86_FEATURE_SGX_LC); + } } }