From patchwork Sun Jul 9 08:09:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kai Huang X-Patchwork-Id: 9831691 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6811260318 for ; Sun, 9 Jul 2017 08:12:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5DEE0237A5 for ; Sun, 9 Jul 2017 08:12:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5214627F82; Sun, 9 Jul 2017 08:12:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.6 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E3EAA237A5 for ; Sun, 9 Jul 2017 08:12:00 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dU7Hk-0004hj-NO; Sun, 09 Jul 2017 08:09:44 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dU7Hj-0004gC-Fu for xen-devel@lists.xen.org; Sun, 09 Jul 2017 08:09:43 +0000 Received: from [85.158.137.68] by server-3.bemta-3.messagelabs.com id D9/A9-01987-6C4E1695; Sun, 09 Jul 2017 08:09:42 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrAIsWRWlGSWpSXmKPExsVyMfTAYd1jTxI jDW418Vos+biYxYHR4+ju30wBjFGsmXlJ+RUJrBk9p7azFZySrTh86zlzA+NmsS5GLg4hgUmM Ei3HTrOAOCwCXawS+1YcAXMkBJaxStxf9JKxi5ETyImTeH9vPguEXSlxZkErO4gtJKAs0fXtK DvEqEVMEtN2v2MGSbAJqElsXdIO1WArseDcF7C4iIC0xLXPl8GGMgt4SHz8uBTMFhYwkXh1eC FYPYuAqsSvZSvA6nkF4iWeTrgJNUdeYlfbRdYuRg4OToEEieYLERA3xEv8uviTDcTmBFr1Zf8 CZoi4jcSvY+uZJjAKL2BkWMWoUZxaVJZapGtkoJdUlJmeUZKbmJmja2hgrJebWlycmJ6ak5hU rJecn7uJERii9QwMjDsYm0/4HWKU5GBSEuUV602IFOJLyk+pzEgszogvKs1JLT7EKMPBoSTBO /lxYqSQYFFqempFWmYOMFpg0hIcPEoivM7TgdK8xQWJucWZ6RCpU4yWHFeurPvCxDHlwHYg+W rC/29MQix5+XmpUuK8bx8BNQiANGSU5sGNg0X0JUZZKWFeRgYGBiGegtSi3MwSVPlXjOIcjEr CvIEgV/Fk5pXAbX0FdBAT0EFsdQkgB5UkIqSkGhi9425Vxzvplt0uSH/f0fPlkkOx1d3dS75d E890nvUwtNBKSfXphcXbJnfUqKVHmmrNWvDpxs2DX1Y73X7Km7y5VLWiOPJWgdnGBnXfSZfmZ 7g94zoi2uP5MUFuipLcfIMjVz3SJjD+/3NpXUBn13wR1rteYS7b7E2/ewVGPy5/8nD3oYfi30 yUWIozEg21mIuKEwG0yfOp4wIAAA== X-Env-Sender: kaih.linux@gmail.com X-Msg-Ref: server-9.tower-31.messagelabs.com!1499587780!49095358!1 X-Originating-IP: [209.85.192.195] X-SpamReason: No, hits=0.0 required=7.0 tests=UPPERCASE_25_50 X-StarScan-Received: X-StarScan-Version: 9.4.25; banners=-,-,- X-VirusChecked: Checked Received: (qmail 54312 invoked from network); 9 Jul 2017 08:09:42 -0000 Received: from mail-pf0-f195.google.com (HELO mail-pf0-f195.google.com) (209.85.192.195) by server-9.tower-31.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 9 Jul 2017 08:09:42 -0000 Received: by mail-pf0-f195.google.com with SMTP id q85so10342022pfq.2 for ; Sun, 09 Jul 2017 01:09:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :in-reply-to:references; bh=1hLMXNeWgH+BjsnwdVmgodGvrzBWvPv8+1Aof4F5K3s=; b=UUD7V59Wao1Gc9PKq3NGURWUZHjepe20PBv/xlG3cUiTaMbRQBsKEBwolv5flsKeXz Ul0bOyVYEJx450/2A5GpgfUnnIzFKaRWC9Ib3CUURuJ/kadkQLHm+IxJJjnLvH/uLN8z hVvubFTZjcloXoaInXLxolIpunI0Rh0Z4MH8Sv5RruyWd9niLsZiQ9cxmFw1qu8YXQFx 0TsJziTGWqjbRKzlVpXnmnjyRwxdZm82koLFBJBGEmUB2qEAS8yt3YHt30u5b12FHupi Ci2vkuU9qg7PBUtKvSSLClKm1SfKIxz9+mCKqn1d9elFZC2zqbYofaGIjK9AxfaFiNN8 Vd+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=1hLMXNeWgH+BjsnwdVmgodGvrzBWvPv8+1Aof4F5K3s=; b=nU3NuM5nkj2LPURqy+RTdSBOtgHMFO08E02aXfiVAPVLuuG6079MNBbHMjmaBcAXmH ixw5cfDUKhutOA2uBo6U3OpnNx+HKutC+pnNgIvEsK0Tw3YsTvgJEKFaHMY/gnoC/O23 GiW3jFyf6/LEazu5kmfb5Bs+90ToBsyMrbmXcWQnmQaqw+J1SZLgXof/TxqyUyjazbUU AYlVJmotEqzaUrDKRxV2dYZGkfOeQ1hRbnKnXzx4n+x3pYOM9R4lvQwf2YAaXszBFpdy FFFwBT+IdEmVD0Y4G5pup7Dp+dI5FcpwdeyVLzm4IQF0Fn49gzO2n93zwYzM6hSB/x+p zHNg== X-Gm-Message-State: AIVw1109Gl3UnkVPFCA1l6ilHbBAL+9wsRrDEQd/SOOJBbyOWx/bU2XJ HdqEVZ9XNCi/JQ95 X-Received: by 10.84.231.196 with SMTP id g4mr12330596pln.34.1499587780277; Sun, 09 Jul 2017 01:09:40 -0700 (PDT) Received: from localhost.localdomain (118-92-234-57.dsl.dyn.ihug.co.nz. [118.92.234.57]) by smtp.gmail.com with ESMTPSA id d70sm22148172pga.49.2017.07.09.01.09.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 09 Jul 2017 01:09:39 -0700 (PDT) From: Kai Huang X-Google-Original-From: Kai Huang To: xen-devel@lists.xen.org Date: Sun, 9 Jul 2017 20:09:08 +1200 Message-Id: <00fa6d9ff41ecfe15b1e925f520f52b1d4d33a5e.1499586046.git.kai.huang@linux.intel.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <4b8baf9779038897e6ba2ed4ac0a3e9663db2756.1499586046.git.kai.huang@linux.intel.com> References: <4b8baf9779038897e6ba2ed4ac0a3e9663db2756.1499586046.git.kai.huang@linux.intel.com> In-Reply-To: References: Cc: andrew.cooper3@citrix.com, kevin.tian@intel.com, jbeulich@suse.com Subject: [Xen-devel] [PATCH 10/15] xen: vmx: handle ENCLS VMEXIT X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Currently EPC are statically allocated and mapped to guest, we don't have to trap ENCLS as it runs perfectly in VMX non-root mode. But exposing SGX to guest means we also expose ENABLE_ENCLS bit to L1 hypervisor, therefore we cannot stop L1 from enabling ENCLS VMEXIT. For ENCLS VMEXIT from L2 guest, we simply inject it to L1, otherwise the ENCLS VMEXIT is unexpected in L0 and we simply crash the domain. Signed-off-by: Kai Huang --- xen/arch/x86/hvm/vmx/vmx.c | 10 ++++++++++ xen/arch/x86/hvm/vmx/vvmx.c | 11 +++++++++++ xen/include/asm-x86/hvm/vmx/vmcs.h | 1 + xen/include/asm-x86/hvm/vmx/vmx.h | 1 + 4 files changed, 23 insertions(+) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 7ee5515bdc..ea3d468bb0 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -4126,6 +4126,16 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) vmx_handle_apic_write(); break; + case EXIT_REASON_ENCLS: + /* + * Currently L0 doesn't turn on ENCLS VMEXIT, but L0 cannot stop L1 + * from enabling ENCLS VMEXIT. ENCLS VMEXIT from L2 guest has already + * been handled so by reaching here it is a BUG. We simply crash the + * domain. + */ + domain_crash(v->domain); + break; + case EXIT_REASON_PML_FULL: vmx_vcpu_flush_pml_buffer(v); break; diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c index 3560faec6d..7eb10738d9 100644 --- a/xen/arch/x86/hvm/vmx/vvmx.c +++ b/xen/arch/x86/hvm/vmx/vvmx.c @@ -2059,6 +2059,12 @@ int nvmx_msr_read_intercept(unsigned int msr, u64 *msr_content) SECONDARY_EXEC_ENABLE_VPID | SECONDARY_EXEC_UNRESTRICTED_GUEST | SECONDARY_EXEC_ENABLE_EPT; + /* + * If SGX is exposed to guest, then ENABLE_ENCLS bit must also be + * exposed to guest. + */ + if ( domain_has_sgx(d) ) + data |= SECONDARY_EXEC_ENABLE_ENCLS; data = gen_vmx_msr(data, 0, host_data); break; case MSR_IA32_VMX_EXIT_CTLS: @@ -2291,6 +2297,11 @@ int nvmx_n2_vmexit_handler(struct cpu_user_regs *regs, case EXIT_REASON_VMXON: case EXIT_REASON_INVEPT: case EXIT_REASON_XSETBV: + /* + * L0 doesn't turn on ENCLS VMEXIT now, so ENCLS VMEXIT must come from + * L2 guest, and is because of ENCLS VMEXIT is turned on by L1. + */ + case EXIT_REASON_ENCLS: /* inject to L1 */ nvcpu->nv_vmexit_pending = 1; break; diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index fc0b9d85fd..1350b7bc81 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -396,6 +396,7 @@ enum vmcs_field { VIRT_EXCEPTION_INFO = 0x0000202a, XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, + ENCLS_EXITING_BITMAP = 0x0000202E, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h b/xen/include/asm-x86/hvm/vmx/vmx.h index 4889a64255..211f5c8058 100644 --- a/xen/include/asm-x86/hvm/vmx/vmx.h +++ b/xen/include/asm-x86/hvm/vmx/vmx.h @@ -210,6 +210,7 @@ static inline void pi_clear_sn(struct pi_desc *pi_desc) #define EXIT_REASON_APIC_WRITE 56 #define EXIT_REASON_INVPCID 58 #define EXIT_REASON_VMFUNC 59 +#define EXIT_REASON_ENCLS 60 #define EXIT_REASON_PML_FULL 62 #define EXIT_REASON_XSAVES 63 #define EXIT_REASON_XRSTORS 64