From patchwork Sun Jul 9 08:09:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kai Huang X-Patchwork-Id: 9831695 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 84FB160318 for ; Sun, 9 Jul 2017 08:12:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 79414237A5 for ; Sun, 9 Jul 2017 08:12:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6DE4127F82; Sun, 9 Jul 2017 08:12:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.6 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 8965B237A5 for ; Sun, 9 Jul 2017 08:12:03 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dU7Hi-0004fM-CD; Sun, 09 Jul 2017 08:09:42 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dU7Hh-0004eY-8v for xen-devel@lists.xen.org; Sun, 09 Jul 2017 08:09:41 +0000 Received: from [193.109.254.147] by server-4.bemta-6.messagelabs.com id 45/5A-02962-4C4E1695; Sun, 09 Jul 2017 08:09:40 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrHIsWRWlGSWpSXmKPExsXiVRvsqHv4SWK kwZGpChZLPi5mcWD0OLr7N1MAYxRrZl5SfkUCa8b0MzNYCw7kVny72srawNgT1sXIySEkMJFR YsKTii5GLg4WgS5WiYaGuawgjoTAMlaJvr3LWECqJATiJH5uXMAOYVdKPLi9nR2iW1mi69tRK HsRk0TzNEYQm01ATWLrknaoXluJBee+MIPYIgLSEtc+XwarYRbwkPj4cSmYLSxgIfHw91swm0 VAVWL7hj5WEJtXIF7i7t2dzBBz5CV2tV0EinNwcAokSDRfiIBYGy/x6+JPNhCbE2jVl/0LmCH iNhK/jq1nmsAovICRYRWjRnFqUVlqka6xgV5SUWZ6RkluYmaOrqGBmV5uanFxYnpqTmJSsV5y fu4mRmB4MgDBDsa/awMPMUpyMCmJ8or1JkQK8SXlp1RmJBZnxBeV5qQWH2KU4eBQkuAVfpwYK SRYlJqeWpGWmQOMFJi0BAePkgiv83SgNG9xQWJucWY6ROoUoyXHhtXrvzBxTDqwHUi+mvD/G5 MQS15+XqqUOG8qyDwBkIaM0jy4cbBovsQoKyXMywh0oBBPQWpRbmYJqvwrRnEORiVh3kCQKTy ZeSVwW18BHcQEdBBbXQLIQSWJCCmpBkYNq4lzpFvleB1fz95b/WnSvLm5K5ni20oOMKfV7tJS /7Urbg83l0O17Jt/CeGN5my3BUI2HvFalqHAXTX7pvNVraaHtnvKZzWv7pB+GeB1719Y3aktB 0r4PLl6fgWXGZsVvl8WEDH3y+n5Jh9Kt23tOzPTrjNELsHP+b/H75S/0aI9XxN3tCqxFGckGm oxFxUnAgDj6VEG4QIAAA== X-Env-Sender: kaih.linux@gmail.com X-Msg-Ref: server-6.tower-27.messagelabs.com!1499587778!106441589!1 X-Originating-IP: [74.125.83.65] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.25; banners=-,-,- X-VirusChecked: Checked Received: (qmail 10285 invoked from network); 9 Jul 2017 08:09:39 -0000 Received: from mail-pg0-f65.google.com (HELO mail-pg0-f65.google.com) (74.125.83.65) by server-6.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 9 Jul 2017 08:09:39 -0000 Received: by mail-pg0-f65.google.com with SMTP id j186so9086812pge.1 for ; Sun, 09 Jul 2017 01:09:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :in-reply-to:references; bh=Gw3ENxmVgn8Geni8220/Lb/jm92DqyL6vb4sy31TSqI=; b=AUMVtP1aS3rMnxa6vlUbG16dSmNfWlflhHcNw8jJZHdPCQL7kPcV3KSnYVxE2SboM0 BF2X6Nw1sP31ejeKmkZWX8w5VaGXc9hiH4ouNGNPKh1zxtIDovp8kVzdXSZs92LdPXJG He/amZvmRLPmDQCvGhdIQy7YhXhaCqaUTls4Aej3z0HvRF0cgcAeMw1uy7RZtoO/n1/V IzY6NthjxnWmfpTffs9Ox4WUTFDXQlIkLbsYJzfxImPmbkHMs1bv7UMulRpVBUMz15ne l0KzRIp0Q1yuniLRTZaKP/k28OFPrucH45jSWQz84jV/waXLp6wOfKLDK0yAc1MHyPe3 qppQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=Gw3ENxmVgn8Geni8220/Lb/jm92DqyL6vb4sy31TSqI=; b=k97d6MsZ+gyStQb5ZQeZPWJ1NNtwwfV1W/zcCkiEo7MD847MtnSE5NPoY8ycu2mLed ORl2Mz5Dhja21CgwTmacoPbnFzdDepqu9WjpYGjab+b3m1wFxyYkC/4yjE8iZFWzaoWJ dIE8nHoJscQtNPeohOZwqW9LlRYJAh1DbO3rXqkUesiD/6bPuoYr7osgn0NMZ8Tz0aMT hWFpqqoSZxjzhf68nc4qvhwNFHXWUGinV9xkeq+lYkMg9CCHElom/HeKbe7KgPeONc2b /RDuj5UvplPgA8fT93jSkfajCBnHzfCiyPacnOGn/Shx74yC8rNRfUntmLgESWlb1ALs X9cQ== X-Gm-Message-State: AIVw112Mt56XsoEtLBO2ETnAr/z8qvVi5bzhdtd57W73uMX7NtNGvFiH 6RkrYLqOKx5bKOUz X-Received: by 10.84.133.69 with SMTP id 63mr11932609plf.225.1499587777429; Sun, 09 Jul 2017 01:09:37 -0700 (PDT) Received: from localhost.localdomain (118-92-234-57.dsl.dyn.ihug.co.nz. [118.92.234.57]) by smtp.gmail.com with ESMTPSA id d70sm22148172pga.49.2017.07.09.01.09.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 09 Jul 2017 01:09:37 -0700 (PDT) From: Kai Huang X-Google-Original-From: Kai Huang To: xen-devel@lists.xen.org Date: Sun, 9 Jul 2017 20:09:07 +1200 Message-Id: <0d4f023a709e7ca089821267e517fb1157437ab6.1499586046.git.kai.huang@linux.intel.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <4b8baf9779038897e6ba2ed4ac0a3e9663db2756.1499586046.git.kai.huang@linux.intel.com> References: <4b8baf9779038897e6ba2ed4ac0a3e9663db2756.1499586046.git.kai.huang@linux.intel.com> In-Reply-To: References: Cc: andrew.cooper3@citrix.com, kevin.tian@intel.com, jbeulich@suse.com Subject: [Xen-devel] [PATCH 09/15] xen: vmx: handle SGX related MSRs X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP This patch handles IA32_FEATURE_CONTROL and IA32_SGXLEPUBKEYHASHn MSRs. For IA32_FEATURE_CONTROL, if SGX is exposed to domain, then SGX_ENABLE bit is always set. If SGX launch control is also exposed to domain, and physical IA32_SGXLEPUBKEYHASHn are writable, then SGX_LAUNCH_CONTROL_ENABLE bit is also always set. Write to IA32_FEATURE_CONTROL is ignored. For IA32_SGXLEPUBKEYHASHn, a new 'struct sgx_vcpu' is added for per-vcpu SGX staff, and currently it has vcpu's virtual ia32_sgxlepubkeyhash[0-3]. Two boolean 'readable' and 'writable' are also added to indicate whether virtual IA32_SGXLEPUBKEYHASHn are readable and writable. During vcpu is initialized, virtual ia32_sgxlepubkeyhash are also initialized. If physical IA32_SGXLEPUBKEYHASHn are writable, then ia32_sgxlepubkeyhash are set to Intel's default value, as for physical machine, those MSRs will have Intel's default value. If physical MSRs are not writable (it is *locked* by BIOS before handling to Xen), then we try to read those MSRs and use physical values as defult value for virtual MSRs. One thing is rdmsr_safe is used, as although SDM says if SGX is present, IA32_SGXLEPUBKEYHASHn are available for read, but in reality, skylake client (at least some, depending on BIOS) doesn't have those MSRs available, so we use rdmsr_safe and set readable to false if it returns error code. For IA32_SGXLEPUBKEYHASHn MSR read from guest, if physical MSRs are not readable, guest is not allowed to read either, otherwise vcpu's virtual MSR value is returned. For IA32_SGXLEPUBKEYHASHn MSR write from guest, we allow guest to write if both physical MSRs are writable and SGX launch control is exposed to domain, otherwise error is injected. To make EINIT run successfully in guest, vcpu's virtual IA32_SGXLEPUBKEYHASHn will be update to physical MSRs when vcpu is scheduled in. Signed-off-by: Kai Huang --- xen/arch/x86/hvm/vmx/sgx.c | 194 +++++++++++++++++++++++++++++++++++++ xen/arch/x86/hvm/vmx/vmx.c | 24 +++++ xen/include/asm-x86/cpufeature.h | 3 + xen/include/asm-x86/hvm/vmx/sgx.h | 22 +++++ xen/include/asm-x86/hvm/vmx/vmcs.h | 2 + xen/include/asm-x86/msr-index.h | 6 ++ 6 files changed, 251 insertions(+) diff --git a/xen/arch/x86/hvm/vmx/sgx.c b/xen/arch/x86/hvm/vmx/sgx.c index 14379151e8..4944e57aef 100644 --- a/xen/arch/x86/hvm/vmx/sgx.c +++ b/xen/arch/x86/hvm/vmx/sgx.c @@ -405,6 +405,200 @@ void hvm_destroy_epc(struct domain *d) hvm_reset_epc(d, true); } +/* Whether IA32_SGXLEPUBKEYHASHn are physically *unlocked* by BIOS */ +bool_t sgx_ia32_sgxlepubkeyhash_writable(void) +{ + uint64_t sgx_lc_enabled = IA32_FEATURE_CONTROL_SGX_ENABLE | + IA32_FEATURE_CONTROL_SGX_LAUNCH_CONTROL_ENABLE | + IA32_FEATURE_CONTROL_LOCK; + uint64_t val; + + rdmsrl(MSR_IA32_FEATURE_CONTROL, val); + + return (val & sgx_lc_enabled) == sgx_lc_enabled; +} + +bool_t domain_has_sgx(struct domain *d) +{ + /* hvm_epc_populated(d) implies CPUID has SGX */ + return hvm_epc_populated(d); +} + +bool_t domain_has_sgx_launch_control(struct domain *d) +{ + struct cpuid_policy *p = d->arch.cpuid; + + if ( !domain_has_sgx(d) ) + return false; + + /* Unnecessary but check anyway */ + if ( !cpu_has_sgx_launch_control ) + return false; + + return !!p->feat.sgx_launch_control; +} + +/* Digest of Intel signing key. MSR's default value after reset. */ +#define SGX_INTEL_DEFAULT_LEPUBKEYHASH0 0xa6053e051270b7ac +#define SGX_INTEL_DEFAULT_LEPUBKEYHASH1 0x6cfbe8ba8b3b413d +#define SGX_INTEL_DEFAULT_LEPUBKEYHASH2 0xc4916d99f2b3735d +#define SGX_INTEL_DEFAULT_LEPUBKEYHASH3 0xd4f8c05909f9bb3b + +void sgx_vcpu_init(struct vcpu *v) +{ + struct sgx_vcpu *sgxv = to_sgx_vcpu(v); + + memset(sgxv, 0, sizeof (*sgxv)); + + if ( sgx_ia32_sgxlepubkeyhash_writable() ) + { + /* + * If physical MSRs are writable, set vcpu's default value to Intel's + * default value. For real machine, after reset, MSRs contain Intel's + * default value. + */ + sgxv->ia32_sgxlepubkeyhash[0] = SGX_INTEL_DEFAULT_LEPUBKEYHASH0; + sgxv->ia32_sgxlepubkeyhash[1] = SGX_INTEL_DEFAULT_LEPUBKEYHASH1; + sgxv->ia32_sgxlepubkeyhash[2] = SGX_INTEL_DEFAULT_LEPUBKEYHASH2; + sgxv->ia32_sgxlepubkeyhash[3] = SGX_INTEL_DEFAULT_LEPUBKEYHASH3; + + sgxv->readable = 1; + sgxv->writable = domain_has_sgx_launch_control(v->domain); + } + else + { + uint64_t v; + /* + * Although SDM says if SGX is present, then IA32_SGXLEPUBKEYHASHn are + * available for read, but in reality for SKYLAKE client machines, + * those MSRs are not available if SGX is present, so we cannot rely on + * cpu_has_sgx to determine whether to we are able to read MSRs, + * instead, we always use rdmsr_safe. + */ + sgxv->readable = rdmsr_safe(MSR_IA32_SGXLEPUBKEYHASH0, v) ? 0 : 1; + + if ( !sgxv->readable ) + return; + + rdmsr_safe(MSR_IA32_SGXLEPUBKEYHASH0, sgxv->ia32_sgxlepubkeyhash[0]); + rdmsr_safe(MSR_IA32_SGXLEPUBKEYHASH1, sgxv->ia32_sgxlepubkeyhash[1]); + rdmsr_safe(MSR_IA32_SGXLEPUBKEYHASH2, sgxv->ia32_sgxlepubkeyhash[2]); + rdmsr_safe(MSR_IA32_SGXLEPUBKEYHASH3, sgxv->ia32_sgxlepubkeyhash[3]); + } +} + +void sgx_ctxt_switch_to(struct vcpu *v) +{ + struct sgx_vcpu *sgxv = to_sgx_vcpu(v); + + if ( sgxv->writable && sgx_ia32_sgxlepubkeyhash_writable() ) + { + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0, sgxv->ia32_sgxlepubkeyhash[0]); + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH1, sgxv->ia32_sgxlepubkeyhash[1]); + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH2, sgxv->ia32_sgxlepubkeyhash[2]); + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH3, sgxv->ia32_sgxlepubkeyhash[3]); + } +} + +int sgx_msr_read_intercept(struct vcpu *v, unsigned int msr, u64 *msr_content) +{ + struct sgx_vcpu *sgxv = to_sgx_vcpu(v); + u64 data; + int r = 1; + + if ( !domain_has_sgx(v->domain) ) + return 0; + + switch ( msr ) + { + case MSR_IA32_FEATURE_CONTROL: + data = (IA32_FEATURE_CONTROL_LOCK | + IA32_FEATURE_CONTROL_SGX_ENABLE); + /* + * If physical IA32_SGXLEPUBKEYHASHn are writable, then we always + * allow guest to be able to change IA32_SGXLEPUBKEYHASHn at runtime. + */ + if ( sgx_ia32_sgxlepubkeyhash_writable() && + domain_has_sgx_launch_control(v->domain) ) + data |= IA32_FEATURE_CONTROL_SGX_LAUNCH_CONTROL_ENABLE; + + *msr_content = data; + + break; + case MSR_IA32_SGXLEPUBKEYHASH0...MSR_IA32_SGXLEPUBKEYHASH3: + /* + * SDM 35.1 Model-Specific Registers, table 35-2. + * + * IA32_SGXLEPUBKEYHASH[0..3]: + * + * Read permitted if CPUID.0x12.0:EAX[0] = 1. + * + * In reality, MSRs may not be readable even SGX is present, in which + * case guest is not allowed to read either. + */ + if ( !sgxv->readable ) + { + r = 0; + break; + } + + data = sgxv->ia32_sgxlepubkeyhash[msr - MSR_IA32_SGXLEPUBKEYHASH0]; + + *msr_content = data; + + break; + default: + r = 0; + break; + } + + return r; +} + +int sgx_msr_write_intercept(struct vcpu *v, unsigned int msr, u64 msr_content) +{ + struct sgx_vcpu *sgxv = to_sgx_vcpu(v); + int r = 1; + + if ( !domain_has_sgx(v->domain) ) + return 0; + + switch ( msr ) + { + case MSR_IA32_FEATURE_CONTROL: + /* sliently drop */ + break; + case MSR_IA32_SGXLEPUBKEYHASH0...MSR_IA32_SGXLEPUBKEYHASH3: + /* + * SDM 35.1 Model-Specific Registers, table 35-2. + * + * IA32_SGXLEPUBKEYHASH[0..3]: + * + * - If CPUID.0x7.0:ECX[30] = 1, FEATURE_CONTROL[17] is available. + * - Write permitted if CPUID.0x12.0:EAX[0] = 1 && + * FEATURE_CONTROL[17] = 1 && FEATURE_CONTROL[0] = 1. + * + * sgxv->writable == 1 means sgx_ia32_sgxlepubkeyhash_writable() and + * domain_has_sgx_launch_control(d) both are true. + */ + if ( !sgxv->writable ) + { + r = 0; + break; + } + + sgxv->ia32_sgxlepubkeyhash[msr - MSR_IA32_SGXLEPUBKEYHASH0] = + msr_content; + + break; + default: + r = 0; + break; + } + + return r; +} + static bool_t sgx_enabled_in_bios(void) { uint64_t val, sgx_enabled = IA32_FEATURE_CONTROL_SGX_ENABLE | diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 243643111d..7ee5515bdc 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -470,6 +470,8 @@ static int vmx_vcpu_initialise(struct vcpu *v) if ( v->vcpu_id == 0 ) v->arch.user_regs.rax = 1; + sgx_vcpu_init(v); + return 0; } @@ -1048,6 +1050,9 @@ static void vmx_ctxt_switch_to(struct vcpu *v) if ( v->domain->arch.hvm_domain.pi_ops.switch_to ) v->domain->arch.hvm_domain.pi_ops.switch_to(v); + + if ( domain_has_sgx(v->domain) ) + sgx_ctxt_switch_to(v); } @@ -2876,10 +2881,20 @@ static int vmx_msr_read_intercept(unsigned int msr, uint64_t *msr_content) __vmread(GUEST_IA32_DEBUGCTL, msr_content); break; case MSR_IA32_FEATURE_CONTROL: + /* If neither SGX nor nested is supported, this MSR should not be + * touched */ + if ( !sgx_msr_read_intercept(current, msr, msr_content) && + !nvmx_msr_read_intercept(msr, msr_content) ) + goto gp_fault; + break; case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_VMFUNC: if ( !nvmx_msr_read_intercept(msr, msr_content) ) goto gp_fault; break; + case MSR_IA32_SGXLEPUBKEYHASH0...MSR_IA32_SGXLEPUBKEYHASH3: + if ( !sgx_msr_read_intercept(current, msr, msr_content) ) + goto gp_fault; + break; case MSR_IA32_MISC_ENABLE: rdmsrl(MSR_IA32_MISC_ENABLE, *msr_content); /* Debug Trace Store is not supported. */ @@ -3119,10 +3134,19 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content) break; } case MSR_IA32_FEATURE_CONTROL: + /* See vmx_msr_read_intercept */ + if ( !sgx_msr_write_intercept(current, msr, msr_content) && + !nvmx_msr_write_intercept(msr, msr_content) ) + goto gp_fault; + break; case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_TRUE_ENTRY_CTLS: if ( !nvmx_msr_write_intercept(msr, msr_content) ) goto gp_fault; break; + case MSR_IA32_SGXLEPUBKEYHASH0...MSR_IA32_SGXLEPUBKEYHASH3: + if ( !sgx_msr_write_intercept(current, msr, msr_content) ) + goto gp_fault; + break; case MSR_P6_PERFCTR(0)...MSR_P6_PERFCTR(7): case MSR_P6_EVNTSEL(0)...MSR_P6_EVNTSEL(7): case MSR_CORE_PERF_FIXED_CTR0...MSR_CORE_PERF_FIXED_CTR2: diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 9793f8c1c5..dfb17c4bd8 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -98,6 +98,9 @@ #define cpu_has_smap boot_cpu_has(X86_FEATURE_SMAP) #define cpu_has_sha boot_cpu_has(X86_FEATURE_SHA) +/* CPUID level 0x00000007:0.ecx */ +#define cpu_has_sgx_launch_control boot_cpu_has(X86_FEATURE_SGX_LAUNCH_CONTROL) + /* CPUID level 0x80000007.edx */ #define cpu_has_itsc boot_cpu_has(X86_FEATURE_ITSC) diff --git a/xen/include/asm-x86/hvm/vmx/sgx.h b/xen/include/asm-x86/hvm/vmx/sgx.h index 40f860662a..c460f61e5e 100644 --- a/xen/include/asm-x86/hvm/vmx/sgx.h +++ b/xen/include/asm-x86/hvm/vmx/sgx.h @@ -75,4 +75,26 @@ int hvm_populate_epc(struct domain *d, unsigned long epc_base_pfn, int hvm_reset_epc(struct domain *d, bool_t free_epc); void hvm_destroy_epc(struct domain *d); +/* Per-vcpu SGX structure */ +struct sgx_vcpu { + uint64_t ia32_sgxlepubkeyhash[4]; + /* + * Although SDM says if SGX is present, then IA32_SGXLEPUBKEYHASHn are + * available for read, but in reality for SKYLAKE client machines, those + * those MSRs are not available if SGX is present. + */ + bool_t readable; + bool_t writable; +}; +#define to_sgx_vcpu(v) (&(v->arch.hvm_vmx.sgx)) + +bool_t sgx_ia32_sgxlepubkeyhash_writable(void); +bool_t domain_has_sgx(struct domain *d); +bool_t domain_has_sgx_launch_control(struct domain *d); + +void sgx_vcpu_init(struct vcpu *v); +void sgx_ctxt_switch_to(struct vcpu *v); +int sgx_msr_read_intercept(struct vcpu *v, unsigned int msr, u64 *msr_content); +int sgx_msr_write_intercept(struct vcpu *v, unsigned int msr, u64 msr_content); + #endif /* __ASM_X86_HVM_VMX_SGX_H__ */ diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index 6cfa5c3310..fc0b9d85fd 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -160,6 +160,8 @@ struct arch_vmx_struct { * pCPU and wakeup the related vCPU. */ struct pi_blocking_vcpu pi_blocking; + + struct sgx_vcpu sgx; }; int vmx_create_vmcs(struct vcpu *v); diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 771e7500af..16206a11b7 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -296,6 +296,12 @@ #define IA32_FEATURE_CONTROL_SENTER_PARAM_CTL 0x7f00 #define IA32_FEATURE_CONTROL_ENABLE_SENTER 0x8000 #define IA32_FEATURE_CONTROL_SGX_ENABLE 0x40000 +#define IA32_FEATURE_CONTROL_SGX_LAUNCH_CONTROL_ENABLE 0x20000 + +#define MSR_IA32_SGXLEPUBKEYHASH0 0x0000008c +#define MSR_IA32_SGXLEPUBKEYHASH1 0x0000008d +#define MSR_IA32_SGXLEPUBKEYHASH2 0x0000008e +#define MSR_IA32_SGXLEPUBKEYHASH3 0x0000008f #define MSR_IA32_TSC_ADJUST 0x0000003b