From: Kai Huang <kaih.linux@gmail.com>
To: pbonzini@redhat.com, rkrcmar@redhat.com, kvm@vger.kernel.org
Subject: [PATCH 05/10] kvm: x86: add KVM_GET_SUPPORTED_CPUID SGX support
Date: Mon, 8 May 2017 17:24:28 +1200 [thread overview]
Message-ID: <20170508052434.3627-6-kai.huang@linux.intel.com> (raw)
In-Reply-To: <20170508052434.3627-1-kai.huang@linux.intel.com>
This patch adds SGX CPUID support for KVM_GET_SUPPORTED_CPUID IOCTL. We need
to only expose SGX CPUID when enable_sgx is valid, as enable_sgx may be false,
for example, when user deliberately disables SGX, or when SGX initialization
fails, in which case hardware will still reports valid SGX CPUID.
As enable_sgx is not exposed to arch/x86/kvm/cpuid.c, we need to do SGX related
CPUID in vmx.c, for which kvm_x86_ops->set_supported_cpuid is extended to meet
SGX's need, and do_cpuid_1_ent is also exposed to VMX.
Signed-off-by: Kai Huang <kai.huang@linux.intel.com>
---
arch/x86/include/asm/kvm_host.h | 3 +-
arch/x86/kvm/cpuid.c | 13 ++++----
arch/x86/kvm/cpuid.h | 2 ++
arch/x86/kvm/svm.c | 5 ++-
arch/x86/kvm/vmx.c | 71 +++++++++++++++++++++++++++++++++++++++--
5 files changed, 83 insertions(+), 11 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 1d622334fc0e..d7254f36b17d 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -978,7 +978,8 @@ struct kvm_x86_ops {
void (*set_tdp_cr3)(struct kvm_vcpu *vcpu, unsigned long cr3);
- void (*set_supported_cpuid)(u32 func, struct kvm_cpuid_entry2 *entry);
+ int (*set_supported_cpuid)(u32 func, u32 index,
+ struct kvm_cpuid_entry2 *entry, int *nent, int maxnent);
bool (*has_wbinvd_exit)(void);
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index efde6cc50875..d2c396b0b32f 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -274,7 +274,7 @@ static void cpuid_mask(u32 *word, int wordnum)
*word &= boot_cpu_data.x86_capability[wordnum];
}
-static void do_cpuid_1_ent(struct kvm_cpuid_entry2 *entry, u32 function,
+void do_cpuid_1_ent(struct kvm_cpuid_entry2 *entry, u32 function,
u32 index)
{
entry->function = function;
@@ -283,6 +283,7 @@ static void do_cpuid_1_ent(struct kvm_cpuid_entry2 *entry, u32 function,
&entry->eax, &entry->ebx, &entry->ecx, &entry->edx);
entry->flags = 0;
}
+EXPORT_SYMBOL_GPL(do_cpuid_1_ent);
static int __do_cpuid_ent_emulated(struct kvm_cpuid_entry2 *entry,
u32 func, u32 index, int *nent, int maxnent)
@@ -402,7 +403,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
switch (function) {
case 0:
- entry->eax = min(entry->eax, (u32)0xd);
+ entry->eax = min(entry->eax, (u32)0x12);
break;
case 1:
entry->edx &= kvm_cpuid_1_edx_x86_features;
@@ -573,6 +574,9 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
}
break;
}
+ case 0x12:
+ /* Intel SGX CPUID. Passthrough to VMX to handle. */
+ break;
case KVM_CPUID_SIGNATURE: {
static const char signature[12] = "KVMKVMKVM\0\0";
const u32 *sigptr = (const u32 *)signature;
@@ -651,10 +655,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
break;
}
- kvm_x86_ops->set_supported_cpuid(function, entry);
-
- r = 0;
-
+ r = kvm_x86_ops->set_supported_cpuid(function, index, entry, nent, maxnent);
out:
put_cpu();
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
index 35058c2c0eea..de658f4fa1c6 100644
--- a/arch/x86/kvm/cpuid.h
+++ b/arch/x86/kvm/cpuid.h
@@ -6,6 +6,8 @@
int kvm_update_cpuid(struct kvm_vcpu *vcpu);
bool kvm_mpx_supported(void);
+void do_cpuid_1_ent(struct kvm_cpuid_entry2 *entry, u32 function,
+ u32 index);
struct kvm_cpuid_entry2 *kvm_find_cpuid_entry(struct kvm_vcpu *vcpu,
u32 function, u32 index);
int kvm_dev_ioctl_get_cpuid(struct kvm_cpuid2 *cpuid,
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 5fba70646c32..678b30d2a188 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -4988,7 +4988,8 @@ static void svm_cpuid_update(struct kvm_vcpu *vcpu)
entry->ecx &= ~bit(X86_FEATURE_X2APIC);
}
-static void svm_set_supported_cpuid(u32 func, struct kvm_cpuid_entry2 *entry)
+static int svm_set_supported_cpuid(u32 func, u32 index,
+ struct kvm_cpuid_entry2 *entry, int *nent, int maxnent)
{
switch (func) {
case 0x1:
@@ -5017,6 +5018,8 @@ static void svm_set_supported_cpuid(u32 func, struct kvm_cpuid_entry2 *entry)
break;
}
+
+ return 0;
}
static int svm_get_lpage_level(void)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 4b368a0af9bd..31de95986dbd 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -9493,10 +9493,75 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu)
nested_vmx_cr_fixed1_bits_update(vcpu);
}
-static void vmx_set_supported_cpuid(u32 func, struct kvm_cpuid_entry2 *entry)
+static int vmx_set_supported_cpuid(u32 func, u32 index,
+ struct kvm_cpuid_entry2 *entry, int *nent, int maxnent)
{
- if (func == 1 && nested)
- entry->ecx |= bit(X86_FEATURE_VMX);
+ int r = -E2BIG;
+
+ switch (func) {
+ case 0x1:
+ if (nested)
+ entry->ecx |= bit(X86_FEATURE_VMX);
+ break;
+ case 0x7:
+ if (index == 0 && enable_sgx) {
+ entry->ebx |= bit(X86_FEATURE_SGX);
+ if (boot_cpu_has(X86_FEATURE_SGX_LAUNCH_CONTROL))
+ entry->ecx |=
+ bit(X86_FEATURE_SGX_LAUNCH_CONTROL);
+ }
+ break;
+ case 0x12: {
+ WARN_ON(index != 0);
+
+ if (enable_sgx) {
+ if (*nent >= maxnent)
+ goto out;
+
+ /* do_cpuid_1_ent has already been called for index 0 */
+ entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
+
+ /* Index 1: SECS.ATTRIBUTE */
+ do_cpuid_1_ent(++entry, 0x12, 0x1);
+ entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
+ ++*nent;
+
+ if (*nent >= maxnent)
+ goto out;
+
+ /*
+ * Index 2: EPC section
+ *
+ * Note: We only report one EPC section as userspace
+ * doesn't need to know physical EPC info. In fact,
+ * KVM_SET_CPUID2 should contain guest's virtual EPC
+ * base & size, in which case one virtual EPC section
+ * is obviously enough for guest.
+ */
+ do_cpuid_1_ent(++entry, 0x12, 0x2);
+ entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
+ /*
+ * Don't report physical EPC info as userspace doesn't
+ * need to know.
+ */
+ entry->eax &= 0xf;
+ entry->ebx = 0;
+ entry->ecx &= 0xf;
+ entry->edx = 0;
+ ++*nent;
+ }
+ else
+ entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
+
+ break;
+ }
+ default:
+ break;
+ }
+
+ r = 0;
+out:
+ return r;
}
static void nested_ept_inject_page_fault(struct kvm_vcpu *vcpu,
--
2.11.0
next prev parent reply other threads:[~2017-05-08 5:25 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-08 5:24 [RFC PATCH 00/10] Basic KVM SGX Virtualization support Kai Huang
2017-05-08 5:24 ` [PATCH 01/10] x86: add SGX Launch Control definition to cpufeature Kai Huang
2017-05-08 5:24 ` [PATCH 02/10] kvm: vmx: add ENCLS VMEXIT detection Kai Huang
2017-05-08 5:24 ` [PATCH 03/10] kvm: vmx: detect presence of host SGX driver Kai Huang
2017-05-08 5:24 ` [PATCH 04/10] kvm: sgx: new functions to init and destory SGX for guest Kai Huang
2017-05-08 5:24 ` Kai Huang [this message]
2017-05-08 5:24 ` [PATCH 06/10] kvm: x86: add KVM_SET_CPUID2 SGX support Kai Huang
2017-05-08 5:24 ` [PATCH 07/10] kvm: vmx: add SGX IA32_FEATURE_CONTROL MSR emulation Kai Huang
2017-05-08 5:24 ` [PATCH 08/10] kvm: vmx: add guest's IA32_SGXLEPUBKEYHASHn runtime switch support Kai Huang
2017-05-12 0:32 ` Huang, Kai
2017-05-12 3:28 ` [intel-sgx-kernel-dev] " Andy Lutomirski
2017-05-12 4:56 ` Huang, Kai
2017-05-12 6:11 ` Andy Lutomirski
2017-05-12 18:48 ` Christopherson, Sean J
2017-05-12 20:50 ` Christopherson, Sean J
2017-05-16 0:59 ` Huang, Kai
2017-05-16 1:22 ` Huang, Kai
2017-05-16 0:48 ` Huang, Kai
2017-05-16 14:21 ` Paolo Bonzini
2017-05-18 7:54 ` Huang, Kai
2017-05-18 8:58 ` Paolo Bonzini
2017-05-17 0:09 ` Andy Lutomirski
2017-05-18 7:45 ` Huang, Kai
2017-06-06 20:52 ` Huang, Kai
2017-06-06 21:22 ` Andy Lutomirski
2017-06-06 22:51 ` Huang, Kai
2017-06-07 14:45 ` Cohen, Haim
2017-06-08 12:31 ` Jarkko Sakkinen
2017-06-08 23:47 ` Huang, Kai
2017-06-08 23:53 ` Andy Lutomirski
2017-06-09 15:38 ` Cohen, Haim
2017-06-10 12:23 ` Jarkko Sakkinen
2017-06-11 22:45 ` Huang, Kai
2017-06-12 8:36 ` Jarkko Sakkinen
2017-06-12 9:53 ` Huang, Kai
2017-06-12 16:24 ` Andy Lutomirski
2017-06-12 22:08 ` Huang, Kai
2017-06-12 23:00 ` Andy Lutomirski
2017-06-16 3:46 ` Huang, Kai
2017-06-16 4:11 ` Andy Lutomirski
2017-06-16 4:33 ` Huang, Kai
2017-06-16 9:34 ` Huang, Kai
2017-06-16 16:03 ` Andy Lutomirski
2017-06-16 16:25 ` Andy Lutomirski
2017-06-16 16:31 ` Christopherson, Sean J
2017-06-16 16:43 ` Andy Lutomirski
2017-06-13 18:57 ` Jarkko Sakkinen
2017-06-13 19:05 ` Jarkko Sakkinen
2017-06-13 20:13 ` Sean Christopherson
2017-06-14 9:37 ` Jarkko Sakkinen
2017-06-14 15:11 ` Christopherson, Sean J
2017-06-14 17:03 ` Jarkko Sakkinen
2017-06-13 23:28 ` Huang, Kai
2017-06-14 9:44 ` Jarkko Sakkinen
2017-07-19 15:04 ` Sean Christopherson
2017-05-15 12:46 ` Jarkko Sakkinen
2017-05-15 23:56 ` Huang, Kai
2017-05-16 14:23 ` Paolo Bonzini
2017-05-17 14:21 ` Sean Christopherson
2017-05-18 8:14 ` Huang, Kai
2017-05-20 21:55 ` Andy Lutomirski
2017-05-23 5:43 ` Huang, Kai
2017-05-23 5:55 ` Huang, Kai
2017-05-23 16:34 ` Andy Lutomirski
2017-05-23 16:43 ` Paolo Bonzini
2017-05-24 8:20 ` Huang, Kai
2017-05-20 13:23 ` Jarkko Sakkinen
2017-05-08 5:24 ` [PATCH 09/10] kvm: vmx: handle ENCLS VMEXIT Kai Huang
2017-05-08 8:08 ` Paolo Bonzini
2017-05-10 1:30 ` Huang, Kai
2017-05-08 5:24 ` [PATCH 10/10] kvm: vmx: handle VMEXIT from SGX Enclave Kai Huang
2017-05-08 8:22 ` Paolo Bonzini
2017-05-11 9:34 ` Huang, Kai
2017-06-19 5:02 ` Huang, Kai
2017-06-27 15:29 ` Radim Krčmář
2017-06-28 22:22 ` Huang, Kai
2017-05-08 5:24 ` [PATCH 11/11] kvm: vmx: workaround FEATURE_CONTROL[17] is not set by BIOS Kai Huang
2017-05-08 5:29 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170508052434.3627-6-kai.huang@linux.intel.com \
--to=kaih.linux@gmail.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.