From: Sean Christopherson <seanjc@google.com>
To: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Cc: kvm@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Bandan Das <bsd@redhat.com>,
linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH v3] KVM: nVMX: Advertise ENCLS_EXITING to L1 iff SGX is fully supported
Date: Wed, 26 Oct 2022 16:53:21 +0000 [thread overview]
Message-ID: <Y1lmASxiV0r2Ldfs@google.com> (raw)
In-Reply-To: <20221026072330.2248336-1-eesposit@redhat.com>
On Wed, Oct 26, 2022, Emanuele Giuseppe Esposito wrote:
> Clear enable_sgx if ENCLS-exiting is not supported, i.e. if SGX cannot be
> virtualized. This fixes a bug where KVM would advertise ENCLS-exiting to
> L1 and propagate the control from vmcs12 to vmcs02 even if ENCLS-exiting
> isn't supported in secondary execution controls, e.g. because SGX isn't
> fully enabled, and thus induce an unexpected VM-Fail in L1.
>
> Not updating enable_sgx is responsible for a second bug:
> vmx_set_cpu_caps() doesn't clear the SGX bits when hardware support is
> unavailable. This is a much less problematic bug as it only pops up
> if SGX is soft-disabled (the case being handled by cpu_has_sgx()) or if
> SGX is supported for bare metal but not in the VMCS (will never happen
> when running on bare metal, but can theoertically happen when running in
> a VM).
>
> Last but not least, KVM should ideally have module params reflect KVM's
> actual configuration.
>
> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2127128
>
> Fixes: 72add915fbd5 ("KVM: VMX: Enable SGX virtualization for SGX1, SGX2 and LC")
> Cc: stable@vger.kernel.org
>
> Suggested-by: Sean Christopherson <seanjc@google.com>
> Suggested-by: Bandan Das <bsd@redhat.com>
> Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
> ---
Reviewed-by: Sean Christopherson <seanjc@google.com>
prev parent reply other threads:[~2022-10-26 16:53 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-26 7:23 [PATCH v3] KVM: nVMX: Advertise ENCLS_EXITING to L1 iff SGX is fully supported Emanuele Giuseppe Esposito
2022-10-26 16:53 ` Sean Christopherson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y1lmASxiV0r2Ldfs@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=bsd@redhat.com \
--cc=dave.hansen@linux.intel.com \
--cc=eesposit@redhat.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.