Message ID | db965546668e24857627a6695ee739aac5c15d3a.1611634586.git.kai.huang@intel.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | KVM SGX virtualization support | expand |
On Tue, Jan 26, 2021 at 10:31:05PM +1300, Kai Huang wrote: > Add a helper to update SGX_LEPUBKEYHASHn MSRs. SGX virtualization also > needs to update those MSRs based on guest's "virtual" SGX_LEPUBKEYHASHn > before EINIT from guest. > > Signed-off-by: Kai Huang <kai.huang@intel.com> Acked-by: Jarkko Sakkinen <jarkko@kernel.org> /Jarkko > --- > v2->v3: > > - Added comment for sgx_update_lepubkeyhash(), per Jarkko and Dave. > > --- > arch/x86/kernel/cpu/sgx/ioctl.c | 5 ++--- > arch/x86/kernel/cpu/sgx/main.c | 15 +++++++++++++++ > arch/x86/kernel/cpu/sgx/sgx.h | 2 ++ > 3 files changed, 19 insertions(+), 3 deletions(-) > > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c > index e5977752c7be..1bae754268d1 100644 > --- a/arch/x86/kernel/cpu/sgx/ioctl.c > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c > @@ -495,7 +495,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, > void *token) > { > u64 mrsigner[4]; > - int i, j, k; > + int i, j; > void *addr; > int ret; > > @@ -544,8 +544,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, > > preempt_disable(); > > - for (k = 0; k < 4; k++) > - wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + k, mrsigner[k]); > + sgx_update_lepubkeyhash(mrsigner); > > ret = __einit(sigstruct, token, addr); > > diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c > index 93d249f7bff3..b456899a9532 100644 > --- a/arch/x86/kernel/cpu/sgx/main.c > +++ b/arch/x86/kernel/cpu/sgx/main.c > @@ -697,6 +697,21 @@ static bool __init sgx_page_cache_init(void) > return true; > } > > + > +/* > + * Update the SGX_LEPUBKEYHASH MSRs to the values specified by caller. > + * Bare-metal driver requires to update them to hash of enclave's signer > + * before EINIT. KVM needs to update them to guest's virtual MSR values > + * before doing EINIT from guest. > + */ > +void sgx_update_lepubkeyhash(u64 *lepubkeyhash) > +{ > + int i; > + > + for (i = 0; i < 4; i++) > + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + i, lepubkeyhash[i]); > +} > + > static int __init sgx_init(void) > { > int ret; > diff --git a/arch/x86/kernel/cpu/sgx/sgx.h b/arch/x86/kernel/cpu/sgx/sgx.h > index 509f2af33e1d..ccd4f145c464 100644 > --- a/arch/x86/kernel/cpu/sgx/sgx.h > +++ b/arch/x86/kernel/cpu/sgx/sgx.h > @@ -83,4 +83,6 @@ void sgx_mark_page_reclaimable(struct sgx_epc_page *page); > int sgx_unmark_page_reclaimable(struct sgx_epc_page *page); > struct sgx_epc_page *sgx_alloc_epc_page(void *owner, bool reclaim); > > +void sgx_update_lepubkeyhash(u64 *lepubkeyhash); > + > #endif /* _X86_SGX_H */ > -- > 2.29.2 > >
On Sat, 30 Jan 2021 16:49:20 +0200 Jarkko Sakkinen wrote: > On Tue, Jan 26, 2021 at 10:31:05PM +1300, Kai Huang wrote: > > Add a helper to update SGX_LEPUBKEYHASHn MSRs. SGX virtualization also > > needs to update those MSRs based on guest's "virtual" SGX_LEPUBKEYHASHn > > before EINIT from guest. > > > > Signed-off-by: Kai Huang <kai.huang@intel.com> > > > Acked-by: Jarkko Sakkinen <jarkko@kernel.org> Thanks Jarkko. Hi Dave, This patch originally had your Acked-by, but since I added a comment, I removed it. May I still have your Acked-by? > > /Jarkko > > > --- > > v2->v3: > > > > - Added comment for sgx_update_lepubkeyhash(), per Jarkko and Dave. > > > > --- > > arch/x86/kernel/cpu/sgx/ioctl.c | 5 ++--- > > arch/x86/kernel/cpu/sgx/main.c | 15 +++++++++++++++ > > arch/x86/kernel/cpu/sgx/sgx.h | 2 ++ > > 3 files changed, 19 insertions(+), 3 deletions(-) > > > > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c > > index e5977752c7be..1bae754268d1 100644 > > --- a/arch/x86/kernel/cpu/sgx/ioctl.c > > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c > > @@ -495,7 +495,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, > > void *token) > > { > > u64 mrsigner[4]; > > - int i, j, k; > > + int i, j; > > void *addr; > > int ret; > > > > @@ -544,8 +544,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, > > > > preempt_disable(); > > > > - for (k = 0; k < 4; k++) > > - wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + k, mrsigner[k]); > > + sgx_update_lepubkeyhash(mrsigner); > > > > ret = __einit(sigstruct, token, addr); > > > > diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c > > index 93d249f7bff3..b456899a9532 100644 > > --- a/arch/x86/kernel/cpu/sgx/main.c > > +++ b/arch/x86/kernel/cpu/sgx/main.c > > @@ -697,6 +697,21 @@ static bool __init sgx_page_cache_init(void) > > return true; > > } > > > > + > > +/* > > + * Update the SGX_LEPUBKEYHASH MSRs to the values specified by caller. > > + * Bare-metal driver requires to update them to hash of enclave's signer > > + * before EINIT. KVM needs to update them to guest's virtual MSR values > > + * before doing EINIT from guest. > > + */ > > +void sgx_update_lepubkeyhash(u64 *lepubkeyhash) > > +{ > > + int i; > > + > > + for (i = 0; i < 4; i++) > > + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + i, lepubkeyhash[i]); > > +} > > + > > static int __init sgx_init(void) > > { > > int ret; > > diff --git a/arch/x86/kernel/cpu/sgx/sgx.h b/arch/x86/kernel/cpu/sgx/sgx.h > > index 509f2af33e1d..ccd4f145c464 100644 > > --- a/arch/x86/kernel/cpu/sgx/sgx.h > > +++ b/arch/x86/kernel/cpu/sgx/sgx.h > > @@ -83,4 +83,6 @@ void sgx_mark_page_reclaimable(struct sgx_epc_page *page); > > int sgx_unmark_page_reclaimable(struct sgx_epc_page *page); > > struct sgx_epc_page *sgx_alloc_epc_page(void *owner, bool reclaim); > > > > +void sgx_update_lepubkeyhash(u64 *lepubkeyhash); > > + > > #endif /* _X86_SGX_H */ > > -- > > 2.29.2 > > > >
On 1/31/21 5:17 PM, Kai Huang wrote: > On Sat, 30 Jan 2021 16:49:20 +0200 Jarkko Sakkinen wrote: >> On Tue, Jan 26, 2021 at 10:31:05PM +1300, Kai Huang wrote: >>> Add a helper to update SGX_LEPUBKEYHASHn MSRs. SGX virtualization also >>> needs to update those MSRs based on guest's "virtual" SGX_LEPUBKEYHASHn >>> before EINIT from guest. >>> >>> Signed-off-by: Kai Huang <kai.huang@intel.com> >> >> Acked-by: Jarkko Sakkinen <jarkko@kernel.org> > Thanks Jarkko. > > Hi Dave, > > This patch originally had your Acked-by, but since I added a comment, I removed > it. May I still have your Acked-by? Yes, feel free to restore it. This looks fine.
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index e5977752c7be..1bae754268d1 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -495,7 +495,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, void *token) { u64 mrsigner[4]; - int i, j, k; + int i, j; void *addr; int ret; @@ -544,8 +544,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, preempt_disable(); - for (k = 0; k < 4; k++) - wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + k, mrsigner[k]); + sgx_update_lepubkeyhash(mrsigner); ret = __einit(sigstruct, token, addr); diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 93d249f7bff3..b456899a9532 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -697,6 +697,21 @@ static bool __init sgx_page_cache_init(void) return true; } + +/* + * Update the SGX_LEPUBKEYHASH MSRs to the values specified by caller. + * Bare-metal driver requires to update them to hash of enclave's signer + * before EINIT. KVM needs to update them to guest's virtual MSR values + * before doing EINIT from guest. + */ +void sgx_update_lepubkeyhash(u64 *lepubkeyhash) +{ + int i; + + for (i = 0; i < 4; i++) + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + i, lepubkeyhash[i]); +} + static int __init sgx_init(void) { int ret; diff --git a/arch/x86/kernel/cpu/sgx/sgx.h b/arch/x86/kernel/cpu/sgx/sgx.h index 509f2af33e1d..ccd4f145c464 100644 --- a/arch/x86/kernel/cpu/sgx/sgx.h +++ b/arch/x86/kernel/cpu/sgx/sgx.h @@ -83,4 +83,6 @@ void sgx_mark_page_reclaimable(struct sgx_epc_page *page); int sgx_unmark_page_reclaimable(struct sgx_epc_page *page); struct sgx_epc_page *sgx_alloc_epc_page(void *owner, bool reclaim); +void sgx_update_lepubkeyhash(u64 *lepubkeyhash); + #endif /* _X86_SGX_H */
Add a helper to update SGX_LEPUBKEYHASHn MSRs. SGX virtualization also needs to update those MSRs based on guest's "virtual" SGX_LEPUBKEYHASHn before EINIT from guest. Signed-off-by: Kai Huang <kai.huang@intel.com> --- v2->v3: - Added comment for sgx_update_lepubkeyhash(), per Jarkko and Dave. --- arch/x86/kernel/cpu/sgx/ioctl.c | 5 ++--- arch/x86/kernel/cpu/sgx/main.c | 15 +++++++++++++++ arch/x86/kernel/cpu/sgx/sgx.h | 2 ++ 3 files changed, 19 insertions(+), 3 deletions(-)