| Message ID | 6730fbd2f7b26532f09e5a5e416a58f03a66d222.1614590788.git.kai.huang@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM SGX virtualization support | expand |
On Mon, Mar 01, 2021, Kai Huang wrote: > diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c > index 8c922e68274d..276220d0e4b5 100644 > --- a/arch/x86/kernel/cpu/sgx/main.c > +++ b/arch/x86/kernel/cpu/sgx/main.c > @@ -696,6 +696,21 @@ static bool __init sgx_page_cache_init(void) > return true; > } > > + > +/* > + * Update the SGX_LEPUBKEYHASH MSRs to the values specified by caller. > + * Bare-metal driver requires to update them to hash of enclave's signer > + * before EINIT. KVM needs to update them to guest's virtual MSR values > + * before doing EINIT from guest. > + */ > +void sgx_update_lepubkeyhash(u64 *lepubkeyhash) > +{ > + int i; Probably worth adding: WARN_ON_ONCE(preemptible()); > + > + for (i = 0; i < 4; i++) > + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + i, lepubkeyhash[i]); > +} > + > static int __init sgx_init(void) > { > int ret;
On Mon, 2021-03-01 at 08:57 -0800, Sean Christopherson wrote: > On Mon, Mar 01, 2021, Kai Huang wrote: > > diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c > > index 8c922e68274d..276220d0e4b5 100644 > > --- a/arch/x86/kernel/cpu/sgx/main.c > > +++ b/arch/x86/kernel/cpu/sgx/main.c > > @@ -696,6 +696,21 @@ static bool __init sgx_page_cache_init(void) > > return true; > > } > > > > > > > > > > + > > +/* > > + * Update the SGX_LEPUBKEYHASH MSRs to the values specified by caller. > > + * Bare-metal driver requires to update them to hash of enclave's signer > > + * before EINIT. KVM needs to update them to guest's virtual MSR values > > + * before doing EINIT from guest. > > + */ > > +void sgx_update_lepubkeyhash(u64 *lepubkeyhash) > > +{ > > + int i; > > Probably worth adding: > > WARN_ON_ONCE(preemptible()); Agreed. Will do. > > > + > > + for (i = 0; i < 4; i++) > > + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + i, lepubkeyhash[i]); > > +} > > + > > static int __init sgx_init(void) > > { > > int ret;
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index e5977752c7be..1bae754268d1 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -495,7 +495,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, void *token) { u64 mrsigner[4]; - int i, j, k; + int i, j; void *addr; int ret; @@ -544,8 +544,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, preempt_disable(); - for (k = 0; k < 4; k++) - wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + k, mrsigner[k]); + sgx_update_lepubkeyhash(mrsigner); ret = __einit(sigstruct, token, addr); diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 8c922e68274d..276220d0e4b5 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -696,6 +696,21 @@ static bool __init sgx_page_cache_init(void) return true; } + +/* + * Update the SGX_LEPUBKEYHASH MSRs to the values specified by caller. + * Bare-metal driver requires to update them to hash of enclave's signer + * before EINIT. KVM needs to update them to guest's virtual MSR values + * before doing EINIT from guest. + */ +void sgx_update_lepubkeyhash(u64 *lepubkeyhash) +{ + int i; + + for (i = 0; i < 4; i++) + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + i, lepubkeyhash[i]); +} + static int __init sgx_init(void) { int ret; diff --git a/arch/x86/kernel/cpu/sgx/sgx.h b/arch/x86/kernel/cpu/sgx/sgx.h index 5d71c9c8644d..d4b19e5cca16 100644 --- a/arch/x86/kernel/cpu/sgx/sgx.h +++ b/arch/x86/kernel/cpu/sgx/sgx.h @@ -92,4 +92,6 @@ static inline int __init sgx_vepc_init(void) } #endif +void sgx_update_lepubkeyhash(u64 *lepubkeyhash); + #endif /* _X86_SGX_H */