Re: [PATCH] x86/sgx: Declare sgx_set_attribute() for !CONFIG_X86_SGX

Sean Christopherson <seanjc@xxxxxxxxxx> · Fri, 3 Sep 2021 15:29:57 +0000

On Fri, Sep 03, 2021, Jarkko Sakkinen wrote:
> Simplify sgx_set_attribute() usage by declaring a fallback
> implementation for it rather than requiring to have compilation
> flag checks in the call site. The fallback unconditionally returns
> -EINVAL.
> 
> Refactor the call site in kvm_vm_ioctl_enable_cap() accordingly.
> The net result is the same: KVM_CAP_SGX_ATTRIBUTE causes -EINVAL
> when kernel is compiled without CONFIG_X86_SGX_KVM.

Eh, it doesn't really simplify the usage.  If anything it makes it more convoluted
because the capability check in kvm_vm_ioctl_check_extension() still needs an
#ifdef, e.g. readers will wonder why the check is conditional but the usage is not.

> Cc: Tony Luck <tony.luck@xxxxxxxxx>
> Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> ---
>  arch/x86/include/asm/sgx.h | 8 ++++++++
>  arch/x86/kvm/x86.c         | 2 --
>  2 files changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h
> index 05f3e21f01a7..31ee106c0f4b 100644
> --- a/arch/x86/include/asm/sgx.h
> +++ b/arch/x86/include/asm/sgx.h
> @@ -372,7 +372,15 @@ int sgx_virt_einit(void __user *sigstruct, void __user *token,
>  		   void __user *secs, u64 *lepubkeyhash, int *trapnr);
>  #endif
>  
> +#ifdef CONFIG_X86_SGX
>  int sgx_set_attribute(unsigned long *allowed_attributes,
>  		      unsigned int attribute_fd);
> +#else
> +static inline int sgx_set_attribute(unsigned long *allowed_attributes,
> +				    unsigned int attribute_fd)
> +{
> +	return -EINVAL;
> +}
> +#endif
>  
>  #endif /* _ASM_X86_SGX_H */
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index e5d5c5ed7dd4..a6a27a8f41eb 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -5633,7 +5633,6 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
>  			kvm->arch.bus_lock_detection_enabled = true;
>  		r = 0;
>  		break;
> -#ifdef CONFIG_X86_SGX_KVM
>  	case KVM_CAP_SGX_ATTRIBUTE: {
>  		unsigned long allowed_attributes = 0;
>  
> @@ -5649,7 +5648,6 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
>  			r = -EINVAL;
>  		break;
>  	}
> -#endif
>  	case KVM_CAP_VM_COPY_ENC_CONTEXT_FROM:
>  		r = -EINVAL;
>  		if (kvm_x86_ops.vm_copy_enc_context_from)
> -- 
> 2.25.1
> 