On Thu, Apr 06, 2023, Huang, Kai wrote:
> On Wed, 2023-04-05 at 16:45 -0700, Sean Christopherson wrote:
> > Per Intel's SDM, unsupported ENCLS leafs result in a #GP, not a #UD.
> > SGX1 is a special snowflake as the SGX1 flag is used by the CPU as a
> > "soft" disable, e.g. if software disables machine check reporting, i.e.
> > having SGX but not SGX1 is effectively "SGX completely unsupported" and
> > and thus #UDs.
>
> If I recall correctly, this is an erratum which can clear SGX1 in CPUID while
> the SGX flag is still in CPUID?
Nope, not an erratum, architectural behavior.
> But I am not sure whether this part is relevant to this patch? Because SDM
> already says ENCLS causes #UD if SGX1 isn't present. This patch changes
> "unsupported leaf" from causing #UD to causing #GP, which is also documented in
> SDM.
I wanted to capture why SGX1 is different and given special treatment in the SDM.
I.e. to explain why SGX1 leafs are an exception to the "#GP if leaf unsupported"
clause.
> > Fixes: 9798adbc04cf ("KVM: VMX: Frame in ENCLS handler for SGX virtualization")
> > Cc: Binbin Wu <binbin.wu@xxxxxxxxxxxxxxx>
> > Cc: Kai Huang <kai.huang@xxxxxxxxx>
> > Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
> > ---
> > arch/x86/kvm/vmx/sgx.c | 15 +++++++++------
> > 1 file changed, 9 insertions(+), 6 deletions(-)
> >
> > diff --git a/arch/x86/kvm/vmx/sgx.c b/arch/x86/kvm/vmx/sgx.c
> > index f881f6ff6408..1c092ab89c33 100644
> > --- a/arch/x86/kvm/vmx/sgx.c
> > +++ b/arch/x86/kvm/vmx/sgx.c
> > @@ -350,11 +350,12 @@ static int handle_encls_einit(struct kvm_vcpu *vcpu)
> >
> > static inline bool encls_leaf_enabled_in_guest(struct kvm_vcpu *vcpu, u32 leaf)
> > {
> > - if (!enable_sgx || !guest_cpuid_has(vcpu, X86_FEATURE_SGX))
> > - return false;
> > -
> > + /*
> > + * ENCLS #UDs if SGX1 isn't supported, i.e. this point will be reached
>
> Why #UDs instead of #UD? Is #UD a verb?
Heh, it is now ;-) I can reword to something like
/*
* ENCLS generates a #UD if SGX1 isn't supported ...
*/
if my made up grammar is confusing.
> > + * if and only if the SGX1 leafs are enabled.
> > + */
>
> Is it better to move "ENCLS #UDs if SGX1 isn't supported" part to ...
>
> > if (leaf >= ECREATE && leaf <= ETRACK)
> > - return guest_cpuid_has(vcpu, X86_FEATURE_SGX1);
> > + return true;
> >
> > if (leaf >= EAUG && leaf <= EMODT)
> > return guest_cpuid_has(vcpu, X86_FEATURE_SGX2);
> > @@ -373,9 +374,11 @@ int handle_encls(struct kvm_vcpu *vcpu)
> > {
> > u32 leaf = (u32)kvm_rax_read(vcpu);
> >
> > - if (!encls_leaf_enabled_in_guest(vcpu, leaf)) {
> > + if (!enable_sgx || !guest_cpuid_has(vcpu, X86_FEATURE_SGX) ||
> > + !guest_cpuid_has(vcpu, X86_FEATURE_SGX1)) {
> > kvm_queue_exception(vcpu, UD_VECTOR);
>
> ... above here, where the actual code reside?
My goal was to document why encls_leaf_enabled_in_guest() unconditionally returns
true for SGX1 leafs, i.e. why it doesn't query X86_FEATURE_SGX1. I'm definitely
not opposed to also adding a comment here, but I do want to keep the comment in
encls_leaf_enabled_in_guest().
