On Wed, Mar 20, 2019 at 06:20:53PM +0200, Jarkko Sakkinen wrote: > From: Kai Huang <kai.huang@xxxxxxxxxxxxxxx> > > X86_FEATURE_SGX reflects whether or not the CPU supports Intel's > Software Guard eXtensions (SGX). > > Signed-off-by: Kai Huang <kai.huang@xxxxxxxxxxxxxxx> > Co-developed-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> > Reviewed-by: Borislav Petkov <bp@xxxxxxx> > --- > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/disabled-features.h | 8 +++++++- > 2 files changed, 8 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > index 981ff9479648..a16325db4cff 100644 > --- a/arch/x86/include/asm/cpufeatures.h > +++ b/arch/x86/include/asm/cpufeatures.h > @@ -236,6 +236,7 @@ > /* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */ > #define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/ > #define X86_FEATURE_TSC_ADJUST ( 9*32+ 1) /* TSC adjustment MSR 0x3B */ > +#define X86_FEATURE_SGX ( 9*32+ 2) /* Software Guard Extensions */ > #define X86_FEATURE_BMI1 ( 9*32+ 3) /* 1st group bit manipulation extensions */ > #define X86_FEATURE_HLE ( 9*32+ 4) /* Hardware Lock Elision */ > #define X86_FEATURE_AVX2 ( 9*32+ 5) /* AVX2 instructions */ > diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h > index a5ea841cc6d2..74de07d0f390 100644 > --- a/arch/x86/include/asm/disabled-features.h > +++ b/arch/x86/include/asm/disabled-features.h > @@ -62,6 +62,12 @@ > # define DISABLE_PTI (1 << (X86_FEATURE_PTI & 31)) > #endif > > +#ifdef CONFIG_INTEL_SGX > +# define DISABLE_SGX_CORE 0 > +#else > +# define DISABLE_SGX_CORE (1 << (X86_FEATURE_SGX & 31)) > +#endif > + > /* > * Make sure to add features to the correct mask > */ > @@ -74,7 +80,7 @@ > #define DISABLED_MASK6 0 > #define DISABLED_MASK7 (DISABLE_PTI) > #define DISABLED_MASK8 0 > -#define DISABLED_MASK9 (DISABLE_MPX|DISABLE_SMAP) > +#define DISABLED_MASK9 (DISABLE_MPX|DISABLE_SMAP|DISABLE_SGX_CORE) > #define DISABLED_MASK10 0 > #define DISABLED_MASK11 0 > #define DISABLED_MASK12 0 > -- > 2.19.1 > Just out of curiosity, would it be worthwhile to separate out the cpufeature patches here to post and integrate them separately? It would at least reduce the size of this patch set slightly, as these aren't controversial changes Neil