s/supprt/support
On Wed, Mar 04, 2020 at 01:35:54AM +0200, Jarkko Sakkinen wrote:
> @@ -123,13 +132,21 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
> msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX;
> }
>
> + /*
> + * Enable SGX if and only if the kernel supports SGX and Launch Control
> + * is supported, i.e. disable SGX if the LE hash MSRs can't be written.
> + */
> + if (cpu_has(c, X86_FEATURE_SGX) && cpu_has(c, X86_FEATURE_SGX_LC) &&
> + IS_ENABLED(CONFIG_INTEL_SGX))
This should probably check X86_FEATURE_SGX1 to handle the (unlikely) case
where SGX is supported but is soft disabled, e.g. due to a (corrected) #MC.
> + msr |= FEAT_CTL_SGX_ENABLED | FEAT_CTL_SGX_LC_ENABLED;
> +
> wrmsrl(MSR_IA32_FEAT_CTL, msr);
>
> update_caps:
> set_cpu_cap(c, X86_FEATURE_MSR_IA32_FEAT_CTL);
>
> if (!cpu_has(c, X86_FEATURE_VMX))
> - return;
> + goto update_sgx;
>
> if ( (tboot && !(msr & FEAT_CTL_VMX_ENABLED_INSIDE_SMX)) ||
> (!tboot && !(msr & FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX))) {
> @@ -142,4 +159,14 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
> init_vmx_capabilities(c);
> #endif
> }
> +
> +update_sgx:
> + if (!cpu_has(c, X86_FEATURE_SGX) || !cpu_has(c, X86_FEATURE_SGX_LC)) {
Same thing here for SGX1. Since the checks are getting rather lengthy, it
probably makes sense to consolidate the logic using a local bool, e.g. as a
delta patch:
---
arch/x86/kernel/cpu/feat_ctl.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c
index b16b71a6da74..ef4ddd6c8630 100644
--- a/arch/x86/kernel/cpu/feat_ctl.c
+++ b/arch/x86/kernel/cpu/feat_ctl.c
@@ -103,6 +103,7 @@ static void clear_sgx_caps(void)
void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
{
bool tboot = tboot_enabled();
+ bool enable_sgx;
u64 msr;
if (rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr)) {
@@ -111,6 +112,15 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
return;
}
+ /*
+ * Enable SGX if and only if the kernel supports SGX and Launch Control
+ * is supported, i.e. disable SGX if the LE hash MSRs can't be written.
+ */
+ enable_sgx = cpu_has(c, X86_FEATURE_SGX) &&
+ cpu_has(c, X86_FEATURE_SGX1) &&
+ cpu_has(c, X86_FEATURE_SGX_LC) &&
+ IS_ENABLED(CONFIG_INTEL_SGX);
+
if (msr & FEAT_CTL_LOCKED)
goto update_caps;
@@ -132,12 +142,7 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX;
}
- /*
- * Enable SGX if and only if the kernel supports SGX and Launch Control
- * is supported, i.e. disable SGX if the LE hash MSRs can't be written.
- */
- if (cpu_has(c, X86_FEATURE_SGX) && cpu_has(c, X86_FEATURE_SGX_LC) &&
- IS_ENABLED(CONFIG_INTEL_SGX))
+ if (enable_sgx)
msr |= FEAT_CTL_SGX_ENABLED | FEAT_CTL_SGX_LC_ENABLED;
wrmsrl(MSR_IA32_FEAT_CTL, msr);
@@ -161,11 +166,9 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
}
update_sgx:
- if (!cpu_has(c, X86_FEATURE_SGX) || !cpu_has(c, X86_FEATURE_SGX_LC)) {
- clear_sgx_caps();
- } else if (!(msr & FEAT_CTL_SGX_ENABLED) ||
- !(msr & FEAT_CTL_SGX_LC_ENABLED)) {
- if (IS_ENABLED(CONFIG_INTEL_SGX))
+ if (!(msr & FEAT_CTL_SGX_ENABLED) ||
+ !(msr & FEAT_CTL_SGX_LC_ENABLED) || !enable_sgx) {
+ if (enable_sgx)
pr_err_once("SGX disabled by BIOS\n");
clear_sgx_caps();
}
--
2.24.1
> + clear_sgx_caps();
> + } else if (!(msr & FEAT_CTL_SGX_ENABLED) ||
> + !(msr & FEAT_CTL_SGX_LC_ENABLED)) {
> + if (IS_ENABLED(CONFIG_INTEL_SGX))
> + pr_err_once("SGX disabled by BIOS\n");
> + clear_sgx_caps();
> + }
> }
> --
> 2.25.0
>
