Currently on platform which has SGX enabled, if CONFIG_X86_SGX is not
enabled, the X86_FEATURE_SGX is not cleared, resulting in /proc/cpuinfo
shows "sgx" feature. This is not desired.
Clear SGX feature bit if both SGX driver and KVM SGX are not enabled in
init_ia32_feat_ctl().
Signed-off-by: Kai Huang <kai.huang@xxxxxxxxx>
---
Hi Dave, Sean, Jarkko,
Could you help to review? Tested on SGX (BIOS) enabled machine with
CONFIG_X86_SGX unset.
This patch is generated on latest tip/master, but it applies to
tip/x86/sgx cleanly as well.
---
arch/x86/kernel/cpu/feat_ctl.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c
index 993697e71854..2f67409f5f00 100644
--- a/arch/x86/kernel/cpu/feat_ctl.c
+++ b/arch/x86/kernel/cpu/feat_ctl.c
@@ -191,6 +191,19 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
return;
}
+ /*
+ * By reaching here, it is certain that:
+ * - CPU supports SGX.
+ * - SGX is enabled by BIOS.
+ *
+ * However if both SGX driver and KVM SGX are not enabled, just
+ * need to clear SGX feature bit.
+ */
+ if (!enable_sgx_driver && !enable_sgx_kvm) {
+ clear_cpu_cap(c, X86_FEATURE_SGX);
+ return;
+ }
+
/*
* VMX feature bit may be cleared due to being disabled in BIOS,
* in which case SGX virtualization cannot be supported either.
base-commit: b8b09110cf290fdab4006b717da7a776ffb0cb73
--
2.37.1
