On Fri, 2022-09-09 at 20:08 +1200, Kai Huang wrote:
> Currently on platform which has SGX enabled, if CONFIG_X86_SGX is not
> enabled, the X86_FEATURE_SGX is not cleared, resulting in /proc/cpuinfo
> shows "sgx" feature. This is not desired.
>
> Clear SGX feature bit if both SGX driver and KVM SGX are not enabled in
> init_ia32_feat_ctl().
>
> Signed-off-by: Kai Huang <kai.huang@xxxxxxxxx>
> ---
>
> Hi Dave, Sean, Jarkko,
>
> Could you help to review? Tested on SGX (BIOS) enabled machine with
> CONFIG_X86_SGX unset.
>
> This patch is generated on latest tip/master, but it applies to
> tip/x86/sgx cleanly as well.
>
> ---
> arch/x86/kernel/cpu/feat_ctl.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c
> index 993697e71854..2f67409f5f00 100644
> --- a/arch/x86/kernel/cpu/feat_ctl.c
> +++ b/arch/x86/kernel/cpu/feat_ctl.c
> @@ -191,6 +191,19 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
> return;
> }
>
> + /*
> + * By reaching here, it is certain that:
> + * - CPU supports SGX.
> + * - SGX is enabled by BIOS.
> + *
> + * However if both SGX driver and KVM SGX are not enabled, just
> + * need to clear SGX feature bit.
> + */
> + if (!enable_sgx_driver && !enable_sgx_kvm) {
> + clear_cpu_cap(c, X86_FEATURE_SGX);
> + return;
> + }
> +
Sorry my bad. I sent out the patch too quickly. This check should be moved
down after checking X86_FEATURE_VMX flag which may result in enable_sgx_kvm
being set to false. I'll send out v2.
--
Thanks,
-Kai
