From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828039; cv=none; d=zohomail.com; s=zohoarc; b=TAp6PojKZwEJnIGFjQiiqxWFdau0YtwkDRNLhtnaOmk3bg1eo/46XBJqoYX8bxgWSzh5t/Nh0x/ScsIpeFnlTpZ6bN9rmW/62fO/GGy4+DiuLdu+XH5utsj7dxJu9cz9++X1q4uPqORAUYcuB8ZSjlzXH13pNOSqu16KjdFNo4M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828039; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=g76wmo3fc6YtTD9sP0vp6rPRw8r/nuQe3JGF1ndhBXA=; b=KJLdu7rUV3QpQa8p+/HtPPyjtxKZHl0nr04ArT98NQE/EZQl9iCKJv+gSX0Mwwj4PzL6OEzu8BaGG+PyGd3QxdU5Y7P4EFCsjY5cwVNzWg2lzPbE3z4ZoDsY6OyEqDRHwOVwP0Ab8ypK5xDU7vdSJ9xHXjszoGrlI2We8b4/MRg= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828039070301.8663557243459; Mon, 19 Apr 2021 03:27:19 -0700 (PDT) Received: from localhost ([::1]:57950 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYR7d-0000mC-Ub for importer@patchew.org; Mon, 19 Apr 2021 06:27:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32774) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3B-0003uI-GR for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:41 -0400 Received: from mga17.intel.com ([192.55.52.151]:24096) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR36-000256-JX for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:41 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:30 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:28 -0700 IronPort-SDR: JCJaS7hEwLwoUSGzuZ/PgRtJ8bgw8Nj5EpnDXflpikA7OuAi70TMpq+D6ghVe8/bTwfr9yDOFj /WemfQJb51eQ== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409243" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409243" IronPort-SDR: fzrEoVFt8VoN4xDzGz1zsMV+zAvWx1W6alYh9hd6Bz1rkrwI4d26JeIidJVTO+mzNtDJLCMSiR K07UkuR2Dm4Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947279" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 01/32] memory: Add RAM_PROTECTED flag to skip IOMMU mappings Date: Mon, 19 Apr 2021 18:01:25 +0800 Message-Id: <20210419100156.53504-2-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Add a new RAMBlock flag to denote "protected" memory, i.e. memory that looks and acts like RAM but is inaccessible via normal mechanisms, including DMA. Use the flag to skip protected memory regions when mapping RAM for DMA in VFIO. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- backends/hostmem-memfd.c | 2 +- hw/misc/ivshmem.c | 2 +- hw/remote/memory.c | 2 +- hw/vfio/common.c | 1 + include/exec/memory.h | 15 +++++++++++++++ softmmu/memory.c | 12 ++++++++++-- softmmu/physmem.c | 2 +- 7 files changed, 30 insertions(+), 6 deletions(-) diff --git a/backends/hostmem-memfd.c b/backends/hostmem-memfd.c index 69b0ae30bb..d4267cc35c 100644 --- a/backends/hostmem-memfd.c +++ b/backends/hostmem-memfd.c @@ -55,7 +55,7 @@ memfd_backend_memory_alloc(HostMemoryBackend *backend, Er= ror **errp) name =3D host_memory_backend_get_name(backend); memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend), name, backend->size, - backend->share, fd, 0, errp); + backend->share, false, fd, 0, errp); g_free(name); } =20 diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c index a1fa4878be..aa3fa80774 100644 --- a/hw/misc/ivshmem.c +++ b/hw/misc/ivshmem.c @@ -494,7 +494,7 @@ static void process_msg_shmem(IVShmemState *s, int fd, = Error **errp) =20 /* mmap the region and map into the BAR2 */ memory_region_init_ram_from_fd(&s->server_bar2, OBJECT(s), - "ivshmem.bar2", size, true, fd, 0, + "ivshmem.bar2", size, true, false, fd, = 0, &local_err); if (local_err) { error_propagate(errp, local_err); diff --git a/hw/remote/memory.c b/hw/remote/memory.c index 32085b1e05..5d0a213030 100644 --- a/hw/remote/memory.c +++ b/hw/remote/memory.c @@ -48,7 +48,7 @@ void remote_sysmem_reconfig(MPQemuMsg *msg, Error **errp) name =3D g_strdup_printf("remote-mem-%u", suffix++); memory_region_init_ram_from_fd(subregion, NULL, name, sysmem_info->sizes[region], - true, msg->fds[region], + true, false, msg->fds[region], sysmem_info->offsets[region], errp); =20 diff --git a/hw/vfio/common.c b/hw/vfio/common.c index ae5654fcdb..5bc5d29358 100644 --- a/hw/vfio/common.c +++ b/hw/vfio/common.c @@ -538,6 +538,7 @@ static bool vfio_listener_skipped_section(MemoryRegionS= ection *section) { return (!memory_region_is_ram(section->mr) && !memory_region_is_iommu(section->mr)) || + memory_region_is_protected(section->mr) || /* * Sizing an enabled 64-bit BAR can cause spurious mappings to * addresses in the upper part of the 64-bit address space. Th= ese diff --git a/include/exec/memory.h b/include/exec/memory.h index 5728a681b2..2816e52be3 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -155,6 +155,9 @@ typedef struct IOMMUTLBEvent { */ #define RAM_UF_WRITEPROTECT (1 << 6) =20 +/* RAM that isn't accessible through normal means. */ +#define RAM_PROTECTED (1 << 7) + static inline void iommu_notifier_init(IOMMUNotifier *n, IOMMUNotify fn, IOMMUNotifierFlag flags, hwaddr start, hwaddr end, @@ -1021,6 +1024,7 @@ void memory_region_init_ram_from_file(MemoryRegion *m= r, * @name: the name of the region. * @size: size of the region. * @share: %true if memory must be mmaped with the MAP_SHARED flag + * @protected: %true if memory is protected and isn't treated like normal = RAM * @fd: the fd to mmap. * @offset: offset within the file referenced by fd * @errp: pointer to Error*, to store an error if it happens. @@ -1033,6 +1037,7 @@ void memory_region_init_ram_from_fd(MemoryRegion *mr, const char *name, uint64_t size, bool share, + bool protected, int fd, ram_addr_t offset, Error **errp); @@ -1321,6 +1326,16 @@ static inline bool memory_region_is_romd(MemoryRegio= n *mr) return mr->rom_device && mr->romd_mode; } =20 +/** + * memory_region_is_protected: check whether a memory region is protected + * + * Returns %true if a memory region is protected RAM and cannot be accessed + * via standard mechanisms, e.g. DMA. + * + * @mr: the memory region being queried + */ +bool memory_region_is_protected(MemoryRegion *mr); + /** * memory_region_get_iommu: check whether a memory region is an iommu * diff --git a/softmmu/memory.c b/softmmu/memory.c index d4493ef9e4..0c9eb335ca 100644 --- a/softmmu/memory.c +++ b/softmmu/memory.c @@ -1612,18 +1612,21 @@ void memory_region_init_ram_from_fd(MemoryRegion *m= r, const char *name, uint64_t size, bool share, + bool protected, int fd, ram_addr_t offset, Error **errp) { + uint32_t ram_flags =3D (share ? RAM_SHARED : 0) | + (protected ? RAM_PROTECTED : 0); Error *err =3D NULL; memory_region_init(mr, owner, name, size); mr->ram =3D true; mr->terminates =3D true; mr->destructor =3D memory_region_destructor_ram; - mr->ram_block =3D qemu_ram_alloc_from_fd(size, mr, - share ? RAM_SHARED : 0, + mr->ram_block =3D qemu_ram_alloc_from_fd(size, mr, ram_flags, fd, offset, false, &err); + if (err) { mr->size =3D int128_zero(); object_unparent(OBJECT(mr)); @@ -1810,6 +1813,11 @@ bool memory_region_is_ram_device(MemoryRegion *mr) return mr->ram_device; } =20 +bool memory_region_is_protected(MemoryRegion *mr) +{ + return mr->ram && (mr->ram_block->flags & RAM_PROTECTED); +} + uint8_t memory_region_get_dirty_log_mask(MemoryRegion *mr) { uint8_t mask =3D mr->dirty_log_mask; diff --git a/softmmu/physmem.c b/softmmu/physmem.c index 85034d9c11..ae79cbea96 100644 --- a/softmmu/physmem.c +++ b/softmmu/physmem.c @@ -2022,7 +2022,7 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, Mem= oryRegion *mr, int64_t file_size, file_align; =20 /* Just support these ram flags by now. */ - assert((ram_flags & ~(RAM_SHARED | RAM_PMEM)) =3D=3D 0); + assert((ram_flags & ~(RAM_SHARED | RAM_PMEM | RAM_PROTECTED)) =3D=3D 0= ); =20 if (xen_enabled()) { error_setg(errp, "-mem-path not supported with Xen"); --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618827854; cv=none; d=zohomail.com; s=zohoarc; b=l1QEnDDswql/JpDUN7KJ5odaNy/sIGWv01/1KKpao+LfhZsBLF5mYMS7HpmC/NDlVi+526UEtojQbod07rDCISz8+Jv63mSOOGoOiIDmy/NxOmG+2K5MU8VCnkMuPPtWx7El4aqznmlcv/OmjpGrOnJ6t/3POeuT0c157lplVXE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618827854; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ozKOuXOYRC1iON1cF6yBurYSu7SWGyZQJhUipXxxQGw=; b=I8rWxVULMcyD2g4XAKSc9NQDOi4opKQD+DF04aoT8TJpW0aW3VAcCBHiRnoZoP5LvvqjBpXuzXkHzbcNeOfjbvRGJDGZZHQk/eDL9YgiO6X77T8zeHZSWBPPuvEznWFkundIXxl/7+sTg4WP0W/PgWkHS4avBbdSaz47WiylI4w= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618827854491297.13135254382814; Mon, 19 Apr 2021 03:24:14 -0700 (PDT) Received: from localhost ([::1]:49410 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYR4f-0005ao-Dr for importer@patchew.org; Mon, 19 Apr 2021 06:24:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60964) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3A-0003uA-Mg for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:41 -0400 Received: from mga17.intel.com ([192.55.52.151]:24099) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR36-00025K-1m for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:39 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:32 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:30 -0700 IronPort-SDR: JJpWbtRC/lcU5hHTL9cbQSMzRUYeFifyl4ipfWCkE2tSfiR4MpKxCXa6krnySujuMz/6Vcl05W NNT2llKGMyag== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409248" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409248" IronPort-SDR: gOhrmgj9cf/2AMu8/tyMEbogHXzQjtz9NKsN3z+ioxz0TITPDc5VJ6gEgewPcyOGx2lS97VcC5 ui6jPRcza5Aw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947289" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 02/32] hostmem: Add hostmem-epc as a backend for SGX EPC Date: Mon, 19 Apr 2021 18:01:26 +0800 Message-Id: <20210419100156.53504-3-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson EPC (Enclave Page Cahe) is a specialized type of memory used by Intel SGX (Software Guard Extensions). The SDM desribes EPC as: The Enclave Page Cache (EPC) is the secure storage used to store enclave pages when they are a part of an executing enclave. For an EPC page, hardware performs additional access control checks to restrict access to the page. After the current page access checks and translations are performed, the hardware checks that the EPC page is accessible to the program currently executing. Generally an EPC page is only accessed by the owner of the executing enclave or an instruction which is setting up an EPC page. Because of its unique requirements, Linux manages EPC separately from normal memory. Similar to memfd, the device /dev/sgx_vepc can be opened to obtain a file descriptor which can in turn be used to mmap() EPC memory. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- backends/hostmem-epc.c | 90 ++++++++++++++++++++++++++++++++++++++++++ backends/meson.build | 1 + 2 files changed, 91 insertions(+) create mode 100644 backends/hostmem-epc.c diff --git a/backends/hostmem-epc.c b/backends/hostmem-epc.c new file mode 100644 index 0000000000..627318c0a6 --- /dev/null +++ b/backends/hostmem-epc.c @@ -0,0 +1,90 @@ +/* + * QEMU host SGX EPC memory backend + * + * Copyright (C) 2019 Intel Corporation + * + * Authors: + * Sean Christopherson + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ +#include + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "qom/object_interfaces.h" +#include "qapi/error.h" +#include "sysemu/hostmem.h" + +#define TYPE_MEMORY_BACKEND_EPC "memory-backend-epc" + +#define MEMORY_BACKEND_EPC(obj) \ + OBJECT_CHECK(HostMemoryBackendEpc, (obj), TYPE_MEMORY_BACKEND_EPC) + +typedef struct HostMemoryBackendEpc HostMemoryBackendEpc; + +struct HostMemoryBackendEpc { + HostMemoryBackend parent_obj; +}; + +static void +sgx_epc_backend_memory_alloc(HostMemoryBackend *backend, Error **errp) +{ + char *name; + int fd; + + if (!backend->size) { + error_setg(errp, "can't create backend with size 0"); + return; + } + + fd =3D open("/dev/sgx_vepc", O_RDWR); + if (fd < 0) { + error_setg_errno(errp, errno, + "failed to open /dev/sgx_vepc to alloc SGX EPC"); + return; + } + + name =3D object_get_canonical_path(OBJECT(backend)); + memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend), + name, backend->size, backend->share, tr= ue, + fd, 0, errp); + g_free(name); +} + +static void sgx_epc_backend_instance_init(Object *obj) +{ + HostMemoryBackend *m =3D MEMORY_BACKEND(obj); + + m->share =3D true; + m->merge =3D false; + m->dump =3D false; +} + +static void sgx_epc_backend_class_init(ObjectClass *oc, void *data) +{ + HostMemoryBackendClass *bc =3D MEMORY_BACKEND_CLASS(oc); + + bc->alloc =3D sgx_epc_backend_memory_alloc; +} + +static const TypeInfo sgx_epc_backed_info =3D { + .name =3D TYPE_MEMORY_BACKEND_EPC, + .parent =3D TYPE_MEMORY_BACKEND, + .instance_init =3D sgx_epc_backend_instance_init, + .class_init =3D sgx_epc_backend_class_init, + .instance_size =3D sizeof(HostMemoryBackendEpc), +}; + +static void register_types(void) +{ + int fd =3D open("/dev/sgx_vepc", O_RDWR); + if (fd >=3D 0) { + close(fd); + + type_register_static(&sgx_epc_backed_info); + } +} + +type_init(register_types); diff --git a/backends/meson.build b/backends/meson.build index d4221831fc..46fd16b269 100644 --- a/backends/meson.build +++ b/backends/meson.build @@ -16,5 +16,6 @@ softmmu_ss.add(when: ['CONFIG_VHOST_USER', 'CONFIG_VIRTIO= '], if_true: files('vho softmmu_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('cryptodev-vho= st.c')) softmmu_ss.add(when: ['CONFIG_VIRTIO_CRYPTO', 'CONFIG_VHOST_CRYPTO'], if_t= rue: files('cryptodev-vhost-user.c')) softmmu_ss.add(when: 'CONFIG_GIO', if_true: [files('dbus-vmstate.c'), gio]) +softmmu_ss.add(when: 'CONFIG_LINUX', if_true: files('hostmem-epc.c')) =20 subdir('tpm') --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828030; cv=none; d=zohomail.com; s=zohoarc; b=cy0Nfc6kSVUYeibUE3mDIUM1H8RuBH3uzE6uTda7One1uMMnq2yQ3zFtpyVvP0d6oZQk2oR13R02quYm4z3V03QgnTW6acDIP5Hm7e+rIlrW63E8x4TQjhDh4ZCdDS/9aRaNcl+nTgBsX/Z2tgZSHMv1SFc3X+sj/ucVAorAiYs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828030; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=NxKz73jjuCWtqbjLLy5iO09LfLz77LfdWKAH5QBzWYE=; b=a2BQamZiGdLrwsQTmJvLxtKcXR/Fi/eZyWs6kDFU7zFQZc6YXi/VkgdGUKPydmeRLLAB8eeq0TFG/NiUeUFSz8inMIDb3+fFjgt7MaHSegkR7JEWoS6X2eTRDg+yUnBDiw75mDMRM0ftolRa2mXxULUhPr4lcIZgP45zrkLuPtE= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828030919380.98593211834896; Mon, 19 Apr 2021 03:27:10 -0700 (PDT) Received: from localhost ([::1]:57890 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYR7V-0000jd-Ns for importer@patchew.org; Mon, 19 Apr 2021 06:27:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32802) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3D-0003vN-PI for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:44 -0400 Received: from mga17.intel.com ([192.55.52.151]:24099) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3A-00025K-1e for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:43 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:34 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:32 -0700 IronPort-SDR: hWeG++A4ei8M6aieF0JdVtK2hpmOPJUWNSP+Zu3lYpoXFcAT5bwNkIoCskeaSVJji5cickKv3j VFR9N8EPUqkg== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409253" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409253" IronPort-SDR: oxLtBSYy1bdC/zoPZLcrwwr+c+vx6xilF3oQLRMJzCCxojlktbl1SgroRl3+hkDWP5DzBW+RH8 Bnki9Nw39pCw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947298" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 03/32] qom: Add memory-backend-epc ObjectOptions support Date: Mon, 19 Apr 2021 18:01:27 +0800 Message-Id: <20210419100156.53504-4-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" Add the new 'memory-backend-epc' user creatable QOM object in the ObjectOptions to support SGX, or the sgx backend object cannot bootup. Signed-off-by: Yang Zhong --- qapi/qom.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/qapi/qom.json b/qapi/qom.json index cd0e76d564..fd6fbee597 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -767,6 +767,7 @@ { 'name': 'memory-backend-memfd', 'if': 'defined(CONFIG_LINUX)' }, 'memory-backend-ram', + 'memory-backend-epc', 'pef-guest', 'pr-manager-helper', 'rng-builtin', @@ -824,6 +825,7 @@ 'memory-backend-memfd': { 'type': 'MemoryBackendMemfdPropertie= s', 'if': 'defined(CONFIG_LINUX)' }, 'memory-backend-ram': 'MemoryBackendProperties', + 'memory-backend-epc': 'MemoryBackendProperties', 'pr-manager-helper': 'PrManagerHelperProperties', 'rng-builtin': 'RngProperties', 'rng-egd': 'RngEgdProperties', --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828213; cv=none; d=zohomail.com; s=zohoarc; b=ljODwrKrPN+SDkadASaXPEhAorq2mJSjayX70lfs+OORG+YFbq8ca22osOtXHrl9U4BTF7sG5MhJ/6VL1pwXUoX81InV8E2YZpYq1uszdhM25ZpdrSd8IufHDaP6bRgcbnEWB/hJ/neg0mdRnSD6u2UFppHJ38412s3qdT6vKek= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828213; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=B3QkBawwbQTT8rXGlajamVsw13lVs5m8txqcCayFIFc=; b=YiQTkyQuCNwx2nDGC/JE2MOQZMCqU4SiWOk9faDejCEwqpqgPMaNLc7KQHoJdO1A2OakRKFAglAeYylRAVK4Bwm6Vbj7qeP4x9PNiJjhqXKOa7vWAmyNHX1waKY1GVt2QF8WhLnri3WUm4q19qX97funuaH2shms2BZlbd/aZuw= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828213679810.9952807207012; Mon, 19 Apr 2021 03:30:13 -0700 (PDT) Received: from localhost ([::1]:38118 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRAR-0004AW-PJ for importer@patchew.org; Mon, 19 Apr 2021 06:30:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32834) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3F-0003wR-EG for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:45 -0400 Received: from mga17.intel.com ([192.55.52.151]:24096) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3C-000256-4C for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:45 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:36 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:34 -0700 IronPort-SDR: TKh9lfkUF4NCJLljv0mThN9RGp5SohAkt9YGUtyblYaCbkXGZCNcaTCkL7jjkHiKgz8roxnbsh Idu1WCdFxyUw== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409257" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409257" IronPort-SDR: tBq1txY2zanqTwlaYWl+6ko2pw3VQo32FEeZUOU3ZeHyjLQnYdZfAiSzlSOhTPA2EsMEYRrnMs nD4BXPuzoqaw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947308" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 04/32] i386: Add 'sgx-epc' device to expose EPC sections to guest Date: Mon, 19 Apr 2021 18:01:28 +0800 Message-Id: <20210419100156.53504-5-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson SGX EPC is enumerated through CPUID, i.e. EPC "devices" need to be realized prior to realizing the vCPUs themselves, which occurs long before generic devices are parsed and realized. Because of this, do not allow 'sgx-epc' devices to be instantiated after vCPUS have been created. The 'sgx-epc' device is essentially a placholder at this time, it will be fully implemented in a future patch along with a dedicated command to create 'sgx-epc' devices. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- hw/i386/meson.build | 1 + hw/i386/sgx-epc.c | 161 ++++++++++++++++++++++++++++++++++++++ include/hw/i386/sgx-epc.h | 44 +++++++++++ 3 files changed, 206 insertions(+) create mode 100644 hw/i386/sgx-epc.c create mode 100644 include/hw/i386/sgx-epc.h diff --git a/hw/i386/meson.build b/hw/i386/meson.build index e5d109f5c6..087426c75c 100644 --- a/hw/i386/meson.build +++ b/hw/i386/meson.build @@ -5,6 +5,7 @@ i386_ss.add(files( 'e820_memory_layout.c', 'multiboot.c', 'x86.c', + 'sgx-epc.c', )) =20 i386_ss.add(when: 'CONFIG_X86_IOMMU', if_true: files('x86-iommu.c'), diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c new file mode 100644 index 0000000000..aa487dea79 --- /dev/null +++ b/hw/i386/sgx-epc.c @@ -0,0 +1,161 @@ +/* + * SGX EPC device + * + * Copyright (C) 2019 Intel Corporation + * + * Authors: + * Sean Christopherson + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ +#include "qemu/osdep.h" +#include "hw/i386/pc.h" +#include "hw/i386/sgx-epc.h" +#include "hw/mem/memory-device.h" +#include "hw/qdev-properties.h" +#include "monitor/qdev.h" +#include "qapi/error.h" +#include "qapi/visitor.h" +#include "qemu/config-file.h" +#include "qemu/error-report.h" +#include "qemu/option.h" +#include "qemu/units.h" +#include "target/i386/cpu.h" +#include "exec/address-spaces.h" + +static Property sgx_epc_properties[] =3D { + DEFINE_PROP_UINT64(SGX_EPC_ADDR_PROP, SGXEPCDevice, addr, 0), + DEFINE_PROP_LINK(SGX_EPC_MEMDEV_PROP, SGXEPCDevice, hostmem, + TYPE_MEMORY_BACKEND, HostMemoryBackend *), + DEFINE_PROP_END_OF_LIST(), +}; + +static void sgx_epc_get_size(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + Error *local_err =3D NULL; + uint64_t value; + + value =3D memory_device_get_region_size(MEMORY_DEVICE(obj), &local_err= ); + if (local_err) { + error_propagate(errp, local_err); + return; + } + + visit_type_uint64(v, name, &value, errp); +} + +static void sgx_epc_init(Object *obj) +{ + object_property_add(obj, SGX_EPC_SIZE_PROP, "uint64", sgx_epc_get_size, + NULL, NULL, NULL); +} + +static void sgx_epc_realize(DeviceState *dev, Error **errp) +{ + PCMachineState *pcms =3D PC_MACHINE(qdev_get_machine()); + X86MachineState *x86ms =3D X86_MACHINE(pcms); + SGXEPCDevice *epc =3D SGX_EPC(dev); + const char *path; + + if (x86ms->boot_cpus !=3D 0) { + error_setg(errp, "'" TYPE_SGX_EPC "' can't be created after vCPUs," + "e.g. via -device"); + return; + } + + if (!epc->hostmem) { + error_setg(errp, "'" SGX_EPC_MEMDEV_PROP "' property is not set"); + return; + } else if (host_memory_backend_is_mapped(epc->hostmem)) { + path =3D object_get_canonical_path_component(OBJECT(epc->hostmem)); + error_setg(errp, "can't use already busy memdev: %s", path); + return; + } + + error_setg(errp, "'" TYPE_SGX_EPC "' not supported"); +} + +static void sgx_epc_unrealize(DeviceState *dev) +{ + SGXEPCDevice *epc =3D SGX_EPC(dev); + + host_memory_backend_set_mapped(epc->hostmem, false); +} + +static uint64_t sgx_epc_md_get_addr(const MemoryDeviceState *md) +{ + const SGXEPCDevice *epc =3D SGX_EPC(md); + + return epc->addr; +} + +static void sgx_epc_md_set_addr(MemoryDeviceState *md, uint64_t addr, + Error **errp) +{ + object_property_set_uint(OBJECT(md), SGX_EPC_ADDR_PROP, addr, errp); +} + +static uint64_t sgx_epc_md_get_plugged_size(const MemoryDeviceState *md, + Error **errp) +{ + return 0; +} + +static MemoryRegion *sgx_epc_md_get_memory_region(MemoryDeviceState *md, + Error **errp) +{ + SGXEPCDevice *epc =3D SGX_EPC(md); + + if (!epc->hostmem) { + error_setg(errp, "'" SGX_EPC_MEMDEV_PROP "' property must be set"); + return NULL; + } + + return host_memory_backend_get_memory(epc->hostmem); +} + +static void sgx_epc_md_fill_device_info(const MemoryDeviceState *md, + MemoryDeviceInfo *info) +{ + /* TODO */ +} + +static void sgx_epc_class_init(ObjectClass *oc, void *data) +{ + DeviceClass *dc =3D DEVICE_CLASS(oc); + MemoryDeviceClass *mdc =3D MEMORY_DEVICE_CLASS(oc); + + dc->hotpluggable =3D false; + dc->realize =3D sgx_epc_realize; + dc->unrealize =3D sgx_epc_unrealize; + dc->desc =3D "SGX EPC section"; + device_class_set_props(dc, sgx_epc_properties); + + mdc->get_addr =3D sgx_epc_md_get_addr; + mdc->set_addr =3D sgx_epc_md_set_addr; + mdc->get_plugged_size =3D sgx_epc_md_get_plugged_size; + mdc->get_memory_region =3D sgx_epc_md_get_memory_region; + mdc->fill_device_info =3D sgx_epc_md_fill_device_info; +} + +static TypeInfo sgx_epc_info =3D { + .name =3D TYPE_SGX_EPC, + .parent =3D TYPE_DEVICE, + .instance_size =3D sizeof(SGXEPCDevice), + .instance_init =3D sgx_epc_init, + .class_init =3D sgx_epc_class_init, + .class_size =3D sizeof(DeviceClass), + .interfaces =3D (InterfaceInfo[]) { + { TYPE_MEMORY_DEVICE }, + { } + }, +}; + +static void sgx_epc_register_types(void) +{ + type_register_static(&sgx_epc_info); +} + +type_init(sgx_epc_register_types) diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h new file mode 100644 index 0000000000..5fd9ae2d0c --- /dev/null +++ b/include/hw/i386/sgx-epc.h @@ -0,0 +1,44 @@ +/* + * SGX EPC device + * + * Copyright (C) 2019 Intel Corporation + * + * Authors: + * Sean Christopherson + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ +#ifndef QEMU_SGX_EPC_H +#define QEMU_SGX_EPC_H + +#include "sysemu/hostmem.h" + +#define TYPE_SGX_EPC "sgx-epc" +#define SGX_EPC(obj) \ + OBJECT_CHECK(SGXEPCDevice, (obj), TYPE_SGX_EPC) +#define SGX_EPC_CLASS(oc) \ + OBJECT_CLASS_CHECK(SGXEPCDeviceClass, (oc), TYPE_SGX_EPC) +#define SGX_EPC_GET_CLASS(obj) \ + OBJECT_GET_CLASS(SGXEPCDeviceClass, (obj), TYPE_SGX_EPC) + +#define SGX_EPC_ADDR_PROP "addr" +#define SGX_EPC_SIZE_PROP "size" +#define SGX_EPC_MEMDEV_PROP "memdev" + +/** + * SGXEPCDevice: + * @addr: starting guest physical address, where @SGXEPCDevice is mapped. + * Default value: 0, means that address is auto-allocated. + * @hostmem: host memory backend providing memory for @SGXEPCDevice + */ +typedef struct SGXEPCDevice { + /* private */ + DeviceState parent_obj; + + /* public */ + uint64_t addr; + HostMemoryBackend *hostmem; +} SGXEPCDevice; + +#endif --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618827885; cv=none; d=zohomail.com; s=zohoarc; b=jZvhH/R/Y+CZVUNs1sbrvLKKIU5+Vi2vkDb/gp2niEBl/EoAlpFk7TGTHL4ThkRetagj0FxGCn73+SByMXRBRsfD9LHec47wJuLz+RYVsD/HDRcZEpkQ5L0mWIH4DqyZd2fjjoZDgj1DuDETiYLC/TYsSSNqsgge+JzQJkmlhOk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618827885; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=+ZEUg2XIvxj0q4OsE7JwI3FvZVa3kW8OyR5Wm1gyeNY=; b=FYgFAbNOeouI+uTCjar7wat4R/Pk43ciBnG2gujPzpp++BPjtKcGLZX7KmHcMzKI+XL41j8uFgOsG1QyNLyh4WxN/sjVaOaAFnnMm9FuqFNgppRhU9x/Cv6Zse3nATA7AbWm21FFZzxH+eiYVokYg2x1wlPLYuM9Nhv2AXM+lc4= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618827885004136.8312845416133; Mon, 19 Apr 2021 03:24:45 -0700 (PDT) Received: from localhost ([::1]:50424 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYR5A-000604-1Q for importer@patchew.org; Mon, 19 Apr 2021 06:24:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32846) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3H-0003xP-Gi for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:47 -0400 Received: from mga17.intel.com ([192.55.52.151]:24095) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3C-00023F-Cy for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:46 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:38 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:36 -0700 IronPort-SDR: DqmmSJca5KB6m3glw8P8fa8rYFT/qOioMiM68MT+cftsChXU3MMUS2koPRNWlqL38ey6pB8NtI MuIn7rUyMhaw== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409261" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409261" IronPort-SDR: biGIXM8Gp4KJCh7crZpRla1OOoLF34OyNHwKEBnpXF/SEKZv5Gm2kc4SRN6JabU2bTuQbCAIUu 7LEC1c9fhuKQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947318" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 05/32] vl: Add "sgx-epc" option to expose SGX EPC sections to guest Date: Mon, 19 Apr 2021 18:01:29 +0800 Message-Id: <20210419100156.53504-6-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Because SGX EPC is enumerated through CPUID, EPC "devices" need to be realized prior to realizing the vCPUs themselves, i.e. long before generic devices are parsed and realized. From a virtualization perspective, the CPUID aspect also means that EPC sections cannot be hotplugged without paravirtualizing the guest kernel (hardware does not support hotplugging as EPC sections must be locked down during pre-boot to provide EPC's security properties). So even though EPC sections could be realized through the generic -devices command, they need to be created much earlier for them to actually be usable by the guest. Place all EPC sections in a contiguous block, somewhat arbitrarily starting after RAM above 4g. Ensuring EPC is in a contiguous region simplifies calculations, e.g. device memory base, PCI hole, etc..., allows dynamic calculation of the total EPC size, e.g. exposing EPC to guests does not require -maxmem, and last but not least allows all of EPC to be enumerated in a single ACPI entry, which is expected by some kernels, e.g. Windows 7 and 8. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- hw/i386/sgx-epc.c | 104 +++++++++++++++++++++++++++++++++++++- include/hw/i386/pc.h | 6 +++ include/hw/i386/sgx-epc.h | 16 ++++++ qemu-options.hx | 8 +++ softmmu/globals.c | 1 + softmmu/vl.c | 9 ++++ 6 files changed, 143 insertions(+), 1 deletion(-) diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c index aa487dea79..0858819a71 100644 --- a/hw/i386/sgx-epc.c +++ b/hw/i386/sgx-epc.c @@ -56,6 +56,8 @@ static void sgx_epc_realize(DeviceState *dev, Error **err= p) { PCMachineState *pcms =3D PC_MACHINE(qdev_get_machine()); X86MachineState *x86ms =3D X86_MACHINE(pcms); + MemoryDeviceState *md =3D MEMORY_DEVICE(dev); + SGXEPCState *sgx_epc =3D pcms->sgx_epc; SGXEPCDevice *epc =3D SGX_EPC(dev); const char *path; =20 @@ -74,7 +76,18 @@ static void sgx_epc_realize(DeviceState *dev, Error **er= rp) return; } =20 - error_setg(errp, "'" TYPE_SGX_EPC "' not supported"); + epc->addr =3D sgx_epc->base + sgx_epc->size; + + memory_region_add_subregion(&sgx_epc->mr, epc->addr - sgx_epc->base, + host_memory_backend_get_memory(epc->hostme= m)); + + host_memory_backend_set_mapped(epc->hostmem, true); + + sgx_epc->sections =3D g_renew(SGXEPCDevice *, sgx_epc->sections, + sgx_epc->nr_sections + 1); + sgx_epc->sections[sgx_epc->nr_sections++] =3D epc; + + sgx_epc->size +=3D memory_device_get_region_size(md, errp); } =20 static void sgx_epc_unrealize(DeviceState *dev) @@ -159,3 +172,92 @@ static void sgx_epc_register_types(void) } =20 type_init(sgx_epc_register_types) + + +static int sgx_epc_set_property(void *opaque, const char *name, + const char *value, Error **errp) +{ + Object *obj =3D opaque; + Error *err =3D NULL; + + object_property_parse(obj, name, value, &err); + if (err !=3D NULL) { + error_propagate(errp, err); + return -1; + } + return 0; +} + +static int sgx_epc_init_func(void *opaque, QemuOpts *opts, Error **errp) +{ + Error *err =3D NULL; + Object *obj; + + obj =3D object_new("sgx-epc"); + + qdev_set_id(DEVICE(obj), qemu_opts_id(opts)); + + if (qemu_opt_foreach(opts, sgx_epc_set_property, obj, &err)) { + goto out; + } + + object_property_set_bool(obj, "realized", true, &err); + +out: + if (err !=3D NULL) { + error_propagate(errp, err); + } + object_unref(obj); + return err !=3D NULL ? -1 : 0; +} + +void pc_machine_init_sgx_epc(PCMachineState *pcms) +{ + SGXEPCState *sgx_epc; + X86MachineState *x86ms =3D X86_MACHINE(pcms); + + sgx_epc =3D g_malloc0(sizeof(*sgx_epc)); + pcms->sgx_epc =3D sgx_epc; + + sgx_epc->base =3D 0x100000000ULL + x86ms->above_4g_mem_size; + + memory_region_init(&sgx_epc->mr, OBJECT(pcms), "sgx-epc", UINT64_MAX); + memory_region_add_subregion(get_system_memory(), sgx_epc->base, + &sgx_epc->mr); + + qemu_opts_foreach(qemu_find_opts("sgx-epc"), sgx_epc_init_func, NULL, + &error_fatal); + + if ((sgx_epc->base + sgx_epc->size) < sgx_epc->base) { + error_report("Size of all 'sgx-epc' =3D0x%"PRIu64" causes EPC to w= rap", + sgx_epc->size); + exit(EXIT_FAILURE); + } + + memory_region_set_size(&sgx_epc->mr, sgx_epc->size); +} + +static QemuOptsList sgx_epc_opts =3D { + .name =3D "sgx-epc", + .implied_opt_name =3D "id", + .head =3D QTAILQ_HEAD_INITIALIZER(sgx_epc_opts.head), + .desc =3D { + { + .name =3D "id", + .type =3D QEMU_OPT_STRING, + .help =3D "SGX EPC section ID", + },{ + .name =3D "memdev", + .type =3D QEMU_OPT_STRING, + .help =3D "memory object backend", + }, + { /* end of list */ } + }, +}; + +static void sgx_epc_register_opts(void) +{ + qemu_add_opts(&sgx_epc_opts); +} + +opts_init(sgx_epc_register_opts); diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index dcf060b791..71e2fc6f26 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -12,6 +12,7 @@ #include "hw/acpi/acpi_dev_interface.h" #include "hw/hotplug.h" #include "qom/object.h" +#include "hw/i386/sgx-epc.h" =20 #define HPET_INTCAP "hpet-intcap" =20 @@ -53,6 +54,8 @@ typedef struct PCMachineState { =20 /* ACPI Memory hotplug IO base address */ hwaddr memhp_io_base; + + SGXEPCState *sgx_epc; } PCMachineState; =20 #define PC_MACHINE_ACPI_DEVICE_PROP "acpi-device" @@ -197,6 +200,9 @@ bool pc_system_ovmf_table_find(const char *entry, uint8= _t **data, void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid, const CPUArchIdList *apic_ids, GArray *entry); =20 +/* sgx-epc.c */ +void pc_machine_init_sgx_epc(PCMachineState *pcms); + extern GlobalProperty pc_compat_5_2[]; extern const size_t pc_compat_5_2_len; =20 diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h index 5fd9ae2d0c..1f7dd17c17 100644 --- a/include/hw/i386/sgx-epc.h +++ b/include/hw/i386/sgx-epc.h @@ -41,4 +41,20 @@ typedef struct SGXEPCDevice { HostMemoryBackend *hostmem; } SGXEPCDevice; =20 +/* + * @base: address in guest physical address space where EPC regions start + * @mr: address space container for memory devices + */ +typedef struct SGXEPCState { + uint64_t base; + uint64_t size; + + MemoryRegion mr; + + struct SGXEPCDevice **sections; + int nr_sections; +} SGXEPCState; + +extern int sgx_epc_enabled; + #endif diff --git a/qemu-options.hx b/qemu-options.hx index fd21002bd6..262c3084af 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -532,6 +532,14 @@ SRST Preallocate memory when using -mem-path. ERST =20 +DEF("sgx-epc", HAS_ARG, QEMU_OPTION_sgx_epc, + "-sgx-epc memdev=3Dmemid[,id=3Depcid]\n", + QEMU_ARCH_I386) +SRST +``-sgx-epc memdev=3D@var{memid}[,id=3D@var{epcid}]`` + Define an SGX EPC section. +ERST + DEF("k", HAS_ARG, QEMU_OPTION_k, "-k language use keyboard layout (for example 'fr' for French)\n", QEMU_ARCH_ALL) diff --git a/softmmu/globals.c b/softmmu/globals.c index 7d0fc81183..d3029953ce 100644 --- a/softmmu/globals.c +++ b/softmmu/globals.c @@ -70,3 +70,4 @@ bool qemu_uuid_set; uint32_t xen_domid; enum xen_mode xen_mode =3D XEN_EMULATE; bool xen_domid_restrict; +int sgx_epc_enabled; diff --git a/softmmu/vl.c b/softmmu/vl.c index aadb526138..0c7e9fab78 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -74,6 +74,7 @@ #include "hw/block/block.h" #include "hw/i386/x86.h" #include "hw/i386/pc.h" +#include "hw/i386/sgx-epc.h" #include "migration/misc.h" #include "migration/snapshot.h" #include "sysemu/tpm.h" @@ -2891,6 +2892,14 @@ void qemu_init(int argc, char **argv, char **envp) case QEMU_OPTION_mem_prealloc: mem_prealloc =3D 1; break; + case QEMU_OPTION_sgx_epc: + opts =3D qemu_opts_parse_noisily(qemu_find_opts("sgx-epc"), + optarg, false); + if (!opts) { + exit(1); + } + sgx_epc_enabled =3D 1; + break; case QEMU_OPTION_d: log_mask =3D optarg; break; --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828216; cv=none; d=zohomail.com; s=zohoarc; b=lLkH/cOvrXhchLfbOjA2GnsYkpYd5kVubUaQfszyyBxMsbx07oRqi3qiKhvg5sB0pLT0yqp0D5yRHCaEXTS3B3XX4pRNxEsHmdEGdnOQ4N58aYN8OssJ5pvgcTIwC6LxaUkMzhidJpfw6yesdLB12a5aLxrOaGm38SBwJeysr4U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828216; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=qX9ypYh/0LAKAfwcN2o6GgFdGGWC1qs5sQ5n6feDNiU=; b=QvvUbebjAvYlHVo15eEMPz1sZfmazJlIjQdxD2DKZvSmhcwY5O8CEKF9eDBP9YA9oc9SeTaz7x1Rl32UY8KD3IKGashoEcIxSKun8oxb+VMWp7uXwRur+SMnr+B1TfPMFu2SDUzhwB1fYgPacjuTUtXTOwvGhhbzrUlqimqHgfM= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828216595397.4629676504836; Mon, 19 Apr 2021 03:30:16 -0700 (PDT) Received: from localhost ([::1]:38258 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRAV-0004E3-ED for importer@patchew.org; Mon, 19 Apr 2021 06:30:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32848) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3H-0003xT-IG for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:49 -0400 Received: from mga17.intel.com ([192.55.52.151]:24099) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3E-00025K-53 for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:47 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:39 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:38 -0700 IronPort-SDR: 0/5guTeO0dcDmW67WBl/1ToEx7sas2Oq5bspY0RZLOsP07s7CICNupu2PvLyzGu9fSBR8xmIms 7bzDTwKJekSA== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409267" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409267" IronPort-SDR: U8ZRwwND6nnQW98R5fF59erlZZzWC/KR60nFA3Y5lmtmNIWX8qdKGqmk+ftd4wAe/48P7lLBsj rkfhF4ene0NA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947328" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 06/32] i386: Add primary SGX CPUID and MSR defines Date: Mon, 19 Apr 2021 18:01:30 +0800 Message-Id: <20210419100156.53504-7-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Add CPUID defines for SGX and SGX Launch Control (LC), as well as defines for their associated FEATURE_CONTROL MSR bits. Define the Launch Enclave Public Key Hash MSRs (LE Hash MSRs), which exist when SGX LC is present (in CPUID), and are writable when SGX LC is enabled (in FEATURE_CONTROL). Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- target/i386/cpu.c | 4 ++-- target/i386/cpu.h | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index ad99cad0e7..544d7be43c 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -938,7 +938,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS]= =3D { [FEAT_7_0_EBX] =3D { .type =3D CPUID_FEATURE_WORD, .feat_names =3D { - "fsgsbase", "tsc-adjust", NULL, "bmi1", + "fsgsbase", "tsc-adjust", "sgx", "bmi1", "hle", "avx2", NULL, "smep", "bmi2", "erms", "invpcid", "rtm", NULL, NULL, "mpx", NULL, @@ -964,7 +964,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS]= =3D { "la57", NULL, NULL, NULL, NULL, NULL, "rdpid", NULL, "bus-lock-detect", "cldemote", NULL, "movdiri", - "movdir64b", NULL, NULL, "pks", + "movdir64b", NULL, "sgxlc", "pks", }, .cpuid =3D { .eax =3D 7, diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 570f916878..f074a315d1 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -360,9 +360,17 @@ typedef enum X86Seg { #define MSR_IA32_PKRS 0x6e1 =20 #define FEATURE_CONTROL_LOCKED (1<<0) +#define FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX (1 << 1) #define FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX (1<<2) +#define FEATURE_CONTROL_SGX_LC (1 << 17) +#define FEATURE_CONTROL_SGX (1 << 18) #define FEATURE_CONTROL_LMCE (1<<20) =20 +#define MSR_IA32_SGXLEPUBKEYHASH0 0x8c +#define MSR_IA32_SGXLEPUBKEYHASH1 0x8d +#define MSR_IA32_SGXLEPUBKEYHASH2 0x8e +#define MSR_IA32_SGXLEPUBKEYHASH3 0x8f + #define MSR_P6_PERFCTR0 0xc1 =20 #define MSR_IA32_SMBASE 0x9e @@ -689,6 +697,8 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS]; =20 /* Support RDFSBASE/RDGSBASE/WRFSBASE/WRGSBASE */ #define CPUID_7_0_EBX_FSGSBASE (1U << 0) +/* Support SGX */ +#define CPUID_7_0_EBX_SGX (1U << 2) /* 1st Group of Advanced Bit Manipulation Extensions */ #define CPUID_7_0_EBX_BMI1 (1U << 3) /* Hardware Lock Elision */ @@ -776,6 +786,8 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS]; #define CPUID_7_0_ECX_MOVDIRI (1U << 27) /* Move 64 Bytes as Direct Store Instruction */ #define CPUID_7_0_ECX_MOVDIR64B (1U << 28) +/* Support SGX Launch Control */ +#define CPUID_7_0_ECX_SGX_LC (1U << 30) /* Protection Keys for Supervisor-mode Pages */ #define CPUID_7_0_ECX_PKS (1U << 31) =20 --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828617; cv=none; d=zohomail.com; s=zohoarc; b=HIGpfjGpBZYHLlmXIYtVCKgDpFu+ZY4ktQgGTHg2HPUhE3rWXUaaYKdKqxEUTuNlvy4MuE0VyEEfBIb/DKsYd/tOLogRq1xTyGeUpDR506sALrYqxg2O++xArpeUvez0iLs3uvZbFdmqD8mSjOhQhWgJNMD7DS0mQdtSz9cLYiw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828617; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=saxAd450vTF3fKY+lWv6UtWwGccbX/qFB6Qr6Y+Wkz8=; b=PA5ftDNSdT5Msvy+3decg+p8J9O7xPjVu+HID9f9y8wkLJ+SUuIuYBpus/hVB+NJMs9Vll957g+LBdxM2wZKwYrXDnAKUGOD2KAqwyKwGy52GVyPAY8VGbQJFBKBGCny/FnKIO5TgS2K1DtNqB9HCVknAnet8XrH8kfzamXXfPc= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828617146719.9632191108551; Mon, 19 Apr 2021 03:36:57 -0700 (PDT) Received: from localhost ([::1]:55374 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRGy-0002zM-2Z for importer@patchew.org; Mon, 19 Apr 2021 06:36:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32874) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3K-0003yT-9R for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:51 -0400 Received: from mga17.intel.com ([192.55.52.151]:24096) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3F-000256-P1 for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:50 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:41 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:39 -0700 IronPort-SDR: DwZaLYbIUvTu8PqmmwW2ep2J3R3WhVvu0SzWQ/bjxCKezReAsVm7ce6/uws+ePkFeMVwKUz6ob j1ymT+PP5T+A== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409271" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409271" IronPort-SDR: IDWMudi5BKT31Rj5+V5myi2mJZijrisg6qAs160yu2Q9hP1txSgtaqiDJN1G48jkG6WuSDhwDz Yd4bzhda5bZg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947335" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 07/32] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX Date: Mon, 19 Apr 2021 18:01:31 +0800 Message-Id: <20210419100156.53504-8-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson CPUID leaf 12_0_EAX is an Intel-defined feature bits leaf enumerating the CPU's SGX capabilities, e.g. supported SGX instruction sets. Currently there are four enumerated capabilities: - SGX1 instruction set, i.e. "base" SGX - SGX2 instruction set for dynamic EPC management - ENCLV instruction set for VMM oversubscription of EPC - ENCLS-C instruction set for thread safe variants of ENCLS Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- target/i386/cpu.c | 20 ++++++++++++++++++++ target/i386/cpu.h | 1 + 2 files changed, 21 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 544d7be43c..5443f69fa5 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -676,6 +676,7 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_= t vendor1, /* missing: CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */ #define TCG_14_0_ECX_FEATURES 0 +#define TCG_SGX_12_0_EAX_FEATURES 0 =20 typedef enum FeatureWordType { CPUID_FEATURE_WORD, @@ -1325,6 +1326,25 @@ static FeatureWordInfo feature_word_info[FEATURE_WOR= DS] =3D { .tcg_features =3D TCG_14_0_ECX_FEATURES, }, =20 + [FEAT_SGX_12_0_EAX] =3D { + .type =3D CPUID_FEATURE_WORD, + .feat_names =3D { + "sgx1", "sgx2", NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + }, + .cpuid =3D { + .eax =3D 0x12, + .needs_ecx =3D true, .ecx =3D 0, + .reg =3D R_EAX, + }, + .tcg_features =3D TCG_SGX_12_0_EAX_FEATURES, + }, }; =20 typedef struct FeatureMask { diff --git a/target/i386/cpu.h b/target/i386/cpu.h index f074a315d1..3e6a9b8e6c 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -549,6 +549,7 @@ typedef enum FeatureWord { FEAT_VMX_BASIC, FEAT_VMX_VMFUNC, FEAT_14_0_ECX, + FEAT_SGX_12_0_EAX, /* CPUID[EAX=3D0x12,ECX=3D0].EAX (SGX) */ FEATURE_WORDS, } FeatureWord; =20 --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828449; cv=none; d=zohomail.com; s=zohoarc; b=ZUvqsexnA6FcOiJ+m47k+39uhIS3vIwy5LxbQM8QRmFWnxJiP1QqwCHjgOwa29Yh/+6KmEflak1ovqLMoiNsVfEYpVB3Drcz2W8tzBK3B1iGqYssjc7g38BrmGCf7imOFj75X/rE+qDJxbOwL42jAIN7f2B5ZdRVEv/kVW2w23k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828449; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=VWjjGBcQDHZSERI884gwwORuub1/ywtAs0DhvbSrVe4=; b=GvPan9u/RXf1DE4SUCQtzSGG1eIsMzSF3nqCubAPaUpHYR2qBZK68fNTwB/LWX8OiRqG+tdQ0bXJb2vt5u/vIjX009Ud5eWPrazDh2LvjwdHBgQX0Y8potxaKscKcc6aphTEm66rPfFelXiD5Twn5eHfd5AdUlb4K2aB5EVwRsE= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828449856487.4884264953232; Mon, 19 Apr 2021 03:34:09 -0700 (PDT) Received: from localhost ([::1]:46722 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYREG-0007kp-6l for importer@patchew.org; Mon, 19 Apr 2021 06:34:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32872) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3K-0003yS-3Z for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:51 -0400 Received: from mga17.intel.com ([192.55.52.151]:24095) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3H-00023F-Rj for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:49 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:42 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:41 -0700 IronPort-SDR: IkP3Zn3n2S25weWY0LrXizCdObM1mNC2d2V01r+21FqeN5SMHZR/maQm6YUOWJmtnFFoCEcpSC 5ot2tIx4RxnQ== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409275" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409275" IronPort-SDR: Mgbx037P0gUapnh3uL3Fc0B1Z8fHJu9Vz/abNbC8kZetS5uI1WzTzdV7AnB5Ac4CDQiILJQdXh NwI0yE8iKNnw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947339" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 08/32] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EBX Date: Mon, 19 Apr 2021 18:01:32 +0800 Message-Id: <20210419100156.53504-9-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson CPUID leaf 12_0_EBX is an Intel-defined feature bits leaf enumerating the platform's SGX extended capabilities. Currently there is a single capabilitiy: - EXINFO: record information about #PFs and #GPs in the enclave's SSA Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- target/i386/cpu.c | 21 +++++++++++++++++++++ target/i386/cpu.h | 1 + 2 files changed, 22 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 5443f69fa5..e723f52e22 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -677,6 +677,7 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_= t vendor1, CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */ #define TCG_14_0_ECX_FEATURES 0 #define TCG_SGX_12_0_EAX_FEATURES 0 +#define TCG_SGX_12_0_EBX_FEATURES 0 =20 typedef enum FeatureWordType { CPUID_FEATURE_WORD, @@ -1345,6 +1346,26 @@ static FeatureWordInfo feature_word_info[FEATURE_WOR= DS] =3D { }, .tcg_features =3D TCG_SGX_12_0_EAX_FEATURES, }, + + [FEAT_SGX_12_0_EBX] =3D { + .type =3D CPUID_FEATURE_WORD, + .feat_names =3D { + "sgx-exinfo" , NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + }, + .cpuid =3D { + .eax =3D 0x12, + .needs_ecx =3D true, .ecx =3D 0, + .reg =3D R_EBX, + }, + .tcg_features =3D TCG_SGX_12_0_EBX_FEATURES, + }, }; =20 typedef struct FeatureMask { diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 3e6a9b8e6c..4ab3bc4fac 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -550,6 +550,7 @@ typedef enum FeatureWord { FEAT_VMX_VMFUNC, FEAT_14_0_ECX, FEAT_SGX_12_0_EAX, /* CPUID[EAX=3D0x12,ECX=3D0].EAX (SGX) */ + FEAT_SGX_12_0_EBX, /* CPUID[EAX=3D0x12,ECX=3D0].EBX (SGX MISCSELECT[3= 1:0]) */ FEATURE_WORDS, } FeatureWord; =20 --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828450; cv=none; d=zohomail.com; s=zohoarc; b=k+S1G/TiX1ffZwZldP1RHTjbY6jAEzhnSsJEoaB62z4jYneLv3kO/UjD0Fc9aiP+ZlfSEAHkeUepOaaR0uD9+GRPz/1/rA+x7E4/DGeKtqMnuOgMAzQ62vZPwfEg3Y71yRd0fx5IcoSlabbNErX+iSlCI+jj2s4UP+cefs2ElB0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828450; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=sxbArQhvQocOz7cdlqawh9k4iIOzDZIg2A8c528tEK0=; b=X7GIJ+5qeKcc7tE+V5+W5ysb1o0zTfidU6WOWfpjuRI8xkeCm+DLkuZfOagm92yKeYrim2vxoZnWe2JRWTy2QaVQMmrSY9HDA6F7us5rEIuT6ql1ypdlSAXf9eyQyTv8EF73mAF+jFnHuf48H2gdn1HnrSBz3ovX4FfcZYuorRk= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828450422492.6415146218783; Mon, 19 Apr 2021 03:34:10 -0700 (PDT) Received: from localhost ([::1]:46854 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYREH-0007o3-7L for importer@patchew.org; Mon, 19 Apr 2021 06:34:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32876) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3L-0003yU-65 for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:51 -0400 Received: from mga17.intel.com ([192.55.52.151]:24099) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3H-00025K-T3 for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:50 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:44 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:43 -0700 IronPort-SDR: h7EgDDUtWy9GE/sHX4+p6EduwDxZh14Y/CMsSgVJdCwZQ4hBaCwct5QT7iCJhc18znGU9bcVkM Kjh8sIjKV1mA== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409278" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409278" IronPort-SDR: ygO3AN2B1ONgyWrwGmIZhJmMYdSLVHwhNtw0+hQWcctU01eQFj10nng+UyLy6vuFUNFO99qLzG vw30oNWl+AVQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947352" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 09/32] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX Date: Mon, 19 Apr 2021 18:01:33 +0800 Message-Id: <20210419100156.53504-10-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson CPUID leaf 12_1_EAX is an Intel-defined feature bits leaf enumerating the platform's SGX capabilities that may be utilized by an enclave, e.g. whether or not an enclave can gain access to the provision key. Currently there are six capabilities: - INIT: set when the enclave has has been initialized by EINIT. Cannot be set by software, i.e. forced to zero in CPUID. - DEBUG: permits a debugger to read/write into the enclave. - MODE64BIT: the enclave runs in 64-bit mode - PROVISIONKEY: grants has access to the provision key - EINITTOKENKEY: grants access to the EINIT token key, i.e. the enclave can generate EINIT tokens - KSS: Key Separation and Sharing enabled for the enclave. Note that the entirety of CPUID.0x12.0x1, i.e. all registers, enumerates the allowed ATTRIBUTES (128 bits), but only bits 31:0 are directly exposed to the user (via FEAT_12_1_EAX). Bits 63:32 are currently all reserved and bits 127:64 correspond to the allowed XSAVE Feature Request Mask, which is calculated based on other CPU features, e.g. XSAVE, MPX, AVX, etc... and is not exposed to the user. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- target/i386/cpu.c | 21 +++++++++++++++++++++ target/i386/cpu.h | 1 + 2 files changed, 22 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index e723f52e22..ec12e12a33 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -678,6 +678,7 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_= t vendor1, #define TCG_14_0_ECX_FEATURES 0 #define TCG_SGX_12_0_EAX_FEATURES 0 #define TCG_SGX_12_0_EBX_FEATURES 0 +#define TCG_SGX_12_1_EAX_FEATURES 0 =20 typedef enum FeatureWordType { CPUID_FEATURE_WORD, @@ -1366,6 +1367,26 @@ static FeatureWordInfo feature_word_info[FEATURE_WOR= DS] =3D { }, .tcg_features =3D TCG_SGX_12_0_EBX_FEATURES, }, + + [FEAT_SGX_12_1_EAX] =3D { + .type =3D CPUID_FEATURE_WORD, + .feat_names =3D { + NULL, "sgx-debug", "sgx-mode64", NULL, + "sgx-provisionkey", "sgx-tokenkey", NULL, "sgx-kss", + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + }, + .cpuid =3D { + .eax =3D 0x12, + .needs_ecx =3D true, .ecx =3D 1, + .reg =3D R_EAX, + }, + .tcg_features =3D TCG_SGX_12_1_EAX_FEATURES, + }, }; =20 typedef struct FeatureMask { diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 4ab3bc4fac..51b5968c88 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -551,6 +551,7 @@ typedef enum FeatureWord { FEAT_14_0_ECX, FEAT_SGX_12_0_EAX, /* CPUID[EAX=3D0x12,ECX=3D0].EAX (SGX) */ FEAT_SGX_12_0_EBX, /* CPUID[EAX=3D0x12,ECX=3D0].EBX (SGX MISCSELECT[3= 1:0]) */ + FEAT_SGX_12_1_EAX, /* CPUID[EAX=3D0x12,ECX=3D1].EAX (SGX ATTRIBUTES[3= 1:0]) */ FEATURE_WORDS, } FeatureWord; =20 --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618827859; cv=none; d=zohomail.com; s=zohoarc; b=Nnsc2L5d8LgnnkJpomNQz2PqswQr3csHU5rXTyvyrGTmBDiqq39WCNdDdWOFT9jpDUm5qaJP/ZQ5F7pDv8jmY0wlm766lpDI4OBZYFxAAvXZUVc+o3Sb6mmH3ahvu71OmdjWs9MB/A4mTfT2ooZZf6vL34hZYhE56GP8dUvZA0E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618827859; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=cPWyApQlBBUi4Ybyq7t1IyEoKx1rLWTmyajYWHywMT8=; b=iF9B+JmmrssBdpU0299LfwLRJCx9PONupVZ9ZHx1vjikrj9KWlT/XnuTw8kI+eaoVmrMAwku6TjK5KKt5AHxf6D+R1TDfWQKYPH7SIP4CRpmr+ynSFgubqIAB99g7xXJKFwZX9I/vAwexWkHb0Vp2PJhhejjjZ3RZgeK18nWtOE= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618827859091280.6500097809335; Mon, 19 Apr 2021 03:24:19 -0700 (PDT) Received: from localhost ([::1]:49904 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYR4j-0005n5-Uq for importer@patchew.org; Mon, 19 Apr 2021 06:24:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32892) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3N-00042W-1X for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:53 -0400 Received: from mga17.intel.com ([192.55.52.151]:24095) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3L-00023F-17 for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:22:52 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:46 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:44 -0700 IronPort-SDR: yXsfkisQsui/71QpQlgj1PeeppVIFeMpw7URq1vayg9aegAZu4/0CEmK7P6Ff0mW06KBWVhs2C PAamNPMgxIdg== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409280" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409280" IronPort-SDR: 7JiYY35PvANsdY0vuUA+UfEMm1YqB1QDe7QkJezRUmU0mXu0kEB9rvKQzaDyAC88toM3ksoVVO zsdsgq0e4JGg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947363" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 10/32] i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs Date: Mon, 19 Apr 2021 18:01:34 +0800 Message-Id: <20210419100156.53504-11-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson On real hardware, on systems that supports SGX Launch Control, those MSRs are initialized to digest of Intel's signing key; on systems that don't support SGX Launch Control, those MSRs are not available but hardware always uses digest of Intel's signing key in EINIT. KVM advertises SGX LC via CPUID if and only if the MSRs are writable. Unconditionally initialize those MSRs to digest of Intel's signing key when CPU is realized and reset to reflect the fact. This avoids potential bug in case kvm_arch_put_registers() is called before kvm_arch_get_registers() is called, in which case guest's virtual SGX_LEPUBKEYHASH MSRs will be set to 0, although KVM initializes those to digest of Intel's signing key by default, since KVM allows those MSRs to be updated by Qemu to support live migration. Save/restore the SGX Launch Enclave Public Key Hash MSRs if SGX Launch Control (LC) is exposed to the guest. Likewise, migrate the MSRs if they are writable by the guest. Signed-off-by: Sean Christopherson Signed-off-by: Kai Huang Signed-off-by: Yang Zhong --- target/i386/cpu.c | 17 ++++++++++++++++- target/i386/cpu.h | 1 + target/i386/kvm/kvm.c | 22 ++++++++++++++++++++++ target/i386/machine.c | 20 ++++++++++++++++++++ 4 files changed, 59 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index ec12e12a33..43e6fdf162 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6179,6 +6179,16 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,= uint32_t count, } } =20 +#ifndef CONFIG_USER_ONLY +static void x86_cpu_set_sgxlepubkeyhash(CPUX86State *env) +{ + env->msr_ia32_sgxlepubkeyhash[0] =3D 0xa6053e051270b7acULL; + env->msr_ia32_sgxlepubkeyhash[1] =3D 0x6cfbe8ba8b3b413dULL; + env->msr_ia32_sgxlepubkeyhash[2] =3D 0xc4916d99f2b3735dULL; + env->msr_ia32_sgxlepubkeyhash[3] =3D 0xd4f8c05909f9bb3bULL; +} +#endif + static void x86_cpu_reset(DeviceState *dev) { CPUState *s =3D CPU(dev); @@ -6310,6 +6320,8 @@ static void x86_cpu_reset(DeviceState *dev) if (kvm_enabled()) { kvm_arch_reset_vcpu(cpu); } + + x86_cpu_set_sgxlepubkeyhash(env); #endif } =20 @@ -6922,6 +6934,10 @@ static void x86_cpu_realizefn(DeviceState *dev, Erro= r **errp) /* Process Hyper-V enlightenments */ x86_cpu_hyperv_realize(cpu); =20 +#ifndef CONFIG_USER_ONLY + x86_cpu_set_sgxlepubkeyhash(env); +#endif + cpu_exec_realizefn(cs, &local_err); if (local_err !=3D NULL) { error_propagate(errp, local_err); @@ -7559,7 +7575,6 @@ static const TypeInfo x86_cpu_type_info =3D { .class_init =3D x86_cpu_common_class_init, }; =20 - /* "base" CPU model, used by query-cpu-model-expansion */ static void x86_cpu_base_class_init(ObjectClass *oc, void *data) { diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 51b5968c88..dc191d619e 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -1500,6 +1500,7 @@ typedef struct CPUX86State { uint64_t mcg_status; uint64_t msr_ia32_misc_enable; uint64_t msr_ia32_feature_control; + uint64_t msr_ia32_sgxlepubkeyhash[4]; =20 uint64_t msr_fixed_ctr_ctrl; uint64_t msr_global_ctrl; diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 7fe9f52710..4463d638c4 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -3030,6 +3030,17 @@ static int kvm_put_msrs(X86CPU *cpu, int level) } } =20 + if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC) { + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH0, + env->msr_ia32_sgxlepubkeyhash[0]); + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH1, + env->msr_ia32_sgxlepubkeyhash[1]); + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH2, + env->msr_ia32_sgxlepubkeyhash[2]); + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH3, + env->msr_ia32_sgxlepubkeyhash[3]); + } + /* Note: MSR_IA32_FEATURE_CONTROL is written separately, see * kvm_put_msr_feature_control. */ } @@ -3369,6 +3380,13 @@ static int kvm_get_msrs(X86CPU *cpu) } } =20 + if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC) { + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH0, 0); + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH1, 0); + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH2, 0); + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH3, 0); + } + ret =3D kvm_vcpu_ioctl(CPU(cpu), KVM_GET_MSRS, cpu->kvm_msr_buf); if (ret < 0) { return ret; @@ -3658,6 +3676,10 @@ static int kvm_get_msrs(X86CPU *cpu) case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B: env->msr_rtit_addrs[index - MSR_IA32_RTIT_ADDR0_A] =3D msrs[i]= .data; break; + case MSR_IA32_SGXLEPUBKEYHASH0 ... MSR_IA32_SGXLEPUBKEYHASH3: + env->msr_ia32_sgxlepubkeyhash[index - MSR_IA32_SGXLEPUBKEYHASH= 0] =3D + msrs[i].data; + break; } } =20 diff --git a/target/i386/machine.c b/target/i386/machine.c index 137604ddb8..17efd94463 100644 --- a/target/i386/machine.c +++ b/target/i386/machine.c @@ -1396,6 +1396,25 @@ static const VMStateDescription vmstate_msr_tsx_ctrl= =3D { } }; =20 +static bool intel_sgx_msrs_needed(void *opaque) +{ + X86CPU *cpu =3D opaque; + CPUX86State *env =3D &cpu->env; + + return !!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC); +} + +static const VMStateDescription vmstate_msr_intel_sgx =3D { + .name =3D "cpu/intel_sgx", + .version_id =3D 1, + .minimum_version_id =3D 1, + .needed =3D intel_sgx_msrs_needed, + .fields =3D (VMStateField[]) { + VMSTATE_UINT64_ARRAY(env.msr_ia32_sgxlepubkeyhash, X86CPU, 4), + VMSTATE_END_OF_LIST() + } +}; + VMStateDescription vmstate_x86_cpu =3D { .name =3D "cpu", .version_id =3D 12, @@ -1531,6 +1550,7 @@ VMStateDescription vmstate_x86_cpu =3D { &vmstate_nested_state, #endif &vmstate_msr_tsx_ctrl, + &vmstate_msr_intel_sgx, NULL } }; --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828049; cv=none; d=zohomail.com; s=zohoarc; b=lnhNhr29SuljGVcKUypjgpsjc72j0QNxK0WyeerlaeeAH+NXBy2jR86xgYMnh05QbSCmR1kvUx87yUku3fa+fk2Q8a8BQhDAxnPjpGixUJCSDl8Sfw8UeLf2iwK1kZxmya8xlwJ4L6piG3trDfV/R/iXoGdBbobJ6/PySQwHn5Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828049; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=gi8JGCdPc/IIJhCf9zpECM3fshD2UyKMtiKEJAteZXA=; b=ULrcG3GBjcCizijK/L/C/LTakpGBTOzu7RsRoUKfRgT+WUHT/aBije7S6QVgkoVU0jQnnpjdvhVIpSQ9N20dhH9dYy45G4beRpzVOh3xhFECzULKwQw2S95VBe3W85zgcuspQRkTE6K4f70I9CY7RE3SuqJcQ28lNamPbLBe9Hc= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828049675321.097511041634; Mon, 19 Apr 2021 03:27:29 -0700 (PDT) Received: from localhost ([::1]:58562 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYR7n-00010U-LZ for importer@patchew.org; Mon, 19 Apr 2021 06:27:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32928) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3X-0004Q0-Se for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:05 -0400 Received: from mga17.intel.com ([192.55.52.151]:24096) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3V-000256-0y for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:03 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:48 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:46 -0700 IronPort-SDR: akJ3obocVWJG//RwOnsSC7iKrLugHxpBkc6gaVFOtWP6PCuDE7k2Pylmi8uSrQ4To+pbMzzclT uAnOVNKMeFWQ== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409283" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409283" IronPort-SDR: DT5QojjV31ZeTE2If+wZl2mj16lg5NxPZ23glnH0n4EpwDnbLTeHOBlHOO63V7XvILYXPTb/wg GOxRJLaW9CsQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947375" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 11/32] i386: Add feature control MSR dependency when SGX is enabled Date: Mon, 19 Apr 2021 18:01:35 +0800 Message-Id: <20210419100156.53504-12-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson SGX adds multiple flags to FEATURE_CONTROL to enable SGX and Flexible Launch Control. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- target/i386/kvm/kvm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 4463d638c4..fa495a6f9e 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -1789,6 +1789,11 @@ int kvm_arch_init_vcpu(CPUState *cs) !!(c->ecx & CPUID_EXT_SMX); } =20 + c =3D cpuid_find_entry(&cpuid_data.cpuid, 7, 0); + if (c && (c->ebx & CPUID_7_0_EBX_SGX)) { + has_msr_feature_control =3D true; + } + if (env->mcg_cap & MCG_LMCE_P) { has_msr_mcg_ext_ctl =3D has_msr_feature_control =3D true; } --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828696; cv=none; d=zohomail.com; s=zohoarc; b=fkEylHb7JO37XzJ4y6l39bAxmqgkDc1FTvnPR7T+X4V2Vg+s2WgCQZLlq7ajEyJuFVStw/zIoamh+50lzq/pR8b4rlTGHVBCnJmRoHgnERFzc/ozpHA9ZPma6nyM9jQOIVnqV+QnJ0yeaI4hF/jwgbC1rrfQqXMVpqz1/pmPegY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828696; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=bdv2Ioyuz8RbM4N+unRtnme50Iqu6ES1StOFVFIBpaI=; b=TaoM946cbWPD1lfT2A64F/Is8HtSDbh9NWIfLoswJ1GMcX5o+nijiMONmND1lXJWx4h/mgrmUbJ636smkg33/wv4/Qq1qCBTveyQ0uOx/PERaGCvwjpBHjpNwj01d8/XcCrxi66idW+fHelSzpdy5hQ5DG9g+DQRJvqjME8ftFY= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828696806170.51715031899528; Mon, 19 Apr 2021 03:38:16 -0700 (PDT) Received: from localhost ([::1]:58594 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRIF-0004Hq-OQ for importer@patchew.org; Mon, 19 Apr 2021 06:38:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32926) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3X-0004Pj-OZ for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:03 -0400 Received: from mga17.intel.com ([192.55.52.151]:24099) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3V-00025K-Jf for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:03 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:50 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:48 -0700 IronPort-SDR: gALupNN2A12tUhEj/13m5sJR7tuC0urZCJIqJcIbRQVf5GnJVltOPXbNnB1B6l2X9FQvZw1MKK F3wCh9SKt9jQ== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409284" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409284" IronPort-SDR: WPOySmXJUMq+HGI8d0bWFNFfdlOIKCuEizxcUKhNvzxGlwE27fZKYT5409laXCrmCDKYVZPBzD XTfo7PCIULgg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947386" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 12/32] i386: Update SGX CPUID info according to hardware/KVM/user input Date: Mon, 19 Apr 2021 18:01:36 +0800 Message-Id: <20210419100156.53504-13-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Expose SGX to the guest if and only if KVM is enabled and supports virtualization of SGX. While the majority of ENCLS can be emulated to some degree, because SGX uses a hardware-based root of trust, the attestation aspects of SGX cannot be emulated in software, i.e. ultimately emulation will fail as software cannot generate a valid quote/report. The complexity of partially emulating SGX in Qemu far outweighs the value added, e.g. an SGX specific simulator for userspace applications can emulate SGX for development and testing purposes. Note, access to the PROVISIONKEY is not yet advertised to the guest as KVM blocks access to the PROVISIONKEY by default and requires userspace to provide additional credentials (via ioctl()) to expose PROVISIONKEY. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- hw/i386/sgx-epc.c | 17 +++++++++ include/hw/i386/sgx-epc.h | 2 + target/i386/cpu.c | 77 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 96 insertions(+) diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c index 0858819a71..d5ba7bb68c 100644 --- a/hw/i386/sgx-epc.c +++ b/hw/i386/sgx-epc.c @@ -173,6 +173,23 @@ static void sgx_epc_register_types(void) =20 type_init(sgx_epc_register_types) =20 +int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size) +{ + PCMachineState *pcms =3D PC_MACHINE(qdev_get_machine()); + SGXEPCDevice *epc; + + if (pcms->sgx_epc =3D=3D NULL || pcms->sgx_epc->nr_sections <=3D secti= on_nr) { + return 1; + } + + epc =3D pcms->sgx_epc->sections[section_nr]; + + *addr =3D epc->addr; + *size =3D memory_device_get_region_size(MEMORY_DEVICE(epc), &error_fat= al); + + return 0; +} + =20 static int sgx_epc_set_property(void *opaque, const char *name, const char *value, Error **errp) diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h index 1f7dd17c17..8d80b34fb7 100644 --- a/include/hw/i386/sgx-epc.h +++ b/include/hw/i386/sgx-epc.h @@ -57,4 +57,6 @@ typedef struct SGXEPCState { =20 extern int sgx_epc_enabled; =20 +int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size); + #endif diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 43e6fdf162..e630e57f03 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -60,6 +60,7 @@ #include "exec/address-spaces.h" #include "hw/i386/apic_internal.h" #include "hw/boards.h" +#include "hw/i386/sgx-epc.h" #endif =20 #include "disas/capstone.h" @@ -5807,6 +5808,25 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,= uint32_t count, *ecx |=3D CPUID_7_0_ECX_OSPKE; } *edx =3D env->features[FEAT_7_0_EDX]; /* Feature flags */ + + /* + * SGX cannot be emulated in software. If hardware does not + * support enabling SGX and/or SGX flexible launch control, + * then we need to update the VM's CPUID values accordingly. + */ + if ((*ebx & CPUID_7_0_EBX_SGX) && + (!kvm_enabled() || + !(kvm_arch_get_supported_cpuid(cs->kvm_state, 0x7, 0, R_E= BX) & + CPUID_7_0_EBX_SGX))) { + *ebx &=3D ~CPUID_7_0_EBX_SGX; + } + + if ((*ecx & CPUID_7_0_ECX_SGX_LC) && + (!(*ebx & CPUID_7_0_EBX_SGX) || !kvm_enabled() || + !(kvm_arch_get_supported_cpuid(cs->kvm_state, 0x7, 0, R_E= CX) & + CPUID_7_0_ECX_SGX_LC))) { + *ecx &=3D ~CPUID_7_0_ECX_SGX_LC; + } } else if (count =3D=3D 1) { *eax =3D env->features[FEAT_7_1_EAX]; *ebx =3D 0; @@ -5942,6 +5962,63 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,= uint32_t count, } break; } + case 0x12: +#ifndef CONFIG_USER_ONLY + if (!kvm_enabled() || + !(env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SGX)) { + *eax =3D *ebx =3D *ecx =3D *edx =3D 0; + break; + } + + /* + * SGX sub-leafs CPUID.0x12.{0x2..N} enumerate EPC sections. Retr= ieve + * the EPC properties, e.g. confidentiality and integrity, from the + * host's first EPC section, i.e. assume there is one EPC section = or + * that all EPC sections have the same security properties. + */ + if (count > 1) { + uint64_t epc_addr, epc_size; + + if (sgx_epc_get_section(count - 2, &epc_addr, &epc_size)) { + *eax =3D *ebx =3D *ecx =3D *edx =3D 0; + break; + } + host_cpuid(index, 2, eax, ebx, ecx, edx); + *eax =3D (uint32_t)(epc_addr & 0xfffff000) | 0x1; + *ebx =3D (uint32_t)(epc_addr >> 32); + *ecx =3D (uint32_t)(epc_size & 0xfffff000) | (*ecx & 0xf); + *edx =3D (uint32_t)(epc_size >> 32); + break; + } + + /* + * SGX sub-leafs CPUID.0x12.{0x0,0x1} are heavily dependent on har= dware + * and KVM, i.e. QEMU cannot emulate features to override what KVM + * supports. Features can be further restricted by userspace, but= not + * made more permissive. + */ + *eax =3D kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, = R_EAX); + *ebx =3D kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, = R_EBX); + *ecx =3D kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, = R_ECX); + *edx =3D kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, = R_EDX); + + if (count =3D=3D 0) { + *eax &=3D env->features[FEAT_SGX_12_0_EAX]; + *ebx &=3D env->features[FEAT_SGX_12_0_EBX]; + } else { + *eax &=3D env->features[FEAT_SGX_12_1_EAX]; + *ebx &=3D 0; /* ebx reserve */ + *ecx &=3D env->features[FEAT_XSAVE_COMP_LO]; + *edx &=3D env->features[FEAT_XSAVE_COMP_HI]; + + /* FP and SSE are always allowed regardless of XSAVE/XCR0. */ + *ecx |=3D XSTATE_FP_MASK | XSTATE_SSE_MASK; + + /* Access to PROVISIONKEY requires additional credentials. */ + *eax &=3D ~(1U << 4); + } +#endif + break; case 0x14: { /* Intel Processor Trace Enumeration */ *eax =3D 0; --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828793; cv=none; d=zohomail.com; s=zohoarc; b=jy/2gVoAlJ9T9Zzz6O4NZb5Ho3vdDS6fhT3+7kLF0ing3qQWcGMqQOq6PqySBrQRLY3bzwQQTatCWph2UxYLI0Apu5KZKQGwccO26QA6BkSxQfWSz0tIQFgGEsyjg/UfUwYVn9q3Y7dP60OcpyN4yEOSGxOs4V1U7NMO4qo/l6A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828793; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=c76wwBlt3BtRUS/SiPEVBcUyvN7TqZzdymkht8gi0UI=; b=XQttWYWdpws8xj4DmPe4QuJXu8RObgJZBlINZ7EI0fl2GAoNPO07sy+BjFKuzSRfF8wTgd5em6VdFl0UsxthYUNV0KdsE95vXPjWIa9Xu1934OzNnYK1jq9gSjOlzgQvVd+wyjtweX7NR9+XE+e+H7fV4jyhm5RrgbGH3Ck67dY= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828793429340.1593651830161; Mon, 19 Apr 2021 03:39:53 -0700 (PDT) Received: from localhost ([::1]:35826 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRJo-0006Ze-9b for importer@patchew.org; Mon, 19 Apr 2021 06:39:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32954) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3c-0004RY-Nd for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:08 -0400 Received: from mga17.intel.com ([192.55.52.151]:24095) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3X-00023F-Dr for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:08 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:51 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:50 -0700 IronPort-SDR: 4aZ8bt53HRdlRAMdO28rctr8k8tLiSSbTqpzvZ/2nLnvKLN3JzGKcBGNYJrO1VMZz+R71LP1vh fKU8BxLCW80g== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409287" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409287" IronPort-SDR: 4gWFyAgqb53kmhsfpX2+Y3v2hiXEZ5q65FyL2543tIfZOtgBeaL4jdIp7d+Ae/09oy1ql6/TrM iuVbpDYF94SQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947396" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 13/32] linux-headers: Add placeholder for KVM_CAP_SGX_ATTRIBUTE Date: Mon, 19 Apr 2021 18:01:37 +0800 Message-Id: <20210419100156.53504-14-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson KVM_CAP_SGX_ATTRIBUTE is a proposed capability for Intel SGX that can be used by userspace to enable privileged attributes, e.g. access to the PROVISIONKEY. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- linux-headers/linux/kvm.h | 1 + 1 file changed, 1 insertion(+) diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h index 020b62a619..0961b03007 100644 --- a/linux-headers/linux/kvm.h +++ b/linux-headers/linux/kvm.h @@ -1056,6 +1056,7 @@ struct kvm_ppc_resize_hpt { #define KVM_CAP_ENFORCE_PV_FEATURE_CPUID 190 #define KVM_CAP_SYS_HYPERV_CPUID 191 #define KVM_CAP_DIRTY_LOG_RING 192 +#define KVM_CAP_SGX_ATTRIBUTE 195 =20 #ifdef KVM_CAP_IRQ_ROUTING =20 --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828467; cv=none; d=zohomail.com; s=zohoarc; b=Q5z5Qcuai3vOISZIxKnQxXf9NXAa9vbM4LxKEEd6XLFpT3kMIAb4vz6385G4GArc1d61ezlZS7mAHy6XrrmK77Jg1wABnpQOzjwNRkporu76RJMsMsgerSAxmbtTiJIPfdsCcL7YJQjp5odcxw7IXKypQ/ofD/54fqjyji5TpTA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828467; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=T1GV6Lslz8FNgxdbRwdFtatmN9LzRmdWM/G+1MLGSy0=; b=LT3GXwzQbos5L4radXAmaNI5pyrdO08cuByWNnL/TVZSer51oWVX5nh5jfLnLjGaHlXb2RFPkD8byn6vTXFIFw+EUnTSK5GSCC0DkPHGUS2WfLrjeDzXTVDmyASA4fYVJZYZz7Ipo6MMLKv+Yqd8cJv2yFz5U4t8TYoqugk/9fM= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828467967634.5122806819973; Mon, 19 Apr 2021 03:34:27 -0700 (PDT) Received: from localhost ([::1]:48306 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYREY-0008Nu-VQ for importer@patchew.org; Mon, 19 Apr 2021 06:34:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33036) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3l-0004YP-Pc for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:18 -0400 Received: from mga17.intel.com ([192.55.52.151]:24099) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3j-00025K-EW for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:17 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:53 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:51 -0700 IronPort-SDR: qCF7uF+6vZnSejGbiPOPaYt1fKtr5cIsfo5FshpdVqCqtx3ErnxX/JR9rAG9WbM8/RzpMTXbps 6KfYIPGNA2yw== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409291" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409291" IronPort-SDR: WBBICG/pWirGeGaxdSZnmGQRlTQEkyFw4PcIIZQLpFV5kAcx3Mqt8t5fLt8AXjPK6YxMzEGIkN f1jp+DtvgRyQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947403" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 14/32] i386: kvm: Add support for exposing PROVISIONKEY to guest Date: Mon, 19 Apr 2021 18:01:38 +0800 Message-Id: <20210419100156.53504-15-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson If the guest want to fully use SGX, the guest needs to be able to access provisioning key. Add a new KVM_CAP_SGX_ATTRIBUTE to KVM to support provisioning key to KVM guests. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- target/i386/cpu.c | 5 ++++- target/i386/kvm/kvm.c | 29 +++++++++++++++++++++++++++++ target/i386/kvm/kvm_i386.h | 2 ++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index e630e57f03..63253bf606 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6015,7 +6015,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,= uint32_t count, *ecx |=3D XSTATE_FP_MASK | XSTATE_SSE_MASK; =20 /* Access to PROVISIONKEY requires additional credentials. */ - *eax &=3D ~(1U << 4); + if ((*eax & (1U << 4)) && + !kvm_enable_sgx_provisioning(cs->kvm_state)) { + *eax &=3D ~(1U << 4); + } } #endif break; diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index fa495a6f9e..648cccd7c2 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -4555,6 +4555,35 @@ void kvm_arch_update_guest_debug(CPUState *cpu, stru= ct kvm_guest_debug *dbg) } } =20 +static bool has_sgx_provisioning; + +static bool __kvm_enable_sgx_provisioning(KVMState *s) +{ + int fd, ret; + + if (!kvm_vm_check_extension(s, KVM_CAP_SGX_ATTRIBUTE)) { + return false; + } + + fd =3D open("/dev/sgx_provision", O_RDONLY); + if (fd < 0) { + return false; + } + + ret =3D kvm_vm_enable_cap(s, KVM_CAP_SGX_ATTRIBUTE, 0, fd); + if (ret) { + error_report("Could not enable SGX PROVISIONKEY: %s", strerror(-re= t)); + exit(1); + } + close(fd); + return true; +} + +bool kvm_enable_sgx_provisioning(KVMState *s) +{ + return MEMORIZE(__kvm_enable_sgx_provisioning(s), has_sgx_provisioning= ); +} + static bool host_supports_vmx(void) { uint32_t ecx, unused; diff --git a/target/i386/kvm/kvm_i386.h b/target/i386/kvm/kvm_i386.h index dc72508389..7bab91aecb 100644 --- a/target/i386/kvm/kvm_i386.h +++ b/target/i386/kvm/kvm_i386.h @@ -50,4 +50,6 @@ bool kvm_hv_vpindex_settable(void); =20 uint64_t kvm_swizzle_msi_ext_dest_id(uint64_t address); =20 +bool kvm_enable_sgx_provisioning(KVMState *s); + #endif --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828273; cv=none; d=zohomail.com; s=zohoarc; b=fmuou8eehihAbpb35cw1mDMQAultqG9x1SycLnhRC/jpdeVNm4CGUNbMS2eAgiQ/UdNOiYUO/ho6N4y9sLg1ovqBCq5jMG13ACs/937PlgPexnyHsZQPJeXITlaHyU3VwaqqE395iSSLGD9E7fPGMCRt9tBLO8HOs0xWqRYDfEM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828273; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=iBjEfTXgciUmVibJ5QJSoRsgc+iGd/k2RuuF7cPRWec=; b=AhVrnDfhnZkSBsk+rLshKF46Fn7rfzz0i+FejLHeAYqi1E950VzulXtamOKHvfNbwXaCXd9x2LVAEGHWXRYlGt/8b7RoidQwY02oVYbMPatftYNtenyuvm6Z7jqvuYpiNjPKVNe4WB5jJUQUdUS6MfRk7ruJr06jZm136XWdERo= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828273147266.1639510010506; Mon, 19 Apr 2021 03:31:13 -0700 (PDT) Received: from localhost ([::1]:39742 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRBQ-0004oh-0C for importer@patchew.org; Mon, 19 Apr 2021 06:31:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33034) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3l-0004X7-5U for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:17 -0400 Received: from mga17.intel.com ([192.55.52.151]:24096) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3j-000256-EV for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:16 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:54 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:53 -0700 IronPort-SDR: NwOPEG12Yc7uM8q+u7uf5d7fMxcArzlbeSMRmS0xIXkbLFOrGxoVowxU3KStqzB125ELnotuHL sjE1mdqPe7kg== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409296" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409296" IronPort-SDR: yDT/zROi3UOJX7KPVtGvC8H0cjAzrzXvAaY5EueuFid9Pm/y8qFFJuQgYUWcdKCthTsXEzMhjB 0Athe4xrzm3Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947407" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 15/32] i386: Propagate SGX CPUID sub-leafs to KVM Date: Mon, 19 Apr 2021 18:01:39 +0800 Message-Id: <20210419100156.53504-16-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson The SGX sub-leafs are enumerated at CPUID 0x12. Indices 0 and 1 are always present when SGX is supported, and enumerate SGX features and capabilities. Indices >=3D2 are directly correlated with the platform's EPC sections. Because the number of EPC sections is dynamic and user defined, the number of SGX sub-leafs is "NULL" terminated. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- target/i386/kvm/kvm.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 648cccd7c2..67770b01cb 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -1615,6 +1615,25 @@ int kvm_arch_init_vcpu(CPUState *cs) } break; case 0x7: + case 0x12: + for (j =3D 0; ; j++) { + c->function =3D i; + c->flags =3D KVM_CPUID_FLAG_SIGNIFCANT_INDEX; + c->index =3D j; + cpu_x86_cpuid(env, i, j, &c->eax, &c->ebx, &c->ecx, &c->ed= x); + + if (j > 1 && (c->eax & 0xf) !=3D 1) { + break; + } + + if (cpuid_i =3D=3D KVM_MAX_CPUID_ENTRIES) { + fprintf(stderr, "cpuid_data is full, no space for " + "cpuid(eax:0x12,ecx:0x%x)\n", j); + abort(); + } + c =3D &cpuid_data.entries[cpuid_i++]; + } + break; case 0x14: { uint32_t times; =20 --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828846; cv=none; d=zohomail.com; s=zohoarc; b=g6OdSaoA0+R85j5vBF9gqPFAC/VMsXYkguAFR9BhzpWu76j+6GvAt/H8BD7PpiDrYAr8s5bfVEPl9GmjKEQ0alFCbh/AJuL9bPjvpvdUME0gRExWCk/g2MSUuAiJWA1lBPTr3jIB2RudTS3egdR2e+I5XqWjBjfa53sUK5SlLQc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828846; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=aLPfqGlcQR3LNqZ8mAdT+iIhPN6gMCnQ7JaY2cz3w9w=; b=ck97WbjmGUcsmfKqVW4IqCCvTd/SBGpxhpETj3R6utlPZ6BUAaXYfSGFOOzr61qI+1jUF0PKX9ZfV+PWNAwIqV5TbS9XbD49g6Ut9roHgQVEDfqcU9RGvMquG1tMuM6iwR/P9pITV+0XTtntZVSCwrIl4rAvGFwOFnSz3/SwL+k= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828846780408.2154798269356; Mon, 19 Apr 2021 03:40:46 -0700 (PDT) Received: from localhost ([::1]:39044 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRKf-0007tE-MJ for importer@patchew.org; Mon, 19 Apr 2021 06:40:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33050) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3o-0004f3-RL for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:20 -0400 Received: from mga17.intel.com ([192.55.52.151]:24095) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3n-00023F-5Z for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:20 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:57 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:54 -0700 IronPort-SDR: 2nk6BSMH2J17IiWFltnlfRK32KsYXfE57Oi1m0EgJfWWFzBNcsNq7Vt61rkwazXymTrVa+1B4P ZplTtID676+w== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409301" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409301" IronPort-SDR: oK02lIhE0kp3n3zu68r5FCb7ihBbxDc9JKR7MiejqBapD3UgIqsdn2RXLC5CD/Gw06WkAOsBln 79mhVhxcRTnA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947414" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 16/32] Adjust min CPUID level to 0x12 when SGX is enabled Date: Mon, 19 Apr 2021 18:01:40 +0800 Message-Id: <20210419100156.53504-17-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson SGX capabilities are enumerated through CPUID_0x12. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- target/i386/cpu.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 63253bf606..41050960c5 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6741,6 +6741,11 @@ static void x86_cpu_expand_features(X86CPU *cpu, Err= or **errp) if (sev_enabled()) { x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F); } + + /* SGX requires CPUID[0x12] for EPC enumeration */ + if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SGX) { + x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x12); + } } =20 /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set = */ --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828227; cv=none; d=zohomail.com; s=zohoarc; b=oEmH7sSZPf3OVtnjPn4qoSa8ZUOBWaOZoM3lDdsJ4xHhd9H4L3gaqcJ84GmBjlm6gTmehF2J75buJvZIkIZzg0ZeRY2aQtsfgWyQmbL7dZohA3NOQjobj0TB+pr0077v7GRmpxgj+QABzIVYYGnLu39KgJeOsd37GY3gW5BiZi0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828227; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=2p4GMvtQP/nmPq85tZN/RhVKajuexI2o2dLmrR6Im58=; b=bfLls1mncHl2yvnbUjfeUIkbyVZuwDAZ97vI4ncT9w/gEixsW6oEkm4NgL99+hIAv0e5VQYBmqyn5Fq08YoV37yLcsDZYrAT9MCx3wqu/HOjYN80RYld4X2EaGDPkK0UPXhP9FevpNZV5zv81jb3yT5cq7baXwv0qgxi7o9G0G8= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828226855325.214538047974; Mon, 19 Apr 2021 03:30:26 -0700 (PDT) Received: from localhost ([::1]:38772 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRAf-0004Qu-OK for importer@patchew.org; Mon, 19 Apr 2021 06:30:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33092) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3x-00051R-6T for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:29 -0400 Received: from mga17.intel.com ([192.55.52.151]:24096) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3v-000256-HN for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:28 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:22:58 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:57 -0700 IronPort-SDR: tHYEMtrm551fSGi/H6FJkRg4Pb8kpUu1j9r8YOyqbAHpB46rMTK5ldmrgWx7uBwVEi/Nco0H+V gpkaLCVbPBNg== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409302" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409302" IronPort-SDR: E/WOXi/BXjshBGAEl7WnIeYVh004t1m4RbEagd/O91zVk59liWU8FKTXN9lykAa3tcgCPWyrjM aArCSIjQkihg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947422" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 17/32] hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly Date: Mon, 19 Apr 2021 18:01:41 +0800 Message-Id: <20210419100156.53504-18-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Request SGX an SGX Launch Control to be enabled in FEATURE_CONTROL when the features are exposed to the guest. Our design is the SGX Launch Control bit will be unconditionally set in FEATURE_CONTROL, which is unlike host bios. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- hw/i386/fw_cfg.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/hw/i386/fw_cfg.c b/hw/i386/fw_cfg.c index e48a54fa36..ec99743c22 100644 --- a/hw/i386/fw_cfg.c +++ b/hw/i386/fw_cfg.c @@ -157,7 +157,7 @@ void fw_cfg_build_feature_control(MachineState *ms, FWC= fgState *fw_cfg) { X86CPU *cpu =3D X86_CPU(ms->possible_cpus->cpus[0].cpu); CPUX86State *env =3D &cpu->env; - uint32_t unused, ecx, edx; + uint32_t unused, ebx, ecx, edx; uint64_t feature_control_bits =3D 0; uint64_t *val; =20 @@ -172,6 +172,14 @@ void fw_cfg_build_feature_control(MachineState *ms, FW= CfgState *fw_cfg) feature_control_bits |=3D FEATURE_CONTROL_LMCE; } =20 + cpu_x86_cpuid(env, 0x7, 0, &unused, &ebx, &ecx, &unused); + if (ebx & CPUID_7_0_EBX_SGX) { + feature_control_bits |=3D FEATURE_CONTROL_SGX; + } + if (ecx & CPUID_7_0_ECX_SGX_LC) { + feature_control_bits |=3D FEATURE_CONTROL_SGX_LC; + } + if (!feature_control_bits) { return; } --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618829080; cv=none; d=zohomail.com; s=zohoarc; b=Taqom0//jTEn9iKQ5HReAhnwYvXRmo2p91v6csoRZczhY1p9sourF9mMnwVu8HFe6M6FALFc0gSQtusge0QskaboBPXzc747VPtq+I6O4otq/nW3fT9306hCDDBRVhRCxgwSG3YVsaXvUNLriHhlu3mHyldNstH4rOoe2CVjrfE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618829080; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=g6kZn3sCJixQlYxVxdHPGg1PQQrvFabgNfZJI7GTB+A=; b=YY0YAgWFpcR2IQa0QMzUj4rdMFEYu2el4JcJG2eKbcP+J+aR/i48xZnjd9lQ9QzPb/71Aphr51yNCLSxwiwZa8Dd48eZtEIpyZO9Hk+KN0scLnMDO3EFGQ3EkqTJEfyCCtnawYgPMZxdA3k4964biUMl2eZVRF7ZxIf7ejFPSWM= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618829080848580.5641872456363; Mon, 19 Apr 2021 03:44:40 -0700 (PDT) Received: from localhost ([::1]:47740 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYROR-0003ER-Ao for importer@patchew.org; Mon, 19 Apr 2021 06:44:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33104) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3z-00056y-4M for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:31 -0400 Received: from mga17.intel.com ([192.55.52.151]:24099) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3x-00025K-AP for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:30 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:00 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:22:59 -0700 IronPort-SDR: lqlZPesf6KZcKnOzMMIJG5Wy+oabixVJIaNIz4FCUAzRX/QGL8mHB79tZGVGXwaAlhGPCRn3qh rbmEOopFoxUg== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409305" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409305" IronPort-SDR: gtBxgpJey6bft0aCNRy9wgW+wq0xPlJvphm2F7iW/+FHi83vrADdnGoQd0j03/Ljo6Txls3FIH 44HszqwbozMQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947427" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 18/32] hw/i386/pc: Account for SGX EPC sections when calculating device memory Date: Mon, 19 Apr 2021 18:01:42 +0800 Message-Id: <20210419100156.53504-19-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Add helpers to detect if SGX EPC exists above 4g, and if so, where SGX EPC above 4g ends. Use the helpers to adjust the device memory range if SGX EPC exists above 4g. For multiple virtual EPC sections, we just put them together physically contiguous for the simplicity because we don't support EPC NUMA affinity now. Once the SGX EPC NUMA support in the kernel SGX driver, we will support this in the future. Note that SGX EPC is currently hardcoded to reside above 4g. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- hw/i386/pc.c | 11 ++++++++++- include/hw/i386/sgx-epc.h | 12 ++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 8a84b25a03..ca8ec072bc 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -925,8 +925,15 @@ void pc_memory_init(PCMachineState *pcms, exit(EXIT_FAILURE); } =20 + if (sgx_epc_above_4g(pcms->sgx_epc)) { + machine->device_memory->base =3D sgx_epc_above_4g_end(pcms->sg= x_epc); + } else { + machine->device_memory->base =3D + 0x100000000ULL + x86ms->above_4g_mem_size; + } + machine->device_memory->base =3D - ROUND_UP(0x100000000ULL + x86ms->above_4g_mem_size, 1 * GiB); + ROUND_UP(machine->device_memory->base, 1 * GiB); =20 if (pcmc->enforce_aligned_dimm) { /* size device region assuming 1G page max alignment per slot = */ @@ -1011,6 +1018,8 @@ uint64_t pc_pci_hole64_start(void) if (!pcmc->broken_reserved_end) { hole64_start +=3D memory_region_size(&ms->device_memory->mr); } + } else if (sgx_epc_above_4g(pcms->sgx_epc)) { + hole64_start =3D sgx_epc_above_4g_end(pcms->sgx_epc); } else { hole64_start =3D 0x100000000ULL + x86ms->above_4g_mem_size; } diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h index 8d80b34fb7..3d3eab5074 100644 --- a/include/hw/i386/sgx-epc.h +++ b/include/hw/i386/sgx-epc.h @@ -59,4 +59,16 @@ extern int sgx_epc_enabled; =20 int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size); =20 +static inline bool sgx_epc_above_4g(SGXEPCState *sgx_epc) +{ + return sgx_epc !=3D NULL; +} + +static inline uint64_t sgx_epc_above_4g_end(SGXEPCState *sgx_epc) +{ + assert(sgx_epc !=3D NULL && sgx_epc->base >=3D 0x100000000ULL); + + return sgx_epc->base + sgx_epc->size; +} + #endif --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828657; cv=none; d=zohomail.com; s=zohoarc; b=OD2i0BDukKDh6E0b740rgoGnAmVODFmX7xHCnTimDafz4H9lwfAgT3Ua2CwNxSVXiOF4+ZsKlS2KMhtAvWoHZPImsmfntzkYyfzEjOdEnBlmlVdCLMMBTNoaMmscSw0rFc1jlgFU9JzvHzNMxvan0ZmMfRsY0mG7ye0jb5AfsYk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828657; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Lu+sX9WkQ7kxtFclNC+nIAn9VatZBMO8857cLE0psEk=; b=LvwAg+8YWHGgFl4S7LrslD9eGLgo4Cr/is4ePZRbqdcydGUg81hYZk4Scnszexd/MC+SIrePeGF9KVI4PwzsKSXTikFH90XUYMpPsjkZrMwHun8qowR+6gZ9jKkDsW+rezxFoop5uxs+nQlQ3dfb0H2vZPcQbeMa3zp8XxFO0Zw= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 161882865781758.0360643500544; Mon, 19 Apr 2021 03:37:37 -0700 (PDT) Received: from localhost ([::1]:56844 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRHc-0003Zs-St for importer@patchew.org; Mon, 19 Apr 2021 06:37:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33116) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR40-0005BQ-Rh for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:32 -0400 Received: from mga17.intel.com ([192.55.52.151]:24095) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR3z-00023F-5G for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:32 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:02 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:00 -0700 IronPort-SDR: S4S6mf8CZC4aKz0dqO43bUM2AeC0iAFSy+HPfLn1VsVXzJejlWZc+GQoU5VcmXsi2WVqdF0hZ1 SA9D1nD1z92A== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409306" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409306" IronPort-SDR: FarG/DSQwPJAdxBroFEaUBhO8F6rJTOdYPTpUpXKwtEGRRAiIXkRbmxIHIIR7Re5VTvXFcUE2K CXIuPVf4zlNQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947442" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 19/32] i386/pc: Add e820 entry for SGX EPC section(s) Date: Mon, 19 Apr 2021 18:01:43 +0800 Message-Id: <20210419100156.53504-20-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Note that SGX EPC is currently guaranteed to reside in a single contiguous chunk of memory regardless of the number of EPC sections. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- hw/i386/pc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index ca8ec072bc..d556eaca25 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -895,6 +895,10 @@ void pc_memory_init(PCMachineState *pcms, e820_add_entry(0x100000000ULL, x86ms->above_4g_mem_size, E820_RAM); } =20 + if (pcms->sgx_epc !=3D NULL) { + e820_add_entry(pcms->sgx_epc->base, pcms->sgx_epc->size, E820_RESE= RVED); + } + if (!pcmc->has_reserved_memory && (machine->ram_slots || (machine->maxram_size > machine->ram_size))) { --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828455; cv=none; d=zohomail.com; s=zohoarc; b=mYae8/Jf4SdXmSYjTDKpstno3G97nl2fpopGztQKRrikI0++9msWL9E4wdmxQTMZ/iIfHpaBL4/szj5a0OmtvPGo99AGCOS5eztLKB86nyjPJ4lnyaobrREDbwyaY56Ssu3xOiebo0ESQvHW6J23+J8c0zMSU32VKv9DLYC2sFo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828455; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=lWH1GzrKjIDxobtWIBtiNyIOKNhMLxxTGj361uzJj24=; b=l1hPYrJjvXiOfIsfmljHuCTzkGD9tMNtsAROI8H+LJE4p/G+nloc/s0WnuzmNWANC4KxmTbZs5DpJBg2xDYaCJrdpJZeKdwHH54hhC0o+k30ZlM/4Ol2NgSc2MGxUrZip3VS42gsscRKKQhhUguoTboz8HTWiGRglT3WBE3uHLk= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828455633803.988157731458; Mon, 19 Apr 2021 03:34:15 -0700 (PDT) Received: from localhost ([::1]:47334 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYREM-000802-IN for importer@patchew.org; Mon, 19 Apr 2021 06:34:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33130) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4B-0005J6-6I for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:43 -0400 Received: from mga17.intel.com ([192.55.52.151]:24096) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR47-000256-Rv for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:42 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:04 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:02 -0700 IronPort-SDR: 7wy/7/+UTd6p0HyFwxvk1FN1Lyc+LY2u2U2C1gm5JLPl2lmTsOyYiN/4JbR8moonY3FiaVLjw0 p1nHFa8274Dg== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409307" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409307" IronPort-SDR: AN643GotivLEDtuyQXR4Qhz5gQBoUuRQfl9K9K3SMoUBWT0+4zJkgb+J+3qKn1nV4MnMdGeGbO zixKwKopmUNw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947454" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 20/32] i386: acpi: Add SGX EPC entry to ACPI tables Date: Mon, 19 Apr 2021 18:01:44 +0800 Message-Id: <20210419100156.53504-21-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson The ACPI Device entry for SGX EPC is essentially a hack whose primary purpose is to provide software with a way to autoprobe SGX support, e.g. to allow software to implement SGX support as a driver. Details on the individual EPC sections are not enumerated through ACPI tables, i.e. software must enumerate the EPC sections via CPUID. Furthermore, software expects to see only a single EPC Device in the ACPI tables regardless of the number of EPC sections in the system. However, several versions of Windows do rely on the ACPI tables to enumerate the address and size of the EPC. So, regardless of the number of EPC sections exposed to the guest, create exactly *one* EPC device with a _CRS entry that spans the entirety of all EPC sections (which are guaranteed to be contiguous in Qemu). Note, NUMA support for EPC memory is intentionally not considered as enumerating EPC NUMA information is not yet defined for bare metal. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- hw/i386/acpi-build.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c index de98750aef..cbcf6ba740 100644 --- a/hw/i386/acpi-build.c +++ b/hw/i386/acpi-build.c @@ -1801,6 +1801,28 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, aml_append(sb_scope, dev); } =20 + if (pcms->sgx_epc) { + uint64_t epc_base =3D pcms->sgx_epc->base; + uint64_t epc_size =3D pcms->sgx_epc->size; + + dev =3D aml_device("EPC"); + aml_append(dev, aml_name_decl("_HID", aml_eisaid("INT0E0C"))); + aml_append(dev, aml_name_decl("_STR", + aml_unicode("Enclave Page Cache 1.0"= ))); + crs =3D aml_resource_template(); + aml_append(crs, + aml_qword_memory(AML_POS_DECODE, AML_MIN_FIXED, + AML_MAX_FIXED, AML_NON_CACHEABLE, + AML_READ_WRITE, 0, epc_base, + epc_base + epc_size - 1, 0, epc_size)); + aml_append(dev, aml_name_decl("_CRS", crs)); + + method =3D aml_method("_STA", 0, AML_NOTSERIALIZED); + aml_append(method, aml_return(aml_int(0x0f))); + aml_append(dev, method); + + aml_append(sb_scope, dev); + } aml_append(dsdt, sb_scope); =20 /* copy AML table into ACPI tables blob and patch header there */ --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618829236; cv=none; d=zohomail.com; s=zohoarc; b=KsbGLO2a28tOliOkFOzoqL3HXbXlV2EGnpuub8+AMDFQKQiCZ4jyr8yqYss/GezvH82p2qYVlAD6wCz1spOQXftXdXUBDOMO6xh4binhIrOaRm/wp5wU1pxcl0k6ikCOTqJ121h1DhTz2RDbdKo32Rl/mUO/lSmRhoFjGGAg6Ms= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618829236; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=VNTCGFQeBUeWMQJ/mPQYBRwF4BpycS2N5+d/qITajv4=; b=UhwgmeJV8WFaGwduFmr/ev1Z1pFHr1K6IYhizs1h+im+8SScqujCVGTwnHjL5DR+okCYwe7P+XEZ0mIRdQRjTM5wI6jHLNZcmCMVOyC/gYS86pwMVLK6EdeiNwdIjbBABIuAL3kiu93vfwymUzPLh3/KUIS/s7yl4CSGDIkEP8w= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618829236110970.8656509646003; Mon, 19 Apr 2021 03:47:16 -0700 (PDT) Received: from localhost ([::1]:56230 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRQx-0006kQ-2C for importer@patchew.org; Mon, 19 Apr 2021 06:47:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33150) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4D-0005K5-Ie for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:45 -0400 Received: from mga17.intel.com ([192.55.52.151]:24099) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR49-00025K-GE for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:45 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:05 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:04 -0700 IronPort-SDR: kmOrTzQ+tnY6UyapE1sUpwdwPFzuL71AZuRq9B/IKZs/J+J9RXf4+KAvrBWduJgA1nEpNaVHOp qcNxRDhd1TCw== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409313" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409313" IronPort-SDR: P0OAE7a8yEV2RS+Mw0MXyaPPz47cGLhU8DfTZFZqXQeVKU1QWwZ+HkjmfWhLT0cC2E8oTJTUAN QAuztnixansw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947460" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 21/32] q35: Add support for SGX EPC Date: Mon, 19 Apr 2021 18:01:45 +0800 Message-Id: <20210419100156.53504-22-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Enable SGX EPC virtualization, which is currently only support by KVM. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- hw/i386/pc_q35.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c index 53450190f5..e7af29a94b 100644 --- a/hw/i386/pc_q35.c +++ b/hw/i386/pc_q35.c @@ -177,6 +177,9 @@ static void pc_q35_init(MachineState *machine) x86ms->below_4g_mem_size =3D machine->ram_size; } =20 + if (sgx_epc_enabled) { + pc_machine_init_sgx_epc(pcms); + } x86_cpus_init(x86ms, pcmc->default_cpu_version); =20 kvmclock_create(pcmc->kvmclock_create_always); --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828622; cv=none; d=zohomail.com; s=zohoarc; b=ep3LYRbt3n9t+7kvfRnqJm57xPPwgsQ/95jqPPIquMNVG3FUticum/3gUDvWGNKsN2XVQGVI1aIOIQTYzyUuuX9tdir2zySZomY7HdRE1qPVHzlIPHvEkso72cQF5L6DRnCh92vm2A4i/TtMnCjs9BdKBW7I2fGrsAv1oTgpFX0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828622; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=OOTZkeL6ER1qfFTczjrzRJf6yqjh4tnnFyMW6tdGis8=; b=NqWtrzI5syx8q1oanxTfwTiK7aNP7E9PXStX2BPzJBGTqKYLTzuCH1XftCUQ0qJqCovtqQX8EBm9bjsYRIrbFjWjK8Hd4QEt041VzaeA4RR0NlHrYupsF1z1t9KSfCcogCMKrJJVDyAP6Up4cfYBrCPdrC0v5kkIidm1JgswXwQ= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828622131765.7035461222956; Mon, 19 Apr 2021 03:37:02 -0700 (PDT) Received: from localhost ([::1]:55868 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRH3-0003BI-1y for importer@patchew.org; Mon, 19 Apr 2021 06:37:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33152) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4F-0005Lr-5f for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:47 -0400 Received: from mga17.intel.com ([192.55.52.151]:24095) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4B-00023F-5p for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:46 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:07 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:05 -0700 IronPort-SDR: 2NV9IvK5v4Ge8sqlwDOW05iRwbf6gv4tySYaJI1RaEO3+/DAXX9hey20d8pvTL45+ub1gRK4+h 81HWfHjyRhsw== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409315" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409315" IronPort-SDR: N4bzAE+PV5HpvW2AnWItay7CRSlCxHN2nrVb+Nahg8ROKk8hCPfRqhJlC+LZBhO5UVVsHMhX+L mEH24XwE0kgA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947467" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 22/32] i440fx: Add support for SGX EPC Date: Mon, 19 Apr 2021 18:01:46 +0800 Message-Id: <20210419100156.53504-23-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Enable SGX EPC virtualization, which is currently only support by KVM. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- hw/i386/pc_piix.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 46cc951073..7ced457146 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -156,6 +156,10 @@ static void pc_init1(MachineState *machine, } } =20 + if (sgx_epc_enabled) { + pc_machine_init_sgx_epc(pcms); + } + x86_cpus_init(x86ms, pcmc->default_cpu_version); =20 if (pcmc->kvmclock_enabled) { --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828810; cv=none; d=zohomail.com; s=zohoarc; b=Tvs2sINIHIMx0n+076/DJkWmwU4ecJsRyKNNL4g4kWG5Uii+SS7Y0siAa89oMtKKGUoMTkemFGdOkE7EUFWRw/CxgRrcQEQY8MT9xJTbgRIqsrmIWBOBQ+rs6IQSD922oK43D9H8Ez+KI6o/Pl87y0jaXLNGqfGMKeaNzEefZvg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828810; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=AcWIjvZDjF+BeuZeRBhqd8b1G0ZdzY8qsF5EPQksGvA=; b=gvezFyBeSw8wN6uWOOfmz8UjkkWzoFHQif169/QJHGDP2DA9UT0zxXYa/RGWIoWGzFMfKqZfhbwwugKgVp9sB6rVhrYvYnACcWdo5QAqVnrHT0jM0scuysr1Ci9T+zh0ZGCQE2S5qAqyqG7FlOq1K8nPSlduSpDLgMokpOi355c= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828810867927.473273580884; Mon, 19 Apr 2021 03:40:10 -0700 (PDT) Received: from localhost ([::1]:37246 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRK5-00078q-Ps for importer@patchew.org; Mon, 19 Apr 2021 06:40:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33164) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4N-0005Zq-BL for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:55 -0400 Received: from mga17.intel.com ([192.55.52.151]:24096) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4L-000256-HX for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:55 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:08 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:07 -0700 IronPort-SDR: YRm0piIJEgbph+a3iUhNxM69y1THg1RTUG6AtkFF0/2phhBW0UN4fy1Tmh27oBGgAR1gqDq0Oo xrx3BAvnnUmA== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409318" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409318" IronPort-SDR: gaLT3Up4IDkW1r6B4Kc7NsDc3oi15fgpH9iK4LwbqIsOIPI2KeT0jZHf/omEDR/VSTzlB2bWhx 5EsefbT4ZStA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947480" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 23/32] hostmem: Add the reset interface for EPC backend reset Date: Mon, 19 Apr 2021 18:01:47 +0800 Message-Id: <20210419100156.53504-24-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" Add the sgx_memory_backend_reset() interface to handle EPC backend reset when VM is reset. This reset function will destroy previous backend memory region and re-mmap the EPC section for guest. Signed-off-by: Yang Zhong --- backends/hostmem-epc.c | 16 ++++++++++++++++ include/hw/i386/pc.h | 2 ++ 2 files changed, 18 insertions(+) diff --git a/backends/hostmem-epc.c b/backends/hostmem-epc.c index 627318c0a6..c193bf6133 100644 --- a/backends/hostmem-epc.c +++ b/backends/hostmem-epc.c @@ -16,6 +16,7 @@ #include "qom/object_interfaces.h" #include "qapi/error.h" #include "sysemu/hostmem.h" +#include "hw/i386/pc.h" =20 #define TYPE_MEMORY_BACKEND_EPC "memory-backend-epc" =20 @@ -53,6 +54,21 @@ sgx_epc_backend_memory_alloc(HostMemoryBackend *backend,= Error **errp) g_free(name); } =20 +void sgx_memory_backend_reset(HostMemoryBackend *backend, int fd, + Error **errp) +{ + MemoryRegion *mr =3D &backend->mr; + + mr->enabled =3D false; + + /* destroy the old memory region if it exist */ + if (fd > 0 && mr->destructor) { + mr->destructor(mr); + } + + sgx_epc_backend_memory_alloc(backend, errp); +} + static void sgx_epc_backend_instance_init(Object *obj) { HostMemoryBackend *m =3D MEMORY_BACKEND(obj); diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index 71e2fc6f26..44b8c5d271 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -202,6 +202,8 @@ void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid, =20 /* sgx-epc.c */ void pc_machine_init_sgx_epc(PCMachineState *pcms); +void sgx_memory_backend_reset(HostMemoryBackend *backend, int fd, + Error **errp); =20 extern GlobalProperty pc_compat_5_2[]; extern const size_t pc_compat_5_2_len; --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618829002; cv=none; d=zohomail.com; s=zohoarc; b=Q32lVkuCwoNQ4EpJGG6F9RoLBkMlPYqWhjmNghZaYez8OMmkJpJcgQt3y8Jq+m2Q8DlNYxZKuBEnghc8QnxdXsJFNx6tqedFH7m9ceX8n7dDXTxNMrWS95M8TRIS21dOidNxiuoiwD5bmsaDMo8o+kOwgCZAjR+ZWtyxsi0y5T0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618829002; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=utMmSCKm1cLSMItKVAo3NQo+/BKZOd10FHlRUI9ZFHw=; b=Zc7aq73vss+wCgeKUtOWH6Gwro+CD6O3/TzYmIxtTnW4876Fp/ZXvq+5jGcniNjYsUtE+KKaV6zSBIRfiyr1tjwvp6CAsUgbFRlomOEXhIvBE+CdnctuA1nEG1d7r7G1XX0SzIguriNDGzq2VOzuJRzMGyLR341gFG8aEEbta0M= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618829002158958.6384280080318; Mon, 19 Apr 2021 03:43:22 -0700 (PDT) Received: from localhost ([::1]:44590 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRNB-0001wB-0w for importer@patchew.org; Mon, 19 Apr 2021 06:43:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33202) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4Q-0005jb-Va for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:58 -0400 Received: from mga17.intel.com ([192.55.52.151]:24099) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4P-00025K-0J for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:58 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:10 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:08 -0700 IronPort-SDR: v5rgptbHQmlscMEGYOlX4s9eQnAmGZ1i01xqnKsLfayKUC+Iqo823VCBfdMss1CLzGPRPZPh9F 6y+ppx0Jldgw== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409325" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409325" IronPort-SDR: mqEIN4xGtnXkTMVmHzLyWirWBvtV0zzYGHJxkvJuD2dnThjtT3UC/0V/I2vrGaGJJWyr0ABadT bZrGj9TYLXiA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947484" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 24/32] sgx-epc: Add the reset interface for sgx-epc virt device Date: Mon, 19 Apr 2021 18:01:48 +0800 Message-Id: <20210419100156.53504-25-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" If the VM is reset, we need make sure sgx virt epc in clean status. Once the VM is reset, and sgx epc virt device will be reseted by reset callback registered by qemu_register_reset(). Since this epc virt device depend on backend, this reset will call backend reset interface to re-mmap epc to guest. Signed-off-by: Yang Zhong --- hw/i386/sgx-epc.c | 94 ++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 81 insertions(+), 13 deletions(-) diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c index d5ba7bb68c..fbacec6e00 100644 --- a/hw/i386/sgx-epc.c +++ b/hw/i386/sgx-epc.c @@ -23,6 +23,9 @@ #include "qemu/units.h" #include "target/i386/cpu.h" #include "exec/address-spaces.h" +#include "sysemu/reset.h" + +uint32_t epc_num; =20 static Property sgx_epc_properties[] =3D { DEFINE_PROP_UINT64(SGX_EPC_ADDR_PROP, SGXEPCDevice, addr, 0), @@ -52,12 +55,84 @@ static void sgx_epc_init(Object *obj) NULL, NULL, NULL); } =20 +static void sgx_epc_del_subregion(DeviceState *dev) +{ + PCMachineState *pcms =3D PC_MACHINE(qdev_get_machine()); + SGXEPCState *sgx_epc =3D pcms->sgx_epc; + SGXEPCDevice *epc =3D SGX_EPC(dev); + + /* del subregion and related operations */ + memory_region_del_subregion(&sgx_epc->mr, + host_memory_backend_get_memory(epc->hostme= m)); + host_memory_backend_set_mapped(epc->hostmem, false); + g_free(sgx_epc->sections); + sgx_epc->sections =3D NULL; + + /* multiple epc devices, only zero the first time */ + if (epc_num =3D=3D sgx_epc->nr_sections) { + sgx_epc->size =3D 0; + sgx_epc->nr_sections =3D 0; + } +} + +static void sgx_epc_initialization(DeviceState *dev) +{ + PCMachineState *pcms =3D PC_MACHINE(qdev_get_machine()); + SGXEPCState *sgx_epc =3D pcms->sgx_epc; + MemoryDeviceState *md =3D MEMORY_DEVICE(dev); + SGXEPCDevice *epc =3D SGX_EPC(dev); + Error *errp =3D NULL; + + if (!epc->hostmem) { + error_setg(&errp, "'" SGX_EPC_MEMDEV_PROP "' property is not set"); + return; + } + + epc->addr =3D sgx_epc->base + sgx_epc->size; + + memory_region_add_subregion(&sgx_epc->mr, epc->addr - sgx_epc->base, + host_memory_backend_get_memory(epc->hostme= m)); + + host_memory_backend_set_mapped(epc->hostmem, true); + + sgx_epc->sections =3D g_renew(SGXEPCDevice *, sgx_epc->sections, + sgx_epc->nr_sections + 1); + sgx_epc->sections[sgx_epc->nr_sections++] =3D epc; + + sgx_epc->size +=3D memory_device_get_region_size(md, &errp); +} + +static void sgx_epc_reset(void *opaque) +{ + DeviceState *dev =3D opaque; + SGXEPCDevice *epc =3D SGX_EPC(dev); + Error *errp =3D NULL; + int fd; + + if (!epc->hostmem) { + error_setg(&errp, "'" SGX_EPC_MEMDEV_PROP "' property is not set"); + return; + } + + /* delete subregion and related operations */ + sgx_epc_del_subregion(dev); + + /* reset sgx backend */ + fd =3D memory_region_get_fd(host_memory_backend_get_memory(epc->hostme= m)); + sgx_memory_backend_reset(epc->hostmem, fd, &errp); + if (errp) { + error_setg(&errp, "failed to call sgx_memory_backend_reset"); + return; + } + + /* re-add subregion and related operations */ + sgx_epc_initialization(dev); +} + static void sgx_epc_realize(DeviceState *dev, Error **errp) { PCMachineState *pcms =3D PC_MACHINE(qdev_get_machine()); X86MachineState *x86ms =3D X86_MACHINE(pcms); - MemoryDeviceState *md =3D MEMORY_DEVICE(dev); - SGXEPCState *sgx_epc =3D pcms->sgx_epc; SGXEPCDevice *epc =3D SGX_EPC(dev); const char *path; =20 @@ -76,18 +151,11 @@ static void sgx_epc_realize(DeviceState *dev, Error **= errp) return; } =20 - epc->addr =3D sgx_epc->base + sgx_epc->size; - - memory_region_add_subregion(&sgx_epc->mr, epc->addr - sgx_epc->base, - host_memory_backend_get_memory(epc->hostme= m)); - - host_memory_backend_set_mapped(epc->hostmem, true); - - sgx_epc->sections =3D g_renew(SGXEPCDevice *, sgx_epc->sections, - sgx_epc->nr_sections + 1); - sgx_epc->sections[sgx_epc->nr_sections++] =3D epc; + sgx_epc_initialization(dev); + epc_num++; =20 - sgx_epc->size +=3D memory_device_get_region_size(md, errp); + /* register the reset callback for sgx reset */ + qemu_register_reset(sgx_epc_reset, dev); } =20 static void sgx_epc_unrealize(DeviceState *dev) --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618829379; cv=none; d=zohomail.com; s=zohoarc; b=TRz3EnAHOKDPEK5IuwdbLHuisnRTQIHuRgrv6rNpsNSIkGIoorN7JSwz9gIe2UqJHkNXbVvmMbVlxAwDuNB3w/AJfKsNAHo1t8vFMJCIO8ORuKX+HMaEjNtI514KXIBvYlWo9L8w5H9mP8ND0RkODFNxPSwo7hZOuNmF7V9IG50= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618829379; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=eY8GvzrZeFdbe+vWXXyt+8wfCOKhq44dXlOjN2S7Qsg=; b=n8utX34NJ/PEbMNk73WE+CMQVfeWDeZ0zkX0l5gzFQCQnWD++qm7KcAniKvclYVSJKPJlinQGI8uZD3CwHYWkGTWYEesbjB9SF0gPZsWHtR2v9jibW9XdKP1OtAGQlxMYkv/EPJqAVTLzhpDRzZbtvFOv0wWvnBxVKBDiaBHyxI= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618829379578215.83884027383215; Mon, 19 Apr 2021 03:49:39 -0700 (PDT) Received: from localhost ([::1]:35644 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRTG-0001P0-Gu for importer@patchew.org; Mon, 19 Apr 2021 06:49:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33206) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4R-0005m8-Tv for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:59 -0400 Received: from mga17.intel.com ([192.55.52.151]:24095) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4P-00023F-IG for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:23:59 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:12 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:10 -0700 IronPort-SDR: BBt6fpWYebaxAmUb17D9mWoiua8whiyYWRka89FWezj6t7X/xrXuezL83lRTsUaDIsxpw2WHfs DqHxBGT6JTeg== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409327" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409327" IronPort-SDR: BW5SY/dDQFmNkMA9gg0yA5gi7cniiZ9FuMYh/7kFars5LLQXRs7iptDdhmbQ0dP0Km/X/c8gEf ph8ODCd4JaoQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947495" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 25/32] qmp: Add query-sgx command Date: Mon, 19 Apr 2021 18:01:49 +0800 Message-Id: <20210419100156.53504-26-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" This QMP query command can be used by some userspaces to retrieve the SGX information when SGX is enabled on Intel platform. Signed-off-by: Yang Zhong --- monitor/qmp-cmds.c | 6 ++++++ qapi/misc.json | 42 ++++++++++++++++++++++++++++++++++++++ tests/qtest/qmp-cmd-test.c | 1 + 3 files changed, 49 insertions(+) diff --git a/monitor/qmp-cmds.c b/monitor/qmp-cmds.c index f7d64a6457..d63d59149f 100644 --- a/monitor/qmp-cmds.c +++ b/monitor/qmp-cmds.c @@ -351,3 +351,9 @@ void qmp_display_reload(DisplayReloadOptions *arg, Erro= r **errp) abort(); } } + +SGXInfo *qmp_query_sgx(Error **errp) +{ + error_setg(errp, QERR_FEATURE_DISABLED, "query-sgx"); + return NULL; +} diff --git a/qapi/misc.json b/qapi/misc.json index 156f98203e..112a2f71cf 100644 --- a/qapi/misc.json +++ b/qapi/misc.json @@ -519,3 +519,45 @@ 'data': { '*option': 'str' }, 'returns': ['CommandLineOptionInfo'], 'allow-preconfig': true } + +## +# @SGXInfo: +# +# Information about intel Safe Guard eXtension (SGX) support +# +# @sgx: true if SGX is support +# +# @sgx1: true if SGX1 is support +# +# @sgx2: true if SGX2 is support +# +# @flc: true if FLC is support +# +# @section-size: The EPC section size for guest +# +# Since: 5.1 +## +{ 'struct': 'SGXInfo', + 'data': { 'sgx': 'bool', + 'sgx1': 'bool', + 'sgx2': 'bool', + 'flc': 'bool', + 'section-size': 'uint64'}} + +## +# @query-sgx: +# +# Returns information about SGX +# +# Returns: @SGXInfo +# +# Since: 5.1 +# +# Example: +# +# -> { "execute": "query-sgx" } +# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, +# "flc": true, "section-size" : 0 } } +# +## +{ 'command': 'query-sgx', 'returns': 'SGXInfo' } diff --git a/tests/qtest/qmp-cmd-test.c b/tests/qtest/qmp-cmd-test.c index c98b78d033..b75f3364f3 100644 --- a/tests/qtest/qmp-cmd-test.c +++ b/tests/qtest/qmp-cmd-test.c @@ -100,6 +100,7 @@ static bool query_is_ignored(const char *cmd) /* Success depends on Host or Hypervisor SEV support */ "query-sev", "query-sev-capabilities", + "query-sgx", NULL }; int i; --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618828797; cv=none; d=zohomail.com; s=zohoarc; b=PWr9ZgEhg+Ql7gBHrzjRdOeywsoeAXBlRmIqXxL6ilUZw+KnQmFO+poOPwh4Y7lWVT0L2UsGS9KeGCXxw1p65eVycUCPOe0zWIcvkcw8OTSk15sT/DBUUzNhsLxeV75HoqctqqZIu8cD2pBKeHl0su4OFSHTLubbkHuFNl6W/8o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618828797; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=2AKwZrvBhJr9gArmce0lPAyxEOlUZrWMy/yyecb9tsA=; b=cP9CVjgm/66f2Fv5DRbnUopRNteg5JYib1F7oms/6wpY4mONmM0tKs5lH/PNQpCsMElICEVKCbFLOar5re/5iYJOxpma8ZOpUJeDbo/Fv8C7MMTqbcikjSHJR4wM6KF7u66w/IFUzpCdtjQDgaZwIbzVZSjHLZdGiPjgLKVVq8o= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618828797207775.0471094162119; Mon, 19 Apr 2021 03:39:57 -0700 (PDT) Received: from localhost ([::1]:36210 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRJs-0006jb-4A for importer@patchew.org; Mon, 19 Apr 2021 06:39:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33238) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4Z-00066G-J7 for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:07 -0400 Received: from mga17.intel.com ([192.55.52.151]:24096) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4X-000256-Oh for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:07 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:13 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:12 -0700 IronPort-SDR: 2LXc8IynUR/BDTx6isR6t6pP2dh7p/MA9W3c+k3t9qUHFG9yIluQ4mo6zTQmPgcsg+VhABWPnR d/CCLzcXDM0A== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409330" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409330" IronPort-SDR: renqvlWVlmf4Mu7gTuJGmJp0misrsehkHQwiV9vc8qLkdGKgqvfwDTU0KMitNJ8F4bcORTujDh /PdVe6nSH4Fg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947507" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 26/32] hmp: Add 'info sgx' command Date: Mon, 19 Apr 2021 18:01:50 +0800 Message-Id: <20210419100156.53504-27-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" The command can be used to show the SGX information in the monitor when SGX is enabled on intel platform. Signed-off-by: Yang Zhong --- hmp-commands-info.hx | 15 +++++++++++++++ include/monitor/hmp.h | 1 + monitor/hmp-cmds.c | 6 ++++++ 3 files changed, 22 insertions(+) diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx index ab0c7aa5ee..20fbca18cd 100644 --- a/hmp-commands-info.hx +++ b/hmp-commands-info.hx @@ -880,3 +880,18 @@ SRST ``info replay`` Display the record/replay information: mode and the current icount. ERST + +#if defined(TARGET_I386) + { + .name =3D "sgx", + .args_type =3D "", + .params =3D "", + .help =3D "show intel SGX information", + .cmd =3D hmp_info_sgx, + }, +#endif + +SRST + ``info sgx`` + Show intel SGX information. +ERST diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h index 605d57287a..a65cf71100 100644 --- a/include/monitor/hmp.h +++ b/include/monitor/hmp.h @@ -129,5 +129,6 @@ void hmp_info_replay(Monitor *mon, const QDict *qdict); void hmp_replay_break(Monitor *mon, const QDict *qdict); void hmp_replay_delete_break(Monitor *mon, const QDict *qdict); void hmp_replay_seek(Monitor *mon, const QDict *qdict); +void hmp_info_sgx(Monitor *mon, const QDict *qdict); =20 #endif diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c index 0ad5b77477..1d1efca713 100644 --- a/monitor/hmp-cmds.c +++ b/monitor/hmp-cmds.c @@ -2226,3 +2226,9 @@ void hmp_info_memory_size_summary(Monitor *mon, const= QDict *qdict) } hmp_handle_error(mon, err); } + +void hmp_info_sgx(Monitor *mon, const QDict *qdict) +{ + error_setg(errp, QERR_FEATURE_DISABLED, "query-sgx"); + return NULL; +} --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618829014; cv=none; d=zohomail.com; s=zohoarc; b=SOzW4jIJXmg175Vq7wRuNSHC02Cpf4t8fkBZQrzwygraqV4ViqtMAoZ1ubElRI8mSZyjBdV9txUDQEnEpnNlf7VCJ1JrhpoAEU8kZZE7a9J26mA8sFxCMTIFZiIqO7XYDkEkTDdJWhVmFdk2gLWXICPhZmBXqQFqzBXIu9niqXM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618829014; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=oGyIrejkmftw7WIMo45kyRORLiycRfqxfkh6R+zBnmc=; b=mXBDJ1IjPBEFYFKxQ/+ohIYUEm2EmXyZG5eHRMAVFS6RUs6fOcBmNUuSceROvIBVjww1KT2yNRqqB89RQoA/0UurP80xV7PVSmUoqU8KjndmWi/6dHroZk/fd178Kx8HN735kWdGiovU5Dtg5RA+vdeGghUjVVIUgA42vW874Qk= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618829014457232.59164398657288; Mon, 19 Apr 2021 03:43:34 -0700 (PDT) Received: from localhost ([::1]:45930 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRNN-0002Ur-DG for importer@patchew.org; Mon, 19 Apr 2021 06:43:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33268) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4e-0006LV-V4 for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:12 -0400 Received: from mga17.intel.com ([192.55.52.151]:24099) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4b-00025K-D9 for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:12 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:15 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:13 -0700 IronPort-SDR: fSBGjmR4udaWdEoEQcjY6g7fimwgZGqX2VRqFFfSoUPJ9fpK8nAGjU3FF6wgvq0E0RyMfB8w/9 ecVQtHN9g4ug== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409334" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409334" IronPort-SDR: rydEPnfwRqqXOicDZUG094dQibpn63qhfg9a8ogy1al+u2pwDuia8s3sEydPJD9acCtS7viQxF RPQ9l2NHpgqA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947517" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 27/32] i386: Add sgx_get_info() interface Date: Mon, 19 Apr 2021 18:01:51 +0800 Message-Id: <20210419100156.53504-28-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" Add the sgx_get_info() interface for hmp and QMP usage, which will get the SGX info from this API. Signed-off-by: Yang Zhong --- hw/i386/sgx-epc.c | 22 ++++++++++++++++++++++ include/hw/i386/pc.h | 1 + include/hw/i386/sgx-epc.h | 1 + monitor/hmp-cmds.c | 20 ++++++++++++++++++-- monitor/qmp-cmds.c | 12 ++++++++++-- stubs/meson.build | 1 + stubs/sgx-stub.c | 7 +++++++ 7 files changed, 60 insertions(+), 4 deletions(-) create mode 100644 stubs/sgx-stub.c diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c index fbacec6e00..7daea0613b 100644 --- a/hw/i386/sgx-epc.c +++ b/hw/i386/sgx-epc.c @@ -322,6 +322,28 @@ void pc_machine_init_sgx_epc(PCMachineState *pcms) memory_region_set_size(&sgx_epc->mr, sgx_epc->size); } =20 +SGXInfo *sgx_get_info(void) +{ + SGXInfo *info; + + info =3D g_new0(SGXInfo, 1); + if (sgx_epc_enabled) { + PCMachineState *pcms =3D PC_MACHINE(qdev_get_machine()); + SGXEPCState *sgx_epc =3D pcms->sgx_epc; + + info->sgx =3D true; + info->sgx1 =3D true; + info->sgx2 =3D true; + info->flc =3D true; + + if (sgx_epc) { + info->section_size =3D sgx_epc->size; + } + } + + return info; +} + static QemuOptsList sgx_epc_opts =3D { .name =3D "sgx-epc", .implied_opt_name =3D "id", diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index 44b8c5d271..cb74298117 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -204,6 +204,7 @@ void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid, void pc_machine_init_sgx_epc(PCMachineState *pcms); void sgx_memory_backend_reset(HostMemoryBackend *backend, int fd, Error **errp); +SGXInfo *sgx_get_info(void); =20 extern GlobalProperty pc_compat_5_2[]; extern const size_t pc_compat_5_2_len; diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h index 3d3eab5074..bd006bd7a0 100644 --- a/include/hw/i386/sgx-epc.h +++ b/include/hw/i386/sgx-epc.h @@ -13,6 +13,7 @@ #define QEMU_SGX_EPC_H =20 #include "sysemu/hostmem.h" +#include "qapi/qapi-types-misc.h" =20 #define TYPE_SGX_EPC "sgx-epc" #define SGX_EPC(obj) \ diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c index 1d1efca713..bd539e0c1e 100644 --- a/monitor/hmp-cmds.c +++ b/monitor/hmp-cmds.c @@ -2229,6 +2229,22 @@ void hmp_info_memory_size_summary(Monitor *mon, cons= t QDict *qdict) =20 void hmp_info_sgx(Monitor *mon, const QDict *qdict) { - error_setg(errp, QERR_FEATURE_DISABLED, "query-sgx"); - return NULL; + SGXInfo *info =3D qmp_query_sgx(NULL); + + if (info && info->sgx) { + monitor_printf(mon, "SGX support: %s\n", + info->sgx ? "enabled" : "disabled"); + monitor_printf(mon, "SGX1 support: %s\n", + info->sgx1 ? "enabled" : "disabled"); + monitor_printf(mon, "SGX2 support: %s\n", + info->sgx2 ? "enabled" : "disabled"); + monitor_printf(mon, "FLC support: %s\n", + info->flc ? "enabled" : "disabled"); + monitor_printf(mon, "size: %" PRIu64 "\n", + info->section_size); + } else { + monitor_printf(mon, "SGX is not enabled\n"); + } + + qapi_free_SGXInfo(info); } diff --git a/monitor/qmp-cmds.c b/monitor/qmp-cmds.c index d63d59149f..48f7708ffe 100644 --- a/monitor/qmp-cmds.c +++ b/monitor/qmp-cmds.c @@ -40,6 +40,7 @@ #include "qapi/qmp/qerror.h" #include "hw/mem/memory-device.h" #include "hw/acpi/acpi_dev_interface.h" +#include "hw/i386/pc.h" =20 NameInfo *qmp_query_name(Error **errp) { @@ -354,6 +355,13 @@ void qmp_display_reload(DisplayReloadOptions *arg, Err= or **errp) =20 SGXInfo *qmp_query_sgx(Error **errp) { - error_setg(errp, QERR_FEATURE_DISABLED, "query-sgx"); - return NULL; + SGXInfo *info; + + info =3D sgx_get_info(); + if (!info) { + error_setg(errp, "SGX features are not available"); + return NULL; + } + + return info; } diff --git a/stubs/meson.build b/stubs/meson.build index be6f6d609e..1cba20a9a8 100644 --- a/stubs/meson.build +++ b/stubs/meson.build @@ -54,3 +54,4 @@ if have_system else stub_ss.add(files('qdev.c')) endif +stub_ss.add(files('sgx-stub.c')) diff --git a/stubs/sgx-stub.c b/stubs/sgx-stub.c new file mode 100644 index 0000000000..c2b59a88fd --- /dev/null +++ b/stubs/sgx-stub.c @@ -0,0 +1,7 @@ +#include "qemu/osdep.h" +#include "hw/i386/pc.h" + +SGXInfo *sgx_get_info(void) +{ + return NULL; +} --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618829148; cv=none; d=zohomail.com; s=zohoarc; b=dN5noOsm9BQWyTtKgD0CUhGC5ALrwAPSup/hR/PpOL4l75APN1bk+IPotXi/CPM6nIrYqtAyuj1BdAtLTlCD0qC02RhAJanV5QNP6wEtH9x2brqaYy3f7RnHomFuntiiIBhzhBJHyFNW+2OXRX6rohXmyGJchVSo7SErPCulbG8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618829148; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=6ld8yhgELiR6+rBjlw1gfJIUaZxURFMLk1SWRYyspNY=; b=Sf8VPbn3PalW/VHuegieTWzqBHefIpbcDoWNfw4ob0n3Dvv5F3e0tt7hZX1bQ+e4WC5s75HN02WmJ+uSJqlpj/t9BKsEBoEGgvVWXRJdhyUo8iY5zOMJBAJK4qfBtBhVsRCLxUpICoH4eWJ7VfJRIXdZ6SSgDYLuDeQ/ETj7Eko= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618829148086383.1415071530148; Mon, 19 Apr 2021 03:45:48 -0700 (PDT) Received: from localhost ([::1]:53094 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRPW-0005OA-RH for importer@patchew.org; Mon, 19 Apr 2021 06:45:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33264) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4d-0006Is-SO for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:11 -0400 Received: from mga17.intel.com ([192.55.52.151]:24095) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4c-00023F-6n for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:11 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:17 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:15 -0700 IronPort-SDR: p2WlWduuPWOC0PeYBXq86A4BEaLVPb1iRJyRZPtOnPRGlVJREIkBeNIu5GiNkyugq0K1TN/igd TUr8i/iaEd7g== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409340" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409340" IronPort-SDR: C8XevKGe8fGCcVNDwPsP+xweYa8eSoFjX4O5o+4V3IptmAnqt/XCurQmqA8Y03UqERWIKLMroK IFOLo5WObapQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947527" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 28/32] bitops: Support 32 and 64 bit mask macro Date: Mon, 19 Apr 2021 18:01:52 +0800 Message-Id: <20210419100156.53504-29-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" The Qemu should enable bit mask macro like Linux did in the kernel, the GENMASK(h, l) and GENMASK_ULL(h, l) will set the bit to 1 from l to h bit in the 32 bit or 64 bit long type. Signed-off-by: Yang Zhong --- include/qemu/bitops.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/qemu/bitops.h b/include/qemu/bitops.h index 3acbf3384c..8678c8dcd5 100644 --- a/include/qemu/bitops.h +++ b/include/qemu/bitops.h @@ -18,6 +18,7 @@ =20 #define BITS_PER_BYTE CHAR_BIT #define BITS_PER_LONG (sizeof (unsigned long) * BITS_PER_BYTE) +#define BITS_PER_LONG_LONG 64 =20 #define BIT(nr) (1UL << (nr)) #define BIT_ULL(nr) (1ULL << (nr)) @@ -28,6 +29,12 @@ #define MAKE_64BIT_MASK(shift, length) \ (((~0ULL) >> (64 - (length))) << (shift)) =20 +#define GENMASK(h, l) \ + (((~0UL) << (l)) & (~0UL >> (BITS_PER_LONG - 1 - (h)))) + +#define GENMASK_ULL(h, l) \ + (((~0ULL) << (l)) & (~0ULL >> (BITS_PER_LONG_LONG - 1 - (h)))) + /** * set_bit - Set a bit in memory * @nr: the bit to set --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618829005; cv=none; d=zohomail.com; s=zohoarc; b=G35i4XMnpiOzg8KDjJ6sOw7lmuteJ885cOTSkwYydnpIBBHhTer4vZlkD/Mct0EMC82HnOTLJu9rtcYMtO3RxuElesbr5WqGnYS4lv0UW16miJ648P8e0kdgSa/FmLwzTYHHpX2vk3SE9rSCdWjBzJWOkfPqdigG9iYZTzjXghI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618829005; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=dB8kiwF63IYDM94G7kgkmRV8x7Bp3bm3wcto8Tss2Bk=; b=HHE1XTSvqhtzGYAJ9omnqiyhYPtMJNc/auwMZuSjk0hHjd6mp6NgN01luUyvNQUm760sjqpP+vE1IboS+pCJq054fnx/255pHt2cbz+iUgccUI/ipEDzwT73l56ES3gxhtAHIkZmA+q6P3sW3TQskA//hBaZpJokGpYW/4AbD6g= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618829005317107.80768974041848; Mon, 19 Apr 2021 03:43:25 -0700 (PDT) Received: from localhost ([::1]:44908 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRNE-000256-6r for importer@patchew.org; Mon, 19 Apr 2021 06:43:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33320) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4m-0006de-20 for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:21 -0400 Received: from mga17.intel.com ([192.55.52.151]:24096) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4j-000256-Vi for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:19 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:18 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:17 -0700 IronPort-SDR: wo/Y1Mu6PoPcGn71GNDnqS/38rk3wey+j8MNqhwGz3GZbA6bDumCJUUcVoRW2khkSmE7+jqgrD 8QfpZJdFXXkg== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409343" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409343" IronPort-SDR: f2Lcc+a4Tyiwab9GrXw294YjVUyvWmtwVgT6YgMfzP37cMzER6VKU5mEtdNeh47ZRf1o8TaMRi dvJcvboXMQ4g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947540" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 29/32] qmp: Add the qmp_query_sgx_capabilities() Date: Mon, 19 Apr 2021 18:01:53 +0800 Message-Id: <20210419100156.53504-30-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" The libvirt can use qmp_query_sgx_capabilities() to get the host sgx capabilitis. Signed-off-by: Yang Zhong --- hw/i386/sgx-epc.c | 64 ++++++++++++++++++++++++++++++++++++++ include/hw/i386/pc.h | 1 + monitor/qmp-cmds.c | 5 +++ qapi/misc.json | 19 +++++++++++ stubs/sgx-stub.c | 5 +++ tests/qtest/qmp-cmd-test.c | 1 + 6 files changed, 95 insertions(+) diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c index 7daea0613b..7b198595d5 100644 --- a/hw/i386/sgx-epc.c +++ b/hw/i386/sgx-epc.c @@ -27,6 +27,14 @@ =20 uint32_t epc_num; =20 +#define SGX_MAX_EPC_SECTIONS 8 +#define SGX_CPUID_EPC_INVALID 0x0 + +/* A valid EPC section. */ +#define SGX_CPUID_EPC_SECTION 0x1 + +#define SGX_CPUID_EPC_MASK GENMASK(3, 0) + static Property sgx_epc_properties[] =3D { DEFINE_PROP_UINT64(SGX_EPC_ADDR_PROP, SGXEPCDevice, addr, 0), DEFINE_PROP_LINK(SGX_EPC_MEMDEV_PROP, SGXEPCDevice, hostmem, @@ -344,6 +352,62 @@ SGXInfo *sgx_get_info(void) return info; } =20 +static uint64_t sgx_calc_section_metric(uint64_t low, uint64_t high) +{ + return (low & GENMASK_ULL(31, 12)) + + ((high & GENMASK_ULL(19, 0)) << 32); +} + +static uint64_t sgx_calc_host_epc_section_size(void) +{ + uint32_t i, type; + uint32_t eax, ebx, ecx, edx; + uint64_t size =3D 0; + + for (i =3D 0; i < SGX_MAX_EPC_SECTIONS; i++) { + host_cpuid(0x12, i + 2, &eax, &ebx, &ecx, &edx); + + type =3D eax & SGX_CPUID_EPC_MASK; + if (type =3D=3D SGX_CPUID_EPC_INVALID) { + break; + } + + if (type !=3D SGX_CPUID_EPC_SECTION) { + break; + } + + size +=3D sgx_calc_section_metric(ecx, edx); + } + + return size; +} + +SGXInfo *sgx_get_capabilities(Error **errp) +{ + SGXInfo *info =3D NULL; + uint32_t eax, ebx, ecx, edx; + + int fd =3D open("/dev/sgx_vepc", O_RDWR); + if (fd < 0) { + error_setg(errp, "SGX is not enabled in KVM"); + return NULL; + } + + info =3D g_new0(SGXInfo, 1); + host_cpuid(0x7, 0, &eax, &ebx, &ecx, &edx); + + info->sgx =3D ebx & (1U << 2) ? true : false; + info->flc =3D ecx & (1U << 30) ? true : false; + + host_cpuid(0x12, 0, &eax, &ebx, &ecx, &edx); + info->sgx1 =3D eax & (1U << 0) ? true : false; + info->sgx2 =3D eax & (1U << 1) ? true : false; + + info->section_size =3D sgx_calc_host_epc_section_size(); + + return info; +} + static QemuOptsList sgx_epc_opts =3D { .name =3D "sgx-epc", .implied_opt_name =3D "id", diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index cb74298117..a66795da0f 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -205,6 +205,7 @@ void pc_machine_init_sgx_epc(PCMachineState *pcms); void sgx_memory_backend_reset(HostMemoryBackend *backend, int fd, Error **errp); SGXInfo *sgx_get_info(void); +SGXInfo *sgx_get_capabilities(Error **errp); =20 extern GlobalProperty pc_compat_5_2[]; extern const size_t pc_compat_5_2_len; diff --git a/monitor/qmp-cmds.c b/monitor/qmp-cmds.c index 48f7708ffe..f1360e9f4e 100644 --- a/monitor/qmp-cmds.c +++ b/monitor/qmp-cmds.c @@ -365,3 +365,8 @@ SGXInfo *qmp_query_sgx(Error **errp) =20 return info; } + +SGXInfo *qmp_query_sgx_capabilities(Error **errp) +{ + return sgx_get_capabilities(errp); +} diff --git a/qapi/misc.json b/qapi/misc.json index 112a2f71cf..3f50b42d37 100644 --- a/qapi/misc.json +++ b/qapi/misc.json @@ -561,3 +561,22 @@ # ## { 'command': 'query-sgx', 'returns': 'SGXInfo' } + + +## +# @query-sgx-capabilities: +# +# Returns information from host SGX capabilities +# +# Returns: @SGXInfo +# +# Since: 5.1 +# +# Example: +# +# -> { "execute": "query-sgx-capabilities" } +# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, +# "flc": true, "section-size" : 0 } } +# +## +{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo' } diff --git a/stubs/sgx-stub.c b/stubs/sgx-stub.c index c2b59a88fd..1dedf3f3db 100644 --- a/stubs/sgx-stub.c +++ b/stubs/sgx-stub.c @@ -5,3 +5,8 @@ SGXInfo *sgx_get_info(void) { return NULL; } + +SGXInfo *sgx_get_capabilities(Error **errp) +{ + return NULL; +} diff --git a/tests/qtest/qmp-cmd-test.c b/tests/qtest/qmp-cmd-test.c index b75f3364f3..1af2f74c28 100644 --- a/tests/qtest/qmp-cmd-test.c +++ b/tests/qtest/qmp-cmd-test.c @@ -101,6 +101,7 @@ static bool query_is_ignored(const char *cmd) "query-sev", "query-sev-capabilities", "query-sgx", + "query-sgx-capabilities", NULL }; int i; --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618829344; cv=none; d=zohomail.com; s=zohoarc; b=Jo3vOO1ddVYyComxAGCuMbBD7AiHk8FCaEgPMCfqDhTqi2TaZZSPSreNmvaGI0KnwBsn/FVyCDWmr5klWaonlveROYd6PkrdF6YIMqNQub1aHStF9KD5+YtWvCY2A74dLcQeQCIL8rbFiwgio8HkzeJkjBeeTpLqX2Hmyj84tMg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618829344; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=941I1LcoQIss/IhED2YxAiKBjBfXKWlAACh/CkHw5hc=; b=cnCpssitUFBhpeMqAHFdUhPTlAWGp00Z7dOqS+7n0YHYCPoOjzbYDKiK1WFuZ18Hw36LF5634GbbP35mKN94ZWWK5GivDBNfEd1qRQv8O7ieL7WWw7Pml5FnPGO4T6oG/nBST2UMj7bCJy1RI74cae1Wv0LEwnahLVXjn0/3lfE= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 161882934414651.41406809491468; Mon, 19 Apr 2021 03:49:04 -0700 (PDT) Received: from localhost ([::1]:33236 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRSh-0000QT-1A for importer@patchew.org; Mon, 19 Apr 2021 06:49:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33368) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4q-0006h9-FL for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:24 -0400 Received: from mga17.intel.com ([192.55.52.151]:24095) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4o-00023F-8T for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:24 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:20 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:19 -0700 IronPort-SDR: PTZCuvWuEAYr8Uxa0khMp75fJOnbLYGKWYRWm1yDkw+0ghkErFCwWtYwQJ1gG9MNIUCIeY9TX4 gtMWxUQZuB1w== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409345" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409345" IronPort-SDR: o5LUYUF15sv3dwJmM7dBhVt7t8m8/SDgCHnBaB1/yfesa7s2dpBWcdbPl8sEndBMuEhoCfTqjM sdqBBiZP6Swg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947551" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 30/32] Kconfig: Add CONFIG_SGX support Date: Mon, 19 Apr 2021 18:01:54 +0800 Message-Id: <20210419100156.53504-31-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" Add new CONFIG_SGX for sgx support in the Qemu, and the Kconfig default enable sgx in the i386 platform. Signed-off-by: Yang Zhong --- backends/meson.build | 2 +- default-configs/devices/i386-softmmu.mak | 1 + hw/i386/Kconfig | 5 +++++ hw/i386/meson.build | 2 +- hw/i386/sgx-stub.c | 13 +++++++++++++ 5 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 hw/i386/sgx-stub.c diff --git a/backends/meson.build b/backends/meson.build index 46fd16b269..6e68945528 100644 --- a/backends/meson.build +++ b/backends/meson.build @@ -16,6 +16,6 @@ softmmu_ss.add(when: ['CONFIG_VHOST_USER', 'CONFIG_VIRTIO= '], if_true: files('vho softmmu_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('cryptodev-vho= st.c')) softmmu_ss.add(when: ['CONFIG_VIRTIO_CRYPTO', 'CONFIG_VHOST_CRYPTO'], if_t= rue: files('cryptodev-vhost-user.c')) softmmu_ss.add(when: 'CONFIG_GIO', if_true: [files('dbus-vmstate.c'), gio]) -softmmu_ss.add(when: 'CONFIG_LINUX', if_true: files('hostmem-epc.c')) +softmmu_ss.add(when: 'CONFIG_SGX', if_true: files('hostmem-epc.c')) =20 subdir('tpm') diff --git a/default-configs/devices/i386-softmmu.mak b/default-configs/dev= ices/i386-softmmu.mak index 84d1a2487c..598c6646df 100644 --- a/default-configs/devices/i386-softmmu.mak +++ b/default-configs/devices/i386-softmmu.mak @@ -22,6 +22,7 @@ #CONFIG_TPM_CRB=3Dn #CONFIG_TPM_TIS_ISA=3Dn #CONFIG_VTD=3Dn +#CONFIG_SGX=3Dn =20 # Boards: # diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig index 7f91f30877..581526be44 100644 --- a/hw/i386/Kconfig +++ b/hw/i386/Kconfig @@ -2,6 +2,10 @@ config SEV bool depends on KVM =20 +config SGX + bool + depends on KVM + config PC bool imply APPLESMC @@ -17,6 +21,7 @@ config PC imply PVPANIC_ISA imply QXL imply SEV + imply SGX imply SGA imply TEST_DEVICES imply TPM_CRB diff --git a/hw/i386/meson.build b/hw/i386/meson.build index 087426c75c..f79f1bafab 100644 --- a/hw/i386/meson.build +++ b/hw/i386/meson.build @@ -5,7 +5,6 @@ i386_ss.add(files( 'e820_memory_layout.c', 'multiboot.c', 'x86.c', - 'sgx-epc.c', )) =20 i386_ss.add(when: 'CONFIG_X86_IOMMU', if_true: files('x86-iommu.c'), @@ -17,6 +16,7 @@ i386_ss.add(when: 'CONFIG_Q35', if_true: files('pc_q35.c'= )) i386_ss.add(when: 'CONFIG_VMMOUSE', if_true: files('vmmouse.c')) i386_ss.add(when: 'CONFIG_VMPORT', if_true: files('vmport.c')) i386_ss.add(when: 'CONFIG_VTD', if_true: files('intel_iommu.c')) +i386_ss.add(when: 'CONFIG_SGX', if_true: files('sgx-epc.c'), if_false: fil= es('sgx-stub.c')) =20 i386_ss.add(when: 'CONFIG_ACPI', if_true: files('acpi-common.c')) i386_ss.add(when: 'CONFIG_ACPI_HW_REDUCED', if_true: files('generic_event_= device_x86.c')) diff --git a/hw/i386/sgx-stub.c b/hw/i386/sgx-stub.c new file mode 100644 index 0000000000..edf17c3309 --- /dev/null +++ b/hw/i386/sgx-stub.c @@ -0,0 +1,13 @@ +#include "qemu/osdep.h" +#include "hw/i386/pc.h" +#include "hw/i386/sgx-epc.h" + +void pc_machine_init_sgx_epc(PCMachineState *pcms) +{ + return; +} + +int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size) +{ + return 1; +} --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618829212; cv=none; d=zohomail.com; s=zohoarc; b=dZpYL1pz1zUNJMsxvH2uIt7h8fsMVKJHCd+R7vLp1qLyssb6wrj3lkSMznf+C8cq+Nr0ePYUkn1A4Y911VbMb30tTpTlBLXbS24dGs0daVG0r2WycO2ULoJFJCQ7b9wC9rHmqlBTPFkucbtI0n2gWPE7FHEg7Wsckz3yY49CZXg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618829212; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=lFYDSrQ0jBym4QBfKRkgttVVvg/t11TTEl8MJZqclI0=; b=Pa6s0BwEHqnHwnxi8MNOSJlDYEtdRklEGeZfGv9krBV7xcmyjNSGWYytgbMjP6ZXBSebQWbb/9qTJllWfVreQv2x77ar9h0skZiqloHQW4c5GuKVRZeYdMTD8EK/fF4pYxt1EtGYWT7kCIdERgl2aDIxBc7NUHEkJQNALC3m0Tw= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618829212261203.13766567421965; Mon, 19 Apr 2021 03:46:52 -0700 (PDT) Received: from localhost ([::1]:54522 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRQZ-000623-5D for importer@patchew.org; Mon, 19 Apr 2021 06:46:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33382) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4s-0006ib-1t for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:26 -0400 Received: from mga17.intel.com ([192.55.52.151]:24099) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4p-00025K-TJ for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:25 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:22 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:20 -0700 IronPort-SDR: f0SsxfAJTBxh6FhRetskhLJYd9Cx/vkfBmRyQrkZUM4xaBtgvaAkb+Ua2Pp6pZp9deOG+x4EEv eZfAIVM9Ft+g== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409347" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409347" IronPort-SDR: 2UNPXIF1RJHC1AA5Fyqgc9MntQUl3Jma034szDcZad6xUEOzGG5ithBu5/V8tJOGlpiw8GtY/J 9Y9P1YrqEhHA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947568" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 31/32] sgx-epc: Add the fill_device_info() callback support Date: Mon, 19 Apr 2021 18:01:55 +0800 Message-Id: <20210419100156.53504-32-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" Since there is no fill_device_info() callback support, and when we execute "info memory-devices" command in the monitor, the segfault will be found. This patch will add this callback support and "info memory-devices" will show sgx epc memory exposed to guest. The result as below: qemu) info memory-devices Memory device [sgx-epc]: "epc1" memaddr: 0x180000000 size: 29360128 memdev: /objects/mem1 Memory device [sgx-epc]: "epc2" memaddr: 0x181c00000 size: 10485760 memdev: /objects/mem2 Signed-off-by: Yang Zhong --- hw/i386/sgx-epc.c | 17 ++++++++++++++++- monitor/hmp-cmds.c | 10 ++++++++++ qapi/machine.json | 26 +++++++++++++++++++++++++- 3 files changed, 51 insertions(+), 2 deletions(-) diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c index 7b198595d5..b1427cd250 100644 --- a/hw/i386/sgx-epc.c +++ b/hw/i386/sgx-epc.c @@ -208,7 +208,22 @@ static MemoryRegion *sgx_epc_md_get_memory_region(Memo= ryDeviceState *md, static void sgx_epc_md_fill_device_info(const MemoryDeviceState *md, MemoryDeviceInfo *info) { - /* TODO */ + SgxEPCDeviceInfo *se =3D g_new0(SgxEPCDeviceInfo, 1); + SGXEPCDevice *epc =3D SGX_EPC(md); + const DeviceState *dev =3D DEVICE(md); + + if (dev->id) { + se->has_id =3D true; + se->id =3D g_strdup(dev->id); + } + + se->memaddr =3D epc->addr; + se->size =3D object_property_get_uint(OBJECT(epc), SGX_EPC_SIZE_PROP, + NULL); + se->memdev =3D object_get_canonical_path(OBJECT(epc->hostmem)); + + info->u.sgx_epc.data =3D se; + info->type =3D MEMORY_DEVICE_INFO_KIND_SGX_EPC; } =20 static void sgx_epc_class_init(ObjectClass *oc, void *data) diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c index bd539e0c1e..974892e73d 100644 --- a/monitor/hmp-cmds.c +++ b/monitor/hmp-cmds.c @@ -1819,6 +1819,7 @@ void hmp_info_memory_devices(Monitor *mon, const QDic= t *qdict) VirtioMEMDeviceInfo *vmi; MemoryDeviceInfo *value; PCDIMMDeviceInfo *di; + SgxEPCDeviceInfo *se; =20 for (info =3D info_list; info; info =3D info->next) { value =3D info->value; @@ -1866,6 +1867,15 @@ void hmp_info_memory_devices(Monitor *mon, const QDi= ct *qdict) vmi->block_size); monitor_printf(mon, " memdev: %s\n", vmi->memdev); break; + case MEMORY_DEVICE_INFO_KIND_SGX_EPC: + se =3D value->u.sgx_epc.data; + monitor_printf(mon, "Memory device [%s]: \"%s\"\n", + MemoryDeviceInfoKind_str(value->type), + se->id ? se->id : ""); + monitor_printf(mon, " memaddr: 0x%" PRIx64 "\n", se->mema= ddr); + monitor_printf(mon, " size: %" PRIu64 "\n", se->size); + monitor_printf(mon, " memdev: %s\n", se->memdev); + break; default: g_assert_not_reached(); } diff --git a/qapi/machine.json b/qapi/machine.json index 6e90d463fc..3f2c2da92f 100644 --- a/qapi/machine.json +++ b/qapi/machine.json @@ -1184,6 +1184,29 @@ } } =20 +## +# @SgxEPCDeviceInfo: +# +# Sgx EPC state information +# +# @id: device's ID +# +# @memaddr: physical address in memory, where device is mapped +# +# @size: size of memory that the device provides +# +# @memdev: memory backend linked with device +# +# Since: 5.1 +## +{ 'struct': 'SgxEPCDeviceInfo', + 'data': { '*id': 'str', + 'memaddr': 'size', + 'size': 'size', + 'memdev': 'str' + } +} + ## # @MemoryDeviceInfo: # @@ -1198,7 +1221,8 @@ 'data': { 'dimm': 'PCDIMMDeviceInfo', 'nvdimm': 'PCDIMMDeviceInfo', 'virtio-pmem': 'VirtioPMEMDeviceInfo', - 'virtio-mem': 'VirtioMEMDeviceInfo' + 'virtio-mem': 'VirtioMEMDeviceInfo', + 'sgx-epc': 'SgxEPCDeviceInfo' } } =20 --=20 2.29.2.334.gfaefdd61ec From nobody Mon Feb 9 07:57:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1618829167; cv=none; d=zohomail.com; s=zohoarc; b=if3a51z56+36rtx+mtB8Y4z2HCcCJhJdyB/Rk8xNVW+RSHMDY+IYea2YjhXR0PrBWsspswk1zdLMangTwy2bZD1DCrkh7mLLyjR2m+0MLfVGNL4t5/mgcqSO9iqcuPE+Cm2Y0ECHbFVKFuce/NpBb4t9/Pp94qh1T2pPkbwOF+0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618829167; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=PBTrOxK60SElRxZ4QjV1EXGYD6zg/gUsWky7eINXuug=; b=QmrJmCTCtxSDVJozYdAfh0NHmdfyGGarzadjXsUmwXQUBJVdxUm2Wd7f+psloaYQP8o8C2ZSMvQTSHN6nf9lHphNs8za5ASIioJGWsP0MG1AOQX644CLnxUPVuOnBk2XVy1FFOc8pTCgIEEmAknJwgRACoIzOFlR8LctFFcAP1Y= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618829167839167.05631217975792; Mon, 19 Apr 2021 03:46:07 -0700 (PDT) Received: from localhost ([::1]:53560 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lYRPq-0005ZZ-EN for importer@patchew.org; Mon, 19 Apr 2021 06:46:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33402) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR54-0006lU-OB for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:42 -0400 Received: from mga17.intel.com ([192.55.52.151]:24096) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lYR4w-000256-CF for qemu-devel@nongnu.org; Mon, 19 Apr 2021 06:24:38 -0400 Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2021 03:23:24 -0700 Received: from icx-2s.bj.intel.com ([10.240.192.119]) by fmsmga008.fm.intel.com with ESMTP; 19 Apr 2021 03:23:22 -0700 IronPort-SDR: zhz/tT+ewaidbo0DI8nCATmmNYxi8KksoqeSmUlmQn/wHEJiCl4aYjS1WUUXyEK48jN4gbLLM9 VdJq5GcNuAzQ== X-IronPort-AV: E=McAfee;i="6200,9189,9958"; a="175409348" X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="175409348" IronPort-SDR: 3S1/xd3LKvhybMjZsi4W1hyJMOliaaMsfYt5FZvgLhXW+7C9qUc1nyccgE+DZPcKdmbo3Nx01B VtajtXgVd+IA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,233,1613462400"; d="scan'208";a="419947578" From: Yang Zhong To: qemu-devel@nongnu.org Subject: [PATCH 32/32] doc: Add the SGX doc Date: Mon, 19 Apr 2021 18:01:56 +0800 Message-Id: <20210419100156.53504-33-yang.zhong@intel.com> X-Mailer: git-send-email 2.29.2.334.gfaefdd61ec In-Reply-To: <20210419100156.53504-1-yang.zhong@intel.com> References: <20210419100156.53504-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.55.52.151; envelope-from=yang.zhong@intel.com; helo=mga17.intel.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong --- docs/intel-sgx.txt | 173 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 173 insertions(+) create mode 100644 docs/intel-sgx.txt diff --git a/docs/intel-sgx.txt b/docs/intel-sgx.txt new file mode 100644 index 0000000000..4fc3fd3564 --- /dev/null +++ b/docs/intel-sgx.txt @@ -0,0 +1,173 @@ +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D +Software Guard eXtensions (SGX) +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D + +Overview +=3D=3D=3D=3D=3D=3D=3D=3D + +Intel Software Guard eXtensions (SGX) is a set of instructions and mechani= sms +for memory accesses in order to provide security accesses for sensitive +applications and data. SGX allows an application to use it's pariticular +address space as an *enclave*, which is a protected area provides confiden= tiality +and integrity even in the presence of privileged malware. Accesses to the +enclave memory area from any software not resident in the enclave are prev= ented, +including those from privileged software. + +Virtual SGX +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +SGX feature is exposed to guest via SGX CPUID. Looking at SGX CPUID, we can +report the same CPUID info to guest as on host for most of SGX CPUID. With +reporting the same CPUID guest is able to use full capacity of SGX, and KVM +doesn't need to emulate those info. + +The guest's EPC base and size are determined by Qemu, and KVM needs Qemu to +notify such info to it before it can initialize SGX for guest. + +Virtual EPC +----------- + +By default, Qemu does not assign EPC to a VM, i.e. fully enabling SGX in a= VM +requires explicit allocation of EPC to the VM. Similar to other specialized +memory types, e.g. hugetlbfs, EPC is exposed as a memory backend. For a nu= mber +of reasons, a EPC memory backend can only be realized via an 'sgx-epc' dev= ice. +Standard memory backend options such as prealloc are supported by EPC. + +SGX EPC is enumerated through CPUID, i.e. EPC "devices" need to be realized +prior to realizing the vCPUs themselves, which occurs long before generic +devices are parsed and realized. Because of this, 'sgx-epc' devices must = be +created via the dedicated -sgx-epc command, i.e. cannot be created through +the generic -devices command. On the plus side, this limitation means that +EPC does not require -maxmem as EPC is not treated as {cold,hot}plugged me= mory. + +Qemu does not artificially restrict the number of EPC sections exposed to a +guest, e.g. Qemu will happily allow you to create 64 1M EPC sections. Be a= ware +that some kernels may not recognize all EPC sections, e.g. the Linux SGX d= river +is hardwired to support only 8 EPC sections. + +The following Qemu snippet creates two EPC sections, with 64M pre-allocated +to the VM and an additional 28M mapped but not allocated: + + -object memory-backend-epc,id=3Dmem1,size=3D64M,prealloc=3Don \ + -sgx-epc id=3Depc1,memdev=3Dmem1 \ + -object memory-backend-epc,id=3Dmem2,size=3D28M \ + -sgx-epc id=3Depc2,memdev=3Dmem2 + +Note: + +The size and location of the virtual EPC are far less restricted compared +to physical EPC. Because physical EPC is protected via range registers, +the size of the physical EPC must be a power of two (though software sees +a subset of the full EPC, e.g. 92M or 128M) and the EPC must be naturally +aligned. KVM SGX's virtual EPC is purely a software construct and only +requires the size and location to be page aligned. Qemu enforces the EPC +size is a multiple of 4k and will ensure the base of the EPC is 4k aligned. +To simplify the implementation, EPC is always located above 4g in the guest +physical address space. + +Migration +--------- + +Qemu/KVM doesn't prevent live migrating SGX VMs, although from hardware's +perspective, SGX doesn't support live migration, since both EPC and the SGX +key hierarchy are bound to the physical platform. However live migration +can be supported in the sense if guest software stack can support recreati= ng +enclaves when it suffers sudden lose of EPC; and if guest enclaves can det= ect +SGX keys being changed, and handle gracefully. For instance, when ERESUME = fails +with #PF.SGX, guest software can gracefully detect it and recreate enclave= s; +and when enclave fails to unseal sensitive information from outside, it can +detect such error and sensitive information can be provisioned to it again. + +CPUID +----- + +Due to its myriad dependencies, SGX is currently not listed as supported +in any of Qemu's built-in CPU configuration. To expose SGX (and SGX Launch +Control) to a guest, you must either use `-cpu host` to pass-through the +host CPU model, or explicitly enable SGX when using a built-in CPU model, +e.g. via `-cpu ,+sgx` or `-cpu ,+sgx,+sgxlc`. + +All SGX sub-features enumerated through CPUID, e.g. SGX2, MISCSELECT, +ATTRIBUTES, etc... can be restricted via CPUID flags. Be aware that enforc= ing +restriction of MISCSELECT, ATTRIBUTES and XFRM requires intercepting ECREA= TE, +i.e. may marginally reduce SGX performance in the guest. All SGX sub-featu= res +controlled via -cpu are prefixed with "sgx", e.g.: + +$ qemu-system-x86_64 -cpu help | xargs printf "%s\n" | grep sgx + sgx + sgx-debug + sgx-encls-c + sgx-enclv + sgx-exinfo + sgx-kss + sgx-mode64 + sgx-provisionkey + sgx-tokenkey + sgx1 + sgx2 + sgxlc + +The following Qemu snippet passes through the host CPU (and host physical +address width) but restricts access to the provision and EINIT token keys: + + -cpu host,host-phys-bits,-sgx-provisionkey,-sgx-tokenkey + +Note: + +SGX sub-features cannot be emulated, i.e. sub-features that are not present +in hardware cannot be forced on via '-cpu'. + +Virtualize SGX Launch Control +----------------------------- + +Qemu SGX support for Launch Control (LC) is passive, in the sense that it +does not actively change the LC configuration. Qemu SGX provides the user +the ability to set/clear the CPUID flag (and by extension the associated +IA32_FEATURE_CONTROL MSR bit in fw_cfg) and saves/restores the LE Hash MSRs +when getting/putting guest state, but Qemu does not add new controls to +directly modify the LC configuration. Similar to hardware behavior, locki= ng +the LC configuration to a non-Intel value is left to guest firmware. Unli= ke +host bios setting for SGX launch control(LC), there is no special bios set= ting +for SGX guest by our design. If host is in locked mode, we can still allow +creating VM with SGX. + +Feature Control +--------------- + +Qemu SGX updates the `etc/msr_feature_control` fw_cfg entry to set the SGX +(bit 18) and SGX LC (bit 17) flags based on their respective CPUID support, +i.e. existing guest firmware will automatically set SGX and SGX LC accordi= ngly, +assuming said firmware supports fw_cfg.msr_feature_control. + +Launch a guest +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +To launch a SGX guest +${QEMU} \ + -cpu host,+sgx-provisionkey \ + -object memory-backend-epc,id=3Dmem1,size=3D64M,prealloc=3Don \ + -sgx-epc id=3Depc1,memdev=3Dmem1 \ + -object memory-backend-epc,id=3Dmem2,size=3D28M \ + -sgx-epc id=3Depc2,memdev=3Dmem2 + +Utilizing SGX in the guest requires a kernel/OS with SGX support. + +The support can be determined in guest by: +$ grep sgx /proc/cpuinfo + +Check the SGX epc info in the Guest: +$ dmesg | grep sgx +[ 1.242142] sgx: EPC section 0x180000000-0x181bfffff +[ 1.242319] sgx: EPC section 0x181c00000-0x1837fffff + +References +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +SGX Homepage: +https://software.intel.com/sgx + +SGX SDK: +https://github.com/intel/linux-sgx.git + +SGX SPEC: +Intel SDM Volume 3 --=20 2.29.2.334.gfaefdd61ec