From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632482821027202.28772213874413; Fri, 24 Sep 2021 04:27:01 -0700 (PDT) Received: from localhost ([::1]:60138 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjM3-0001xN-6q for importer@patchew.org; Fri, 24 Sep 2021 07:26:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34344) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKQ-0007Zs-O0 for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:18 -0400 Received: from mail-ed1-x52d.google.com ([2a00:1450:4864:20::52d]:40826) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKO-0000Mr-NO for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:18 -0400 Received: by mail-ed1-x52d.google.com with SMTP id g8so34796737edt.7 for ; Fri, 24 Sep 2021 04:25:13 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=HTQc9AFcRDhvJrgR1HuvP2H0f8isuj93MihqGubbVPI=; b=hJRMhvUWFshznGeAz7YT9lqnzc7p8EIG0pR+0j7pKod1HN/mSEGr2UkgM/2FtD6BnD L+p1ugr8zwHT3YIpV/sbLc+701SQ8rAUIzZQiK/XAPf00Y8MShWsljxkFe//P3mcV96z B8+2042hzPiaxRdliyU181FJAhdg9ssztOyEhHQHZOvky/VHmiP+dANLS7EXaWp7PMEQ yOHVC1Mg5y/q1k9wMLHc40q4+HpbO0eQEMrz4iaAa1Srs0hMi8fKKmJNIm2/zWGmnbNA Tkd/BUlqV0bivel0akODm6xIAfWQ1obzGiG4jw7brDbiLz6rHNs5TJR/7/4UT4R90bM1 vqcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=HTQc9AFcRDhvJrgR1HuvP2H0f8isuj93MihqGubbVPI=; b=NJLdFR8dEvhmIDHM0tH6tnzx16vyiPlh9grRq5GPWmlPGunyTweAjHVovTk+A0jKR1 810clfIF7Gwyj1JE4EP+SL7fMgQS95VDB0YpqvMbHSjSsCVrpXEnuEbdRoORInARNbKC VzVx5MI9/LYCwGgQV6RHiNlCo3si086cVBsF2+p+WnT+3IaxnLGgVXw6mx5JjcC6fGbp 1DiVvM6Uk1gMibjeYcfvn0+44+oQzarc/POMEdQXSkd3ioP1DR6EdzHXxOJHGt+g4Fz0 au9fid7Bu4xQTbVkpebzwy5k0QhHgwETJtk7KXW2S83gowCMN8v1jE63Q6PTwY5dJrLf Yygg== X-Gm-Message-State: AOAM530NNuZamfSJBSl4uU52d7Mfi7UK5kWf3kxuzBQhNKMlqHeTDfNO tXAYTWpWXfM2XK7mKu9jTsGramOt/4E= X-Google-Smtp-Source: ABdhPJyvOqv4R7FwbxpyOWFOtxnlwnPxtoys3A1o43DLZ2BtLIZJwQrWVDhv9F1cOaVP4X0LBY9Pxw== X-Received: by 2002:a17:906:fc0b:: with SMTP id ov11mr10561185ejb.22.1632482712113; Fri, 24 Sep 2021 04:25:12 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 01/26] memory: Add RAM_PROTECTED flag to skip IOMMU mappings Date: Fri, 24 Sep 2021 13:24:44 +0200 Message-Id: <20210924112509.25061-2-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52d; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52d.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632482823069100002 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Add a new RAMBlock flag to denote "protected" memory, i.e. memory that looks and acts like RAM but is inaccessible via normal mechanisms, including DMA. Use the flag to skip protected memory regions when mapping RAM for DMA in VFIO. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Signed-off-by: Paolo Bonzini --- hw/vfio/common.c | 1 + include/exec/memory.h | 15 ++++++++++++++- softmmu/memory.c | 5 +++++ softmmu/physmem.c | 3 ++- 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/hw/vfio/common.c b/hw/vfio/common.c index 8728d4d5c2..1289cfa8be 100644 --- a/hw/vfio/common.c +++ b/hw/vfio/common.c @@ -562,6 +562,7 @@ static bool vfio_listener_skipped_section(MemoryRegionS= ection *section) { return (!memory_region_is_ram(section->mr) && !memory_region_is_iommu(section->mr)) || + memory_region_is_protected(section->mr) || /* * Sizing an enabled 64-bit BAR can cause spurious mappings to * addresses in the upper part of the 64-bit address space. Th= ese diff --git a/include/exec/memory.h b/include/exec/memory.h index c3d417d317..9446874d21 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -190,6 +190,9 @@ typedef struct IOMMUTLBEvent { */ #define RAM_NORESERVE (1 << 7) =20 +/* RAM that isn't accessible through normal means. */ +#define RAM_PROTECTED (1 << 8) + static inline void iommu_notifier_init(IOMMUNotifier *n, IOMMUNotify fn, IOMMUNotifierFlag flags, hwaddr start, hwaddr end, @@ -1267,7 +1270,7 @@ void memory_region_init_ram_from_file(MemoryRegion *m= r, * @name: the name of the region. * @size: size of the region. * @ram_flags: RamBlock flags. Supported flags: RAM_SHARED, RAM_PMEM, - * RAM_NORESERVE. + * RAM_NORESERVE, RAM_PROTECTED. * @fd: the fd to mmap. * @offset: offset within the file referenced by fd * @errp: pointer to Error*, to store an error if it happens. @@ -1568,6 +1571,16 @@ static inline bool memory_region_is_romd(MemoryRegio= n *mr) return mr->rom_device && mr->romd_mode; } =20 +/** + * memory_region_is_protected: check whether a memory region is protected + * + * Returns %true if a memory region is protected RAM and cannot be accessed + * via standard mechanisms, e.g. DMA. + * + * @mr: the memory region being queried + */ +bool memory_region_is_protected(MemoryRegion *mr); + /** * memory_region_get_iommu: check whether a memory region is an iommu * diff --git a/softmmu/memory.c b/softmmu/memory.c index bfedaf9c4d..54cd0e9824 100644 --- a/softmmu/memory.c +++ b/softmmu/memory.c @@ -1811,6 +1811,11 @@ bool memory_region_is_ram_device(MemoryRegion *mr) return mr->ram_device; } =20 +bool memory_region_is_protected(MemoryRegion *mr) +{ + return mr->ram && (mr->ram_block->flags & RAM_PROTECTED); +} + uint8_t memory_region_get_dirty_log_mask(MemoryRegion *mr) { uint8_t mask =3D mr->dirty_log_mask; diff --git a/softmmu/physmem.c b/softmmu/physmem.c index 23e77cb771..088660d973 100644 --- a/softmmu/physmem.c +++ b/softmmu/physmem.c @@ -2055,7 +2055,8 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, Mem= oryRegion *mr, int64_t file_size, file_align; =20 /* Just support these ram flags by now. */ - assert((ram_flags & ~(RAM_SHARED | RAM_PMEM | RAM_NORESERVE)) =3D=3D 0= ); + assert((ram_flags & ~(RAM_SHARED | RAM_PMEM | RAM_NORESERVE | + RAM_PROTECTED)) =3D=3D 0); =20 if (xen_enabled()) { error_setg(errp, "-mem-path not supported with Xen"); --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632482822833781.788658677243; Fri, 24 Sep 2021 04:27:02 -0700 (PDT) Received: from localhost ([::1]:60310 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjM5-00023s-Gc for importer@patchew.org; Fri, 24 Sep 2021 07:27:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34392) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKR-0007aS-S7 for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:19 -0400 Received: from mail-ed1-x52d.google.com ([2a00:1450:4864:20::52d]:34319) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKO-0000N4-Ne for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:19 -0400 Received: by mail-ed1-x52d.google.com with SMTP id eg28so35033615edb.1 for ; Fri, 24 Sep 2021 04:25:14 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=36xUxYH1Afi8N5W5cIUwxmt2NMki93xyDotZiunEpyA=; b=DX1nMRA/XSePVaMqJql5UEf3NsseYA21HWcWaUWEQFV5aclxYY1Ca2wdijbGCsZKqO zb5g48ZjTGymg1PvOMVsceD8wW3JgI/Y+Blwwuc3UJX9f7Kpal68wH8n1O1uhRkd478x 6ANjwsVnNJyJRplet0wajomFUttpscb9i0SVzu0shQwajMwyF9Qs5ly+OSn6aMi6nI6G T1FZc9JfFXCz5xesHHq7znSmQvQ2ctacINB6pseGjzXKKTQb8sqM++YAakfe+5F1gblB 3c7uMXl/O7HKcQCi6pq19Sr5UAYEZfczxbW7Pbm5lsuQb6WswgmYYS00+MDRYx2RHHBK Fegw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=36xUxYH1Afi8N5W5cIUwxmt2NMki93xyDotZiunEpyA=; b=AxRotAvav1OlllWsfX/cNZkjkmSuiy7yI+TrP0jWpxmzmR4PvqP+88AcjVGj8IE+xL q3dnapyzf3cp7hTbxwcsrEylBO4beWwm3+J6qlltmJV3WBAlc5qq7kvejnp0SR7Z/YcG 8TjahIBFQbCBiT6YSAALqjHbNy6YCIQAljJRI+8/fnr4iGO52iYG87ts7Q0xczJ1oTw2 4tLAq1JrKuX400jPBsEd3DL8iAn4HTLSpgPA2FY1wytSlMbhZuUmu2f8XyCergkhCE+q 7uIYIFdC2gioTvzc5WcLhbDYDECgwq4uda4ctWdCO7LMQC+X8O/rra+oQbm6Zu+slEhA lOSA== X-Gm-Message-State: AOAM532Lf3Hg8/3Ed78LDezXTb6z/J6k2NyTfIepRzt+NTQWdHoDF+ip mO+GGhlVppY/gt4VdijWDSyGzebUmQc= X-Google-Smtp-Source: ABdhPJzemQpp4Gfux8Y3IK3pP5AiRKUtaF2SrpitD5RPD/CogTIoHNO4Jo+/oUqF98GUAqm/f2Hzuw== X-Received: by 2002:a17:906:d798:: with SMTP id pj24mr10261555ejb.1.1632482712827; Fri, 24 Sep 2021 04:25:12 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 02/26] Kconfig: Add CONFIG_SGX support Date: Fri, 24 Sep 2021 13:24:45 +0200 Message-Id: <20210924112509.25061-3-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52d; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52d.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632482824742100005 Content-Type: text/plain; charset="utf-8" From: Yang Zhong Add new CONFIG_SGX for sgx support in the Qemu, and the Kconfig default enable sgx in the i386 platform. Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-32-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- configs/devices/i386-softmmu/default.mak | 1 + hw/i386/Kconfig | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/configs/devices/i386-softmmu/default.mak b/configs/devices/i38= 6-softmmu/default.mak index 84d1a2487c..598c6646df 100644 --- a/configs/devices/i386-softmmu/default.mak +++ b/configs/devices/i386-softmmu/default.mak @@ -22,6 +22,7 @@ #CONFIG_TPM_CRB=3Dn #CONFIG_TPM_TIS_ISA=3Dn #CONFIG_VTD=3Dn +#CONFIG_SGX=3Dn =20 # Boards: # diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig index ddedcef0b2..962d2c981b 100644 --- a/hw/i386/Kconfig +++ b/hw/i386/Kconfig @@ -6,6 +6,10 @@ config SEV select X86_FW_OVMF depends on KVM =20 +config SGX + bool + depends on KVM + config PC bool imply APPLESMC @@ -21,6 +25,7 @@ config PC imply PVPANIC_ISA imply QXL imply SEV + imply SGX imply SGA imply TEST_DEVICES imply TPM_CRB --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632482993170894.6296206812964; Fri, 24 Sep 2021 04:29:53 -0700 (PDT) Received: from localhost ([::1]:40440 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjOq-0007d3-4m for importer@patchew.org; Fri, 24 Sep 2021 07:29:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34400) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKS-0007b1-Aq for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:20 -0400 Received: from mail-ed1-x52e.google.com ([2a00:1450:4864:20::52e]:36841) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKO-0000Nc-NT for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:19 -0400 Received: by mail-ed1-x52e.google.com with SMTP id v24so34820023eda.3 for ; Fri, 24 Sep 2021 04:25:14 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=T6Lr8ErbwMyyYfXEZLpi47v8UMegyeRPBkfE+yqfiHU=; b=DfBNEllo5bniQWcrZySH5I57DHIuQeobnrV3JQsbPenfyK1M8MXprdomR1yF49Shxg FzmRx3dVyeCWok2I5uV6p9VGBHc0aoqd/1vnmhjq9jvEyg+CZHOHVBox+Qsu9NxV0mWL uZfCBqNL+B3PSJOx611UMnk68rzrgk04Ihq5VqLZbeSphbMnrggXMVaXbzaaVxyiX88X 5qnmLWq141BUXok36Yao+EByDmUL6f+kSugahvjjVB9LmR3PaTT6X+B+sAgb74avr7YC FKWtf72jAr9LIPHkl8FwJrCB2tt/shMTlX9f67S7dMcOSl88QcvZEfJidS8lKS8FPdG2 M3Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=T6Lr8ErbwMyyYfXEZLpi47v8UMegyeRPBkfE+yqfiHU=; b=W/M+KnqeSwbLuM0WVUHV8QsItylrOMiqLuQ37gobubbVqpiWt9lI/x2w2D7TJCxJtQ eI9X+MHYHzqwYcj9DH8f8HfkAYu7LJsKd9udAIDXpinM66JctKRiYO1kI2QOGWOcJ61U /BgDnRF+HECXGGvunt9lKO5TZgHo/kXeQSJ3ckcdM9K9Rgwbv+9LpXL4zkjyLPCQ/CGx +ZSNLXeju7+un+a4NbLidPwVPiLHAGQTQ0FuPrMqJAqjNLsqBCNaDHSZmIgBv0Y+whlw tqUSouVO78L92L+DBoUjl2RlFFm2UjG8VmRcaGZ7bY9Cp3r2nJ9ywdwVKkB8RNIGarle A5tg== X-Gm-Message-State: AOAM530g2KyON+x0Ym7VgLpfEEiWfVBJ9u8zEFETNyoTtY5e9hNmvhcG z7F8B8TFRDhnkGcQNdisMf2vaVazbhA= X-Google-Smtp-Source: ABdhPJxz8R1oO2tMyy3yn0YoqVciOcY1KIKT1nDecT9lnknvZuOwz2xdEztoAQBZW+LPcU8DNwM4lg== X-Received: by 2002:a17:906:8250:: with SMTP id f16mr10636042ejx.305.1632482713570; Fri, 24 Sep 2021 04:25:13 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 03/26] hostmem: Add hostmem-epc as a backend for SGX EPC Date: Fri, 24 Sep 2021 13:24:46 +0200 Message-Id: <20210924112509.25061-4-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52e; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52e.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632482994542100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson EPC (Enclave Page Cahe) is a specialized type of memory used by Intel SGX (Software Guard Extensions). The SDM desribes EPC as: The Enclave Page Cache (EPC) is the secure storage used to store enclave pages when they are a part of an executing enclave. For an EPC page, hardware performs additional access control checks to restrict access to the page. After the current page access checks and translations are performed, the hardware checks that the EPC page is accessible to the program currently executing. Generally an EPC page is only accessed by the owner of the executing enclave or an instruction which is setting up an EPC page. Because of its unique requirements, Linux manages EPC separately from normal memory. Similar to memfd, the device /dev/sgx_vepc can be opened to obtain a file descriptor which can in turn be used to mmap() EPC memory. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-3-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- backends/hostmem-epc.c | 82 +++++++++++++++++++++++++++++++++++ backends/meson.build | 1 + include/hw/i386/hostmem-epc.h | 28 ++++++++++++ 3 files changed, 111 insertions(+) create mode 100644 backends/hostmem-epc.c create mode 100644 include/hw/i386/hostmem-epc.h diff --git a/backends/hostmem-epc.c b/backends/hostmem-epc.c new file mode 100644 index 0000000000..b47f98b6a3 --- /dev/null +++ b/backends/hostmem-epc.c @@ -0,0 +1,82 @@ +/* + * QEMU host SGX EPC memory backend + * + * Copyright (C) 2019 Intel Corporation + * + * Authors: + * Sean Christopherson + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ +#include + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "qom/object_interfaces.h" +#include "qapi/error.h" +#include "sysemu/hostmem.h" +#include "hw/i386/hostmem-epc.h" + +static void +sgx_epc_backend_memory_alloc(HostMemoryBackend *backend, Error **errp) +{ + uint32_t ram_flags; + char *name; + int fd; + + if (!backend->size) { + error_setg(errp, "can't create backend with size 0"); + return; + } + + fd =3D qemu_open_old("/dev/sgx_vepc", O_RDWR); + if (fd < 0) { + error_setg_errno(errp, errno, + "failed to open /dev/sgx_vepc to alloc SGX EPC"); + return; + } + + name =3D object_get_canonical_path(OBJECT(backend)); + ram_flags =3D (backend->share ? RAM_SHARED : 0) | RAM_PROTECTED; + memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend), + name, backend->size, ram_flags, + fd, 0, errp); + g_free(name); +} + +static void sgx_epc_backend_instance_init(Object *obj) +{ + HostMemoryBackend *m =3D MEMORY_BACKEND(obj); + + m->share =3D true; + m->merge =3D false; + m->dump =3D false; +} + +static void sgx_epc_backend_class_init(ObjectClass *oc, void *data) +{ + HostMemoryBackendClass *bc =3D MEMORY_BACKEND_CLASS(oc); + + bc->alloc =3D sgx_epc_backend_memory_alloc; +} + +static const TypeInfo sgx_epc_backed_info =3D { + .name =3D TYPE_MEMORY_BACKEND_EPC, + .parent =3D TYPE_MEMORY_BACKEND, + .instance_init =3D sgx_epc_backend_instance_init, + .class_init =3D sgx_epc_backend_class_init, + .instance_size =3D sizeof(HostMemoryBackendEpc), +}; + +static void register_types(void) +{ + int fd =3D qemu_open_old("/dev/sgx_vepc", O_RDWR); + if (fd >=3D 0) { + close(fd); + + type_register_static(&sgx_epc_backed_info); + } +} + +type_init(register_types); diff --git a/backends/meson.build b/backends/meson.build index d4221831fc..6e68945528 100644 --- a/backends/meson.build +++ b/backends/meson.build @@ -16,5 +16,6 @@ softmmu_ss.add(when: ['CONFIG_VHOST_USER', 'CONFIG_VIRTIO= '], if_true: files('vho softmmu_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('cryptodev-vho= st.c')) softmmu_ss.add(when: ['CONFIG_VIRTIO_CRYPTO', 'CONFIG_VHOST_CRYPTO'], if_t= rue: files('cryptodev-vhost-user.c')) softmmu_ss.add(when: 'CONFIG_GIO', if_true: [files('dbus-vmstate.c'), gio]) +softmmu_ss.add(when: 'CONFIG_SGX', if_true: files('hostmem-epc.c')) =20 subdir('tpm') diff --git a/include/hw/i386/hostmem-epc.h b/include/hw/i386/hostmem-epc.h new file mode 100644 index 0000000000..846c726085 --- /dev/null +++ b/include/hw/i386/hostmem-epc.h @@ -0,0 +1,28 @@ +/* + * SGX EPC backend + * + * Copyright (C) 2019 Intel Corporation + * + * Authors: + * Sean Christopherson + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ +#ifndef QEMU_HOSTMEM_EPC_H +#define QEMU_HOSTMEM_EPC_H + +#include "sysemu/hostmem.h" + +#define TYPE_MEMORY_BACKEND_EPC "memory-backend-epc" + +#define MEMORY_BACKEND_EPC(obj) \ + OBJECT_CHECK(HostMemoryBackendEpc, (obj), TYPE_MEMORY_BACKEND_EPC) + +typedef struct HostMemoryBackendEpc HostMemoryBackendEpc; + +struct HostMemoryBackendEpc { + HostMemoryBackend parent_obj; +}; + +#endif --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632482822500544.824026044364; Fri, 24 Sep 2021 04:27:02 -0700 (PDT) Received: from localhost ([::1]:60238 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjM5-00021H-Gu for importer@patchew.org; Fri, 24 Sep 2021 07:27:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34398) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKS-0007ay-8B for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:20 -0400 Received: from mail-ed1-x52c.google.com ([2a00:1450:4864:20::52c]:46028) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKO-0000O4-O7 for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:19 -0400 Received: by mail-ed1-x52c.google.com with SMTP id dm26so547718edb.12 for ; Fri, 24 Sep 2021 04:25:15 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gW5+cqtFW8998bP2+Q+N3gwvZIfrKBuSNRSwxC4KxeU=; b=n8TRG/lqjYt0e9/zuS8yoyPfBkITDCaFNkRwZvvf3inmMBY1+fLxrBugRAHFrMcjEI ZiIvA/CLHJMJBbFiGOQ46JBgmPSyiXXqRxC1bqwDaWNsymRLAP+r+K0twreGXkWD1al5 70hR0rMvCltNzXi4qBRUZ1qdYIu+ZvPqN8oQ+2GfPoM/RACjdfZrlgmYPvIciSLshc4i v9ec1b5uj34pA4kFcjsPp93dwHssUMdBlG6yKBHkHqVDwmqxOy83bl3GO/89em/crfX5 7fICxx8WvGrASDInhO+V4SAsqWSCo3AOMLnfisJsH9h72oydCfRcvUyQBT9GMJWzt0HT ms9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=gW5+cqtFW8998bP2+Q+N3gwvZIfrKBuSNRSwxC4KxeU=; b=OdoBXDJ+fQVoA0QxNd2eq3VIRawrsNngBl0rHtbKTo1JptPUz3+QMJRcStwpQTU3Dz ah9GKuGKW7vWuB3K1D+kzhLHSLqO5e9aOBU/G2C3K3/b8Ilu2884CfWA6qDuEBbQbMVv +kF7Fj+ebWRxiZyTFxDH+Y1Lc3Py3aXUt/FbEUljefX+5JtjezC1JUKNgGDFUJNvpXxb wnTfzO/9HcVS18QDG03Wg/ico7PiCqiY7YaueHrY9w+MLy9LeGz8z2J+JO3GEQ1l1ZgT 6bTZhG9reg9Dp+/JAugt4edJ/+DlRz0bJ6o7mjb7sTXymvdeZQBMsgr4lcV+810hI2Cu sGXg== X-Gm-Message-State: AOAM530b/IHnFJZpnS/BDwrHCGxD4Wt5HSI5DuaJAJYQ7/E5cCgD77Rx KF5tX7RtlqbDxAeMND1sQ0ANVZ9ZNnM= X-Google-Smtp-Source: ABdhPJz1Y8Q8LOIuZiHL2SpB+k8JPzFoIsDBOExySsdEQX8wcgnZAEfN/rDS044TkLPUJUEjYRXgug== X-Received: by 2002:a17:906:2505:: with SMTP id i5mr10549862ejb.450.1632482714376; Fri, 24 Sep 2021 04:25:14 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 04/26] qom: Add memory-backend-epc ObjectOptions support Date: Fri, 24 Sep 2021 13:24:47 +0200 Message-Id: <20210924112509.25061-5-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52c; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52c.google.com X-Spam_score_int: 4 X-Spam_score: 0.4 X-Spam_bar: / X-Spam_report: (0.4 / 5.0 requ) DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632482823054100001 Content-Type: text/plain; charset="utf-8" From: Yang Zhong Add the new 'memory-backend-epc' user creatable QOM object in the ObjectOptions to support SGX since v6.1, or the sgx backend object cannot bootup. Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-4-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- qapi/qom.json | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/qapi/qom.json b/qapi/qom.json index a25616bc7a..0222bb4506 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -647,6 +647,23 @@ '*hugetlbsize': 'size', '*seal': 'bool' } } =20 +## +# @MemoryBackendEpcProperties: +# +# Properties for memory-backend-epc objects. +# +# The @share boolean option is true by default with epc +# +# The @merge boolean option is false by default with epc +# +# The @dump boolean option is false by default with epc +# +# Since: 6.2 +## +{ 'struct': 'MemoryBackendEpcProperties', + 'base': 'MemoryBackendProperties', + 'data': {} } + ## # @PrManagerHelperProperties: # @@ -797,6 +814,7 @@ { 'name': 'memory-backend-memfd', 'if': 'CONFIG_LINUX' }, 'memory-backend-ram', + 'memory-backend-epc', 'pef-guest', 'pr-manager-helper', 'qtest', @@ -855,6 +873,7 @@ 'memory-backend-memfd': { 'type': 'MemoryBackendMemfdPropertie= s', 'if': 'CONFIG_LINUX' }, 'memory-backend-ram': 'MemoryBackendProperties', + 'memory-backend-epc': 'MemoryBackendEpcProperties', 'pr-manager-helper': 'PrManagerHelperProperties', 'qtest': 'QtestProperties', 'rng-builtin': 'RngProperties', --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632483202617548.0228039198485; Fri, 24 Sep 2021 04:33:22 -0700 (PDT) Received: from localhost ([::1]:49008 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjSD-00051f-5P for importer@patchew.org; Fri, 24 Sep 2021 07:33:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34410) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKS-0007bF-H9 for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:20 -0400 Received: from mail-ed1-x529.google.com ([2a00:1450:4864:20::529]:38900) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKP-0000OJ-2x for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:20 -0400 Received: by mail-ed1-x529.google.com with SMTP id dj4so34909050edb.5 for ; Fri, 24 Sep 2021 04:25:16 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=EKKzobHFyXxpWUiNzYO7LLzXVu+MAqFExSkV+Wsg/vk=; b=QOleO+PF+gBncjBcT5uao+JRnKRH5jS8yFlBzpvhmtr6CG6VV1ZYxWr+Qh6xhZou4P 4mHdVkcO+hqxTZQSx1UZIVjOnZtI8/5ogEKlkUH93ZwQ3Cup3nwd0nrJTYjQRTsbjEKY z93XO7+GnDYN9eM5zh94Gwa377Q41KEMfmDhpKSivtMm9gkk2aBnT3QByXxJpvbtfWXw ZjnLcNhFZAcq5RTHuyd0m1x9PPzAWKSACktIyJ6Ym6+VV87CTi+iKT9j3aateF2rcdFu aiq5A7NvAJyFqvzotFZlzmAXyV8nGMGm+8XKFNIS6wosZoWjeEncJH3/BHkDixh/loOq GtUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=EKKzobHFyXxpWUiNzYO7LLzXVu+MAqFExSkV+Wsg/vk=; b=SSbcRlxghoIYqod7zexEVkYBHqcbvg3IzWMwQj4lBxCfs2YHIuTFTbYy5rDCj/wY6d oJFEL+tlf3GRCdkltpbgLyKVV5JrOMSwT1/HmFLKRj0ilc4y0MlXN6nPGoKfLiWNJ1j0 2vj1OIgFrwRayMOqF/KYMBEtFXuBaYKLUrvu81zKBxMjCtwAlK3Yr4ccQ8K2b++DehuH rvR4TxzSm3/GxJA2omtH2Lbbj3WQCM4fo/klk11ysu6e8bvVwBzs8vb7/DUQ9KIDO4DG ea9dn8J6ChPCZEJE0g+G9Rq0/nqFjKi3/uREfyM64HQntkmrTP8mE8o1aE06o6EasJUC 0XQw== X-Gm-Message-State: AOAM530KXxMdGVeJQrMwriB8EAPOS/TZG7XDzyvsRENYkgSkyvaRpSra 3m9ieuNSseqwyf18XftdJSd9BUPdh28= X-Google-Smtp-Source: ABdhPJwBD4v1mJ1j165YeQ7cvGXw8IPPsfc7w20VKxHHACFXnrrtaLzgsRfU5XR3GSLgHYyf8f3yOA== X-Received: by 2002:a17:906:1f09:: with SMTP id w9mr11096718ejj.472.1632482715090; Fri, 24 Sep 2021 04:25:15 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 05/26] i386: Add 'sgx-epc' device to expose EPC sections to guest Date: Fri, 24 Sep 2021 13:24:48 +0200 Message-Id: <20210924112509.25061-6-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::529; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x529.google.com X-Spam_score_int: 4 X-Spam_score: 0.4 X-Spam_bar: / X-Spam_report: (0.4 / 5.0 requ) DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483204250100002 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson SGX EPC is enumerated through CPUID, i.e. EPC "devices" need to be realized prior to realizing the vCPUs themselves, which occurs long before generic devices are parsed and realized. Because of this, do not allow 'sgx-epc' devices to be instantiated after vCPUS have been created. The 'sgx-epc' device is essentially a placholder at this time, it will be fully implemented in a future patch along with a dedicated command to create 'sgx-epc' devices. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-5-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- hw/i386/meson.build | 1 + hw/i386/sgx-epc.c | 167 ++++++++++++++++++++++++++++++++++++++ include/hw/i386/sgx-epc.h | 44 ++++++++++ 3 files changed, 212 insertions(+) create mode 100644 hw/i386/sgx-epc.c create mode 100644 include/hw/i386/sgx-epc.h diff --git a/hw/i386/meson.build b/hw/i386/meson.build index 80dad29f2b..b1862c83d4 100644 --- a/hw/i386/meson.build +++ b/hw/i386/meson.build @@ -16,6 +16,7 @@ i386_ss.add(when: 'CONFIG_Q35', if_true: files('pc_q35.c'= )) i386_ss.add(when: 'CONFIG_VMMOUSE', if_true: files('vmmouse.c')) i386_ss.add(when: 'CONFIG_VMPORT', if_true: files('vmport.c')) i386_ss.add(when: 'CONFIG_VTD', if_true: files('intel_iommu.c')) +i386_ss.add(when: 'CONFIG_SGX', if_true: files('sgx-epc.c')) =20 i386_ss.add(when: 'CONFIG_ACPI', if_true: files('acpi-common.c')) i386_ss.add(when: 'CONFIG_ACPI_HW_REDUCED', if_true: files('generic_event_= device_x86.c')) diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c new file mode 100644 index 0000000000..c584acc17b --- /dev/null +++ b/hw/i386/sgx-epc.c @@ -0,0 +1,167 @@ +/* + * SGX EPC device + * + * Copyright (C) 2019 Intel Corporation + * + * Authors: + * Sean Christopherson + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ +#include "qemu/osdep.h" +#include "hw/i386/pc.h" +#include "hw/i386/sgx-epc.h" +#include "hw/mem/memory-device.h" +#include "hw/qdev-properties.h" +#include "monitor/qdev.h" +#include "qapi/error.h" +#include "qapi/visitor.h" +#include "qemu/config-file.h" +#include "qemu/error-report.h" +#include "qemu/option.h" +#include "qemu/units.h" +#include "target/i386/cpu.h" +#include "exec/address-spaces.h" + +static Property sgx_epc_properties[] =3D { + DEFINE_PROP_UINT64(SGX_EPC_ADDR_PROP, SGXEPCDevice, addr, 0), + DEFINE_PROP_LINK(SGX_EPC_MEMDEV_PROP, SGXEPCDevice, hostmem, + TYPE_MEMORY_BACKEND_EPC, HostMemoryBackendEpc *), + DEFINE_PROP_END_OF_LIST(), +}; + +static void sgx_epc_get_size(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + Error *local_err =3D NULL; + uint64_t value; + + value =3D memory_device_get_region_size(MEMORY_DEVICE(obj), &local_err= ); + if (local_err) { + error_propagate(errp, local_err); + return; + } + + visit_type_uint64(v, name, &value, errp); +} + +static void sgx_epc_init(Object *obj) +{ + object_property_add(obj, SGX_EPC_SIZE_PROP, "uint64", sgx_epc_get_size, + NULL, NULL, NULL); +} + +static void sgx_epc_realize(DeviceState *dev, Error **errp) +{ + PCMachineState *pcms =3D PC_MACHINE(qdev_get_machine()); + X86MachineState *x86ms =3D X86_MACHINE(pcms); + SGXEPCDevice *epc =3D SGX_EPC(dev); + HostMemoryBackend *hostmem; + const char *path; + + if (x86ms->boot_cpus !=3D 0) { + error_setg(errp, "'" TYPE_SGX_EPC "' can't be created after vCPUs," + "e.g. via -device"); + return; + } + + if (!epc->hostmem) { + error_setg(errp, "'" SGX_EPC_MEMDEV_PROP "' property is not set"); + return; + } + hostmem =3D MEMORY_BACKEND(epc->hostmem); + if (host_memory_backend_is_mapped(hostmem)) { + path =3D object_get_canonical_path_component(OBJECT(hostmem)); + error_setg(errp, "can't use already busy memdev: %s", path); + return; + } + + error_setg(errp, "'" TYPE_SGX_EPC "' not supported"); +} + +static void sgx_epc_unrealize(DeviceState *dev) +{ + SGXEPCDevice *epc =3D SGX_EPC(dev); + HostMemoryBackend *hostmem =3D MEMORY_BACKEND(epc->hostmem); + + host_memory_backend_set_mapped(hostmem, false); +} + +static uint64_t sgx_epc_md_get_addr(const MemoryDeviceState *md) +{ + const SGXEPCDevice *epc =3D SGX_EPC(md); + + return epc->addr; +} + +static void sgx_epc_md_set_addr(MemoryDeviceState *md, uint64_t addr, + Error **errp) +{ + object_property_set_uint(OBJECT(md), SGX_EPC_ADDR_PROP, addr, errp); +} + +static uint64_t sgx_epc_md_get_plugged_size(const MemoryDeviceState *md, + Error **errp) +{ + return 0; +} + +static MemoryRegion *sgx_epc_md_get_memory_region(MemoryDeviceState *md, + Error **errp) +{ + SGXEPCDevice *epc =3D SGX_EPC(md); + HostMemoryBackend *hostmem; + + if (!epc->hostmem) { + error_setg(errp, "'" SGX_EPC_MEMDEV_PROP "' property must be set"); + return NULL; + } + + hostmem =3D MEMORY_BACKEND(epc->hostmem); + return host_memory_backend_get_memory(hostmem); +} + +static void sgx_epc_md_fill_device_info(const MemoryDeviceState *md, + MemoryDeviceInfo *info) +{ + /* TODO */ +} + +static void sgx_epc_class_init(ObjectClass *oc, void *data) +{ + DeviceClass *dc =3D DEVICE_CLASS(oc); + MemoryDeviceClass *mdc =3D MEMORY_DEVICE_CLASS(oc); + + dc->hotpluggable =3D false; + dc->realize =3D sgx_epc_realize; + dc->unrealize =3D sgx_epc_unrealize; + dc->desc =3D "SGX EPC section"; + device_class_set_props(dc, sgx_epc_properties); + + mdc->get_addr =3D sgx_epc_md_get_addr; + mdc->set_addr =3D sgx_epc_md_set_addr; + mdc->get_plugged_size =3D sgx_epc_md_get_plugged_size; + mdc->get_memory_region =3D sgx_epc_md_get_memory_region; + mdc->fill_device_info =3D sgx_epc_md_fill_device_info; +} + +static TypeInfo sgx_epc_info =3D { + .name =3D TYPE_SGX_EPC, + .parent =3D TYPE_DEVICE, + .instance_size =3D sizeof(SGXEPCDevice), + .instance_init =3D sgx_epc_init, + .class_init =3D sgx_epc_class_init, + .class_size =3D sizeof(DeviceClass), + .interfaces =3D (InterfaceInfo[]) { + { TYPE_MEMORY_DEVICE }, + { } + }, +}; + +static void sgx_epc_register_types(void) +{ + type_register_static(&sgx_epc_info); +} + +type_init(sgx_epc_register_types) diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h new file mode 100644 index 0000000000..cf3ed5c0cd --- /dev/null +++ b/include/hw/i386/sgx-epc.h @@ -0,0 +1,44 @@ +/* + * SGX EPC device + * + * Copyright (C) 2019 Intel Corporation + * + * Authors: + * Sean Christopherson + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ +#ifndef QEMU_SGX_EPC_H +#define QEMU_SGX_EPC_H + +#include "hw/i386/hostmem-epc.h" + +#define TYPE_SGX_EPC "sgx-epc" +#define SGX_EPC(obj) \ + OBJECT_CHECK(SGXEPCDevice, (obj), TYPE_SGX_EPC) +#define SGX_EPC_CLASS(oc) \ + OBJECT_CLASS_CHECK(SGXEPCDeviceClass, (oc), TYPE_SGX_EPC) +#define SGX_EPC_GET_CLASS(obj) \ + OBJECT_GET_CLASS(SGXEPCDeviceClass, (obj), TYPE_SGX_EPC) + +#define SGX_EPC_ADDR_PROP "addr" +#define SGX_EPC_SIZE_PROP "size" +#define SGX_EPC_MEMDEV_PROP "memdev" + +/** + * SGXEPCDevice: + * @addr: starting guest physical address, where @SGXEPCDevice is mapped. + * Default value: 0, means that address is auto-allocated. + * @hostmem: host memory backend providing memory for @SGXEPCDevice + */ +typedef struct SGXEPCDevice { + /* private */ + DeviceState parent_obj; + + /* public */ + uint64_t addr; + HostMemoryBackendEpc *hostmem; +} SGXEPCDevice; + +#endif --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632482831407623.1605731316143; Fri, 24 Sep 2021 04:27:11 -0700 (PDT) Received: from localhost ([::1]:60580 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjME-0002F3-6q for importer@patchew.org; Fri, 24 Sep 2021 07:27:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34416) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKS-0007bP-JK for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:20 -0400 Received: from mail-ed1-x52e.google.com ([2a00:1450:4864:20::52e]:36842) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKP-0000Oo-Kn for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:20 -0400 Received: by mail-ed1-x52e.google.com with SMTP id v24so34820387eda.3 for ; Fri, 24 Sep 2021 04:25:17 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=95NMlpuMXDUhR24A45FTB4Ijm/sQEfc61ftCTgPEnVU=; b=VgGn+Cg/dGXeU466mhGHcz4LuTsZGt1gMI4nhjP4PHtCn6/6NlqWVksVREWXZTEg+H 0DuZBKJhnegsQwv/Dvzrp3lAB9R45JO1OZH65dUbsKenbqgWWN2E8VIq3u3M5/4Gzyou KOksD3xEbv11lZq+9br3etf8hOA8wHh3gPhSUODq7a8xsOan6GDWSMiP5uU45VvBOdkp IEgMZIvU6URKWlVMBWiB9/IcNozj11lGcouVClG8p31aqj9vuuPVYHG9L0njf/9bPQtZ xkXkbvvt0gilSnus/lEKxCEWMXPmg4U9xGfqN70M+ahxoSIitvD7zuCZoZqcEn7tGGxH 35Pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=95NMlpuMXDUhR24A45FTB4Ijm/sQEfc61ftCTgPEnVU=; b=ASdMCqlStoKu5OJWWL3dXW/3MHT7V8rMWTAkQ0nza6ZvkebZHr7e9tnIWQBQfkJI4z XafLfEfgn71dlHmnURrYzC1AS+mVg1a1uHoX9fiTPHEZqSwJYzBqzuPMp1X2sMqAqhdw Nr++nFNmCjO3Ez04P93R5RMJad1PT84FX1Ea+AeuIwySTMDI6lwJ5xk3hWRZHGvZUyRk 8yo+va4+KOe1JG4+lgv0BLhR0f2X5G01s//7f/YCgl7GWT0f7h1GkFML28z2p4oFHk/l woFoAi+rcfsNM4n5iwNtQ7CU+OIoG0YImu7AZnXZykK+EZnQm6/RWoWpVg0jp5c2O49c 4acg== X-Gm-Message-State: AOAM533rxLVpZpP4yOK89iEWPgiH1OyzSbYK4OgnGygxZ9wo3GD8RATo eEGY8mUSayVTB2Lp4lNt8e3tuiaZXAc= X-Google-Smtp-Source: ABdhPJw85AMhwFlTKAtK6DP+WYTuWzY2miXyltKTZH6Tho/ChVi0goxbeiZtNl9LtBHTjNOiio9W2g== X-Received: by 2002:a17:906:6dc1:: with SMTP id j1mr10802734ejt.324.1632482715806; Fri, 24 Sep 2021 04:25:15 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 06/26] vl: Add sgx compound properties to expose SGX EPC sections to guest Date: Fri, 24 Sep 2021 13:24:49 +0200 Message-Id: <20210924112509.25061-7-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52e; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52e.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632482833581100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Because SGX EPC is enumerated through CPUID, EPC "devices" need to be realized prior to realizing the vCPUs themselves, i.e. long before generic devices are parsed and realized. From a virtualization perspective, the CPUID aspect also means that EPC sections cannot be hotplugged without paravirtualizing the guest kernel (hardware does not support hotplugging as EPC sections must be locked down during pre-boot to provide EPC's security properties). So even though EPC sections could be realized through the generic -devices command, they need to be created much earlier for them to actually be usable by the guest. Place all EPC sections in a contiguous block, somewhat arbitrarily starting after RAM above 4g. Ensuring EPC is in a contiguous region simplifies calculations, e.g. device memory base, PCI hole, etc..., allows dynamic calculation of the total EPC size, e.g. exposing EPC to guests does not require -maxmem, and last but not least allows all of EPC to be enumerated in a single ACPI entry, which is expected by some kernels, e.g. Windows 7 and 8. The new compound properties command for sgx like below: ...... -object memory-backend-epc,id=3Dmem1,size=3D28M,prealloc=3Don \ -object memory-backend-epc,id=3Dmem2,size=3D10M \ -M sgx-epc.0.memdev=3Dmem1,sgx-epc.1.memdev=3Dmem2 Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-6-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- hw/i386/sgx-epc.c | 20 ++++++++++++++------ hw/i386/x86.c | 29 +++++++++++++++++++++++++++++ include/hw/i386/pc.h | 3 +++ include/hw/i386/sgx-epc.h | 14 ++++++++++++++ include/hw/i386/x86.h | 1 + qapi/machine.json | 26 ++++++++++++++++++++++++++ qemu-options.hx | 10 ++++++++-- 7 files changed, 95 insertions(+), 8 deletions(-) diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c index c584acc17b..6677dc74b5 100644 --- a/hw/i386/sgx-epc.c +++ b/hw/i386/sgx-epc.c @@ -14,13 +14,8 @@ #include "hw/i386/sgx-epc.h" #include "hw/mem/memory-device.h" #include "hw/qdev-properties.h" -#include "monitor/qdev.h" #include "qapi/error.h" #include "qapi/visitor.h" -#include "qemu/config-file.h" -#include "qemu/error-report.h" -#include "qemu/option.h" -#include "qemu/units.h" #include "target/i386/cpu.h" #include "exec/address-spaces.h" =20 @@ -56,6 +51,8 @@ static void sgx_epc_realize(DeviceState *dev, Error **err= p) { PCMachineState *pcms =3D PC_MACHINE(qdev_get_machine()); X86MachineState *x86ms =3D X86_MACHINE(pcms); + MemoryDeviceState *md =3D MEMORY_DEVICE(dev); + SGXEPCState *sgx_epc =3D &pcms->sgx_epc; SGXEPCDevice *epc =3D SGX_EPC(dev); HostMemoryBackend *hostmem; const char *path; @@ -77,7 +74,18 @@ static void sgx_epc_realize(DeviceState *dev, Error **er= rp) return; } =20 - error_setg(errp, "'" TYPE_SGX_EPC "' not supported"); + epc->addr =3D sgx_epc->base + sgx_epc->size; + + memory_region_add_subregion(&sgx_epc->mr, epc->addr - sgx_epc->base, + host_memory_backend_get_memory(hostmem)); + + host_memory_backend_set_mapped(hostmem, true); + + sgx_epc->sections =3D g_renew(SGXEPCDevice *, sgx_epc->sections, + sgx_epc->nr_sections + 1); + sgx_epc->sections[sgx_epc->nr_sections++] =3D epc; + + sgx_epc->size +=3D memory_device_get_region_size(md, errp); } =20 static void sgx_epc_unrealize(DeviceState *dev) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 00448ed55a..41ef9a84a9 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -30,6 +30,8 @@ #include "qapi/error.h" #include "qapi/qmp/qerror.h" #include "qapi/qapi-visit-common.h" +#include "qapi/clone-visitor.h" +#include "qapi/qapi-visit-machine.h" #include "qapi/visitor.h" #include "sysemu/qtest.h" #include "sysemu/whpx.h" @@ -1263,6 +1265,27 @@ static void x86_machine_set_bus_lock_ratelimit(Objec= t *obj, Visitor *v, visit_type_uint64(v, name, &x86ms->bus_lock_ratelimit, errp); } =20 +static void machine_get_sgx_epc(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + X86MachineState *x86ms =3D X86_MACHINE(obj); + SgxEPCList *list =3D x86ms->sgx_epc_list; + + visit_type_SgxEPCList(v, name, &list, errp); +} + +static void machine_set_sgx_epc(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + X86MachineState *x86ms =3D X86_MACHINE(obj); + SgxEPCList *list; + + list =3D x86ms->sgx_epc_list; + visit_type_SgxEPCList(v, name, &x86ms->sgx_epc_list, errp); + + qapi_free_SgxEPCList(list); +} + static void x86_machine_initfn(Object *obj) { X86MachineState *x86ms =3D X86_MACHINE(obj); @@ -1322,6 +1345,12 @@ static void x86_machine_class_init(ObjectClass *oc, = void *data) x86_machine_set_bus_lock_ratelimit, NULL, = NULL); object_class_property_set_description(oc, X86_MACHINE_BUS_LOCK_RATELIM= IT, "Set the ratelimit for the bus locks acquired in VMs"); + + object_class_property_add(oc, "sgx-epc", "SgxEPC", + machine_get_sgx_epc, machine_set_sgx_epc, + NULL, NULL); + object_class_property_set_description(oc, "sgx-epc", + "SGX EPC device"); } =20 static const TypeInfo x86_machine_info =3D { diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index 4d2e35a152..668e48be8a 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -12,6 +12,7 @@ #include "hw/acpi/acpi_dev_interface.h" #include "hw/hotplug.h" #include "qom/object.h" +#include "hw/i386/sgx-epc.h" =20 #define HPET_INTCAP "hpet-intcap" =20 @@ -49,6 +50,8 @@ typedef struct PCMachineState { =20 /* ACPI Memory hotplug IO base address */ hwaddr memhp_io_base; + + SGXEPCState sgx_epc; } PCMachineState; =20 #define PC_MACHINE_ACPI_DEVICE_PROP "acpi-device" diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h index cf3ed5c0cd..83269972e0 100644 --- a/include/hw/i386/sgx-epc.h +++ b/include/hw/i386/sgx-epc.h @@ -41,4 +41,18 @@ typedef struct SGXEPCDevice { HostMemoryBackendEpc *hostmem; } SGXEPCDevice; =20 +/* + * @base: address in guest physical address space where EPC regions start + * @mr: address space container for memory devices + */ +typedef struct SGXEPCState { + uint64_t base; + uint64_t size; + + MemoryRegion mr; + + struct SGXEPCDevice **sections; + int nr_sections; +} SGXEPCState; + #endif diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h index 6e9244a82c..23267a3674 100644 --- a/include/hw/i386/x86.h +++ b/include/hw/i386/x86.h @@ -62,6 +62,7 @@ struct X86MachineState { unsigned pci_irq_mask; unsigned apic_id_limit; uint16_t boot_cpus; + SgxEPCList *sgx_epc_list; =20 OnOffAuto smm; OnOffAuto acpi; diff --git a/qapi/machine.json b/qapi/machine.json index 157712f006..5132abf152 100644 --- a/qapi/machine.json +++ b/qapi/machine.json @@ -1194,6 +1194,32 @@ } } =20 +## +# @SgxEPC: +# +# Sgx EPC cmdline information +# +# @memdev: memory backend linked with device +# +# Since: 6.2 +## +{ 'struct': 'SgxEPC', + 'data': { 'memdev': 'str' } +} + +## +# @SgxEPCProperties: +# +# Properties for SgxEPC objects. +# +# @sgx-epc: sgx epc section properties. +# +# Since: 6.2 +## +{ 'struct': 'SgxEPCProperties', + 'data': { 'sgx-epc': ['SgxEPC'] } +} + ## # @MemoryDeviceInfo: # diff --git a/qemu-options.hx b/qemu-options.hx index 8f603cc7e6..ceca52818a 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -126,8 +126,14 @@ SRST -m 512M ERST =20 -HXCOMM Deprecated by -machine -DEF("M", HAS_ARG, QEMU_OPTION_M, "", QEMU_ARCH_ALL) +DEF("M", HAS_ARG, QEMU_OPTION_M, + " sgx-epc.0.memdev=3Dmemid\n", + QEMU_ARCH_ALL) + +SRST +``sgx-epc.0.memdev=3D@var{memid}`` + Define an SGX EPC section. +ERST =20 DEF("cpu", HAS_ARG, QEMU_OPTION_cpu, "-cpu cpu select CPU ('-cpu help' for list)\n", QEMU_ARCH_ALL) --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632483006726550.7198588530132; Fri, 24 Sep 2021 04:30:06 -0700 (PDT) Received: from localhost ([::1]:40804 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjP3-0007rd-Na for importer@patchew.org; Fri, 24 Sep 2021 07:30:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34442) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKT-0007cS-Do for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:21 -0400 Received: from mail-ed1-x52f.google.com ([2a00:1450:4864:20::52f]:38906) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKQ-0000Qo-06 for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:21 -0400 Received: by mail-ed1-x52f.google.com with SMTP id dj4so34909310edb.5 for ; Fri, 24 Sep 2021 04:25:17 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Y5AR/P+mFSJFO235bsACgg5JM9OnHm4NP9JNrfL9ZLQ=; b=l/kx0rH7frHAp3l7tsCrjRxwVw32XW+JS7ODGk6Gj4KczlaWkCbxk86VRyN2GuHnqn 74U5MwwA9z/HeGEvaDLBWn8eRsw7ee4zD8piom60a+B9i0qyxFCcpOAV0rICcKKVXtd2 AKzLU/DCI1qteQVgTqNIfE58EEpVQ4N+coFfP0IheBZNNjgWi8GcnGzzwQObWQa8LxL9 mIo+lr0+GJnQKJMYNptGhS6EfOXufMM5+Z0tbgwUP20ku6sgA3MNiz5o5R88eJO04Piq jDP8op52Om6NfZC8NAqe+BHXYVmKhaL9sx5bqFyXY8/Yb1YC6PSdAmMu/Et1nvF2qiO6 b9lQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=Y5AR/P+mFSJFO235bsACgg5JM9OnHm4NP9JNrfL9ZLQ=; b=AdzNYGX9amnNJ01bqpgpsr7AiofhS1cIxSdnL86rZtwbw0mz1y4T3gY42EWbIZMcUD aK6DJ+qPdaGdCfMlwt5styh25P+vsaWA0v/eaVuk2mW/9+j6uOjEV9C4XUeqynoqZtiL jUMizFkQfDVYicJaRDvOaMgmv9E6AX6Z7VboYdW7pFQYebTDOGF2BDssEXWU/+nfPRlX teUwwLhZgaQijTfEHuD/KlqVUCc9LMhI2GFOJJ4rplJHBq7Kr3bD9x6lI95N9vh26B86 smpEWxRPNhMau/YBz+Pcl2VGSmjYPKpAEbXK79zYLwBdzJYN1ZuWYmVu78WdQE7HMfQY M+aw== X-Gm-Message-State: AOAM533B9pXVeMzOe86aH/cb0SVbPNt98ue9WAfk08NTN5sVJQGPOZ3M tIgJJbjsVsLw5gqGG3q0ZIGV2Csi5Jo= X-Google-Smtp-Source: ABdhPJwfVcLLlGpNIWW8ed6FPQBZ5Ns396Qehco5NqPQInwcxMvWTWz/0t/gIAvlO+VRnzOQqqgv/g== X-Received: by 2002:a17:906:1d07:: with SMTP id n7mr10379767ejh.53.1632482716486; Fri, 24 Sep 2021 04:25:16 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 07/26] i386: Add primary SGX CPUID and MSR defines Date: Fri, 24 Sep 2021 13:24:50 +0200 Message-Id: <20210924112509.25061-8-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52f; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52f.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483007948100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Add CPUID defines for SGX and SGX Launch Control (LC), as well as defines for their associated FEATURE_CONTROL MSR bits. Define the Launch Enclave Public Key Hash MSRs (LE Hash MSRs), which exist when SGX LC is present (in CPUID), and are writable when SGX LC is enabled (in FEATURE_CONTROL). Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-7-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- target/i386/cpu.c | 4 ++-- target/i386/cpu.h | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 6b029f1bdf..21d2a325ea 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -795,7 +795,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] =3D { [FEAT_7_0_EBX] =3D { .type =3D CPUID_FEATURE_WORD, .feat_names =3D { - "fsgsbase", "tsc-adjust", NULL, "bmi1", + "fsgsbase", "tsc-adjust", "sgx", "bmi1", "hle", "avx2", NULL, "smep", "bmi2", "erms", "invpcid", "rtm", NULL, NULL, "mpx", NULL, @@ -821,7 +821,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] =3D { "la57", NULL, NULL, NULL, NULL, NULL, "rdpid", NULL, "bus-lock-detect", "cldemote", NULL, "movdiri", - "movdir64b", NULL, NULL, "pks", + "movdir64b", NULL, "sgxlc", "pks", }, .cpuid =3D { .eax =3D 7, diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 7dd664791a..3823c7c40a 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -389,9 +389,17 @@ typedef enum X86Seg { #define MSR_IA32_PKRS 0x6e1 =20 #define FEATURE_CONTROL_LOCKED (1<<0) +#define FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX (1ULL << 1) #define FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX (1<<2) +#define FEATURE_CONTROL_SGX_LC (1ULL << 17) +#define FEATURE_CONTROL_SGX (1ULL << 18) #define FEATURE_CONTROL_LMCE (1<<20) =20 +#define MSR_IA32_SGXLEPUBKEYHASH0 0x8c +#define MSR_IA32_SGXLEPUBKEYHASH1 0x8d +#define MSR_IA32_SGXLEPUBKEYHASH2 0x8e +#define MSR_IA32_SGXLEPUBKEYHASH3 0x8f + #define MSR_P6_PERFCTR0 0xc1 =20 #define MSR_IA32_SMBASE 0x9e @@ -718,6 +726,8 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS]; =20 /* Support RDFSBASE/RDGSBASE/WRFSBASE/WRGSBASE */ #define CPUID_7_0_EBX_FSGSBASE (1U << 0) +/* Support SGX */ +#define CPUID_7_0_EBX_SGX (1U << 2) /* 1st Group of Advanced Bit Manipulation Extensions */ #define CPUID_7_0_EBX_BMI1 (1U << 3) /* Hardware Lock Elision */ @@ -805,6 +815,8 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS]; #define CPUID_7_0_ECX_MOVDIRI (1U << 27) /* Move 64 Bytes as Direct Store Instruction */ #define CPUID_7_0_ECX_MOVDIR64B (1U << 28) +/* Support SGX Launch Control */ +#define CPUID_7_0_ECX_SGX_LC (1U << 30) /* Protection Keys for Supervisor-mode Pages */ #define CPUID_7_0_ECX_PKS (1U << 31) =20 --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632483226978343.1419965183986; Fri, 24 Sep 2021 04:33:46 -0700 (PDT) Received: from localhost ([::1]:49338 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjSb-0005Eg-Rk for importer@patchew.org; Fri, 24 Sep 2021 07:33:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34448) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKT-0007d3-LS for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:21 -0400 Received: from mail-ed1-x533.google.com ([2a00:1450:4864:20::533]:35662) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKR-0000Sg-Of for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:21 -0400 Received: by mail-ed1-x533.google.com with SMTP id y89so24042118ede.2 for ; Fri, 24 Sep 2021 04:25:19 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=UiMznw01RdLQ9B39Iax6tMW439yM+ztUjpsGI5+mzRc=; b=l5JZME1BWCX5NGxDmKxrEUEs0H2JiuPko1yOtH7eOTtxWghMvUCGpRHzsklSXH/9CE 2RTecHUU2hUvQ4jHiC7KMQq951oBe7Y3v1X06M5unXzSaTZiSD5/NmyOqDj0AyFfyFSV kYhMev1NTWRy1tGvXnQ4yiPfV4vgh5SFlSlK9VfeVRZinoj/Es7W7eFcTndx+KKIfSJA m3QPREun6bPIP8DN16bWTLAtvCB3LUy93SmZSI6ouHZH2c0yJbxe0F4WFOnHPEvI0Xsv rzN/7jcqg/M88pM13Ni0PiaEq4MZ6b+B7zNSVKl5U3GtJtOhoyK+TzNttbp3+gxWtImH eYSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=UiMznw01RdLQ9B39Iax6tMW439yM+ztUjpsGI5+mzRc=; b=YLaLjOcYN7dDJS6P1G/Wskq73s7fr1mVyL1mccjkbp3ERfUo9uDjtWsqcCxOJbpx5W kxmhmbFfjVDFSIG/jIb9PuN89CsNeBLhl0j3q9IFvWJPxbpi0/iliI4BSdg556T3udwY 3gmCO5SjcGKrasMH9jVYChlGTRfQKZzl1FA1gOJudrt5r/oDWTeiverKHgyQT/ybqzBk cpyJosqo1AoeWi98D4YVkg/HhDp0H1u3sKcaW1x5HjQyXgBdHxfBMiRbZ1YLDrC3Z1Xz SdmrgjcCzlYSG6BMD/6vdJ4eE8FaD+EWfPDG2Qj/6KIWHQW6ytzPhCS8C/x+4Fk1NHj7 41AA== X-Gm-Message-State: AOAM533IM8lqOI6hZ2FpC3tpAAhlE4OTuAubpuYJg0+i7j1R5SGi3JK6 eH4QQNiXUvRI4j/d+lSQ6Z0Juwx40OI= X-Google-Smtp-Source: ABdhPJxlxZNNfpl5T4mBwtP180/GvGgRrg3KnbmtKze3QwXt4X9OGrXvGdBHEPRhMGp84+lUY9R4vA== X-Received: by 2002:a17:907:2ce9:: with SMTP id hz9mr10541412ejc.275.1632482717466; Fri, 24 Sep 2021 04:25:17 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 08/26] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX Date: Fri, 24 Sep 2021 13:24:51 +0200 Message-Id: <20210924112509.25061-9-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::533; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x533.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483228244100003 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson CPUID leaf 12_0_EAX is an Intel-defined feature bits leaf enumerating the CPU's SGX capabilities, e.g. supported SGX instruction sets. Currently there are four enumerated capabilities: - SGX1 instruction set, i.e. "base" SGX - SGX2 instruction set for dynamic EPC management - ENCLV instruction set for VMM oversubscription of EPC - ENCLS-C instruction set for thread safe variants of ENCLS Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-8-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- target/i386/cpu.c | 20 ++++++++++++++++++++ target/i386/cpu.h | 1 + 2 files changed, 21 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 21d2a325ea..2cd1487bae 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -654,6 +654,7 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t vendo= r1, /* missing: CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */ #define TCG_14_0_ECX_FEATURES 0 +#define TCG_SGX_12_0_EAX_FEATURES 0 =20 FeatureWordInfo feature_word_info[FEATURE_WORDS] =3D { [FEAT_1_EDX] =3D { @@ -1182,6 +1183,25 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] =3D= { .tcg_features =3D TCG_14_0_ECX_FEATURES, }, =20 + [FEAT_SGX_12_0_EAX] =3D { + .type =3D CPUID_FEATURE_WORD, + .feat_names =3D { + "sgx1", "sgx2", NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + }, + .cpuid =3D { + .eax =3D 0x12, + .needs_ecx =3D true, .ecx =3D 0, + .reg =3D R_EAX, + }, + .tcg_features =3D TCG_SGX_12_0_EAX_FEATURES, + }, }; =20 typedef struct FeatureMask { diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 3823c7c40a..cde446cc34 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -578,6 +578,7 @@ typedef enum FeatureWord { FEAT_VMX_BASIC, FEAT_VMX_VMFUNC, FEAT_14_0_ECX, + FEAT_SGX_12_0_EAX, /* CPUID[EAX=3D0x12,ECX=3D0].EAX (SGX) */ FEATURE_WORDS, } FeatureWord; =20 --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 163248322550596.89517028138721; Fri, 24 Sep 2021 04:33:45 -0700 (PDT) Received: from localhost ([::1]:49130 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjSa-00056e-Gq for importer@patchew.org; Fri, 24 Sep 2021 07:33:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34444) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKT-0007cg-GE for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:21 -0400 Received: from mail-ed1-x52f.google.com ([2a00:1450:4864:20::52f]:42716) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKR-0000Sh-Ek for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:21 -0400 Received: by mail-ed1-x52f.google.com with SMTP id u27so34244326edi.9 for ; Fri, 24 Sep 2021 04:25:19 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Pw9T6U+ItUvrcf1Uv1vMdmH5sv75PyI2Siw9k4uTTEg=; b=V1tduOLeZHidnzqVX0SWOAqFmOSlNPHb3Ju423Qb3Bny9UTcbN3ncAyF55S8YFB0yo TsHtwJ58tsalNQaIQz4Q/tK/VAz8523hPLm5TWvtIaaQ3/NbQqjqO81vJrpy0Zd7QCsu /QbKvHydvZAHFH1TuZTflLyovGvGIkQNdPc1bndR1jPkbBcGnbZvfLq6DdsQrbVaHldW XURNXuGeeKvpPalKHe6woxl2W8cz/cB9CHES8rxV8PheqzhYp5dWXos2ifStv3hwrawn NbgIhXQZl2G0P7ByEADhcPP32CBnqzbmQGfpoOznJaGEi6y9ZGJ/GFZpI8qPIaNUdwSN cBwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=Pw9T6U+ItUvrcf1Uv1vMdmH5sv75PyI2Siw9k4uTTEg=; b=HGWNHDBlmamw1p7FnlpucP2LCYgOv2S8xNTArT9JSKeHPOSHupbhPeM8ArQnkxPOwZ nRcOyFY3UoKhaWQ+KWxGBjSFY20mPMAvMHDMR4hTQ/XnPGedWb9tu251XuJFwAWPwxek vkkySM60oasEYlxT+jhuMLeRcfDgwha4PFBgdDgv2uZn3AKgzHnu8bj98pJsVEM7hIZA ssTm8PQxD1P013sAlMBchXknchLeWGsssZa2rdj9SewvVM7jSzAC2UrVGIwDSJ5SlrTV oR5uuvUxArB2iL6l5gYwKveHWx2tP/VLtXMWUZtorfSrwBzNFTSjoCIE9ZLodJmTm98t Ixxw== X-Gm-Message-State: AOAM533TCY4i+h5Q0o9jiBwsKYNsbJ8ydu8ONcLmHCCVjj/fJqnYmk7I hPzKC2Esf6eXvdUGOkmiA3gO2/G9+II= X-Google-Smtp-Source: ABdhPJzXTnCodpawR/LJbaJRoD9phhcvXyzrLDMxw18daZ6F+S2o6vmjRDE2tdbxiu7qEMTFjS8gRg== X-Received: by 2002:a50:d844:: with SMTP id v4mr4435540edj.378.1632482718181; Fri, 24 Sep 2021 04:25:18 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 09/26] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EBX Date: Fri, 24 Sep 2021 13:24:52 +0200 Message-Id: <20210924112509.25061-10-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52f; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52f.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483226269100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson CPUID leaf 12_0_EBX is an Intel-defined feature bits leaf enumerating the platform's SGX extended capabilities. Currently there is a single capabilitiy: - EXINFO: record information about #PFs and #GPs in the enclave's SSA Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-9-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- target/i386/cpu.c | 21 +++++++++++++++++++++ target/i386/cpu.h | 1 + 2 files changed, 22 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 2cd1487bae..c0d5c3c621 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -655,6 +655,7 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t vendo= r1, CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */ #define TCG_14_0_ECX_FEATURES 0 #define TCG_SGX_12_0_EAX_FEATURES 0 +#define TCG_SGX_12_0_EBX_FEATURES 0 =20 FeatureWordInfo feature_word_info[FEATURE_WORDS] =3D { [FEAT_1_EDX] =3D { @@ -1202,6 +1203,26 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] =3D= { }, .tcg_features =3D TCG_SGX_12_0_EAX_FEATURES, }, + + [FEAT_SGX_12_0_EBX] =3D { + .type =3D CPUID_FEATURE_WORD, + .feat_names =3D { + "sgx-exinfo" , NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + }, + .cpuid =3D { + .eax =3D 0x12, + .needs_ecx =3D true, .ecx =3D 0, + .reg =3D R_EBX, + }, + .tcg_features =3D TCG_SGX_12_0_EBX_FEATURES, + }, }; =20 typedef struct FeatureMask { diff --git a/target/i386/cpu.h b/target/i386/cpu.h index cde446cc34..0cdbcb9e4c 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -579,6 +579,7 @@ typedef enum FeatureWord { FEAT_VMX_VMFUNC, FEAT_14_0_ECX, FEAT_SGX_12_0_EAX, /* CPUID[EAX=3D0x12,ECX=3D0].EAX (SGX) */ + FEAT_SGX_12_0_EBX, /* CPUID[EAX=3D0x12,ECX=3D0].EBX (SGX MISCSELECT[3= 1:0]) */ FEATURE_WORDS, } FeatureWord; =20 --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632483416945743.2546929471085; Fri, 24 Sep 2021 04:36:56 -0700 (PDT) Received: from localhost ([::1]:57634 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjVf-0002Wd-Py for importer@patchew.org; Fri, 24 Sep 2021 07:36:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34454) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKU-0007e1-0l for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:22 -0400 Received: from mail-ed1-x534.google.com ([2a00:1450:4864:20::534]:42721) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKS-0000TQ-CM for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:21 -0400 Received: by mail-ed1-x534.google.com with SMTP id u27so34244434edi.9 for ; Fri, 24 Sep 2021 04:25:19 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=oFerr1X+wfYDn01Sfa4bWZfiMRDjKdpG3+sWcyxOLUU=; b=gpfu4VxKJVcQC2ybHh/+GG6kC+wVBHR7sVQGCkS5wibzX5tptGlpfFn6H1LCSsY3MK L749nQHMIb66FlYumcnnwwAkLwZS5RNWgCnqzDC0LljSUzmVBOsH9nNqZirDWUbz/51G zVCgOf1CTpBZXVMDZ3IQ8XQfqGuIjh4220lEU6Mld1RU9+IUajwRBjfHUkbIgsiSeNNq 7OkZEuRScMs52uph1pCGG4iE7fMZqZHkcIu5BHL944HSJGOA69ijmJ+lwzFvwUfZxbMJ ZD+OE1HcDKO48MOKH04AFv35aFo+qdKAorVcpWZ4pIv38prbB0WnAZ6UFPDXnYRHyg9K kDEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=oFerr1X+wfYDn01Sfa4bWZfiMRDjKdpG3+sWcyxOLUU=; b=nxxRv0mwq/MasdYH8IYbmY+WDJUZH7MsModABUeJVg2V4Pbf8Z23tT515Uzlhv+CXq yzukSsBq+keKmkmEP/RjxTIHEtE+GLHxxnC4bDyChiavG+sdo317aFgVp0mtWcOZ/Q8V U0YyzVGiOXBkhN1amG6jE8+KCBpMU9qrFl7PHsV0pj6h31tTt8k7LNyOjoxeESqajP6S Y/5RXN1jEvHEeqq8DjKzU8a0jVSeXH8LstCHoBmv0CUj284VE8WvZzdzM2ba7KNBRAH3 bER8ycKmBHCZjCoQUijE2e95/TrfzBndwfcW+3JSxXuARiCxnJrTNih7kVyu2tPsgATF 5rPw== X-Gm-Message-State: AOAM533uEIXecV7Fva1FHmqiIYP89wf/tLLRskRMrcKgdFyQiCaM8n51 Sz9BuhSOr5oRvW7EnYRI6YKYav0OJlk= X-Google-Smtp-Source: ABdhPJz4++BOwo1U2Hq5x1kIiJCS9smuFsEENO4Yv+kDf3xf2rg7n6sZaGakG4WsdYd7iz6iLBrj3w== X-Received: by 2002:a17:906:a59:: with SMTP id x25mr10415407ejf.33.1632482718933; Fri, 24 Sep 2021 04:25:18 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 10/26] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX Date: Fri, 24 Sep 2021 13:24:53 +0200 Message-Id: <20210924112509.25061-11-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::534; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x534.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483418522100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson CPUID leaf 12_1_EAX is an Intel-defined feature bits leaf enumerating the platform's SGX capabilities that may be utilized by an enclave, e.g. whether or not an enclave can gain access to the provision key. Currently there are six capabilities: - INIT: set when the enclave has has been initialized by EINIT. Cannot be set by software, i.e. forced to zero in CPUID. - DEBUG: permits a debugger to read/write into the enclave. - MODE64BIT: the enclave runs in 64-bit mode - PROVISIONKEY: grants has access to the provision key - EINITTOKENKEY: grants access to the EINIT token key, i.e. the enclave can generate EINIT tokens - KSS: Key Separation and Sharing enabled for the enclave. Note that the entirety of CPUID.0x12.0x1, i.e. all registers, enumerates the allowed ATTRIBUTES (128 bits), but only bits 31:0 are directly exposed to the user (via FEAT_12_1_EAX). Bits 63:32 are currently all reserved and bits 127:64 correspond to the allowed XSAVE Feature Request Mask, which is calculated based on other CPU features, e.g. XSAVE, MPX, AVX, etc... and is not exposed to the user. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-10-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- target/i386/cpu.c | 21 +++++++++++++++++++++ target/i386/cpu.h | 1 + 2 files changed, 22 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index c0d5c3c621..e9ecbf59e5 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -656,6 +656,7 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t vendo= r1, #define TCG_14_0_ECX_FEATURES 0 #define TCG_SGX_12_0_EAX_FEATURES 0 #define TCG_SGX_12_0_EBX_FEATURES 0 +#define TCG_SGX_12_1_EAX_FEATURES 0 =20 FeatureWordInfo feature_word_info[FEATURE_WORDS] =3D { [FEAT_1_EDX] =3D { @@ -1223,6 +1224,26 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] =3D= { }, .tcg_features =3D TCG_SGX_12_0_EBX_FEATURES, }, + + [FEAT_SGX_12_1_EAX] =3D { + .type =3D CPUID_FEATURE_WORD, + .feat_names =3D { + NULL, "sgx-debug", "sgx-mode64", NULL, + "sgx-provisionkey", "sgx-tokenkey", NULL, "sgx-kss", + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + }, + .cpuid =3D { + .eax =3D 0x12, + .needs_ecx =3D true, .ecx =3D 1, + .reg =3D R_EAX, + }, + .tcg_features =3D TCG_SGX_12_1_EAX_FEATURES, + }, }; =20 typedef struct FeatureMask { diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 0cdbcb9e4c..7023a0bc49 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -580,6 +580,7 @@ typedef enum FeatureWord { FEAT_14_0_ECX, FEAT_SGX_12_0_EAX, /* CPUID[EAX=3D0x12,ECX=3D0].EAX (SGX) */ FEAT_SGX_12_0_EBX, /* CPUID[EAX=3D0x12,ECX=3D0].EBX (SGX MISCSELECT[3= 1:0]) */ + FEAT_SGX_12_1_EAX, /* CPUID[EAX=3D0x12,ECX=3D1].EAX (SGX ATTRIBUTES[3= 1:0]) */ FEATURE_WORDS, } FeatureWord; =20 --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632482992878904.1344533332112; Fri, 24 Sep 2021 04:29:52 -0700 (PDT) Received: from localhost ([::1]:40490 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjOp-0007fB-So for importer@patchew.org; Fri, 24 Sep 2021 07:29:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34478) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKV-0007gQ-4m for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:23 -0400 Received: from mail-ed1-x530.google.com ([2a00:1450:4864:20::530]:35660) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKT-0000Vm-Ep for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:22 -0400 Received: by mail-ed1-x530.google.com with SMTP id y89so24042524ede.2 for ; Fri, 24 Sep 2021 04:25:21 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=LafLFjpunQ9RCQo2x7BEfuqWpTDhcqqafkNFVW30DXk=; b=fOl2nEd5fnupTJOhVNd0X7jF31uVmlf4eYXNu2NDxPS9IPSjU6GX6CNNUgVqwAdHaf WZJnJF7pMUNQ19tQAZRBY5OGBd5B5tLayvaUksgDhBmTue+dyiZdLiXt+8v4c2HIyxL2 axL3mn8O4b0BZvgUUFvU/hoxEK9ggZ0KfuGVffWUfemyusWbUlRIvLGaBDYz1sPGr9om EjVkQQh6yIL26zSCEQk0hSwq0X3PdPLymd1jONGexMJdTPSRT2YlompJNeaHDPaZSM5f TLtujPMMqBUUrEyp4+Fr0cYR3bmppOWMfZJCA0BFMZHbh+inhpXLM2tRSKc/Rd3tk8wY LHcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=LafLFjpunQ9RCQo2x7BEfuqWpTDhcqqafkNFVW30DXk=; b=qrIwS2JH8J3vKRKreYDzt3UeKJEekZf6U0A4WU2+X5hPexZrRJxvykndDmnWF0MxWC gdIBU+zqRy4XcoCtxt/bCLuvkLoCZx3jCOGPZHQz3ZwMnaGbhZ+N2WxmSDLokVdHoz4x KvMWSiTwXauuSsQ+zy3WQHTH3BNWSRrfzvp0DwpPKYaSU8ABQrdqmDckiUH+PQY1e2LT ivB1e/jHFkjGDtiMe/H4nBULu7g8VhQgVL/WWmH24b/o5BrFjY2pTQmO6PCd+i4a6D64 2gk7fU1BAB5PeTiMb2e+y2nzm8foG41GD4TYv8CaqdGnROCJPIB8vUnPzSWQpEoqcbCz 4weA== X-Gm-Message-State: AOAM533Y0YxWM26LVaG5PHc314xBPVo4O//uIVs13wIaoStdLDdRU7pT 74O5Cuc+nQp93JBWAQLO5PC/Pj9Rhs8= X-Google-Smtp-Source: ABdhPJzX4lPbmrqBlXrvtQnOwR4g2H92qEcmyp0gebN+bPQWMYDFoaZGILnSE7qFOzKtGa3/oRLVFw== X-Received: by 2002:a50:d8c2:: with SMTP id y2mr49733edj.360.1632482719920; Fri, 24 Sep 2021 04:25:19 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 11/26] i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs Date: Fri, 24 Sep 2021 13:24:54 +0200 Message-Id: <20210924112509.25061-12-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::530; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x530.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, Kai Huang , eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632482994546100002 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson On real hardware, on systems that supports SGX Launch Control, those MSRs are initialized to digest of Intel's signing key; on systems that don't support SGX Launch Control, those MSRs are not available but hardware always uses digest of Intel's signing key in EINIT. KVM advertises SGX LC via CPUID if and only if the MSRs are writable. Unconditionally initialize those MSRs to digest of Intel's signing key when CPU is realized and reset to reflect the fact. This avoids potential bug in case kvm_arch_put_registers() is called before kvm_arch_get_registers() is called, in which case guest's virtual SGX_LEPUBKEYHASH MSRs will be set to 0, although KVM initializes those to digest of Intel's signing key by default, since KVM allows those MSRs to be updated by Qemu to support live migration. Save/restore the SGX Launch Enclave Public Key Hash MSRs if SGX Launch Control (LC) is exposed to the guest. Likewise, migrate the MSRs if they are writable by the guest. Signed-off-by: Sean Christopherson Signed-off-by: Kai Huang Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-11-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- target/i386/cpu.c | 16 +++++++++++++++- target/i386/cpu.h | 1 + target/i386/kvm/kvm.c | 22 ++++++++++++++++++++++ target/i386/machine.c | 20 ++++++++++++++++++++ 4 files changed, 58 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index e9ecbf59e5..af6cd73eed 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -5700,6 +5700,17 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,= uint32_t count, } } =20 +static void x86_cpu_set_sgxlepubkeyhash(CPUX86State *env) +{ +#ifndef CONFIG_USER_ONLY + /* Those default values are defined in Skylake HW */ + env->msr_ia32_sgxlepubkeyhash[0] =3D 0xa6053e051270b7acULL; + env->msr_ia32_sgxlepubkeyhash[1] =3D 0x6cfbe8ba8b3b413dULL; + env->msr_ia32_sgxlepubkeyhash[2] =3D 0xc4916d99f2b3735dULL; + env->msr_ia32_sgxlepubkeyhash[3] =3D 0xd4f8c05909f9bb3bULL; +#endif +} + static void x86_cpu_reset(DeviceState *dev) { CPUState *s =3D CPU(dev); @@ -5832,6 +5843,8 @@ static void x86_cpu_reset(DeviceState *dev) if (kvm_enabled()) { kvm_arch_reset_vcpu(cpu); } + + x86_cpu_set_sgxlepubkeyhash(env); #endif } =20 @@ -6214,6 +6227,8 @@ static void x86_cpu_realizefn(DeviceState *dev, Error= **errp) & CPUID_EXT2_AMD_ALIASES); } =20 + x86_cpu_set_sgxlepubkeyhash(env); + /* * note: the call to the framework needs to happen after feature expan= sion, * but before the checks/modifications to ucode_rev, mwait, phys_bits. @@ -6901,7 +6916,6 @@ static const TypeInfo x86_cpu_type_info =3D { .class_init =3D x86_cpu_common_class_init, }; =20 - /* "base" CPU model, used by query-cpu-model-expansion */ static void x86_cpu_base_class_init(ObjectClass *oc, void *data) { diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 7023a0bc49..ff1eae86cf 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -1516,6 +1516,7 @@ typedef struct CPUX86State { uint64_t mcg_status; uint64_t msr_ia32_misc_enable; uint64_t msr_ia32_feature_control; + uint64_t msr_ia32_sgxlepubkeyhash[4]; =20 uint64_t msr_fixed_ctr_ctrl; uint64_t msr_global_ctrl; diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 500d2e0e68..11551648f9 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -3107,6 +3107,17 @@ static int kvm_put_msrs(X86CPU *cpu, int level) } } =20 + if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC) { + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH0, + env->msr_ia32_sgxlepubkeyhash[0]); + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH1, + env->msr_ia32_sgxlepubkeyhash[1]); + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH2, + env->msr_ia32_sgxlepubkeyhash[2]); + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH3, + env->msr_ia32_sgxlepubkeyhash[3]); + } + /* Note: MSR_IA32_FEATURE_CONTROL is written separately, see * kvm_put_msr_feature_control. */ } @@ -3446,6 +3457,13 @@ static int kvm_get_msrs(X86CPU *cpu) } } =20 + if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC) { + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH0, 0); + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH1, 0); + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH2, 0); + kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH3, 0); + } + ret =3D kvm_vcpu_ioctl(CPU(cpu), KVM_GET_MSRS, cpu->kvm_msr_buf); if (ret < 0) { return ret; @@ -3735,6 +3753,10 @@ static int kvm_get_msrs(X86CPU *cpu) case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B: env->msr_rtit_addrs[index - MSR_IA32_RTIT_ADDR0_A] =3D msrs[i]= .data; break; + case MSR_IA32_SGXLEPUBKEYHASH0 ... MSR_IA32_SGXLEPUBKEYHASH3: + env->msr_ia32_sgxlepubkeyhash[index - MSR_IA32_SGXLEPUBKEYHASH= 0] =3D + msrs[i].data; + break; } } =20 diff --git a/target/i386/machine.c b/target/i386/machine.c index b0943118d1..4367931623 100644 --- a/target/i386/machine.c +++ b/target/i386/machine.c @@ -1415,6 +1415,25 @@ static const VMStateDescription vmstate_msr_tsx_ctrl= =3D { } }; =20 +static bool intel_sgx_msrs_needed(void *opaque) +{ + X86CPU *cpu =3D opaque; + CPUX86State *env =3D &cpu->env; + + return !!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC); +} + +static const VMStateDescription vmstate_msr_intel_sgx =3D { + .name =3D "cpu/intel_sgx", + .version_id =3D 1, + .minimum_version_id =3D 1, + .needed =3D intel_sgx_msrs_needed, + .fields =3D (VMStateField[]) { + VMSTATE_UINT64_ARRAY(env.msr_ia32_sgxlepubkeyhash, X86CPU, 4), + VMSTATE_END_OF_LIST() + } +}; + const VMStateDescription vmstate_x86_cpu =3D { .name =3D "cpu", .version_id =3D 12, @@ -1551,6 +1570,7 @@ const VMStateDescription vmstate_x86_cpu =3D { &vmstate_nested_state, #endif &vmstate_msr_tsx_ctrl, + &vmstate_msr_intel_sgx, NULL } }; --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632483202418760.3591793703732; Fri, 24 Sep 2021 04:33:22 -0700 (PDT) Received: from localhost ([::1]:49020 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjSD-000526-0Q for importer@patchew.org; Fri, 24 Sep 2021 07:33:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34480) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKV-0007hX-CE for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:23 -0400 Received: from mail-ed1-x534.google.com ([2a00:1450:4864:20::534]:41680) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKT-0000WV-VF for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:23 -0400 Received: by mail-ed1-x534.google.com with SMTP id s17so16167316edd.8 for ; Fri, 24 Sep 2021 04:25:21 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=5r01uT4tR8NNg495M2MrgoZZ94BYOI+Ryf0JV3pSQkM=; b=gaEcJHkSE2m1gcSomY7OkhSpkSsSQe75sXhuxYrnrDfhR8xF6J+8HvWXAXvP7ZlaQ5 cV7Ix72WN8u8O+xvdHOR0YfLH2P2luuynu7o9QfgtEFvd2Y0mblsM0WTJ+F/fs9zEgmE 7tBDna8qA8W0lmWFtKs3geve777txmvPjkX6UDfqGx+wsrKHLd+9N2nMC+9M1M+om6VQ Ir5slS18kOTFuq93VxVOkOJI5TBrSfeJ3Ud9qUDnNde0X1shKqO7pV/QzCYT7Vt0ysFN U5l6l+jqKpoMUPgAEhU27RR0SCpMQPvPgReL9Jh4BemQZZ9Sux03u09pG9Sm4RsQ+itu zcWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=5r01uT4tR8NNg495M2MrgoZZ94BYOI+Ryf0JV3pSQkM=; b=XTJDBAtOLOygFydxKqjkBJ8vWhgkn0xjB8qy9jCwNw2fecIH7nK+qJw5D3LbWQDuYW VP4nUfM87qKulF87ykCVU6Oop8gRimRr0uiRT0s2lXe4NHLebhN0qR9YC9lyubA2afYi kvM20EvRXbzioPnesQLWtwIEUboBjsi8EGV/qkO5Vx7HUhap+aRfLn0uHuPKh5LCys6Q eaj/zAnzPJOqSJQul4oEEds8NPnfPDV7t8EKHXFr9bUeSvYwR+hE8rGHZTae7YiK/uJl v/11Uv674dWPLNF6uDbVWU0PIttE2VTjDFftvVqwn6/cb5fdcJBsuKA3tRYlwQRVpAyU b9IQ== X-Gm-Message-State: AOAM530rbDWsvRAvwDmx03tVbu52eFDQKMclsxvrmKNTuqHWZgqMqAaN /Z8CIShHTWlY51hN1EEBuBBWt/aUZWE= X-Google-Smtp-Source: ABdhPJxpDcZhIBzvIcQt14BRLSLwA8wB1KKGZN58H6CP/hguUm6HJYp2KISrhf0oe5TBiueVGPdKKw== X-Received: by 2002:a17:906:e094:: with SMTP id gh20mr11064401ejb.252.1632482720618; Fri, 24 Sep 2021 04:25:20 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 12/26] i386: Add feature control MSR dependency when SGX is enabled Date: Fri, 24 Sep 2021 13:24:55 +0200 Message-Id: <20210924112509.25061-13-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::534; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x534.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483204217100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson SGX adds multiple flags to FEATURE_CONTROL to enable SGX and Flexible Launch Control. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-12-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- target/i386/kvm/kvm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 11551648f9..6dc40161e0 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -1877,6 +1877,11 @@ int kvm_arch_init_vcpu(CPUState *cs) !!(c->ecx & CPUID_EXT_SMX); } =20 + c =3D cpuid_find_entry(&cpuid_data.cpuid, 7, 0); + if (c && (c->ebx & CPUID_7_0_EBX_SGX)) { + has_msr_feature_control =3D true; + } + if (env->mcg_cap & MCG_LMCE_P) { has_msr_mcg_ext_ctl =3D has_msr_feature_control =3D true; } --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632483706814772.7649929942884; Fri, 24 Sep 2021 04:41:46 -0700 (PDT) Received: from localhost ([::1]:37102 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjaL-00083j-JX for importer@patchew.org; Fri, 24 Sep 2021 07:41:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34508) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKW-0007kO-O8 for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:24 -0400 Received: from mail-ed1-x534.google.com ([2a00:1450:4864:20::534]:44564) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKU-0000XN-OV for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:24 -0400 Received: by mail-ed1-x534.google.com with SMTP id v22so34024830edd.11 for ; Fri, 24 Sep 2021 04:25:22 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Ckm63rG6PrQKNaZYx9GzsYEPnaX0K6c7bQ2QgLspzxc=; b=go+e4gP9kX9uUKuY/lOVKa3LGwxdMU56eCYr8uW2hlD2l83BouTpmCwAKmiIsOaeOS CDKXGEioKX3OK3G22ZksE+b5cen2pJoW7ONtN2AAaI7rgjQYio1/x7/KqmVlq3ibAk5G JfiyGCXdtsBa9qbaLSe18sr57xWj622VmRZzyRgUtZxUJIm3Kk+L/xTvDpABQSv1MC4q zlS/jRSPlry7AXLbcqeXgw32JuUbvsGyYm62Lt4baJdVwciDcLkTyqrGpzUd2EXG/dkQ Vb7btY12UKgzFGvIdQZIJjop9iw0pziFWEJJfIL32WSZIW5nQcCHX5XwZWr7PoSRGDn3 0geA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=Ckm63rG6PrQKNaZYx9GzsYEPnaX0K6c7bQ2QgLspzxc=; b=CyIlOUIuTB8DqmBnN/U3WA1ceuGNmv4yRzay59MegeVzdr3rlU8WPfu/0F6Xkbvmq/ mN4T0I0p/o9Tzv7glgkZ49K8xGOaF3ZnkRncTMiixRKtfoTgO7nQ2H8r0Cfc6rvrx+ti YctJ+dLVUp3qLJv0aBB3w13LDTdcKMLkb9gAFaEGKcWqXmrEb9Z2XAuzVHY/8GU09Kqg /8ShlUxMMNZMg4cvVrlqFNQ1+ovGMEGDBAlADiPVAE3yRmgWpYyCvOeuBKpSUTtJEaLH UO0LB6K1w7kFOrH0IFUPSVzjlNG4mHAJZuNECiCp3yKKtxxYIcsG3oOKvMLFncr6kBge MTPg== X-Gm-Message-State: AOAM531wwWK7uudk5iHzDD+L0UqTwodYM4X0fYMJWfBP+4p7v6eNj6+/ b4lsDVvkY8lP9XnlrIbQZOHfNyqlVaE= X-Google-Smtp-Source: ABdhPJxiR2SNzmBBquNMBDYMijvAWHvbqT+s5Iv91ArdAtVPlmfvPqs4ntfSzZCMSiscoK6oSJRLFQ== X-Received: by 2002:a17:906:5855:: with SMTP id h21mr10339908ejs.230.1632482721372; Fri, 24 Sep 2021 04:25:21 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 13/26] i386: Update SGX CPUID info according to hardware/KVM/user input Date: Fri, 24 Sep 2021 13:24:56 +0200 Message-Id: <20210924112509.25061-14-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::534; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x534.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483707463100002 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Expose SGX to the guest if and only if KVM is enabled and supports virtualization of SGX. While the majority of ENCLS can be emulated to some degree, because SGX uses a hardware-based root of trust, the attestation aspects of SGX cannot be emulated in software, i.e. ultimately emulation will fail as software cannot generate a valid quote/report. The complexity of partially emulating SGX in Qemu far outweighs the value added, e.g. an SGX specific simulator for userspace applications can emulate SGX for development and testing purposes. Note, access to the PROVISIONKEY is not yet advertised to the guest as KVM blocks access to the PROVISIONKEY by default and requires userspace to provide additional credentials (via ioctl()) to expose PROVISIONKEY. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-13-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- hw/i386/meson.build | 3 +- hw/i386/sgx-stub.c | 13 +++++++ hw/i386/sgx.c | 73 +++++++++++++++++++++++++++++++++++++ include/hw/i386/pc.h | 3 ++ include/hw/i386/sgx-epc.h | 2 + target/i386/cpu.c | 77 +++++++++++++++++++++++++++++++++++++++ 6 files changed, 170 insertions(+), 1 deletion(-) create mode 100644 hw/i386/sgx-stub.c create mode 100644 hw/i386/sgx.c diff --git a/hw/i386/meson.build b/hw/i386/meson.build index b1862c83d4..c502965219 100644 --- a/hw/i386/meson.build +++ b/hw/i386/meson.build @@ -16,7 +16,8 @@ i386_ss.add(when: 'CONFIG_Q35', if_true: files('pc_q35.c'= )) i386_ss.add(when: 'CONFIG_VMMOUSE', if_true: files('vmmouse.c')) i386_ss.add(when: 'CONFIG_VMPORT', if_true: files('vmport.c')) i386_ss.add(when: 'CONFIG_VTD', if_true: files('intel_iommu.c')) -i386_ss.add(when: 'CONFIG_SGX', if_true: files('sgx-epc.c')) +i386_ss.add(when: 'CONFIG_SGX', if_true: files('sgx-epc.c','sgx.c'), + if_false: files('sgx-stub.c')) =20 i386_ss.add(when: 'CONFIG_ACPI', if_true: files('acpi-common.c')) i386_ss.add(when: 'CONFIG_ACPI_HW_REDUCED', if_true: files('generic_event_= device_x86.c')) diff --git a/hw/i386/sgx-stub.c b/hw/i386/sgx-stub.c new file mode 100644 index 0000000000..483c72bba6 --- /dev/null +++ b/hw/i386/sgx-stub.c @@ -0,0 +1,13 @@ +#include "qemu/osdep.h" +#include "hw/i386/pc.h" +#include "hw/i386/sgx-epc.h" + +void pc_machine_init_sgx_epc(PCMachineState *pcms) +{ + memset(&pcms->sgx_epc, 0, sizeof(SGXEPCState)); +} + +int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size) +{ + g_assert_not_reached(); +} diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c new file mode 100644 index 0000000000..8a18cddc3f --- /dev/null +++ b/hw/i386/sgx.c @@ -0,0 +1,73 @@ +/* + * SGX common code + * + * Copyright (C) 2021 Intel Corporation + * + * Authors: + * Yang Zhong + * Sean Christopherson + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ +#include "qemu/osdep.h" +#include "hw/i386/pc.h" +#include "hw/i386/sgx-epc.h" +#include "hw/mem/memory-device.h" +#include "monitor/qdev.h" +#include "qapi/error.h" +#include "exec/address-spaces.h" + +int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size) +{ + PCMachineState *pcms =3D PC_MACHINE(qdev_get_machine()); + SGXEPCDevice *epc; + + if (pcms->sgx_epc.size =3D=3D 0 || pcms->sgx_epc.nr_sections <=3D sect= ion_nr) { + return 1; + } + + epc =3D pcms->sgx_epc.sections[section_nr]; + + *addr =3D epc->addr; + *size =3D memory_device_get_region_size(MEMORY_DEVICE(epc), &error_fat= al); + + return 0; +} + +void pc_machine_init_sgx_epc(PCMachineState *pcms) +{ + SGXEPCState *sgx_epc =3D &pcms->sgx_epc; + X86MachineState *x86ms =3D X86_MACHINE(pcms); + SgxEPCList *list =3D NULL; + Object *obj; + + memset(sgx_epc, 0, sizeof(SGXEPCState)); + if (!x86ms->sgx_epc_list) { + return; + } + + sgx_epc->base =3D 0x100000000ULL + x86ms->above_4g_mem_size; + + memory_region_init(&sgx_epc->mr, OBJECT(pcms), "sgx-epc", UINT64_MAX); + memory_region_add_subregion(get_system_memory(), sgx_epc->base, + &sgx_epc->mr); + + for (list =3D x86ms->sgx_epc_list; list; list =3D list->next) { + obj =3D object_new("sgx-epc"); + + /* set the memdev link with memory backend */ + object_property_parse(obj, SGX_EPC_MEMDEV_PROP, list->value->memde= v, + &error_fatal); + object_property_set_bool(obj, "realized", true, &error_fatal); + object_unref(obj); + } + + if ((sgx_epc->base + sgx_epc->size) < sgx_epc->base) { + error_report("Size of all 'sgx-epc' =3D0x%"PRIu64" causes EPC to w= rap", + sgx_epc->size); + exit(EXIT_FAILURE); + } + + memory_region_set_size(&sgx_epc->mr, sgx_epc->size); +} diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index 668e48be8a..5748d7c55f 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -195,6 +195,9 @@ void pc_system_parse_ovmf_flash(uint8_t *flash_ptr, siz= e_t flash_size); void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid, const CPUArchIdList *apic_ids, GArray *entry); =20 +/* sgx.c */ +void pc_machine_init_sgx_epc(PCMachineState *pcms); + extern GlobalProperty pc_compat_6_1[]; extern const size_t pc_compat_6_1_len; =20 diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h index 83269972e0..75b19f464c 100644 --- a/include/hw/i386/sgx-epc.h +++ b/include/hw/i386/sgx-epc.h @@ -55,4 +55,6 @@ typedef struct SGXEPCState { int nr_sections; } SGXEPCState; =20 +int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size); + #endif diff --git a/target/i386/cpu.c b/target/i386/cpu.c index af6cd73eed..8a62986819 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -36,6 +36,7 @@ #ifndef CONFIG_USER_ONLY #include "exec/address-spaces.h" #include "hw/boards.h" +#include "hw/i386/sgx-epc.h" #endif =20 #include "disas/capstone.h" @@ -5334,6 +5335,25 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,= uint32_t count, *ecx |=3D CPUID_7_0_ECX_OSPKE; } *edx =3D env->features[FEAT_7_0_EDX]; /* Feature flags */ + + /* + * SGX cannot be emulated in software. If hardware does not + * support enabling SGX and/or SGX flexible launch control, + * then we need to update the VM's CPUID values accordingly. + */ + if ((*ebx & CPUID_7_0_EBX_SGX) && + (!kvm_enabled() || + !(kvm_arch_get_supported_cpuid(cs->kvm_state, 0x7, 0, R_E= BX) & + CPUID_7_0_EBX_SGX))) { + *ebx &=3D ~CPUID_7_0_EBX_SGX; + } + + if ((*ecx & CPUID_7_0_ECX_SGX_LC) && + (!(*ebx & CPUID_7_0_EBX_SGX) || !kvm_enabled() || + !(kvm_arch_get_supported_cpuid(cs->kvm_state, 0x7, 0, R_E= CX) & + CPUID_7_0_ECX_SGX_LC))) { + *ecx &=3D ~CPUID_7_0_ECX_SGX_LC; + } } else if (count =3D=3D 1) { *eax =3D env->features[FEAT_7_1_EAX]; *ebx =3D 0; @@ -5469,6 +5489,63 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,= uint32_t count, } break; } + case 0x12: +#ifndef CONFIG_USER_ONLY + if (!kvm_enabled() || + !(env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SGX)) { + *eax =3D *ebx =3D *ecx =3D *edx =3D 0; + break; + } + + /* + * SGX sub-leafs CPUID.0x12.{0x2..N} enumerate EPC sections. Retr= ieve + * the EPC properties, e.g. confidentiality and integrity, from the + * host's first EPC section, i.e. assume there is one EPC section = or + * that all EPC sections have the same security properties. + */ + if (count > 1) { + uint64_t epc_addr, epc_size; + + if (sgx_epc_get_section(count - 2, &epc_addr, &epc_size)) { + *eax =3D *ebx =3D *ecx =3D *edx =3D 0; + break; + } + host_cpuid(index, 2, eax, ebx, ecx, edx); + *eax =3D (uint32_t)(epc_addr & 0xfffff000) | 0x1; + *ebx =3D (uint32_t)(epc_addr >> 32); + *ecx =3D (uint32_t)(epc_size & 0xfffff000) | (*ecx & 0xf); + *edx =3D (uint32_t)(epc_size >> 32); + break; + } + + /* + * SGX sub-leafs CPUID.0x12.{0x0,0x1} are heavily dependent on har= dware + * and KVM, i.e. QEMU cannot emulate features to override what KVM + * supports. Features can be further restricted by userspace, but= not + * made more permissive. + */ + *eax =3D kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, = R_EAX); + *ebx =3D kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, = R_EBX); + *ecx =3D kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, = R_ECX); + *edx =3D kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, = R_EDX); + + if (count =3D=3D 0) { + *eax &=3D env->features[FEAT_SGX_12_0_EAX]; + *ebx &=3D env->features[FEAT_SGX_12_0_EBX]; + } else { + *eax &=3D env->features[FEAT_SGX_12_1_EAX]; + *ebx &=3D 0; /* ebx reserve */ + *ecx &=3D env->features[FEAT_XSAVE_COMP_LO]; + *edx &=3D env->features[FEAT_XSAVE_COMP_HI]; + + /* FP and SSE are always allowed regardless of XSAVE/XCR0. */ + *ecx |=3D XSTATE_FP_MASK | XSTATE_SSE_MASK; + + /* Access to PROVISIONKEY requires additional credentials. */ + *eax &=3D ~(1U << 4); + } +#endif + break; case 0x14: { /* Intel Processor Trace Enumeration */ *eax =3D 0; --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632483415524397.6162224934941; Fri, 24 Sep 2021 04:36:55 -0700 (PDT) Received: from localhost ([::1]:57562 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjVe-0002S7-IJ for importer@patchew.org; Fri, 24 Sep 2021 07:36:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34526) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKX-0007n6-Il for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:25 -0400 Received: from mail-ed1-x52e.google.com ([2a00:1450:4864:20::52e]:35659) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKW-0000Yv-0u for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:25 -0400 Received: by mail-ed1-x52e.google.com with SMTP id y89so24042926ede.2 for ; Fri, 24 Sep 2021 04:25:23 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=n7EpH1eUHbgsU4y2oVIOfkcySimCn2YNElmxUA1pPr0=; b=HIPou2TPAizLPQIC1FucWZuIA44mTi+PfXny1rIa7UDqLPulu1PyCjCFlPHmZaUW2w O3m8XtRFDp82oC5MYWxi7WK/ZG3zZ1cYaXm1duFptZVeInV7l+RiQ6Umq5yBPxB6ZD/y TvMO88jSAfc7WUSUzn6f+gPBTqhbYULfBYxdBmcX7OsnKZYZdoV6A7zqAeLpXCTitbno DBZnYbMemiW0G2cYBkWqBRbyHfq6Yf4S/Wxz0rB/naCTCoecLe3GG1thvrVJkvL0aQFj SKxkbysjiCSx7WrcXYIFyFPcjvh4Nw6F+4c2fpwo5fQz85oZ1CLqtC2capZFxtg+vX+3 Djsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=n7EpH1eUHbgsU4y2oVIOfkcySimCn2YNElmxUA1pPr0=; b=zjAXs2ktrOiM9aozIlx8A9r/bZFEs0utd9z7Pz10TVgMsZ9lRJyP0QwyP3FBTuBn6U q49E/fUQ96hH2yXVTv4g3Zpbecg8ngUlqI/wW4PkxAGm8gI+HSBsyNoSR/sOhMHFhZL0 4lm4XZC0bHOYcJPT3EIRz/8uxXB7Pv3Tg9UQXilEM5iWVIoF3Omuyy8bRxILtfgA8ZRX AamtXBScIIm78Eu7cFmmbF9yC63+JwIbK67jdgwvDBU8EZaGbWi2OpqI6rMZbM0TEqoK /DZibBkaCcCf/Rxs93Y43frJ/GHUpKgeQiheukGj5GEJ4lEQFwWrWyMgmRBGuG78n03a MF1g== X-Gm-Message-State: AOAM532K8xhJo5naiGklERtp4KQc0e1BnKazFaqRCrIqM8mIjqnrGES7 tcJN4advtqeYblwx9ZrjzlmT9SvTvEI= X-Google-Smtp-Source: ABdhPJyhnRrDv+i3sc9Ky4o24GRnKq0YaX3nVAbnAtxpnqrgM47d6g0HMtuQRQsylIazMxFxzp+Dhw== X-Received: by 2002:a50:ab18:: with SMTP id s24mr4481191edc.88.1632482722222; Fri, 24 Sep 2021 04:25:22 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 14/26] i386: kvm: Add support for exposing PROVISIONKEY to guest Date: Fri, 24 Sep 2021 13:24:57 +0200 Message-Id: <20210924112509.25061-15-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52e; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52e.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483416315100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson If the guest want to fully use SGX, the guest needs to be able to access provisioning key. Add a new KVM_CAP_SGX_ATTRIBUTE to KVM to support provisioning key to KVM guests. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-14-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- target/i386/cpu.c | 5 ++++- target/i386/kvm/kvm.c | 29 +++++++++++++++++++++++++++++ target/i386/kvm/kvm_i386.h | 2 ++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 8a62986819..de58599a3d 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -5542,7 +5542,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,= uint32_t count, *ecx |=3D XSTATE_FP_MASK | XSTATE_SSE_MASK; =20 /* Access to PROVISIONKEY requires additional credentials. */ - *eax &=3D ~(1U << 4); + if ((*eax & (1U << 4)) && + !kvm_enable_sgx_provisioning(cs->kvm_state)) { + *eax &=3D ~(1U << 4); + } } #endif break; diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 6dc40161e0..488926a95f 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -4644,6 +4644,35 @@ void kvm_arch_update_guest_debug(CPUState *cpu, stru= ct kvm_guest_debug *dbg) } } =20 +static bool has_sgx_provisioning; + +static bool __kvm_enable_sgx_provisioning(KVMState *s) +{ + int fd, ret; + + if (!kvm_vm_check_extension(s, KVM_CAP_SGX_ATTRIBUTE)) { + return false; + } + + fd =3D qemu_open_old("/dev/sgx_provision", O_RDONLY); + if (fd < 0) { + return false; + } + + ret =3D kvm_vm_enable_cap(s, KVM_CAP_SGX_ATTRIBUTE, 0, fd); + if (ret) { + error_report("Could not enable SGX PROVISIONKEY: %s", strerror(-re= t)); + exit(1); + } + close(fd); + return true; +} + +bool kvm_enable_sgx_provisioning(KVMState *s) +{ + return MEMORIZE(__kvm_enable_sgx_provisioning(s), has_sgx_provisioning= ); +} + static bool host_supports_vmx(void) { uint32_t ecx, unused; diff --git a/target/i386/kvm/kvm_i386.h b/target/i386/kvm/kvm_i386.h index 54667b35f0..a978509d50 100644 --- a/target/i386/kvm/kvm_i386.h +++ b/target/i386/kvm/kvm_i386.h @@ -51,4 +51,6 @@ bool kvm_hyperv_expand_features(X86CPU *cpu, Error **errp= ); =20 uint64_t kvm_swizzle_msi_ext_dest_id(uint64_t address); =20 +bool kvm_enable_sgx_provisioning(KVMState *s); + #endif --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632483418219223.68272996319126; Fri, 24 Sep 2021 04:36:58 -0700 (PDT) Received: from localhost ([::1]:57794 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjVh-0002cC-3i for importer@patchew.org; Fri, 24 Sep 2021 07:36:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34536) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKX-0007oE-U7 for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:26 -0400 Received: from mail-ed1-x536.google.com ([2a00:1450:4864:20::536]:37724) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKW-0000ZN-D9 for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:25 -0400 Received: by mail-ed1-x536.google.com with SMTP id bx4so34921891edb.4 for ; Fri, 24 Sep 2021 04:25:23 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KOb4IPvQ1urvg2WoCHadP1b4B/KHW5IQqVRTE+ZK8/Y=; b=nasP26MaEUDksBCgNV5plDYh6tYbW4VY2y5jki9QCM0ezweanwwliCC5+H7As78c7m LL1E8jIRqJVkIfiQDmLqD8+kFi2g9O22MbE5mXahePeKTLJbQNapjqT6AuFT88ufg95o ezOCyOXv9BnG5vZTvpZWJFfSWpj1aDYIMxyGFMxy8N/R2Lw2mNI9AclJBdt8ZCp91npQ xsUiEbdmqEKr1dz9U/d9WidWransv/tjIABXFRg2P5GZRA74ttGx/tARfoxngqt4ErU1 gEbEjDCjyyn7LYw0P1MVJhn0L0QMeO5XfYRz4TTkmsHsj5VQK4tjzS4370h34iz7MQqJ aejA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=KOb4IPvQ1urvg2WoCHadP1b4B/KHW5IQqVRTE+ZK8/Y=; b=UrtFRQeXIDBxcrUCChO8krfOndyumhG0Z+2+K+xdBEDhlwxt5nhIkmzf86YykqyyVh lnbY15XQtv/YR5FdU5ZjDqrLIEjL/ui2EqyXMAL71DPh3ZOylUXQreaOXcML66kf+NWq x7XbvzECZqN2X9IufUjVNchOtlXa6lYHxKOq+XiZkecjM6nHzZgOeX/YiMRis03ivcgP 5R+bZRNGNevKeEStCZxYhpB7ov2GzQNLj2j+KQLuAbrZ5Bjs6rfT4lHlatFYWB+mlF1P qJgnBVmZdFdWUnju7EtsOu0v7i+9IY47gaEQ1PRuwxLzmh7F8UlQQT7mwJvZ5YEfRuyE lsGw== X-Gm-Message-State: AOAM533u45no8/JJnKCFZ7Ekt9d5LAWni8bVrH8b8vEtQIjW/nufh07W n7eAh3S3N2T07X+kKPv7gMYQGExHIcM= X-Google-Smtp-Source: ABdhPJw9jL0QUdLhffBbbk39W/8v/Ny5iA7x8aj5AA8mNq8vxOEOWA+mev14lor+t9Zn3R21S2GhOA== X-Received: by 2002:a17:906:681:: with SMTP id u1mr10469049ejb.499.1632482723037; Fri, 24 Sep 2021 04:25:23 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 15/26] i386: Propagate SGX CPUID sub-leafs to KVM Date: Fri, 24 Sep 2021 13:24:58 +0200 Message-Id: <20210924112509.25061-16-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::536; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x536.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483418580100002 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson The SGX sub-leafs are enumerated at CPUID 0x12. Indices 0 and 1 are always present when SGX is supported, and enumerate SGX features and capabilities. Indices >=3D2 are directly correlated with the platform's EPC sections. Because the number of EPC sections is dynamic and user defined, the number of SGX sub-leafs is "NULL" terminated. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-15-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- target/i386/kvm/kvm.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 488926a95f..f6bbf33bc1 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -1703,6 +1703,25 @@ int kvm_arch_init_vcpu(CPUState *cs) } break; case 0x7: + case 0x12: + for (j =3D 0; ; j++) { + c->function =3D i; + c->flags =3D KVM_CPUID_FLAG_SIGNIFCANT_INDEX; + c->index =3D j; + cpu_x86_cpuid(env, i, j, &c->eax, &c->ebx, &c->ecx, &c->ed= x); + + if (j > 1 && (c->eax & 0xf) !=3D 1) { + break; + } + + if (cpuid_i =3D=3D KVM_MAX_CPUID_ENTRIES) { + fprintf(stderr, "cpuid_data is full, no space for " + "cpuid(eax:0x12,ecx:0x%x)\n", j); + abort(); + } + c =3D &cpuid_data.entries[cpuid_i++]; + } + break; case 0x14: { uint32_t times; =20 --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632483706468312.33122476279163; Fri, 24 Sep 2021 04:41:46 -0700 (PDT) Received: from localhost ([::1]:37186 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjaL-00088n-Ah for importer@patchew.org; Fri, 24 Sep 2021 07:41:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34542) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKY-0007pc-EK for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:26 -0400 Received: from mail-ed1-x52e.google.com ([2a00:1450:4864:20::52e]:46034) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKX-0000Zt-10 for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:26 -0400 Received: by mail-ed1-x52e.google.com with SMTP id dm26so549358edb.12 for ; Fri, 24 Sep 2021 04:25:24 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=VDdHQ7wAYQQjw1FA0X2CemkmylszfW2NxiKOBkxwC/s=; b=C4kafI1i0zx4Djuprq+67bZM5g6azBQd31PByc/71oVN6durhFKD4cX68uAz47tAGS 83FPzkmcbY41mARhkl1ZXk1DqEAwSdRjtidw6ORow2kj82lzTlxLmt69BQFl0eJP305q mJ+I2KM6J0xwu/Gsfj1+3UNOtKr+c06Qvg3KT52/MtIoltGrpGh6zrOqdi3MdRcgVd01 Ft22xzl+6xdGvHgUBgWrz8rDL1VGfFK8bkB9NAjQXTNMpdTV6jXk8sRj/2L+CHbhoVh8 zvMKFibrgX+ASZCZ1QRpipIN2q1DC+sboHO8NCfM/de8APt+8Hs+ocgn93Du48qR1pPe b7Kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=VDdHQ7wAYQQjw1FA0X2CemkmylszfW2NxiKOBkxwC/s=; b=gtPq75L9JCwU441TR4Ci+2nOGmPKbRlx7Q3o8Cvlew29XjbmkaPJfh36FGE34p6jOE VArERP+q12MKdDCcfldqaERfOHLAgdMRz+tE02BWSK7KkKQmD9YL8MMv1a6Incsr2qJt iNVEW0U7jklIDAXqWUlmpZT9Z2nrzZ9tPNULT3W7aoVSsnoHYB/2rHzguZXF1WIc/c1t /Fmb+qLKmN5G3znhyPslKjAL1s/iNg5rFBBGi3vteqFixAjb7bKulXDeztW8i2rFu0LI g7QKm46a8BStoaseLtFkre9y7y8j7jKJHK/diRG5mK/W3XCvozRVLxWF7F/WqGKl4qCK EEcA== X-Gm-Message-State: AOAM532dRWz12FkvCWeug1jEHPTvnehQW/YbvhvwL1stJmELGGCE5kvG FJvug9oUAIMUo8/tZvEgqNGSR7pJxRI= X-Google-Smtp-Source: ABdhPJx/6E21KgToQbgGw5pKQrg2fpjSitakCgJX+Ay0kPsb0VYkOKIXFlDjYBOAw3ioAUOxkRX5TA== X-Received: by 2002:a17:906:1454:: with SMTP id q20mr10627031ejc.446.1632482723744; Fri, 24 Sep 2021 04:25:23 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 16/26] Adjust min CPUID level to 0x12 when SGX is enabled Date: Fri, 24 Sep 2021 13:24:59 +0200 Message-Id: <20210924112509.25061-17-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52e; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52e.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483707423100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson SGX capabilities are enumerated through CPUID_0x12. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-16-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- target/i386/cpu.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index de58599a3d..cacec605bf 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6154,6 +6154,11 @@ void x86_cpu_expand_features(X86CPU *cpu, Error **er= rp) if (sev_enabled()) { x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F); } + + /* SGX requires CPUID[0x12] for EPC enumeration */ + if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SGX) { + x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x12); + } } =20 /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set = */ --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632483921068962.718266033664; Fri, 24 Sep 2021 04:45:21 -0700 (PDT) Received: from localhost ([::1]:43642 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjdn-0004FS-SB for importer@patchew.org; Fri, 24 Sep 2021 07:45:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34554) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKZ-0007rj-8g for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:27 -0400 Received: from mail-ed1-x52e.google.com ([2a00:1450:4864:20::52e]:34325) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKX-0000a4-Pn for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:27 -0400 Received: by mail-ed1-x52e.google.com with SMTP id eg28so35035791edb.1 for ; Fri, 24 Sep 2021 04:25:25 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6HvVwDW0UEsMND2Epmw+EH1l2m7EcZiok6GeyK4r1PQ=; b=hPuqI9x5K8KX2dm98Tz6xf8Vijr6U0ypheChv2KcHc9s60ZXDAWVIAddTBKkjsgAgb fhNnHMDPbmrXqKjcjuqwKpSJk5yHKR9tPjmxM69QOYBBuWsAZcCrf6BITN1xlgGi9gsj g4l9tGnaQ09t2haxfV+aihet+AowqnABbLZBKna+jW+/pkVRnykjf47rxPi1dcUEO3hN d5qbZzDuo6PQGGrtFa8LcFmDK984vjjWcsiSZ2vaWAUvVpPSH51qPPMQqlAHSBpM6jKv HV8MFMtUvnLGhHXwrqeczRwmw0HKOhuY4K5eBX7J941Vhddc4ryU+SALMwPucI9T8gFm IhSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=6HvVwDW0UEsMND2Epmw+EH1l2m7EcZiok6GeyK4r1PQ=; b=mKA0sAoKsM5El7c39mp/fynwGxdLOvx8iaIYNC59BhPrnYG91JBiMocIvg2Sg5oBXy KzcVAxzgjIAWlVCZEYYRnrfyRnZlRu2mr8i2v7rg2buz74Z6mR+PP6W2Om4p/vM7ylf2 A4zEcdq/XGCYJa8RfD+fjyQJyREdYrGvixZpFkHZesaXvT6HOdCiaXMSf1ZjdmvvpRzr i6Dm4JOCcNgD82X3WMSfzlCXpAJUJJN0CM2TPPBIVLakKWOjW0pWq/Q51sdjNJEj0GaO 8N8nUAQDwOR/b1ikdFbV5y4sf43V59jeLiU7aO4aZp7CaVHECVKlNXdXGx3y7esjWWto KcdA== X-Gm-Message-State: AOAM530o0QCeIzAW4gXeOykaCBq4XRM2ArTgTJwLG9vb8ZmdUj3KMfh/ /S3O35WAVxciHfNYdfTMX1aHaaR+9a4= X-Google-Smtp-Source: ABdhPJy0qdKYNQgP/eOhWx06njUwNJ0/aK3RqAZcJZwaIZKNYed791Uo9MHU9N6e0IXOmej3oXCvkA== X-Received: by 2002:a17:906:e20e:: with SMTP id gf14mr10751560ejb.244.1632482724582; Fri, 24 Sep 2021 04:25:24 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 17/26] hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly Date: Fri, 24 Sep 2021 13:25:00 +0200 Message-Id: <20210924112509.25061-18-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52e; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52e.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483922928100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Request SGX an SGX Launch Control to be enabled in FEATURE_CONTROL when the features are exposed to the guest. Our design is the SGX Launch Control bit will be unconditionally set in FEATURE_CONTROL, which is unlike host bios. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-17-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- hw/i386/fw_cfg.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/hw/i386/fw_cfg.c b/hw/i386/fw_cfg.c index 4e68d5dea4..f6d036dfbe 100644 --- a/hw/i386/fw_cfg.c +++ b/hw/i386/fw_cfg.c @@ -159,7 +159,7 @@ void fw_cfg_build_feature_control(MachineState *ms, FWC= fgState *fw_cfg) { X86CPU *cpu =3D X86_CPU(ms->possible_cpus->cpus[0].cpu); CPUX86State *env =3D &cpu->env; - uint32_t unused, ecx, edx; + uint32_t unused, ebx, ecx, edx; uint64_t feature_control_bits =3D 0; uint64_t *val; =20 @@ -174,6 +174,14 @@ void fw_cfg_build_feature_control(MachineState *ms, FW= CfgState *fw_cfg) feature_control_bits |=3D FEATURE_CONTROL_LMCE; } =20 + cpu_x86_cpuid(env, 0x7, 0, &unused, &ebx, &ecx, &unused); + if (ebx & CPUID_7_0_EBX_SGX) { + feature_control_bits |=3D FEATURE_CONTROL_SGX; + } + if (ecx & CPUID_7_0_ECX_SGX_LC) { + feature_control_bits |=3D FEATURE_CONTROL_SGX_LC; + } + if (!feature_control_bits) { return; } --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632484069338760.0768674027357; Fri, 24 Sep 2021 04:47:49 -0700 (PDT) Received: from localhost ([::1]:46896 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjgC-0006e9-5D for importer@patchew.org; Fri, 24 Sep 2021 07:47:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34574) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKb-0007ua-0T for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:29 -0400 Received: from mail-ed1-x530.google.com ([2a00:1450:4864:20::530]:44561) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKY-0000ac-If for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:28 -0400 Received: by mail-ed1-x530.google.com with SMTP id v22so34025410edd.11 for ; Fri, 24 Sep 2021 04:25:26 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kNzhl1msHGxezSlUcnJIDIIKyeuSLJuoEOzVFefl4Ns=; b=hHX8VVxeVOs0vTExyUPeoG+4nT+KsG5nZIPOmrE8uHYSoQ0pPiPsJXavZBOb7XqWxA W92U5vpEuxhjncVhMrC8r3zDpNgPHAgXnSrvrjjLLBgmxkiUI/INgWvnicGbB19UdqzZ 03q0CoszdU9w69Uwvv4IM1usK2IbHigaY3kBOET3m2+Po0R24DYVXYIuay9z/uJKkOit xaaKPK5UfFaHAlZN1YuQmap2XY11PvMcrcqgJyAxURTkeW0TiWvHT3cNODZ61dMGjMOW ciaONuoaMcr5bQpq5xTVcqZw+pknp6FfFW6CzrJAFipAVnxZT4KIf0yb41VhzPvZAdKe 7AhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=kNzhl1msHGxezSlUcnJIDIIKyeuSLJuoEOzVFefl4Ns=; b=uoKcM9y4EyvedNKSr6YRB7VCl0485iE3270jeEHWxwvIQkqHq3job6eQp4W24NCmEW gPLsbq281jOlc4Us4NCxuXp3Z482Q/u837AlFBAyxMiQft27GjWVx/CrExZKkkcB3fhS X0yXArG/jYaDqeLCxtQcxE2VMXWoDI8tC7Bt4Q8TxQ2IFQsZvQ3I53cUivDwrB5GGnFU /1kuIBRuVsqLEISLYjAaXnqFnkrDcc+P/ORhC7e4SB6a1gnqP1fXyzjfl3eJ4JelkXHN lo5d02P8IkY/EXwiap1rJjN/ACEJCAM4wdlUvZ2TAks3qhih8JRhojAxrDmvw01eI1tV THhQ== X-Gm-Message-State: AOAM531S0MhC56BY8tjtVnRjmQvEHI6+CSFBHYERXqHm4F6cG9bkCj0x +uoR+EiGHn/jkNK3PBng+s42qCWFlB4= X-Google-Smtp-Source: ABdhPJw0yNIm0Bf8rVmYZq58grRYWfxfNyt09dao1h2rrB0aCPdBW17M2GjNeZu6+HXcYH8ZZ7W06A== X-Received: by 2002:a17:906:f243:: with SMTP id gy3mr10691971ejb.327.1632482725352; Fri, 24 Sep 2021 04:25:25 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 18/26] hw/i386/pc: Account for SGX EPC sections when calculating device memory Date: Fri, 24 Sep 2021 13:25:01 +0200 Message-Id: <20210924112509.25061-19-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::530; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x530.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632484071121100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Add helpers to detect if SGX EPC exists above 4g, and if so, where SGX EPC above 4g ends. Use the helpers to adjust the device memory range if SGX EPC exists above 4g. For multiple virtual EPC sections, we just put them together physically contiguous for the simplicity because we don't support EPC NUMA affinity now. Once the SGX EPC NUMA support in the kernel SGX driver, we will support this in the future. Note that SGX EPC is currently hardcoded to reside above 4g. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-18-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- hw/i386/pc.c | 11 ++++++++++- include/hw/i386/sgx-epc.h | 7 +++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 7e523b913c..58700af138 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -913,8 +913,15 @@ void pc_memory_init(PCMachineState *pcms, exit(EXIT_FAILURE); } =20 + if (pcms->sgx_epc.size !=3D 0) { + machine->device_memory->base =3D sgx_epc_above_4g_end(&pcms->s= gx_epc); + } else { + machine->device_memory->base =3D + 0x100000000ULL + x86ms->above_4g_mem_size; + } + machine->device_memory->base =3D - ROUND_UP(0x100000000ULL + x86ms->above_4g_mem_size, 1 * GiB); + ROUND_UP(machine->device_memory->base, 1 * GiB); =20 if (pcmc->enforce_aligned_dimm) { /* size device region assuming 1G page max alignment per slot = */ @@ -999,6 +1006,8 @@ uint64_t pc_pci_hole64_start(void) if (!pcmc->broken_reserved_end) { hole64_start +=3D memory_region_size(&ms->device_memory->mr); } + } else if (pcms->sgx_epc.size !=3D 0) { + hole64_start =3D sgx_epc_above_4g_end(&pcms->sgx_epc); } else { hole64_start =3D 0x100000000ULL + x86ms->above_4g_mem_size; } diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h index 75b19f464c..65a68ca753 100644 --- a/include/hw/i386/sgx-epc.h +++ b/include/hw/i386/sgx-epc.h @@ -57,4 +57,11 @@ typedef struct SGXEPCState { =20 int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size); =20 +static inline uint64_t sgx_epc_above_4g_end(SGXEPCState *sgx_epc) +{ + assert(sgx_epc !=3D NULL && sgx_epc->base >=3D 0x100000000ULL); + + return sgx_epc->base + sgx_epc->size; +} + #endif --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632484282090213.464450994853; Fri, 24 Sep 2021 04:51:22 -0700 (PDT) Received: from localhost ([::1]:54340 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjjc-0003Mf-Qz for importer@patchew.org; Fri, 24 Sep 2021 07:51:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34576) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKb-0007uk-0q for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:29 -0400 Received: from mail-ed1-x52b.google.com ([2a00:1450:4864:20::52b]:46763) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKZ-0000be-Ij for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:28 -0400 Received: by mail-ed1-x52b.google.com with SMTP id ee50so34836652edb.13 for ; Fri, 24 Sep 2021 04:25:27 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=UgkF1mvQK//t6XGujinPfYl2Zezj6c5sitJ7wVbQTZk=; b=aRYsDJ6RlG82hxpdlQYlkUM+tUkNgm7RVYTzAB5Al3emL+KWyqwk1IwrOEyMSpRwSH fvmUloOPCu2+ptpV/cMabGIXBmwtIvC7KjOxm6olQO7hVcrSGhRoe8ep1QuayEYSNxdv mGWmnvxqxip0pqFoKH4pImMeYLKEv54VX/GJON6c4rDMWHXoZSYMYJI5lEUenfOhgvmR YEsq4v+4Dfwzuv+GCFM/F9FUWY6K46M5dUrv4skfruG2UveX3EENxGlhEqVSl0enrBju N9kVv0tFqQ+5ww46W8OfVzL6C+ch+prvqbts1HG2FzhoH+Y4kM8+AYcZ0cBeThkjrfsI LmAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=UgkF1mvQK//t6XGujinPfYl2Zezj6c5sitJ7wVbQTZk=; b=FR4zoTDLZ+LE/M56reBwG46Jd8MRJsfsVSJeh/wcYEfgtuA+K+TxWzF0BxKU1lYyAq AycfUiPEYhxmhPGwJq3nJF8esOiXm12Aa1yEwvxBuno9yajgMrPhoLaHV7Y7wkGEd1Lq 3EDkiy9/+evxRLc05Gy/WqYi3mG9PC5hv8mO8GMh3X8tZQo01Wq1RD/QJx8JYxKNtRH7 9FzH3QkbRd+WONZilKX1dTWuGLSuLwtZfPJKAhqxtz0f8hUSND/zJ4pwWz4BFb6hbaFA cFxnKoQ/lu051RhyGHrxWojjT6pT175HHSexR7ebxQf5Xw8qjZRXOSaQxfIaSJDHAEe+ viCA== X-Gm-Message-State: AOAM533YPskwu7ophrnD7vElbWqvV5kZwVN/nchNa/0Cty2jSgP42PtV 6HE7r9YVxhq/OkCsiW3VIXvZ0hLJsq4= X-Google-Smtp-Source: ABdhPJz+LLV15KpSWyw97ABoAy09rcQb20QMx4KZVV0ABW5Wq+FgcEEZ5ovfd1i2Vryp/aPQuFh/uQ== X-Received: by 2002:a17:907:7803:: with SMTP id la3mr10785186ejc.235.1632482726226; Fri, 24 Sep 2021 04:25:26 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 19/26] i386/pc: Add e820 entry for SGX EPC section(s) Date: Fri, 24 Sep 2021 13:25:02 +0200 Message-Id: <20210924112509.25061-20-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52b; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52b.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632484283002100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Note that SGX EPC is currently guaranteed to reside in a single contiguous chunk of memory regardless of the number of EPC sections. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-19-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- hw/i386/pc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 58700af138..1260fb6197 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -883,6 +883,10 @@ void pc_memory_init(PCMachineState *pcms, e820_add_entry(0x100000000ULL, x86ms->above_4g_mem_size, E820_RAM); } =20 + if (pcms->sgx_epc.size !=3D 0) { + e820_add_entry(pcms->sgx_epc.base, pcms->sgx_epc.size, E820_RESERV= ED); + } + if (!pcmc->has_reserved_memory && (machine->ram_slots || (machine->maxram_size > machine->ram_size))) { --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632484252837883.4024161893852; Fri, 24 Sep 2021 04:50:52 -0700 (PDT) Received: from localhost ([::1]:52188 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjj9-0001tL-CR for importer@patchew.org; Fri, 24 Sep 2021 07:50:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34596) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKc-0007xV-AK for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:30 -0400 Received: from mail-ed1-x535.google.com ([2a00:1450:4864:20::535]:42725) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKa-0000br-FZ for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:29 -0400 Received: by mail-ed1-x535.google.com with SMTP id u27so34245815edi.9 for ; Fri, 24 Sep 2021 04:25:28 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=DX+n3kP2aHkHKaZjc+ogt7pnXtaudF677+IzkUFKWcc=; b=PC43oRRckn0Q4NkC+r6pxMQ4/WtMDqmxTq3nmi1yRCcczFvyJ8gnPE0TclWv9hVLbj lE3BbEDqT98Swpou7FP6FuDnwINtV7pQPH5xgavdfIboChmK+ipEpj+hQNMYcsxLga7C D63hgjYSN222BLRVCF9lh4exx/ij/f5+jUOoFQUpZq+4iLk4Rx/JFK7ObpP9vW3+Wpqo Q2G7BFx5R1XBRdVnbiMwpOSrXzjVdmUh1WPDxZBahAZQajoT5ZeourIFNYt3PQQ1yo4K MXc/fgbdIlYAhNQzTDGbl6lq9wgD+EGxxWivXYV/ua7Chl/qlKA0RXeylGS36Bv9csnh pEuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=DX+n3kP2aHkHKaZjc+ogt7pnXtaudF677+IzkUFKWcc=; b=gK3Q+9R9TMBCzsZA1H0ptpZueNPDBZ8Bq0ZHls/HNR3C7EJp7SZ5/QNJszZCqHMg7+ B7AnQKrZKYaoYFVm4xg3JzETqlQZS9rVENjycvhmCVohYF/SFpfFLXQQCnEYt4GXwyFD JFRm0usx4qvYFyBASC7aegcxNPS7WukUuOLuOcU1H6PyIMWBxNwBSl03nRCrZx9eAnye pfPGqMIg4uG+K63uvrhjzTB1E3uv1PamHrMqVpmUkR1aiVvVnovqXFGbYLgZZOAlgqtO a8X85KZ64iJAgp8A0orjtb9VhNZ+p5kGmvfeXFqDTVUiijXoIdQ9/DRx5VMRlm3mdxrg 2wqA== X-Gm-Message-State: AOAM5335T3eSaliaPZGn3WnzTxHkBErvormku4aRy1Pfq9PV/EvkGe/0 wqdDeF6Ou+hHaX4A1B6yj9xpHM7AgAo= X-Google-Smtp-Source: ABdhPJzkV5BWMVctyI4PhQmIU0xEGfDjQtvV6pQl8/Kzuo2P1BXdnKDRAnU3DVpzwNItbogMtJrqzQ== X-Received: by 2002:a17:906:2505:: with SMTP id i5mr10550816ejb.450.1632482727235; Fri, 24 Sep 2021 04:25:27 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 20/26] i386: acpi: Add SGX EPC entry to ACPI tables Date: Fri, 24 Sep 2021 13:25:03 +0200 Message-Id: <20210924112509.25061-21-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::535; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x535.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632484254744100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson The ACPI Device entry for SGX EPC is essentially a hack whose primary purpose is to provide software with a way to autoprobe SGX support, e.g. to allow software to implement SGX support as a driver. Details on the individual EPC sections are not enumerated through ACPI tables, i.e. software must enumerate the EPC sections via CPUID. Furthermore, software expects to see only a single EPC Device in the ACPI tables regardless of the number of EPC sections in the system. However, several versions of Windows do rely on the ACPI tables to enumerate the address and size of the EPC. So, regardless of the number of EPC sections exposed to the guest, create exactly *one* EPC device with a _CRS entry that spans the entirety of all EPC sections (which are guaranteed to be contiguous in Qemu). Note, NUMA support for EPC memory is intentionally not considered as enumerating EPC NUMA information is not yet defined for bare metal. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-20-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- hw/i386/acpi-build.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c index dfaa47cdc2..f4d6ae3d02 100644 --- a/hw/i386/acpi-build.c +++ b/hw/i386/acpi-build.c @@ -1841,6 +1841,28 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, } #endif =20 + if (pcms->sgx_epc.size !=3D 0) { + uint64_t epc_base =3D pcms->sgx_epc.base; + uint64_t epc_size =3D pcms->sgx_epc.size; + + dev =3D aml_device("EPC"); + aml_append(dev, aml_name_decl("_HID", aml_eisaid("INT0E0C"))); + aml_append(dev, aml_name_decl("_STR", + aml_unicode("Enclave Page Cache 1.0"= ))); + crs =3D aml_resource_template(); + aml_append(crs, + aml_qword_memory(AML_POS_DECODE, AML_MIN_FIXED, + AML_MAX_FIXED, AML_NON_CACHEABLE, + AML_READ_WRITE, 0, epc_base, + epc_base + epc_size - 1, 0, epc_size)); + aml_append(dev, aml_name_decl("_CRS", crs)); + + method =3D aml_method("_STA", 0, AML_NOTSERIALIZED); + aml_append(method, aml_return(aml_int(0x0f))); + aml_append(dev, method); + + aml_append(sb_scope, dev); + } aml_append(dsdt, sb_scope); =20 /* copy AML table into ACPI tables blob and patch header there */ --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632483411294395.3956605719535; Fri, 24 Sep 2021 04:36:51 -0700 (PDT) Received: from localhost ([::1]:57394 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjVa-0002KU-Ad for importer@patchew.org; Fri, 24 Sep 2021 07:36:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34600) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKc-0007yq-Kq for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:30 -0400 Received: from mail-ed1-x52d.google.com ([2a00:1450:4864:20::52d]:37718) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKb-0000by-3y for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:30 -0400 Received: by mail-ed1-x52d.google.com with SMTP id bx4so34922481edb.4 for ; Fri, 24 Sep 2021 04:25:28 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=e3CR8xrdtQNpyFMwEEkkK45w7yuIntrOePJfuLXKl2k=; b=UMbERYiMt6fmplsnsvzyw3yj1YEQoOnbiTTgwLrA/6KAX5dkQe1oCYbzBLm1hctnjs KwuEReRM1rjAfbRJVQZ1GSIoWg4GD7YNbS4o4HuoPx+bMB/OUSLUGJ9reOxKP/uIxPxw a36ifaQNSVgWQjG3jio/Vi/oLJeAZKn+aM/gm7QaVD/Abzm36MlwVrSoYGI1RVRCQ32V clx+EV27u4zHm+KAlnx9xLDJ8ffG8alDovvPxGADvWa7zqdq1IBhpjGBPsh7DK0RN2s1 zKPmfOcTGvJwImL9Dff07+eXQjl5YcdbEMSLkYpS2iVZagMhQm0gqXnRUPuyF0lZK4tF sfsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=e3CR8xrdtQNpyFMwEEkkK45w7yuIntrOePJfuLXKl2k=; b=E0pxpQk9WHtpLFR8iZFa0EEiq7gsNQivktjZ1Vi2/nPCUMjqruRfeHsdhJsAwkGxCk Rswn+RkFZkNVXLAMrP01tFeLz3WHhPofGqQEmTA9Ibs4ldtzvV9dWXzigsf4kmMOGfW0 KKtL6mLI6KWPBIrpAN7dInf5CNnmRud2S5FIEKkaghzZgUKLauMWRQxE/wySKaGxa9Ps BUy1of+K6y2ZW/RYTEHrHUBVKTwDC0qlivT4dbf1HYdyL8+LnvnzkV+3AriDr3J39uLv yy2hEXaIu5kqBvUIQZ1zCmDz8IRpO7V2EX63yV94qSsIdQUxi4TOlvJpUFEG3DNimYDY OadQ== X-Gm-Message-State: AOAM531lKEh75SsBCff4dIdik7UKB0bnAY9Z0wtEYylNP+I44s7aWZI1 wtbq1MNDNSn1dX8e19Xl2i0TNkm0BXM= X-Google-Smtp-Source: ABdhPJzh5u3Lr9pMnc1EQfIrQp+VZhxF86mAez1ghcrXYUo9KWqC0ITFhLd9bHan4u+a/l7uhlMv9w== X-Received: by 2002:a17:906:1d43:: with SMTP id o3mr10591019ejh.118.1632482727917; Fri, 24 Sep 2021 04:25:27 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 21/26] q35: Add support for SGX EPC Date: Fri, 24 Sep 2021 13:25:04 +0200 Message-Id: <20210924112509.25061-22-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52d; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52d.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483412035100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Enable SGX EPC virtualization, which is currently only support by KVM. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-21-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- hw/i386/pc_q35.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c index 46cd542d17..5481d5c965 100644 --- a/hw/i386/pc_q35.c +++ b/hw/i386/pc_q35.c @@ -177,6 +177,7 @@ static void pc_q35_init(MachineState *machine) x86ms->below_4g_mem_size =3D machine->ram_size; } =20 + pc_machine_init_sgx_epc(pcms); x86_cpus_init(x86ms, pcmc->default_cpu_version); =20 kvmclock_create(pcmc->kvmclock_create_always); --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632484419132749.8128854359985; Fri, 24 Sep 2021 04:53:39 -0700 (PDT) Received: from localhost ([::1]:58646 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjlp-0006Op-TV for importer@patchew.org; Fri, 24 Sep 2021 07:53:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34612) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKe-00084B-Ju for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:32 -0400 Received: from mail-ed1-x532.google.com ([2a00:1450:4864:20::532]:37723) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKc-0000dI-3I for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:32 -0400 Received: by mail-ed1-x532.google.com with SMTP id bx4so34922560edb.4 for ; Fri, 24 Sep 2021 04:25:29 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=HIpbBVsq+qGYM7QnpoxAN/h8ed4NbHFTGJsvkWBRASU=; b=qFZ9LuyC08/9GdOWO0/un8t2ueeJ1yhDK1E4s7z/j3e71goVWROCPXsZi1JyWhaKpG Pug2p2/KIKU20BKb8ONaHnmvEv1L0vO+C2NA+PNmICXr9Qw5pQuPNcZ6I4tegDrUNvbg 0DHalAIFiWAx3CKt6WvzQbOVWlBt2VDdF8XBvdVvWkB3Gz3UmSSp4hMyntlx81cjKwGi KLVJJRUPva8fg34Za51En6+IAbnahELjCefARXYrql6Ojp+WrvslVLEZjLQCZExVn122 eqrKJaLgpp6p+fTIPfs4fFpDeOxwY5mER0g2Qem7OHk6GlgvuKV320AASgiSt9Zv1phz RC+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=HIpbBVsq+qGYM7QnpoxAN/h8ed4NbHFTGJsvkWBRASU=; b=rHx5AbrLpHx9xo6EyNLaSr8oWkYudfGtxnc/SW/MmAZk6+VfHzqBodRs/T/jq2k1bj vFjlv1Rc4aGp87FI+zhC7L7Ul8nU0tZKG0r/3J0YTo0q0UtVSRM4eKvhFfXxjsu+TTM0 ZDGI3XZyDiMgX5cZMWqH8/CqAhmsar3M8z3LFPoV4Ue2BJRiRnrz2jEeRrbOBAJmHkGt qh5B0rzzZ2nUm7qyFPjtIMWsa0l0184XGbHfZsvJ25RjUTJnEN3/2lKHhm1P0oWXjiXu Uz7F1t6NonLnMCAnyStExZI5CkAkdjJbbM2BeAaEgAQqzYJRIUu9aSCa1+S+PAXmFHvq wltg== X-Gm-Message-State: AOAM533bZijZFeX6JeId284hk0F9Ei07iyHrMCxPdXWXZ9c5golbqj4c JTHJppMQZ/PpXVv+yQxG5//YlfJw5Sk= X-Google-Smtp-Source: ABdhPJy9bW5lxvN95Vzmiz5ThofYxcglNmyP4otiPlFLFNROpKLTh5NTlo0ilj8wRg1ZAqfjp23+RQ== X-Received: by 2002:a50:bf4a:: with SMTP id g10mr4368772edk.11.1632482728637; Fri, 24 Sep 2021 04:25:28 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 22/26] i440fx: Add support for SGX EPC Date: Fri, 24 Sep 2021 13:25:05 +0200 Message-Id: <20210924112509.25061-23-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::532; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x532.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632484420227100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Enable SGX EPC virtualization, which is currently only support by KVM. Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-22-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- hw/i386/pc_piix.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index c5da7739ce..6cc834aff6 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -153,6 +153,7 @@ static void pc_init1(MachineState *machine, } } =20 + pc_machine_init_sgx_epc(pcms); x86_cpus_init(x86ms, pcmc->default_cpu_version); =20 if (pcmc->kvmclock_enabled) { --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632484688546121.80951957601019; Fri, 24 Sep 2021 04:58:08 -0700 (PDT) Received: from localhost ([::1]:39150 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjqB-00044B-Gx for importer@patchew.org; Fri, 24 Sep 2021 07:58:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34660) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKh-00088i-Tu for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:36 -0400 Received: from mail-ed1-x52e.google.com ([2a00:1450:4864:20::52e]:46767) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKd-0000dX-7t for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:35 -0400 Received: by mail-ed1-x52e.google.com with SMTP id ee50so34837265edb.13 for ; Fri, 24 Sep 2021 04:25:30 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=zSiZg0OyaQnhxkqFy1IPCwZxvMMrttkHp5blEbDPMg8=; b=a2KVEZywe0uFf4eTkLnVVHh6vNXXq6CuRNYfWHpB88FwJR3xyn5SWMchCfAO6W9cn6 uEgc7Rgv9zMwEtkN3ohbi6hE9vKYWV0El9QB+l61IXA5duGwPN4VTg81mpjTNIXidVmm lFNxD4G43lh2AxJ4A9BBaqQ2Jyuwa7jNqNCwxM4i+6KAfeB1tZJr/Qh9wZQUy/tXyAVX Z313ulGgaTRyW/rAo4D9zhhOmHw/C8aAWDrJoYaJWjnWzLZwRurrHUUQsdP34bG/jVdK Ehu7nd/b+Qh0GCPLpmTocK3xW+0xfa49YSm8t0aCmdU/CbE3gYb41LvW8byiEanAKrdC EVPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=zSiZg0OyaQnhxkqFy1IPCwZxvMMrttkHp5blEbDPMg8=; b=6mvU3Uql9bL3ZDGA1PzBtW76mQyD59/QcGOwePrzbte641bKajd+5qKt6Q/rdTPb+T F8bQVHpiosoOcnDnkkqe3/hWgogH2EfdfTeOtrewrFURGyGIqWIchTkAgIEwXMlInf7O Gwq/SmUvbTUZMGjmCKXgW0nnFqbkYnOfya2kSq2zlCs5Ge+V8L7rtm2PuuH7UT7OAIdp FS+k53NUaAmlvP3D4nnpZs/dTY4/tpORYvr0UDQCo9fbe0IVfh0v+MkoeNxB1Bj/LpCK 1LRhBbXgprDS0RWpbjRpOHg/hptcHqEs17W8asVmNsdBkiNcygG2nEm1VtccvQJfLB+y Eynw== X-Gm-Message-State: AOAM531FbKFjSySnniyxhE4eFI6QmC3lwtpBXEDMv8Ikb7rufvQLopBi tgYxZ4bR/C+B2NT9GY3C68DLt9HJjs0= X-Google-Smtp-Source: ABdhPJwegWzNOuduLhBSj5096DJUHy7kThswqHGAUTyweGIifj51wQooR0yEHPLMrhPFseWoMR7xJw== X-Received: by 2002:a17:906:5045:: with SMTP id e5mr11032207ejk.239.1632482729312; Fri, 24 Sep 2021 04:25:29 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 23/26] sgx-epc: Add the fill_device_info() callback support Date: Fri, 24 Sep 2021 13:25:06 +0200 Message-Id: <20210924112509.25061-24-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52e; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52e.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632484690755100001 Content-Type: text/plain; charset="utf-8" From: Yang Zhong Since there is no fill_device_info() callback support, and when we execute "info memory-devices" command in the monitor, the segfault will be found. This patch will add this callback support and "info memory-devices" will show sgx epc memory exposed to guest. The result as below: qemu) info memory-devices Memory device [sgx-epc]: "" memaddr: 0x180000000 size: 29360128 memdev: /objects/mem1 Memory device [sgx-epc]: "" memaddr: 0x181c00000 size: 10485760 memdev: /objects/mem2 Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-33-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- hw/i386/sgx-epc.c | 11 ++++++++++- monitor/hmp-cmds.c | 10 ++++++++++ qapi/machine.json | 26 +++++++++++++++++++++++++- 3 files changed, 45 insertions(+), 2 deletions(-) diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c index 6677dc74b5..55e2217eae 100644 --- a/hw/i386/sgx-epc.c +++ b/hw/i386/sgx-epc.c @@ -133,7 +133,16 @@ static MemoryRegion *sgx_epc_md_get_memory_region(Memo= ryDeviceState *md, static void sgx_epc_md_fill_device_info(const MemoryDeviceState *md, MemoryDeviceInfo *info) { - /* TODO */ + SgxEPCDeviceInfo *se =3D g_new0(SgxEPCDeviceInfo, 1); + SGXEPCDevice *epc =3D SGX_EPC(md); + + se->memaddr =3D epc->addr; + se->size =3D object_property_get_uint(OBJECT(epc), SGX_EPC_SIZE_PROP, + NULL); + se->memdev =3D object_get_canonical_path(OBJECT(epc->hostmem)); + + info->u.sgx_epc.data =3D se; + info->type =3D MEMORY_DEVICE_INFO_KIND_SGX_EPC; } =20 static void sgx_epc_class_init(ObjectClass *oc, void *data) diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c index e00255f7ee..0d414d60c7 100644 --- a/monitor/hmp-cmds.c +++ b/monitor/hmp-cmds.c @@ -1823,6 +1823,7 @@ void hmp_info_memory_devices(Monitor *mon, const QDic= t *qdict) VirtioMEMDeviceInfo *vmi; MemoryDeviceInfo *value; PCDIMMDeviceInfo *di; + SgxEPCDeviceInfo *se; =20 for (info =3D info_list; info; info =3D info->next) { value =3D info->value; @@ -1870,6 +1871,15 @@ void hmp_info_memory_devices(Monitor *mon, const QDi= ct *qdict) vmi->block_size); monitor_printf(mon, " memdev: %s\n", vmi->memdev); break; + case MEMORY_DEVICE_INFO_KIND_SGX_EPC: + se =3D value->u.sgx_epc.data; + monitor_printf(mon, "Memory device [%s]: \"%s\"\n", + MemoryDeviceInfoKind_str(value->type), + se->id ? se->id : ""); + monitor_printf(mon, " memaddr: 0x%" PRIx64 "\n", se->mema= ddr); + monitor_printf(mon, " size: %" PRIu64 "\n", se->size); + monitor_printf(mon, " memdev: %s\n", se->memdev); + break; default: g_assert_not_reached(); } diff --git a/qapi/machine.json b/qapi/machine.json index 5132abf152..2d637abfc7 100644 --- a/qapi/machine.json +++ b/qapi/machine.json @@ -1220,6 +1220,29 @@ 'data': { 'sgx-epc': ['SgxEPC'] } } =20 +## +# @SgxEPCDeviceInfo: +# +# Sgx EPC state information +# +# @id: device's ID +# +# @memaddr: physical address in memory, where device is mapped +# +# @size: size of memory that the device provides +# +# @memdev: memory backend linked with device +# +# Since: 6.2 +## +{ 'struct': 'SgxEPCDeviceInfo', + 'data': { '*id': 'str', + 'memaddr': 'size', + 'size': 'size', + 'memdev': 'str' + } +} + ## # @MemoryDeviceInfo: # @@ -1234,7 +1257,8 @@ 'data': { 'dimm': 'PCDIMMDeviceInfo', 'nvdimm': 'PCDIMMDeviceInfo', 'virtio-pmem': 'VirtioPMEMDeviceInfo', - 'virtio-mem': 'VirtioMEMDeviceInfo' + 'virtio-mem': 'VirtioMEMDeviceInfo', + 'sgx-epc': 'SgxEPCDeviceInfo' } } =20 --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 163248370086635.88541454205472; Fri, 24 Sep 2021 04:41:40 -0700 (PDT) Received: from localhost ([::1]:36916 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjaE-0007vR-B3 for importer@patchew.org; Fri, 24 Sep 2021 07:41:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34634) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKg-00087A-9Q for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:35 -0400 Received: from mail-ed1-x52c.google.com ([2a00:1450:4864:20::52c]:36847) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKe-0000di-8G for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:34 -0400 Received: by mail-ed1-x52c.google.com with SMTP id v24so34822764eda.3 for ; Fri, 24 Sep 2021 04:25:31 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=n2e71CYdYrgeKoDZGg5aC8FSc4Xw4PN68IZuK98DOS4=; b=CAoayVRUtmiFyjRiLFssZ5V3ESILCarUJMabkkkO9ZuO1ra9DX0xqGnCkhsNryhxZj JgsDhq0SDhgv/BzdQipOCtLmbc6EQ9lGu6W7EXes2XKp+lrDrtR7SiUuW+DamFOMid+K qPInCoM6hWIyhnMsNXv9YwykZ0CJOsc3mTZf7dz35W3zvytMel9RMNhtmN7ZHotYeqtG VZ4jEkFr5sb3vugfD5ukcWrNbJOLIT4ouWJP6opKK9fbwVB0x6wCjazlOWgzmKxpEJdz trc+RsFskTYfJl4aPiHdR8k3IrLl2eNhY3qL2/SlnaQc48WtS4hJReP5ENxAoxnbpgbg LodQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=n2e71CYdYrgeKoDZGg5aC8FSc4Xw4PN68IZuK98DOS4=; b=mZW1g0m9ODWCe8vwg+w7F33O6nMMqGWHVTGtflFOfRXP8FQs60KAzaemTmMJ6/4DSK Q1DmX97YGF89eelAHmmRIz4CBOssY2D+q1CIlAAy3aXA+OYVqEa4XYEE11p5yZWfAgMg +kxy/WEbDrP0g0W6eDWVS2pCz5q563LBWoch7Hh5y4VLDxsQdzvohTBXQ6gsDquvOEq7 j+S+qa0Fdpxp2/UtgEWJQaeECt1psbBE2nPMbA2diEQXqVnINxn48Q1gthCHtLwV4ZpC 1zO290qiDq7YPljMbvINuv6r1kSJk7N6zgfWGIzObFwvpGFaWV4NihOVU7Jl8IZ77Q4l zMkA== X-Gm-Message-State: AOAM5335L/BCPj/yT/8OhEqesuQwkrK6NTfXqdDJZCqL6cZ0qt3O+Stu AnQptPk1ZwKOIqyaYJxBmhlZh8kEju8= X-Google-Smtp-Source: ABdhPJyoqB0/wCCuPN9C3PQhSpRipyS3lCQH/zrMtR9JmJ1OUgn6mxm9t49BKjU9qdHvc9K4l9bRwg== X-Received: by 2002:a17:906:1d07:: with SMTP id n7mr10380734ejh.53.1632482730711; Fri, 24 Sep 2021 04:25:30 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 24/26] docs/system: Add SGX documentation to the system manual Date: Fri, 24 Sep 2021 13:25:07 +0200 Message-Id: <20210924112509.25061-25-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52c; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52c.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com, Sean Christopherson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483703295100001 Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Zhong Message-Id: <20210719112136.57018-34-yang.zhong@intel.com> [Convert to reStructuredText, and adopt the standard =3D=3D=3D --- ~~~ head= ings suggested for example by Linux. - Paolo] Signed-off-by: Paolo Bonzini --- docs/system/i386/sgx.rst | 165 ++++++++++++++++++++++++++++++++++++ docs/system/target-i386.rst | 1 + 2 files changed, 166 insertions(+) create mode 100644 docs/system/i386/sgx.rst diff --git a/docs/system/i386/sgx.rst b/docs/system/i386/sgx.rst new file mode 100644 index 0000000000..f103ae2a2f --- /dev/null +++ b/docs/system/i386/sgx.rst @@ -0,0 +1,165 @@ +Software Guard eXtensions (SGX) +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D + +Overview +-------- + +Intel Software Guard eXtensions (SGX) is a set of instructions and mechani= sms +for memory accesses in order to provide security accesses for sensitive +applications and data. SGX allows an application to use it's pariticular +address space as an *enclave*, which is a protected area provides confiden= tiality +and integrity even in the presence of privileged malware. Accesses to the +enclave memory area from any software not resident in the enclave are prev= ented, +including those from privileged software. + +Virtual SGX +----------- + +SGX feature is exposed to guest via SGX CPUID. Looking at SGX CPUID, we can +report the same CPUID info to guest as on host for most of SGX CPUID. With +reporting the same CPUID guest is able to use full capacity of SGX, and KVM +doesn't need to emulate those info. + +The guest's EPC base and size are determined by Qemu, and KVM needs Qemu to +notify such info to it before it can initialize SGX for guest. + +Virtual EPC +~~~~~~~~~~~ + +By default, Qemu does not assign EPC to a VM, i.e. fully enabling SGX in a= VM +requires explicit allocation of EPC to the VM. Similar to other specialized +memory types, e.g. hugetlbfs, EPC is exposed as a memory backend. + +SGX EPC is enumerated through CPUID, i.e. EPC "devices" need to be realized +prior to realizing the vCPUs themselves, which occurs long before generic +devices are parsed and realized. This limitation means that EPC does not +require -maxmem as EPC is not treated as {cold,hot}plugged memory. + +Qemu does not artificially restrict the number of EPC sections exposed to a +guest, e.g. Qemu will happily allow you to create 64 1M EPC sections. Be a= ware +that some kernels may not recognize all EPC sections, e.g. the Linux SGX d= river +is hardwired to support only 8 EPC sections. + +The following Qemu snippet creates two EPC sections, with 64M pre-allocated +to the VM and an additional 28M mapped but not allocated:: + + -object memory-backend-epc,id=3Dmem1,size=3D64M,prealloc=3Don \ + -object memory-backend-epc,id=3Dmem2,size=3D28M \ + -M sgx-epc.0.memdev=3Dmem1,sgx-epc.1.memdev=3Dmem2 + +Note: + +The size and location of the virtual EPC are far less restricted compared +to physical EPC. Because physical EPC is protected via range registers, +the size of the physical EPC must be a power of two (though software sees +a subset of the full EPC, e.g. 92M or 128M) and the EPC must be naturally +aligned. KVM SGX's virtual EPC is purely a software construct and only +requires the size and location to be page aligned. Qemu enforces the EPC +size is a multiple of 4k and will ensure the base of the EPC is 4k aligned. +To simplify the implementation, EPC is always located above 4g in the guest +physical address space. + +Migration +~~~~~~~~~ + +Qemu/KVM doesn't prevent live migrating SGX VMs, although from hardware's +perspective, SGX doesn't support live migration, since both EPC and the SGX +key hierarchy are bound to the physical platform. However live migration +can be supported in the sense if guest software stack can support recreati= ng +enclaves when it suffers sudden lose of EPC; and if guest enclaves can det= ect +SGX keys being changed, and handle gracefully. For instance, when ERESUME = fails +with #PF.SGX, guest software can gracefully detect it and recreate enclave= s; +and when enclave fails to unseal sensitive information from outside, it can +detect such error and sensitive information can be provisioned to it again. + +CPUID +~~~~~ + +Due to its myriad dependencies, SGX is currently not listed as supported +in any of Qemu's built-in CPU configuration. To expose SGX (and SGX Launch +Control) to a guest, you must either use `-cpu host` to pass-through the +host CPU model, or explicitly enable SGX when using a built-in CPU model, +e.g. via `-cpu ,+sgx` or `-cpu ,+sgx,+sgxlc`. + +All SGX sub-features enumerated through CPUID, e.g. SGX2, MISCSELECT, +ATTRIBUTES, etc... can be restricted via CPUID flags. Be aware that enforc= ing +restriction of MISCSELECT, ATTRIBUTES and XFRM requires intercepting ECREA= TE, +i.e. may marginally reduce SGX performance in the guest. All SGX sub-featu= res +controlled via -cpu are prefixed with "sgx", e.g.:: + + $ qemu-system-x86_64 -cpu help | xargs printf "%s\n" | grep sgx + sgx + sgx-debug + sgx-encls-c + sgx-enclv + sgx-exinfo + sgx-kss + sgx-mode64 + sgx-provisionkey + sgx-tokenkey + sgx1 + sgx2 + sgxlc + +The following Qemu snippet passes through the host CPU but restricts acces= s to +the provision and EINIT token keys:: + + -cpu host,-sgx-provisionkey,-sgx-tokenkey + +SGX sub-features cannot be emulated, i.e. sub-features that are not present +in hardware cannot be forced on via '-cpu'. + +Virtualize SGX Launch Control +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Qemu SGX support for Launch Control (LC) is passive, in the sense that it +does not actively change the LC configuration. Qemu SGX provides the user +the ability to set/clear the CPUID flag (and by extension the associated +IA32_FEATURE_CONTROL MSR bit in fw_cfg) and saves/restores the LE Hash MSRs +when getting/putting guest state, but Qemu does not add new controls to +directly modify the LC configuration. Similar to hardware behavior, locki= ng +the LC configuration to a non-Intel value is left to guest firmware. Unli= ke +host bios setting for SGX launch control(LC), there is no special bios set= ting +for SGX guest by our design. If host is in locked mode, we can still allow +creating VM with SGX. + +Feature Control +~~~~~~~~~~~~~~~ + +Qemu SGX updates the `etc/msr_feature_control` fw_cfg entry to set the SGX +(bit 18) and SGX LC (bit 17) flags based on their respective CPUID support, +i.e. existing guest firmware will automatically set SGX and SGX LC accordi= ngly, +assuming said firmware supports fw_cfg.msr_feature_control. + +Launching a guest +----------------- + +To launch a SGX guest: + +.. parsed-literal:: + + |qemu_system_x86| \\ + -cpu host,+sgx-provisionkey \\ + -object memory-backend-epc,id=3Dmem1,size=3D64M,prealloc=3Don \\ + -object memory-backend-epc,id=3Dmem2,size=3D28M \\ + -M sgx-epc.0.memdev=3Dmem1,sgx-epc.1.memdev=3Dmem2 + +Utilizing SGX in the guest requires a kernel/OS with SGX support. +The support can be determined in guest by:: + + $ grep sgx /proc/cpuinfo + +and SGX epc info by:: + + $ dmesg | grep sgx + [ 1.242142] sgx: EPC section 0x180000000-0x181bfffff + [ 1.242319] sgx: EPC section 0x181c00000-0x1837fffff + +References +---------- + +- `SGX Homepage `__ + +- `SGX SDK `__ + +- SGX specification: Intel SDM Volume 3 diff --git a/docs/system/target-i386.rst b/docs/system/target-i386.rst index c9720a8cd1..6a86d63863 100644 --- a/docs/system/target-i386.rst +++ b/docs/system/target-i386.rst @@ -26,6 +26,7 @@ Architectural features :maxdepth: 1 =20 i386/cpu + i386/sgx =20 .. _pcsys_005freq: =20 --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 163248458337193.94932054682272; Fri, 24 Sep 2021 04:56:23 -0700 (PDT) Received: from localhost ([::1]:34928 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjoU-0001Cn-94 for importer@patchew.org; Fri, 24 Sep 2021 07:56:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34636) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKg-00087C-IV for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:35 -0400 Received: from mail-ed1-x530.google.com ([2a00:1450:4864:20::530]:34330) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKe-0000e6-RS for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:34 -0400 Received: by mail-ed1-x530.google.com with SMTP id eg28so35036805edb.1 for ; Fri, 24 Sep 2021 04:25:32 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=7aIHkITyfDCPKw7jzecCNevaMEbatHzwC1yR+VL6gh4=; b=l5czh37ywwM1en4WpOGysFy21RVAbWRScqgvNJ0KgvwCtDZ68QDrgzmiqpJ36KnhC9 BWpLvEhAAEocBJ2LwsZo8QDykx4qO2/efLEfhlBtyaz/AvvoqIfiGJn3kZcTEpA08I27 NUaWW4/yHCxY7Ltn3Q2O6IHwvNMw37Oi4hcyNiqafus45NWj/hvsN922tWBl38CqNm42 WRvjLUgtUqJ6qwWIXgIByq2sLV1Wa26MHKMAQb9COn9q3aH6dGsQrdpzIeDzO5huA1s+ AVWgqIDJZupTXxHHbVzGgAXgAJUAmmHrAy1/UVpsUBqmqlVWtayr9I2YQielIR8YbCHn Sg8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=7aIHkITyfDCPKw7jzecCNevaMEbatHzwC1yR+VL6gh4=; b=ae9VTZgpsYRcOMzFyDQyQYaPBoMYEOoevPpX3tn1r4HKfKx55Qq5fBShsCnIBo2lPA ppFNkSy2CRxzw2XX7qneGnhITVc82ZaCIJxqGD2fBqcrttLOCtGJiube9/PV0uwOmZ6+ X/rdSPnN+I77VRzqujKdLIWGw+gj4niitQRkxbPHtMZH7FrhdJaRrTl869VzbZFhcDJC O5X0ExTzNic81hl4wXU5lUF7YkcuY5mQy6pwr3x2uAPEAhhMlMZ0oTrmA868L+txZ0bs B7rT7YeyjrLtDDUUtL53lVD9GkGWr7R00cqYJ+TKEH+8Ku62mwSkH1GafuIS/n4nN9sI 7mLA== X-Gm-Message-State: AOAM530tUJrHYLfo2mtPcbi6txjOiZ/uN0GtOk3atEIlmmSu8EnlGo4m XteuN2YjRafB/77xX44hFEZA/HndPcs= X-Google-Smtp-Source: ABdhPJzFnicWO668iozSPlwKK0G8bTvQ90XPYhVFZZL/Z1fcXl04daSz2FYuMpIZBwsDYW2XH1RsjQ== X-Received: by 2002:a50:d581:: with SMTP id v1mr4480459edi.210.1632482731539; Fri, 24 Sep 2021 04:25:31 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 25/26] target/i386: Add HMP and QMP interfaces for SGX Date: Fri, 24 Sep 2021 13:25:08 +0200 Message-Id: <20210924112509.25061-26-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::530; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x530.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632484585286100001 Content-Type: text/plain; charset="utf-8" From: Yang Zhong The QMP and HMP interfaces can be used by monitor or QMP tools to retrieve the SGX information from VM side when SGX is enabled on Intel platform. Signed-off-by: Yang Zhong Message-Id: <20210910102258.46648-2-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- hmp-commands-info.hx | 15 +++++++++++++ hw/i386/sgx-stub.c | 7 ++++++ hw/i386/sgx.c | 31 ++++++++++++++++++++++++++ include/hw/i386/sgx.h | 11 +++++++++ include/monitor/hmp-target.h | 1 + qapi/misc-target.json | 43 ++++++++++++++++++++++++++++++++++++ target/i386/monitor.c | 27 ++++++++++++++++++++++ tests/qtest/qmp-cmd-test.c | 1 + 8 files changed, 136 insertions(+) create mode 100644 include/hw/i386/sgx.h diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx index 27206ac049..4c966e8a6b 100644 --- a/hmp-commands-info.hx +++ b/hmp-commands-info.hx @@ -877,3 +877,18 @@ SRST ``info dirty_rate`` Display the vcpu dirty rate information. ERST + +#if defined(TARGET_I386) + { + .name =3D "sgx", + .args_type =3D "", + .params =3D "", + .help =3D "show intel SGX information", + .cmd =3D hmp_info_sgx, + }, +#endif + +SRST + ``info sgx`` + Show intel SGX information. +ERST diff --git a/hw/i386/sgx-stub.c b/hw/i386/sgx-stub.c index 483c72bba6..485e16ecc1 100644 --- a/hw/i386/sgx-stub.c +++ b/hw/i386/sgx-stub.c @@ -1,6 +1,13 @@ #include "qemu/osdep.h" #include "hw/i386/pc.h" #include "hw/i386/sgx-epc.h" +#include "hw/i386/sgx.h" + +SGXInfo *sgx_get_info(Error **errp) +{ + error_setg(errp, "SGX support is not compiled in"); + return NULL; +} =20 void pc_machine_init_sgx_epc(PCMachineState *pcms) { diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c index 8a18cddc3f..ea75398575 100644 --- a/hw/i386/sgx.c +++ b/hw/i386/sgx.c @@ -17,6 +17,37 @@ #include "monitor/qdev.h" #include "qapi/error.h" #include "exec/address-spaces.h" +#include "hw/i386/sgx.h" + +SGXInfo *sgx_get_info(Error **errp) +{ + SGXInfo *info =3D NULL; + X86MachineState *x86ms; + PCMachineState *pcms =3D + (PCMachineState *)object_dynamic_cast(qdev_get_machine(), + TYPE_PC_MACHINE); + if (!pcms) { + error_setg(errp, "SGX is only supported on PC machines"); + return NULL; + } + + x86ms =3D X86_MACHINE(pcms); + if (!x86ms->sgx_epc_list) { + error_setg(errp, "No EPC regions defined, SGX not available"); + return NULL; + } + + SGXEPCState *sgx_epc =3D &pcms->sgx_epc; + info =3D g_new0(SGXInfo, 1); + + info->sgx =3D true; + info->sgx1 =3D true; + info->sgx2 =3D true; + info->flc =3D true; + info->section_size =3D sgx_epc->size; + + return info; +} =20 int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size) { diff --git a/include/hw/i386/sgx.h b/include/hw/i386/sgx.h new file mode 100644 index 0000000000..2bf90b3f4f --- /dev/null +++ b/include/hw/i386/sgx.h @@ -0,0 +1,11 @@ +#ifndef QEMU_SGX_H +#define QEMU_SGX_H + +#include "qom/object.h" +#include "qapi/error.h" +#include "qemu/error-report.h" +#include "qapi/qapi-types-misc-target.h" + +SGXInfo *sgx_get_info(Error **errp); + +#endif diff --git a/include/monitor/hmp-target.h b/include/monitor/hmp-target.h index 60fc92722a..dc53add7ee 100644 --- a/include/monitor/hmp-target.h +++ b/include/monitor/hmp-target.h @@ -49,5 +49,6 @@ void hmp_info_tlb(Monitor *mon, const QDict *qdict); void hmp_mce(Monitor *mon, const QDict *qdict); void hmp_info_local_apic(Monitor *mon, const QDict *qdict); void hmp_info_io_apic(Monitor *mon, const QDict *qdict); +void hmp_info_sgx(Monitor *mon, const QDict *qdict); =20 #endif /* MONITOR_HMP_TARGET_H */ diff --git a/qapi/misc-target.json b/qapi/misc-target.json index 3b05ad3dbf..e2a347cc23 100644 --- a/qapi/misc-target.json +++ b/qapi/misc-target.json @@ -333,3 +333,46 @@ { 'command': 'query-sev-attestation-report', 'data': { 'mnonce': 'str' }, 'returns': 'SevAttestationReport', 'if': 'TARGET_I386' } + +## +# @SGXInfo: +# +# Information about intel Safe Guard eXtension (SGX) support +# +# @sgx: true if SGX is supported +# +# @sgx1: true if SGX1 is supported +# +# @sgx2: true if SGX2 is supported +# +# @flc: true if FLC is supported +# +# @section-size: The EPC section size for guest +# +# Since: 6.2 +## +{ 'struct': 'SGXInfo', + 'data': { 'sgx': 'bool', + 'sgx1': 'bool', + 'sgx2': 'bool', + 'flc': 'bool', + 'section-size': 'uint64'}, + 'if': 'TARGET_I386' } + +## +# @query-sgx: +# +# Returns information about SGX +# +# Returns: @SGXInfo +# +# Since: 6.2 +# +# Example: +# +# -> { "execute": "query-sgx" } +# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, +# "flc": true, "section-size" : 0 } } +# +## +{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } diff --git a/target/i386/monitor.c b/target/i386/monitor.c index 119211f0b0..d7384ba348 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -35,6 +35,7 @@ #include "qapi/qapi-commands-misc-target.h" #include "qapi/qapi-commands-misc.h" #include "hw/i386/pc.h" +#include "hw/i386/sgx.h" =20 /* Perform linear address sign extension */ static hwaddr addr_canonical(CPUArchState *env, hwaddr addr) @@ -763,3 +764,29 @@ qmp_query_sev_attestation_report(const char *mnonce, E= rror **errp) { return sev_get_attestation_report(mnonce, errp); } + +SGXInfo *qmp_query_sgx(Error **errp) +{ + return sgx_get_info(errp); +} + +void hmp_info_sgx(Monitor *mon, const QDict *qdict) +{ + Error *err =3D NULL; + g_autoptr(SGXInfo) info =3D qmp_query_sgx(&err); + + if (err) { + error_report_err(err); + return; + } + monitor_printf(mon, "SGX support: %s\n", + info->sgx ? "enabled" : "disabled"); + monitor_printf(mon, "SGX1 support: %s\n", + info->sgx1 ? "enabled" : "disabled"); + monitor_printf(mon, "SGX2 support: %s\n", + info->sgx2 ? "enabled" : "disabled"); + monitor_printf(mon, "FLC support: %s\n", + info->flc ? "enabled" : "disabled"); + monitor_printf(mon, "size: %" PRIu64 "\n", + info->section_size); +} diff --git a/tests/qtest/qmp-cmd-test.c b/tests/qtest/qmp-cmd-test.c index c98b78d033..b75f3364f3 100644 --- a/tests/qtest/qmp-cmd-test.c +++ b/tests/qtest/qmp-cmd-test.c @@ -100,6 +100,7 @@ static bool query_is_ignored(const char *cmd) /* Success depends on Host or Hypervisor SEV support */ "query-sev", "query-sev-capabilities", + "query-sgx", NULL }; int i; --=20 2.31.1 From nobody Mon Feb 9 09:00:08 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1632483919243784.8545806430891; Fri, 24 Sep 2021 04:45:19 -0700 (PDT) Received: from localhost ([::1]:43684 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTjdm-0004H3-6A for importer@patchew.org; Fri, 24 Sep 2021 07:45:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34656) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTjKh-00088g-MY for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:36 -0400 Received: from mail-ed1-x52a.google.com ([2a00:1450:4864:20::52a]:44558) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTjKf-0000en-KY for qemu-devel@nongnu.org; Fri, 24 Sep 2021 07:25:35 -0400 Received: by mail-ed1-x52a.google.com with SMTP id v22so34026531edd.11 for ; Fri, 24 Sep 2021 04:25:33 -0700 (PDT) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t14sm4886961ejf.24.2021.09.24.04.25.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Sep 2021 04:25:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ohYcK/h+3ibYka7ysojEKUGWGgYiFqj771QZXpbZi94=; b=IGqp4D47WwGrOt20FufGptO0Kd41pARs50S2x1RSL/Z7z1Lkl731ldPnUQ+ECW02A7 NEJnacEoHjYZkGFOD+4MH5SQwpPI07V/Ol7F+cT39QuEJakfEUTd6PbgdJZIYKX7midp GC/XjcwR10mNH/CsUXY3+ckYXxAD2SHXes1jy0mjb9q9BkdWE8g86cwzQgRAf+F5qBvr ShWv1esqT/xOnHo6AzsC3LlXgAcLipoug7WRHs3dM8zmSaWHMcBJkF35IB2MenWPaDOb Au9/LIWE8kE1LPp7OgLyk0e0YLm6d+8pKqcfL3RRdxkgi5Grtn1SWwHtcMtcJJvL5v3Z Lv7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=ohYcK/h+3ibYka7ysojEKUGWGgYiFqj771QZXpbZi94=; b=wZQKf6xxiBMKPq+ioTs2oZ8I+kKrABQ4o/FhWO+zi3Gp2Pgrbsv3Zau73qbIvECxwi zDERWWWhgXDoAmJdBUH3AeHQs24e5pP7y/60PrhTD6B5d2qVXEIVnHvGVlftDw798tRT SGL7MrtHbrDJA0vX5QKKF7HWhPewPAE5n0SbifhbLrkqQej+SV9bXnNmOPb+ToCHLNsP KWqvux0F+bD8hNvMfy6SOJdBmnccULiUFs5g0JIZyxXU/cZxq1/ggEDQXhDdEfJkGXRL IJPBoqPib2nnIcU+QRaNsgElp5U+O3pjVmQBPgMZEpY2N95/+fM/L2dvpZ8szjBdVUbW W+Sg== X-Gm-Message-State: AOAM532Vw8n7KE37VE46XzNEtDaqwp5m1cDc6CzHuuO8F8IUePyWgu7L jMeMHE5vOWG3boMDHLXSv6klCs9mTuc= X-Google-Smtp-Source: ABdhPJw/n4QTUIAg40F6PhcipIRERVjVxwZGB2umhTnWwC5hMftWA0QnAiVRIqkgGnJIpdiPl0Nn/w== X-Received: by 2002:a17:906:a08d:: with SMTP id q13mr10528349ejy.465.1632482732263; Fri, 24 Sep 2021 04:25:32 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v5 26/26] target/i386: Add the query-sgx-capabilities QMP command Date: Fri, 24 Sep 2021 13:25:09 +0200 Message-Id: <20210924112509.25061-27-pbonzini@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924112509.25061-1-pbonzini@redhat.com> References: <20210924112509.25061-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::52a; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x52a.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yang.zhong@intel.com, philmd@redhat.com, eblake@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1632483920854100001 Content-Type: text/plain; charset="utf-8" From: Yang Zhong Libvirt can use query-sgx-capabilities to get the host sgx capabilities to decide how to allocate SGX EPC size to VM. Signed-off-by: Yang Zhong Message-Id: <20210910102258.46648-3-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini --- hw/i386/sgx-stub.c | 6 ++++ hw/i386/sgx.c | 66 ++++++++++++++++++++++++++++++++++++++ include/hw/i386/sgx.h | 1 + qapi/misc-target.json | 18 +++++++++++ target/i386/monitor.c | 5 +++ tests/qtest/qmp-cmd-test.c | 1 + 6 files changed, 97 insertions(+) diff --git a/hw/i386/sgx-stub.c b/hw/i386/sgx-stub.c index 485e16ecc1..3be9f5ca32 100644 --- a/hw/i386/sgx-stub.c +++ b/hw/i386/sgx-stub.c @@ -9,6 +9,12 @@ SGXInfo *sgx_get_info(Error **errp) return NULL; } =20 +SGXInfo *sgx_get_capabilities(Error **errp) +{ + error_setg(errp, "SGX support is not compiled in"); + return NULL; +} + void pc_machine_init_sgx_epc(PCMachineState *pcms) { memset(&pcms->sgx_epc, 0, sizeof(SGXEPCState)); diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c index ea75398575..e481e9358f 100644 --- a/hw/i386/sgx.c +++ b/hw/i386/sgx.c @@ -18,6 +18,72 @@ #include "qapi/error.h" #include "exec/address-spaces.h" #include "hw/i386/sgx.h" +#include "sysemu/hw_accel.h" + +#define SGX_MAX_EPC_SECTIONS 8 +#define SGX_CPUID_EPC_INVALID 0x0 + +/* A valid EPC section. */ +#define SGX_CPUID_EPC_SECTION 0x1 +#define SGX_CPUID_EPC_MASK 0xF + +static uint64_t sgx_calc_section_metric(uint64_t low, uint64_t high) +{ + return (low & MAKE_64BIT_MASK(12, 20)) + + ((high & MAKE_64BIT_MASK(0, 20)) << 32); +} + +static uint64_t sgx_calc_host_epc_section_size(void) +{ + uint32_t i, type; + uint32_t eax, ebx, ecx, edx; + uint64_t size =3D 0; + + for (i =3D 0; i < SGX_MAX_EPC_SECTIONS; i++) { + host_cpuid(0x12, i + 2, &eax, &ebx, &ecx, &edx); + + type =3D eax & SGX_CPUID_EPC_MASK; + if (type =3D=3D SGX_CPUID_EPC_INVALID) { + break; + } + + if (type !=3D SGX_CPUID_EPC_SECTION) { + break; + } + + size +=3D sgx_calc_section_metric(ecx, edx); + } + + return size; +} + +SGXInfo *sgx_get_capabilities(Error **errp) +{ + SGXInfo *info =3D NULL; + uint32_t eax, ebx, ecx, edx; + + int fd =3D qemu_open_old("/dev/sgx_vepc", O_RDWR); + if (fd < 0) { + error_setg(errp, "SGX is not enabled in KVM"); + return NULL; + } + + info =3D g_new0(SGXInfo, 1); + host_cpuid(0x7, 0, &eax, &ebx, &ecx, &edx); + + info->sgx =3D ebx & (1U << 2) ? true : false; + info->flc =3D ecx & (1U << 30) ? true : false; + + host_cpuid(0x12, 0, &eax, &ebx, &ecx, &edx); + info->sgx1 =3D eax & (1U << 0) ? true : false; + info->sgx2 =3D eax & (1U << 1) ? true : false; + + info->section_size =3D sgx_calc_host_epc_section_size(); + + close(fd); + + return info; +} =20 SGXInfo *sgx_get_info(Error **errp) { diff --git a/include/hw/i386/sgx.h b/include/hw/i386/sgx.h index 2bf90b3f4f..16fc25725c 100644 --- a/include/hw/i386/sgx.h +++ b/include/hw/i386/sgx.h @@ -7,5 +7,6 @@ #include "qapi/qapi-types-misc-target.h" =20 SGXInfo *sgx_get_info(Error **errp); +SGXInfo *sgx_get_capabilities(Error **errp); =20 #endif diff --git a/qapi/misc-target.json b/qapi/misc-target.json index e2a347cc23..594fbd1577 100644 --- a/qapi/misc-target.json +++ b/qapi/misc-target.json @@ -376,3 +376,21 @@ # ## { 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } + +## +# @query-sgx-capabilities: +# +# Returns information from host SGX capabilities +# +# Returns: @SGXInfo +# +# Since: 6.2 +# +# Example: +# +# -> { "execute": "query-sgx-capabilities" } +# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, +# "flc": true, "section-size" : 0 } } +# +## +{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET= _I386' } diff --git a/target/i386/monitor.c b/target/i386/monitor.c index d7384ba348..196c1c9e77 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -790,3 +790,8 @@ void hmp_info_sgx(Monitor *mon, const QDict *qdict) monitor_printf(mon, "size: %" PRIu64 "\n", info->section_size); } + +SGXInfo *qmp_query_sgx_capabilities(Error **errp) +{ + return sgx_get_capabilities(errp); +} diff --git a/tests/qtest/qmp-cmd-test.c b/tests/qtest/qmp-cmd-test.c index b75f3364f3..1af2f74c28 100644 --- a/tests/qtest/qmp-cmd-test.c +++ b/tests/qtest/qmp-cmd-test.c @@ -101,6 +101,7 @@ static bool query_is_ignored(const char *cmd) "query-sev", "query-sev-capabilities", "query-sgx", + "query-sgx-capabilities", NULL }; int i; --=20 2.31.1