[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 11/33] i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs
From: |
Paolo Bonzini |
Subject: |
[PULL 11/33] i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs |
Date: |
Tue, 28 Sep 2021 14:50:54 +0200 |
From: Sean Christopherson <sean.j.christopherson@intel.com>
On real hardware, on systems that supports SGX Launch Control, those
MSRs are initialized to digest of Intel's signing key; on systems that
don't support SGX Launch Control, those MSRs are not available but
hardware always uses digest of Intel's signing key in EINIT.
KVM advertises SGX LC via CPUID if and only if the MSRs are writable.
Unconditionally initialize those MSRs to digest of Intel's signing key
when CPU is realized and reset to reflect the fact. This avoids
potential bug in case kvm_arch_put_registers() is called before
kvm_arch_get_registers() is called, in which case guest's virtual
SGX_LEPUBKEYHASH MSRs will be set to 0, although KVM initializes those
to digest of Intel's signing key by default, since KVM allows those MSRs
to be updated by Qemu to support live migration.
Save/restore the SGX Launch Enclave Public Key Hash MSRs if SGX Launch
Control (LC) is exposed to the guest. Likewise, migrate the MSRs if they
are writable by the guest.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-11-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 16 +++++++++++++++-
target/i386/cpu.h | 1 +
target/i386/kvm/kvm.c | 22 ++++++++++++++++++++++
target/i386/machine.c | 20 ++++++++++++++++++++
4 files changed, 58 insertions(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index e9ecbf59e5..af6cd73eed 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5700,6 +5700,17 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,
uint32_t count,
}
}
+static void x86_cpu_set_sgxlepubkeyhash(CPUX86State *env)
+{
+#ifndef CONFIG_USER_ONLY
+ /* Those default values are defined in Skylake HW */
+ env->msr_ia32_sgxlepubkeyhash[0] = 0xa6053e051270b7acULL;
+ env->msr_ia32_sgxlepubkeyhash[1] = 0x6cfbe8ba8b3b413dULL;
+ env->msr_ia32_sgxlepubkeyhash[2] = 0xc4916d99f2b3735dULL;
+ env->msr_ia32_sgxlepubkeyhash[3] = 0xd4f8c05909f9bb3bULL;
+#endif
+}
+
static void x86_cpu_reset(DeviceState *dev)
{
CPUState *s = CPU(dev);
@@ -5832,6 +5843,8 @@ static void x86_cpu_reset(DeviceState *dev)
if (kvm_enabled()) {
kvm_arch_reset_vcpu(cpu);
}
+
+ x86_cpu_set_sgxlepubkeyhash(env);
#endif
}
@@ -6214,6 +6227,8 @@ static void x86_cpu_realizefn(DeviceState *dev, Error
**errp)
& CPUID_EXT2_AMD_ALIASES);
}
+ x86_cpu_set_sgxlepubkeyhash(env);
+
/*
* note: the call to the framework needs to happen after feature expansion,
* but before the checks/modifications to ucode_rev, mwait, phys_bits.
@@ -6901,7 +6916,6 @@ static const TypeInfo x86_cpu_type_info = {
.class_init = x86_cpu_common_class_init,
};
-
/* "base" CPU model, used by query-cpu-model-expansion */
static void x86_cpu_base_class_init(ObjectClass *oc, void *data)
{
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 85a9eeeb2b..29552dc2a7 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1516,6 +1516,7 @@ typedef struct CPUX86State {
uint64_t mcg_status;
uint64_t msr_ia32_misc_enable;
uint64_t msr_ia32_feature_control;
+ uint64_t msr_ia32_sgxlepubkeyhash[4];
uint64_t msr_fixed_ctr_ctrl;
uint64_t msr_global_ctrl;
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 500d2e0e68..11551648f9 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -3107,6 +3107,17 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
}
}
+ if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC) {
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH0,
+ env->msr_ia32_sgxlepubkeyhash[0]);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH1,
+ env->msr_ia32_sgxlepubkeyhash[1]);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH2,
+ env->msr_ia32_sgxlepubkeyhash[2]);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH3,
+ env->msr_ia32_sgxlepubkeyhash[3]);
+ }
+
/* Note: MSR_IA32_FEATURE_CONTROL is written separately, see
* kvm_put_msr_feature_control. */
}
@@ -3446,6 +3457,13 @@ static int kvm_get_msrs(X86CPU *cpu)
}
}
+ if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC) {
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH0, 0);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH1, 0);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH2, 0);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH3, 0);
+ }
+
ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_MSRS, cpu->kvm_msr_buf);
if (ret < 0) {
return ret;
@@ -3735,6 +3753,10 @@ static int kvm_get_msrs(X86CPU *cpu)
case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B:
env->msr_rtit_addrs[index - MSR_IA32_RTIT_ADDR0_A] = msrs[i].data;
break;
+ case MSR_IA32_SGXLEPUBKEYHASH0 ... MSR_IA32_SGXLEPUBKEYHASH3:
+ env->msr_ia32_sgxlepubkeyhash[index - MSR_IA32_SGXLEPUBKEYHASH0] =
+ msrs[i].data;
+ break;
}
}
diff --git a/target/i386/machine.c b/target/i386/machine.c
index b0943118d1..4367931623 100644
--- a/target/i386/machine.c
+++ b/target/i386/machine.c
@@ -1415,6 +1415,25 @@ static const VMStateDescription vmstate_msr_tsx_ctrl = {
}
};
+static bool intel_sgx_msrs_needed(void *opaque)
+{
+ X86CPU *cpu = opaque;
+ CPUX86State *env = &cpu->env;
+
+ return !!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC);
+}
+
+static const VMStateDescription vmstate_msr_intel_sgx = {
+ .name = "cpu/intel_sgx",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = intel_sgx_msrs_needed,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64_ARRAY(env.msr_ia32_sgxlepubkeyhash, X86CPU, 4),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
const VMStateDescription vmstate_x86_cpu = {
.name = "cpu",
.version_id = 12,
@@ -1551,6 +1570,7 @@ const VMStateDescription vmstate_x86_cpu = {
&vmstate_nested_state,
#endif
&vmstate_msr_tsx_ctrl,
+ &vmstate_msr_intel_sgx,
NULL
}
};
--
2.31.1
- [PULL 04/33] qom: Add memory-backend-epc ObjectOptions support, (continued)
- [PULL 04/33] qom: Add memory-backend-epc ObjectOptions support, Paolo Bonzini, 2021/09/28
- [PULL 08/33] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX, Paolo Bonzini, 2021/09/28
- [PULL 06/33] vl: Add sgx compound properties to expose SGX EPC sections to guest, Paolo Bonzini, 2021/09/28
- [PULL 07/33] i386: Add primary SGX CPUID and MSR defines, Paolo Bonzini, 2021/09/28
- [PULL 01/33] memory: Add RAM_PROTECTED flag to skip IOMMU mappings, Paolo Bonzini, 2021/09/28
- [PULL 09/33] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EBX, Paolo Bonzini, 2021/09/28
- [PULL 14/33] i386: kvm: Add support for exposing PROVISIONKEY to guest, Paolo Bonzini, 2021/09/28
- [PULL 10/33] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX, Paolo Bonzini, 2021/09/28
- [PULL 12/33] i386: Add feature control MSR dependency when SGX is enabled, Paolo Bonzini, 2021/09/28
- [PULL 13/33] i386: Update SGX CPUID info according to hardware/KVM/user input, Paolo Bonzini, 2021/09/28
- [PULL 11/33] i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs,
Paolo Bonzini <=
- [PULL 16/33] Adjust min CPUID level to 0x12 when SGX is enabled, Paolo Bonzini, 2021/09/28
- [PULL 22/33] i440fx: Add support for SGX EPC, Paolo Bonzini, 2021/09/28
- [PULL 26/33] target/i386: Add the query-sgx-capabilities QMP command, Paolo Bonzini, 2021/09/28
- [PULL 31/33] memory: Add tracepoint for dirty sync, Paolo Bonzini, 2021/09/28
- [PULL 28/33] tests: qtest: bios-tables-test depends on the unpacked edk2 ROMs, Paolo Bonzini, 2021/09/28
- [PULL 33/33] meson_options.txt: Switch the default value for the vnc option to 'auto', Paolo Bonzini, 2021/09/28
- [PULL 02/33] Kconfig: Add CONFIG_SGX support, Paolo Bonzini, 2021/09/28
- [PULL 05/33] i386: Add 'sgx-epc' device to expose EPC sections to guest, Paolo Bonzini, 2021/09/28
- [PULL 15/33] i386: Propagate SGX CPUID sub-leafs to KVM, Paolo Bonzini, 2021/09/28
- [PULL 18/33] hw/i386/pc: Account for SGX EPC sections when calculating device memory, Paolo Bonzini, 2021/09/28