| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 3 Nov 2018 01:11:13 +0200
From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To: x86@...nel.org, platform-driver-x86@...r.kernel.org,
linux-sgx@...r.kernel.org
Cc: dave.hansen@...el.com, sean.j.christopherson@...el.com,
nhorman@...hat.com, npmccallum@...hat.com, serge.ayoun@...el.com,
shay.katz-zamir@...el.com, haitao.huang@...el.com,
mark.shanahan@...el.com, andriy.shevchenko@...ux.intel.com,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
David Woodhouse <dwmw@...zon.co.uk>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
David Wang <davidwang@...oxin.com>,
"Levin, Alexander (Sasha Levin)" <alexander.levin@...izon.com>,
Jia Zhang <qianyue.zj@...baba-inc.com>,
linux-kernel@...r.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND
64-BIT))
Subject: [PATCH v15 14/23] x86/cpu/intel: Clear SGX_LC capability if not enabled in FEATURE_CONTROL
From: Sean Christopherson <sean.j.christopherson@...el.com>
Like SGX itself, SGX Launch Control must be explicitly enabled via a
flag in IA32_FEATURE_CONTROL. Clear the SGX_LC capability if Launch
Control is not fully enabled (or obviously if SGX itself is disabled).
Note that clearing X86_FEATURE_SGX_LC creates a bit of a conundrum
regarding the SGXLEPUBKEYHASH MSRs, as it may be desirable to read the
MSRs even if they are not writable, e.g. to query the configured key,
but clearing the capability leaves no breadcrum for discerning whether
or not the MSRs exist. But, such usage will be rare (KVM is the only
known case at this time) and not performance critical, so it's not
unreasonable to require the use of rdmsr_safe(). Clearing the cap bit
eliminates the need for an additional flag to track whether or not
Launch Control is truly enabled, which is what we care about the vast
majority of the time.
Signed-off-by: Sean Christopherson <sean.j.christopherson@...el.com>
---
arch/x86/kernel/cpu/intel.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 9bf8fe2c04ac..bc52c52f7025 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -618,6 +618,8 @@ static void detect_sgx(struct cpuinfo_x86 *c)
setup_clear_cpu_cap(X86_FEATURE_SGX1);
setup_clear_cpu_cap(X86_FEATURE_SGX2);
}
+ if (unsupported || !(fc & FEATURE_CONTROL_SGX_LE_WR))
+ setup_clear_cpu_cap(X86_FEATURE_SGX_LC);
}
static void init_intel_energy_perf(struct cpuinfo_x86 *c)
--
2.19.1
Powered by blists - more mailing lists