github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-07-18 01:12:21 +00:00
Code Issues Projects Releases Wiki Activity

hv: vmsr: present sgx related msr to guest

Browse Source 
Present SGX related MSRs to guest if SGX is supported.

- MSR_IA32_SGXLEPUBKEYHASH0 ~ MSR_IA32_SGXLEPUBKEYHASH3:
  SGX Launch Control is not supported, so these MSRs are read only.
- MSR_IA32_SGX_SVN_STATUS:
  read only
- MSR_IA32_FEATURE_CONTROL:
  If SGX is support in VM, opt-in SGX in this MSR.
- MSR_SGXOWNEREPOCH0 ~ MSR_SGXOWNEREPOCH1:
  The two MSRs' scope is package level, not allow guest to change them.
  Still leave them in unsupported_msrs array.

Tracked-On: #3179
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit is contained in:
Binbin Wu 2019-05-22 15:34:41 +08:00 committed by ACRN System Integration
parent 1724996bc5
commit 7a915dc397
2 changed files with 32 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
hypervisor/arch/x86/guest/vmsr.c
View File

@ -13,6 +13,7 @@
#include <vm.h> #include <vm.h>
#include <vmcs.h> #include <vmcs.h>
#include <vmx.h> #include <vmx.h>
#include <sgx.h>
#include <guest_pm.h> #include <guest_pm.h>
#include <ucode.h> #include <ucode.h>
#include <trace.h> #include <trace.h>
@ -49,6 +50,14 @@ static const uint32_t emulated_guest_msrs[NUM_GUEST_MSRS] = {
MSR_IA32_MCG_CAP, MSR_IA32_MCG_CAP,
MSR_IA32_MCG_STATUS, MSR_IA32_MCG_STATUS,
MSR_IA32_MISC_ENABLE, MSR_IA32_MISC_ENABLE,
/* Don't support SGX Launch Control yet, read only */
MSR_IA32_SGXLEPUBKEYHASH0,
MSR_IA32_SGXLEPUBKEYHASH1,
MSR_IA32_SGXLEPUBKEYHASH2,
MSR_IA32_SGXLEPUBKEYHASH3,
/* Read only */
MSR_IA32_SGX_SVN_STATUS,
}; };
#define NUM_MTRR_MSRS 13U #define NUM_MTRR_MSRS 13U
@ -69,7 +78,7 @@ static const uint32_t mtrr_msrs[NUM_MTRR_MSRS] = {
}; };
/* Following MSRs are intercepted, but it throws GPs for any guest accesses */ /* Following MSRs are intercepted, but it throws GPs for any guest accesses */
#define NUM_UNSUPPORTED_MSRS 104U #define NUM_UNSUPPORTED_MSRS 99U
static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = { static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = {
/* Variable MTRRs are not supported */ /* Variable MTRRs are not supported */
MSR_IA32_MTRR_PHYSBASE_0, MSR_IA32_MTRR_PHYSBASE_0,
@ -116,15 +125,6 @@ static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = {
MSR_IA32_VMX_TRUE_ENTRY_CTLS, MSR_IA32_VMX_TRUE_ENTRY_CTLS,
MSR_IA32_VMX_VMFUNC, MSR_IA32_VMX_VMFUNC,
/* SGX disabled: CPUID.12H.EAX[0], CPUID.07H.ECX[30] */
MSR_IA32_SGXLEPUBKEYHASH0,
MSR_IA32_SGXLEPUBKEYHASH1,
MSR_IA32_SGXLEPUBKEYHASH2,
MSR_IA32_SGXLEPUBKEYHASH3,
/* SGX disabled : CPUID.07H.EBX[2] */
MSR_IA32_SGX_SVN_STATUS,
/* MPX disabled: CPUID.07H.EBX[14] */ /* MPX disabled: CPUID.07H.EBX[14] */
MSR_IA32_BNDCFGS, MSR_IA32_BNDCFGS,
@ -399,6 +399,9 @@ int32_t rdmsr_vmexit_handler(struct acrn_vcpu *vcpu)
case MSR_IA32_FEATURE_CONTROL: case MSR_IA32_FEATURE_CONTROL:
{ {
v = MSR_IA32_FEATURE_CONTROL_LOCK; v = MSR_IA32_FEATURE_CONTROL_LOCK;
if (is_vsgx_supported(vcpu->vm->vm_id)) {
v |= MSR_IA32_FEATURE_CONTROL_SGX_GE;
}
break; break;
} }
case MSR_IA32_MCG_CAP: case MSR_IA32_MCG_CAP:
@ -412,6 +415,19 @@ int32_t rdmsr_vmexit_handler(struct acrn_vcpu *vcpu)
v = vcpu_get_guest_msr(vcpu, MSR_IA32_MISC_ENABLE); v = vcpu_get_guest_msr(vcpu, MSR_IA32_MISC_ENABLE);
break; break;
} }
case MSR_IA32_SGXLEPUBKEYHASH0:
case MSR_IA32_SGXLEPUBKEYHASH1:
case MSR_IA32_SGXLEPUBKEYHASH2:
case MSR_IA32_SGXLEPUBKEYHASH3:
case MSR_IA32_SGX_SVN_STATUS:
{
if (is_vsgx_supported(vcpu->vm->vm_id)) {
v = msr_read(msr);
} else {
err = -EACCES;
}
break;
}
default: default:
{ {
if (is_x2apic_msr(msr)) { if (is_x2apic_msr(msr)) {
@ -622,6 +638,11 @@ int32_t wrmsr_vmexit_handler(struct acrn_vcpu *vcpu)
case MSR_IA32_MCG_CAP: case MSR_IA32_MCG_CAP:
case MSR_IA32_MCG_STATUS: case MSR_IA32_MCG_STATUS:
case MSR_IA32_FEATURE_CONTROL: case MSR_IA32_FEATURE_CONTROL:
case MSR_IA32_SGXLEPUBKEYHASH0:
case MSR_IA32_SGXLEPUBKEYHASH1:
case MSR_IA32_SGXLEPUBKEYHASH2:
case MSR_IA32_SGXLEPUBKEYHASH3:
case MSR_IA32_SGX_SVN_STATUS:
{ {
err = -EACCES; err = -EACCES;
break; break;

2
hypervisor/include/arch/x86/guest/vcpu.h
View File

@ -259,7 +259,7 @@ struct ext_context {
#define SECURE_WORLD 1 #define SECURE_WORLD 1
#define NUM_WORLD_MSRS 2U #define NUM_WORLD_MSRS 2U
#define NUM_COMMON_MSRS 10U #define NUM_COMMON_MSRS 15U
#define NUM_GUEST_MSRS (NUM_WORLD_MSRS + NUM_COMMON_MSRS) #define NUM_GUEST_MSRS (NUM_WORLD_MSRS + NUM_COMMON_MSRS)
#define EOI_EXIT_BITMAP_SIZE 256U #define EOI_EXIT_BITMAP_SIZE 256U