|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v2 17/17] xen: tools: add SGX to applying MSR policy
In libxc, a new function 'xc_msr_sgx_set' is added, this function will
apply SGX related MSR policy to the target domain. This function takes
the value of 'lewr' and 'lehash*' in 'libxl_sgx_buildinfo', and set
the proper MSRs in all vcpus via 'XEN_DOMCTL_set_vcpu_msrs' hypercall.
If the physical IA32_SGXLEPUBKEYHASHn MSRs are writable:
* Domain's IA32_FEATURE_CONTROL_SGX_LE_WR bit depends on 'lwer'(default
false)
* If 'lehash' is unset, do nothing, as we already set the proper value
in sgx_domain_msr_init().
* If 'lehash' is set, set the domain's virtual IA32_SGXLEPUBKEYHASHn
with its value, and later on the vcpu's virtual IA32_SGXLEPUBKEYHASHn
will be set with the same value.
If the physical IA32_SGXLEPUBKEYHASHn MSRs are not writable, using
'lehash' or 'lewr' parameter results in domain creation failure.
Signed-off-by: Boqun Feng <boqun.feng@xxxxxxxxx>
---
tools/libxc/Makefile | 1 +
tools/libxc/include/xenctrl.h | 2 ++
tools/libxc/xc_msr_x86.h | 10 ++++++
tools/libxc/xc_sgx.c | 82 +++++++++++++++++++++++++++++++++++++++++++
tools/libxl/libxl_dom.c | 29 +++++++++++++++
tools/xl/xl_parse.c | 10 ++++++
6 files changed, 134 insertions(+)
create mode 100644 tools/libxc/xc_sgx.c
diff --git a/tools/libxc/Makefile b/tools/libxc/Makefile
index 9a019e8dfed5..428430a15c40 100644
--- a/tools/libxc/Makefile
+++ b/tools/libxc/Makefile
@@ -41,6 +41,7 @@ CTRL_SRCS-y += xc_foreign_memory.c
CTRL_SRCS-y += xc_kexec.c
CTRL_SRCS-y += xc_resource.c
CTRL_SRCS-$(CONFIG_X86) += xc_psr.c
+CTRL_SRCS-$(CONFIG_X86) += xc_sgx.c
CTRL_SRCS-$(CONFIG_X86) += xc_pagetab.c
CTRL_SRCS-$(CONFIG_Linux) += xc_linux.c
CTRL_SRCS-$(CONFIG_FreeBSD) += xc_freebsd.c
diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
index ad4429ca5ffd..abc9f711141a 100644
--- a/tools/libxc/include/xenctrl.h
+++ b/tools/libxc/include/xenctrl.h
@@ -1855,6 +1855,8 @@ void xc_cpuid_to_str(const unsigned int *regs,
int xc_mca_op(xc_interface *xch, struct xen_mc *mc);
int xc_mca_op_inject_v2(xc_interface *xch, unsigned int flags,
xc_cpumap_t cpumap, unsigned int nr_cpus);
+int xc_msr_sgx_set(xc_interface *xch, uint32_t domid, bool lewr,
+ uint64_t *lehash, int max_vcpu);
#endif
struct xc_px_val {
diff --git a/tools/libxc/xc_msr_x86.h b/tools/libxc/xc_msr_x86.h
index 7f100e71a7a1..54eaa4de8945 100644
--- a/tools/libxc/xc_msr_x86.h
+++ b/tools/libxc/xc_msr_x86.h
@@ -24,6 +24,16 @@
#define MSR_IA32_CMT_EVTSEL 0x00000c8d
#define MSR_IA32_CMT_CTR 0x00000c8e
+#define MSR_IA32_FEATURE_CONTROL 0x0000003a
+#define IA32_FEATURE_CONTROL_LOCK 0x0001
+#define IA32_FEATURE_CONTROL_SGX_ENABLE 0x40000
+#define IA32_FEATURE_CONTROL_SGX_LE_WR 0x20000
+
+#define MSR_IA32_SGXLEPUBKEYHASH0 0x0000008c
+#define MSR_IA32_SGXLEPUBKEYHASH1 0x0000008d
+#define MSR_IA32_SGXLEPUBKEYHASH2 0x0000008e
+#define MSR_IA32_SGXLEPUBKEYHASH3 0x0000008f
+
#endif
/*
diff --git a/tools/libxc/xc_sgx.c b/tools/libxc/xc_sgx.c
new file mode 100644
index 000000000000..8f97ca0042e0
--- /dev/null
+++ b/tools/libxc/xc_sgx.c
@@ -0,0 +1,82 @@
+/*
+ * xc_sgx.c
+ *
+ * SGX related MSR setup
+ *
+ * Copyright (C) 2017 Intel Corporation
+ * Author Boqun Feng <boqun.feng@xxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation; version 2.1 only. with the special
+ * exception on linking described in file LICENSE.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ */
+
+#include <assert.h>
+#include "xc_private.h"
+#include "xc_msr_x86.h"
+
+int xc_msr_sgx_set(xc_interface *xch, uint32_t domid, bool lewr,
+ uint64_t *lehash, int max_vcpu)
+{
+ int rc, i, nr_msrs;
+ DECLARE_DOMCTL;
+ xen_domctl_vcpu_msr_t sgx_msrs[5];
+ DECLARE_HYPERCALL_BUFFER(void, buffer);
+
+ if ( !lehash && !lewr )
+ return 0;
+
+ sgx_msrs[0].index = MSR_IA32_FEATURE_CONTROL;
+ sgx_msrs[0].reserved = 0;
+ sgx_msrs[0].value = IA32_FEATURE_CONTROL_LOCK |
+ IA32_FEATURE_CONTROL_SGX_ENABLE |
+ (lewr ? IA32_FEATURE_CONTROL_SGX_LE_WR : 0);
+
+ if ( !lehash )
+ nr_msrs = 1;
+ else
+ {
+ nr_msrs = 5;
+
+ for ( i = 0; i < 4; i++ )
+ {
+ sgx_msrs[i+1].index = MSR_IA32_SGXLEPUBKEYHASH0 + i;
+ sgx_msrs[i+1].reserved = 0;
+ sgx_msrs[i+1].value = lehash[i];
+ }
+ }
+
+ buffer = xc_hypercall_buffer_alloc(xch, buffer,
+ nr_msrs *
sizeof(xen_domctl_vcpu_msr_t));
+ if ( !buffer )
+ {
+ ERROR("Unable to allocate %zu bytes for msr hypercall buffer",
+ 5 * sizeof(xen_domctl_vcpu_msr_t));
+ return -1;
+ }
+
+ domctl.cmd = XEN_DOMCTL_set_vcpu_msrs;
+ domctl.domain = domid;
+ domctl.u.vcpu_msrs.msr_count = nr_msrs;
+ set_xen_guest_handle(domctl.u.vcpu_msrs.msrs, buffer);
+
+ memcpy(buffer, sgx_msrs, nr_msrs * sizeof(xen_domctl_vcpu_msr_t));
+
+ for ( i = 0; i < max_vcpu; i++ ) {
+ domctl.u.vcpu_msrs.vcpu = i;
+ rc = xc_domctl(xch, &domctl);
+
+ if (rc)
+ break;
+ }
+
+ xc_hypercall_buffer_free(xch, buffer);
+
+ return rc;
+}
diff --git a/tools/libxl/libxl_dom.c b/tools/libxl/libxl_dom.c
index ac38ad65dd19..d5e33f8940ba 100644
--- a/tools/libxl/libxl_dom.c
+++ b/tools/libxl/libxl_dom.c
@@ -358,6 +358,35 @@ int libxl__build_pre(libxl__gc *gc, uint32_t domid,
return ERROR_FAIL;
}
+ if (info->type == LIBXL_DOMAIN_TYPE_HVM)
+ {
+ uint64_t lehash[4];
+
+ if ( !info->u.hvm.sgx.lehash0 && !info->u.hvm.sgx.lehash1 &&
+ !info->u.hvm.sgx.lehash2 && !info->u.hvm.sgx.lehash3 )
+ {
+ rc = xc_msr_sgx_set(ctx->xch, domid,
+ libxl_defbool_val(info->u.hvm.sgx.lewr),
+ NULL, info->max_vcpus);
+ }
+ else
+ {
+ lehash[0] = info->u.hvm.sgx.lehash0;
+ lehash[1] = info->u.hvm.sgx.lehash1;
+ lehash[2] = info->u.hvm.sgx.lehash2;
+ lehash[3] = info->u.hvm.sgx.lehash3;
+
+ rc = xc_msr_sgx_set(ctx->xch, domid,
+ libxl_defbool_val(info->u.hvm.sgx.lewr),
+ lehash, info->max_vcpus);
+ }
+
+ if (rc) {
+ LOG(ERROR, "Unable to set SGX related MSRs (%d)", rc);
+ return ERROR_FAIL;
+ }
+ }
+
if (xc_domain_set_gnttab_limits(ctx->xch, domid, info->max_grant_frames,
info->max_maptrack_frames) != 0) {
LOG(ERROR, "Couldn't set grant table limits");
diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c
index e96612bc71f3..211ee832ca31 100644
--- a/tools/xl/xl_parse.c
+++ b/tools/xl/xl_parse.c
@@ -828,6 +828,16 @@ int parse_sgx_config(libxl_sgx_buildinfo *sgx, char *token)
fprintf(stderr, "'lehash=<...>' requires 256bit SHA256 hash\n");
return 1;
}
+
+ /*
+ * 'lehash' is a hex string of 32 bytes in little-endian, i.e. the
+ * leftmost byte is the least significant byte.
+ *
+ * We convert the hex string 8 bytes(64 bit) a time to uint64 via
+ * strtoull(). And strtoull() treats the string as big-endian,
+ * therefore we need to swap the value afterwards to get the correct
+ * value.
+ */
char buf[17];
--
2.15.0
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |