[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v2 17/17] xen: tools: add SGX to applying MSR policy



In libxc, a new function 'xc_msr_sgx_set' is added, this function will
apply SGX related MSR policy to the target domain. This function takes
the value of 'lewr' and 'lehash*' in 'libxl_sgx_buildinfo', and set
the proper MSRs in all vcpus via 'XEN_DOMCTL_set_vcpu_msrs' hypercall.

If the physical IA32_SGXLEPUBKEYHASHn MSRs are writable:

* Domain's IA32_FEATURE_CONTROL_SGX_LE_WR bit depends on 'lwer'(default
  false)

* If 'lehash' is unset, do nothing, as we already set the proper value
  in sgx_domain_msr_init().

* If 'lehash' is set, set the domain's virtual IA32_SGXLEPUBKEYHASHn
  with its value, and later on the vcpu's virtual IA32_SGXLEPUBKEYHASHn
  will be set with the same value.

If the physical IA32_SGXLEPUBKEYHASHn MSRs are not writable, using
'lehash' or 'lewr' parameter results in domain creation failure.

Signed-off-by: Boqun Feng <boqun.feng@xxxxxxxxx>
---
 tools/libxc/Makefile          |  1 +
 tools/libxc/include/xenctrl.h |  2 ++
 tools/libxc/xc_msr_x86.h      | 10 ++++++
 tools/libxc/xc_sgx.c          | 82 +++++++++++++++++++++++++++++++++++++++++++
 tools/libxl/libxl_dom.c       | 29 +++++++++++++++
 tools/xl/xl_parse.c           | 10 ++++++
 6 files changed, 134 insertions(+)
 create mode 100644 tools/libxc/xc_sgx.c

diff --git a/tools/libxc/Makefile b/tools/libxc/Makefile
index 9a019e8dfed5..428430a15c40 100644
--- a/tools/libxc/Makefile
+++ b/tools/libxc/Makefile
@@ -41,6 +41,7 @@ CTRL_SRCS-y       += xc_foreign_memory.c
 CTRL_SRCS-y       += xc_kexec.c
 CTRL_SRCS-y       += xc_resource.c
 CTRL_SRCS-$(CONFIG_X86) += xc_psr.c
+CTRL_SRCS-$(CONFIG_X86) += xc_sgx.c
 CTRL_SRCS-$(CONFIG_X86) += xc_pagetab.c
 CTRL_SRCS-$(CONFIG_Linux) += xc_linux.c
 CTRL_SRCS-$(CONFIG_FreeBSD) += xc_freebsd.c
diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
index ad4429ca5ffd..abc9f711141a 100644
--- a/tools/libxc/include/xenctrl.h
+++ b/tools/libxc/include/xenctrl.h
@@ -1855,6 +1855,8 @@ void xc_cpuid_to_str(const unsigned int *regs,
 int xc_mca_op(xc_interface *xch, struct xen_mc *mc);
 int xc_mca_op_inject_v2(xc_interface *xch, unsigned int flags,
                         xc_cpumap_t cpumap, unsigned int nr_cpus);
+int xc_msr_sgx_set(xc_interface *xch, uint32_t domid, bool lewr,
+                   uint64_t *lehash, int max_vcpu);
 #endif
 
 struct xc_px_val {
diff --git a/tools/libxc/xc_msr_x86.h b/tools/libxc/xc_msr_x86.h
index 7f100e71a7a1..54eaa4de8945 100644
--- a/tools/libxc/xc_msr_x86.h
+++ b/tools/libxc/xc_msr_x86.h
@@ -24,6 +24,16 @@
 #define MSR_IA32_CMT_EVTSEL     0x00000c8d
 #define MSR_IA32_CMT_CTR        0x00000c8e
 
+#define MSR_IA32_FEATURE_CONTROL       0x0000003a
+#define IA32_FEATURE_CONTROL_LOCK                     0x0001
+#define IA32_FEATURE_CONTROL_SGX_ENABLE               0x40000
+#define IA32_FEATURE_CONTROL_SGX_LE_WR                0x20000
+
+#define MSR_IA32_SGXLEPUBKEYHASH0   0x0000008c
+#define MSR_IA32_SGXLEPUBKEYHASH1   0x0000008d
+#define MSR_IA32_SGXLEPUBKEYHASH2   0x0000008e
+#define MSR_IA32_SGXLEPUBKEYHASH3   0x0000008f
+
 #endif
 
 /*
diff --git a/tools/libxc/xc_sgx.c b/tools/libxc/xc_sgx.c
new file mode 100644
index 000000000000..8f97ca0042e0
--- /dev/null
+++ b/tools/libxc/xc_sgx.c
@@ -0,0 +1,82 @@
+/*
+ * xc_sgx.c
+ *
+ * SGX related MSR setup
+ *
+ * Copyright (C) 2017      Intel Corporation
+ * Author Boqun Feng <boqun.feng@xxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation; version 2.1 only. with the special
+ * exception on linking described in file LICENSE.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ */
+
+#include <assert.h>
+#include "xc_private.h"
+#include "xc_msr_x86.h"
+
+int xc_msr_sgx_set(xc_interface *xch, uint32_t domid, bool lewr,
+                   uint64_t *lehash, int max_vcpu)
+{
+    int rc, i, nr_msrs;
+    DECLARE_DOMCTL;
+    xen_domctl_vcpu_msr_t sgx_msrs[5];
+    DECLARE_HYPERCALL_BUFFER(void, buffer);
+
+    if ( !lehash && !lewr )
+        return 0;
+
+    sgx_msrs[0].index = MSR_IA32_FEATURE_CONTROL;
+    sgx_msrs[0].reserved = 0;
+    sgx_msrs[0].value = IA32_FEATURE_CONTROL_LOCK |
+                        IA32_FEATURE_CONTROL_SGX_ENABLE |
+                        (lewr ? IA32_FEATURE_CONTROL_SGX_LE_WR : 0);
+
+    if ( !lehash )
+        nr_msrs = 1;
+    else
+    {
+        nr_msrs = 5;
+
+        for ( i = 0; i < 4; i++ )
+        {
+            sgx_msrs[i+1].index = MSR_IA32_SGXLEPUBKEYHASH0 + i;
+            sgx_msrs[i+1].reserved = 0;
+            sgx_msrs[i+1].value = lehash[i];
+        }
+    }
+
+    buffer = xc_hypercall_buffer_alloc(xch, buffer,
+                                       nr_msrs * 
sizeof(xen_domctl_vcpu_msr_t));
+    if ( !buffer )
+    {
+        ERROR("Unable to allocate %zu bytes for msr hypercall buffer",
+              5 * sizeof(xen_domctl_vcpu_msr_t));
+        return -1;
+    }
+
+    domctl.cmd = XEN_DOMCTL_set_vcpu_msrs;
+    domctl.domain = domid;
+    domctl.u.vcpu_msrs.msr_count = nr_msrs;
+    set_xen_guest_handle(domctl.u.vcpu_msrs.msrs, buffer);
+
+    memcpy(buffer, sgx_msrs, nr_msrs * sizeof(xen_domctl_vcpu_msr_t));
+
+    for ( i = 0; i < max_vcpu; i++ ) {
+        domctl.u.vcpu_msrs.vcpu = i;
+        rc = xc_domctl(xch, &domctl);
+
+        if (rc)
+            break;
+    }
+
+    xc_hypercall_buffer_free(xch, buffer);
+
+    return rc;
+}
diff --git a/tools/libxl/libxl_dom.c b/tools/libxl/libxl_dom.c
index ac38ad65dd19..d5e33f8940ba 100644
--- a/tools/libxl/libxl_dom.c
+++ b/tools/libxl/libxl_dom.c
@@ -358,6 +358,35 @@ int libxl__build_pre(libxl__gc *gc, uint32_t domid,
         return ERROR_FAIL;
     }
 
+    if (info->type == LIBXL_DOMAIN_TYPE_HVM)
+    {
+        uint64_t lehash[4];
+
+        if ( !info->u.hvm.sgx.lehash0 && !info->u.hvm.sgx.lehash1 &&
+             !info->u.hvm.sgx.lehash2 && !info->u.hvm.sgx.lehash3 )
+        {
+            rc = xc_msr_sgx_set(ctx->xch, domid,
+                                libxl_defbool_val(info->u.hvm.sgx.lewr),
+                                NULL, info->max_vcpus);
+        }
+        else
+        {
+            lehash[0] = info->u.hvm.sgx.lehash0;
+            lehash[1] = info->u.hvm.sgx.lehash1;
+            lehash[2] = info->u.hvm.sgx.lehash2;
+            lehash[3] = info->u.hvm.sgx.lehash3;
+
+            rc = xc_msr_sgx_set(ctx->xch, domid,
+                                libxl_defbool_val(info->u.hvm.sgx.lewr),
+                                lehash, info->max_vcpus);
+        }
+
+        if (rc) {
+            LOG(ERROR, "Unable to set SGX related MSRs (%d)", rc);
+            return ERROR_FAIL;
+        }
+    }
+
     if (xc_domain_set_gnttab_limits(ctx->xch, domid, info->max_grant_frames,
                                     info->max_maptrack_frames) != 0) {
         LOG(ERROR, "Couldn't set grant table limits");
diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c
index e96612bc71f3..211ee832ca31 100644
--- a/tools/xl/xl_parse.c
+++ b/tools/xl/xl_parse.c
@@ -828,6 +828,16 @@ int parse_sgx_config(libxl_sgx_buildinfo *sgx, char *token)
             fprintf(stderr, "'lehash=<...>' requires 256bit SHA256 hash\n");
             return 1;
         }
+        
+        /*
+         * 'lehash' is a hex string of 32 bytes in little-endian, i.e. the
+         * leftmost byte is the least significant byte.
+         *
+         * We convert the hex string 8 bytes(64 bit) a time to uint64 via
+         * strtoull(). And strtoull() treats the string as big-endian,
+         * therefore we need to swap the value afterwards to get the correct
+         * value.
+         */
 
         char buf[17];
 
-- 
2.15.0


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.