[RESEND,29/32] qmp: Add the qmp_query_sgx_capabilities()

Message ID	20210430062455.8117-30-yang.zhong@intel.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> IronPort-SDR: YFZUo768ajf4hJS2xUfqS7F+UP91PVh6S/agcs1SnsmzXwhtQ2/qgz98AfcGjGtAlAxuA/+emC WTRT6r/wMUkw== IronPort-SDR: Q4iRg2/z0VfPJjUuAbBSZb/IJ0qa2ATiVV8GPp5blmtopYt6PyZXS0k3m4Wc6w2BSTRUVpXzxQ eOpEIYX8f8qw== From: Yang Zhong <yang.zhong@intel.com> To: qemu-devel@nongnu.org Subject: [RESEND PATCH 29/32] qmp: Add the qmp_query_sgx_capabilities() Date: Fri, 30 Apr 2021 14:24:52 +0800 Message-Id: <20210430062455.8117-30-yang.zhong@intel.com> In-Reply-To: <20210430062455.8117-1-yang.zhong@intel.com> References: <20210430062455.8117-1-yang.zhong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=192.55.52.93; envelope-from=yang.zhong@intel.com; helo=mga11.intel.com X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com, seanjc@google.com Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	Qemu SGX virtualization \| expand [RESEND,00/32] Qemu SGX virtualization [RESEND,01/32] memory: Add RAM_PROTECTED flag to skip IOMMU mappings [RESEND,02/32] hostmem: Add hostmem-epc as a backend for SGX EPC [RESEND,03/32] qom: Add memory-backend-epc ObjectOptions support [RESEND,04/32] i386: Add 'sgx-epc' device to expose EPC sections to guest [RESEND,05/32] vl: Add "sgx-epc" option to expose SGX EPC sections to guest [RESEND,06/32] i386: Add primary SGX CPUID and MSR defines [RESEND,07/32] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX [RESEND,08/32] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EBX [RESEND,09/32] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX [RESEND,10/32] i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs [RESEND,11/32] i386: Add feature control MSR dependency when SGX is enabled [RESEND,12/32] i386: Update SGX CPUID info according to hardware/KVM/user input [RESEND,13/32] linux-headers: Add placeholder for KVM_CAP_SGX_ATTRIBUTE [RESEND,14/32] i386: kvm: Add support for exposing PROVISIONKEY to guest [RESEND,15/32] i386: Propagate SGX CPUID sub-leafs to KVM [RESEND,16/32] Adjust min CPUID level to 0x12 when SGX is enabled [RESEND,17/32] hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly [RESEND,18/32] hw/i386/pc: Account for SGX EPC sections when calculating device memory [RESEND,19/32] i386/pc: Add e820 entry for SGX EPC section(s) [RESEND,20/32] i386: acpi: Add SGX EPC entry to ACPI tables [RESEND,21/32] q35: Add support for SGX EPC [RESEND,22/32] i440fx: Add support for SGX EPC [RESEND,23/32] hostmem: Add the reset interface for EPC backend reset [RESEND,24/32] sgx-epc: Add the reset interface for sgx-epc virt device [RESEND,25/32] qmp: Add query-sgx command [RESEND,26/32] hmp: Add 'info sgx' command [RESEND,27/32] i386: Add sgx_get_info() interface [RESEND,28/32] bitops: Support 32 and 64 bit mask macro [RESEND,29/32] qmp: Add the qmp_query_sgx_capabilities() [RESEND,30/32] Kconfig: Add CONFIG_SGX support [RESEND,31/32] sgx-epc: Add the fill_device_info() callback support [RESEND,32/32] doc: Add the SGX doc

Message ID

20210430062455.8117-30-yang.zhong@intel.com

State

New

Headers

IronPort-SDR: 
 YFZUo768ajf4hJS2xUfqS7F+UP91PVh6S/agcs1SnsmzXwhtQ2/qgz98AfcGjGtAlAxuA/+emC
 WTRT6r/wMUkw==
IronPort-SDR: 
 Q4iRg2/z0VfPJjUuAbBSZb/IJ0qa2ATiVV8GPp5blmtopYt6PyZXS0k3m4Wc6w2BSTRUVpXzxQ
 eOpEIYX8f8qw==
From: Yang Zhong <yang.zhong@intel.com>
To: qemu-devel@nongnu.org
Subject: [RESEND PATCH 29/32] qmp: Add the qmp_query_sgx_capabilities()
Date: Fri, 30 Apr 2021 14:24:52 +0800
Message-Id: <20210430062455.8117-30-yang.zhong@intel.com>
In-Reply-To: <20210430062455.8117-1-yang.zhong@intel.com>
References: <20210430062455.8117-1-yang.zhong@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=192.55.52.93; envelope-from=yang.zhong@intel.com;
 helo=mga11.intel.com
X-Spam_score_int: -68
X-Spam_score: -6.9
X-Spam_bar: ------
X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: yang.zhong@intel.com, pbonzini@redhat.com, kai.huang@intel.com,
 seanjc@google.com
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Series

Qemu SGX virtualization | expand

Commit Message

Yang Zhong April 30, 2021, 6:24 a.m. UTC

The libvirt can use qmp_query_sgx_capabilities() to get the host
sgx capabilitis.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
---
 hw/i386/sgx-epc.c          | 66 ++++++++++++++++++++++++++++++++++++++
 include/hw/i386/pc.h       |  1 +
 monitor/qmp-cmds.c         |  5 +++
 qapi/misc.json             | 19 +++++++++++
 stubs/sgx-stub.c           |  5 +++
 tests/qtest/qmp-cmd-test.c |  1 +
 6 files changed, 97 insertions(+)

Comments

Eric Blake May 3, 2021, 6 p.m. UTC | #1

On 4/30/21 1:24 AM, Yang Zhong wrote:
> The libvirt can use qmp_query_sgx_capabilities() to get the host

s/The libvirt/Libvirt/

> sgx capabilitis.
> 

capabilities

> Signed-off-by: Yang Zhong <yang.zhong@intel.com>
> ---
>  hw/i386/sgx-epc.c          | 66 ++++++++++++++++++++++++++++++++++++++
>  include/hw/i386/pc.h       |  1 +
>  monitor/qmp-cmds.c         |  5 +++
>  qapi/misc.json             | 19 +++++++++++
>  stubs/sgx-stub.c           |  5 +++
>  tests/qtest/qmp-cmd-test.c |  1 +
>  6 files changed, 97 insertions(+)
> 

> +++ b/qapi/misc.json
> @@ -561,3 +561,22 @@
>  #
>  ##
>  { 'command': 'query-sgx', 'returns': 'SGXInfo' }
> +
> +
> +##
> +# @query-sgx-capabilities:
> +#
> +# Returns information from host SGX capabilities
> +#
> +# Returns: @SGXInfo
> +#
> +# Since: 5.1

6.1

> +#
> +# Example:
> +#
> +# -> { "execute": "query-sgx-capabilities" }
> +# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
> +#                  "flc": true, "section-size" : 0 } }
> +#
> +##
> +{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo' }
> diff --git a/stubs/sgx-stub.c b/stubs/sgx-stub.c
> index c2b59a88fd..1dedf3f3db 100644
> --- a/stubs/sgx-stub.c

Yang Zhong May 6, 2021, 8:57 a.m. UTC | #2

On Mon, May 03, 2021 at 01:00:37PM -0500, Eric Blake wrote:
> On 4/30/21 1:24 AM, Yang Zhong wrote:
> > The libvirt can use qmp_query_sgx_capabilities() to get the host
> 
> s/The libvirt/Libvirt/
> 
> > sgx capabilitis.
> > 
> 
> capabilities
> 
  Eric, thanks for your comments! I will change those mistakes, thanks!

  Yang
  
> > Signed-off-by: Yang Zhong <yang.zhong@intel.com>
> > ---
> >  hw/i386/sgx-epc.c          | 66 ++++++++++++++++++++++++++++++++++++++
> >  include/hw/i386/pc.h       |  1 +
> >  monitor/qmp-cmds.c         |  5 +++
> >  qapi/misc.json             | 19 +++++++++++
> >  stubs/sgx-stub.c           |  5 +++
> >  tests/qtest/qmp-cmd-test.c |  1 +
> >  6 files changed, 97 insertions(+)
> > 
> 
> > +++ b/qapi/misc.json
> > @@ -561,3 +561,22 @@
> >  #
> >  ##
> >  { 'command': 'query-sgx', 'returns': 'SGXInfo' }
> > +
> > +
> > +##
> > +# @query-sgx-capabilities:
> > +#
> > +# Returns information from host SGX capabilities
> > +#
> > +# Returns: @SGXInfo
> > +#
> > +# Since: 5.1
> 
> 6.1
> 

  Ditto, thanks!

  Yang


> > +#
> > +# Example:
> > +#
> > +# -> { "execute": "query-sgx-capabilities" }
> > +# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
> > +#                  "flc": true, "section-size" : 0 } }
> > +#
> > +##
> > +{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo' }
> > diff --git a/stubs/sgx-stub.c b/stubs/sgx-stub.c
> > index c2b59a88fd..1dedf3f3db 100644
> > --- a/stubs/sgx-stub.c
> -- 
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.           +1-919-301-3226
> Virtualization:  qemu.org | libvirt.org

diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
index 7daea0613b..0995956f99 100644
--- a/hw/i386/sgx-epc.c
+++ b/hw/i386/sgx-epc.c
@@ -27,6 +27,14 @@ 
 
 uint32_t epc_num;
 
+#define SGX_MAX_EPC_SECTIONS            8
+#define SGX_CPUID_EPC_INVALID           0x0
+
+/* A valid EPC section. */
+#define SGX_CPUID_EPC_SECTION           0x1
+
+#define SGX_CPUID_EPC_MASK              GENMASK(3, 0)
+
 static Property sgx_epc_properties[] = {
     DEFINE_PROP_UINT64(SGX_EPC_ADDR_PROP, SGXEPCDevice, addr, 0),
     DEFINE_PROP_LINK(SGX_EPC_MEMDEV_PROP, SGXEPCDevice, hostmem,
@@ -344,6 +352,64 @@  SGXInfo *sgx_get_info(void)
     return info;
 }
 
+static uint64_t sgx_calc_section_metric(uint64_t low, uint64_t high)
+{
+    return (low & GENMASK_ULL(31, 12)) +
+           ((high & GENMASK_ULL(19, 0)) << 32);
+}
+
+static uint64_t sgx_calc_host_epc_section_size(void)
+{
+    uint32_t i, type;
+    uint32_t eax, ebx, ecx, edx;
+    uint64_t size = 0;
+
+    for (i = 0; i < SGX_MAX_EPC_SECTIONS; i++) {
+        host_cpuid(0x12, i + 2, &eax, &ebx, &ecx, &edx);
+
+        type = eax & SGX_CPUID_EPC_MASK;
+        if (type == SGX_CPUID_EPC_INVALID) {
+            break;
+        }
+
+        if (type != SGX_CPUID_EPC_SECTION) {
+            break;
+        }
+
+        size += sgx_calc_section_metric(ecx, edx);
+    }
+
+    return size;
+}
+
+SGXInfo *sgx_get_capabilities(Error **errp)
+{
+    SGXInfo *info = NULL;
+    uint32_t eax, ebx, ecx, edx;
+
+    int fd = qemu_open_old("/dev/sgx_vepc", O_RDWR);
+    if (fd < 0) {
+        error_setg(errp, "SGX is not enabled in KVM");
+        return NULL;
+    }
+
+    info = g_new0(SGXInfo, 1);
+    host_cpuid(0x7, 0, &eax, &ebx, &ecx, &edx);
+
+    info->sgx = ebx & (1U << 2) ? true : false;
+    info->flc = ecx & (1U << 30) ? true : false;
+
+    host_cpuid(0x12, 0, &eax, &ebx, &ecx, &edx);
+    info->sgx1 = eax & (1U << 0) ? true : false;
+    info->sgx2 = eax & (1U << 1) ? true : false;
+
+    info->section_size = sgx_calc_host_epc_section_size();
+
+    close(fd);
+
+    return info;
+}
+
 static QemuOptsList sgx_epc_opts = {
     .name = "sgx-epc",
     .implied_opt_name = "id",
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index cb74298117..a66795da0f 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -205,6 +205,7 @@  void pc_machine_init_sgx_epc(PCMachineState *pcms);
 void sgx_memory_backend_reset(HostMemoryBackend *backend, int fd,
                               Error **errp);
 SGXInfo *sgx_get_info(void);
+SGXInfo *sgx_get_capabilities(Error **errp);
 
 extern GlobalProperty pc_compat_5_2[];
 extern const size_t pc_compat_5_2_len;
diff --git a/monitor/qmp-cmds.c b/monitor/qmp-cmds.c
index 48f7708ffe..f1360e9f4e 100644
--- a/monitor/qmp-cmds.c
+++ b/monitor/qmp-cmds.c
@@ -365,3 +365,8 @@  SGXInfo *qmp_query_sgx(Error **errp)
 
     return info;
 }
+
+SGXInfo *qmp_query_sgx_capabilities(Error **errp)
+{
+    return sgx_get_capabilities(errp);
+}
diff --git a/qapi/misc.json b/qapi/misc.json
index 112a2f71cf..3f50b42d37 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -561,3 +561,22 @@ 
 #
 ##
 { 'command': 'query-sgx', 'returns': 'SGXInfo' }
+
+
+##
+# @query-sgx-capabilities:
+#
+# Returns information from host SGX capabilities
+#
+# Returns: @SGXInfo
+#
+# Since: 5.1
+#
+# Example:
+#
+# -> { "execute": "query-sgx-capabilities" }
+# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
+#                  "flc": true, "section-size" : 0 } }
+#
+##
+{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo' }
diff --git a/stubs/sgx-stub.c b/stubs/sgx-stub.c
index c2b59a88fd..1dedf3f3db 100644
--- a/stubs/sgx-stub.c
+++ b/stubs/sgx-stub.c
@@ -5,3 +5,8 @@  SGXInfo *sgx_get_info(void)
 {
     return NULL;
 }
+
+SGXInfo *sgx_get_capabilities(Error **errp)
+{
+    return NULL;
+}
diff --git a/tests/qtest/qmp-cmd-test.c b/tests/qtest/qmp-cmd-test.c
index b75f3364f3..1af2f74c28 100644
--- a/tests/qtest/qmp-cmd-test.c
+++ b/tests/qtest/qmp-cmd-test.c
@@ -101,6 +101,7 @@  static bool query_is_ignored(const char *cmd)
         "query-sev",
         "query-sev-capabilities",
         "query-sgx",
+        "query-sgx-capabilities",
         NULL
     };
     int i;

[RESEND,29/32] qmp: Add the qmp_query_sgx_capabilities()

Commit Message

Comments

Patch