[PAL/Linux-SGX] Enable optional CPU features only if allowed by XCR0 #1403
Conversation
Host OS can disable certain CPU features by unsetting their bits in XCR0 register (even when the CPU feature is available on the CPU). Linux-SGX PAL previously enabled optional CPU features (by setting bits in SGX-specific XFRM field) by consulting only CPUID leaves. This could lead to a mismatch between XFRM and XCR0, which in turn leads to a `-EIO` error during ECREATE ioctl (because ECREATE checks whether XFRM value is a subset of XCR0 and raises #GP if not). Signed-off-by: Dmitrii Kuvaiskii <[email protected]>
There was a problem hiding this comment.
Reviewable status: 0 of 2 files reviewed, all discussions resolved, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: Intel)
common/include/arch/x86_64/cpu.h line 70 at r1 (raw file):
} static inline uint64_t xgetbv(uint32_t xcr_number) {
I used the same style as get_tsc() wrapper above.
pal/src/host/linux-sgx/host_framework.c line 112 at r1 (raw file):
* enabled or not (XFRM mask should completely unset these bits) */ if ((xfrm_flags[i].bits & xfrm_mask) == 0) { /* set CPU feature if current system supports it (for performance) */
I removed the for performance phrase because e.g. Intel MPX is not for performance, but more like for feature-richness.
…y XCR0 Signed-off-by: Dmitrii Kuvaiskii <[email protected]>
There was a problem hiding this comment.
Reviewed 1 of 2 files at r1, 1 of 1 files at r2, all commit messages.
Reviewable status: all files reviewed, all discussions resolved, "fixup! " found in commit messages' one-liners
There was a problem hiding this comment.
Reviewable status: all files reviewed, 1 unresolved discussion, "fixup! " found in commit messages' one-liners (waiting on @dimakuv)
pal/src/host/linux-sgx/host_framework.c line 129 at r2 (raw file):
*out_xfrm |= xfrm_flags[i].bits; } else { /* CPU supports but OS doesn't, this is a weird config */
missing 'it': CPU supports it but OS ...
…y XCR0 Signed-off-by: Dmitrii Kuvaiskii <[email protected]>
There was a problem hiding this comment.
Reviewable status: 1 of 2 files reviewed, 1 unresolved discussion, "fixup! " found in commit messages' one-liners (waiting on @donporter and @stefanberger)
pal/src/host/linux-sgx/host_framework.c line 129 at r2 (raw file):
Previously, stefanberger (Stefan Berger) wrote…
missing 'it': CPU supports it but OS ...
Done.
Description of the changes
Host OS can disable certain CPU features by unsetting their bits in XCR0 register (even when the CPU feature is available on the CPU). Linux-SGX PAL previously enabled optional CPU features (by setting bits in SGX-specific XFRM field) by consulting only CPUID leaves. This could lead to a mismatch between XFRM and XCR0, which in turn leads to a
-EIOerror during ECREATE ioctl (because ECREATE checks whether XFRM value is a subset of XCR0 and raises #GP if not).See #955 for some context.
See also 5634cf9 which was the last change in this area.
See about XCR0: https://en.wikipedia.org/wiki/Control_register#XCR0_and_XSS
See about EENTER and XFRM vs XCR0 check: https://www.felixcloutier.com/x86/ecreate. In particular, there is this line in the pseudo-code:
This PR is based on top of #1402. See there also for details.
How to test this PR?
Manually on "weird" VMs where XCR0 bits are disabled.
This change is