1// SPDX-License-Identifier: GPL-2.0
2#include <linux/tboot.h>
3
4#include <asm/cpu.h>
5#include <asm/cpufeature.h>
6#include <asm/msr-index.h>
7#include <asm/msr.h>
8#include <asm/processor.h>
9#include <asm/vmx.h>
10
11#undef pr_fmt
12#define pr_fmt(fmt) "x86/cpu: " fmt
13
14#ifdef CONFIG_X86_VMX_FEATURE_NAMES
15enum vmx_feature_leafs {
16 MISC_FEATURES = 0,
17 PRIMARY_CTLS,
18 SECONDARY_CTLS,
19 TERTIARY_CTLS_LOW,
20 TERTIARY_CTLS_HIGH,
21 NR_VMX_FEATURE_WORDS,
22};
23
24#define VMX_F(x) BIT(VMX_FEATURE_##x & 0x1f)
25
26static void init_vmx_capabilities(struct cpuinfo_x86 *c)
27{
28 u32 supported, funcs, ept, vpid, ign, low, high;
29
30 BUILD_BUG_ON(NVMXINTS != NR_VMX_FEATURE_WORDS);
31
32 /*
33 * The high bits contain the allowed-1 settings, i.e. features that can
34 * be turned on. The low bits contain the allowed-0 settings, i.e.
35 * features that can be turned off. Ignore the allowed-0 settings,
36 * if a feature can be turned on then it's supported.
37 *
38 * Use raw rdmsr() for primary processor controls and pin controls MSRs
39 * as they exist on any CPU that supports VMX, i.e. we want the WARN if
40 * the RDMSR faults.
41 */
42 rdmsr(MSR_IA32_VMX_PROCBASED_CTLS, ign, supported);
43 c->vmx_capability[PRIMARY_CTLS] = supported;
44
45 rdmsr_safe(MSR_IA32_VMX_PROCBASED_CTLS2, &ign, &supported);
46 c->vmx_capability[SECONDARY_CTLS] = supported;
47
48 /* All 64 bits of tertiary controls MSR are allowed-1 settings. */
49 rdmsr_safe(MSR_IA32_VMX_PROCBASED_CTLS3, &low, &high);
50 c->vmx_capability[TERTIARY_CTLS_LOW] = low;
51 c->vmx_capability[TERTIARY_CTLS_HIGH] = high;
52
53 rdmsr(MSR_IA32_VMX_PINBASED_CTLS, ign, supported);
54 rdmsr_safe(MSR_IA32_VMX_VMFUNC, &ign, &funcs);
55
56 /*
57 * Except for EPT+VPID, which enumerates support for both in a single
58 * MSR, low for EPT, high for VPID.
59 */
60 rdmsr_safe(MSR_IA32_VMX_EPT_VPID_CAP, &ept, &vpid);
61
62 /* Pin, EPT, VPID and VM-Func are merged into a single word. */
63 WARN_ON_ONCE(supported >> 16);
64 WARN_ON_ONCE(funcs >> 4);
65 c->vmx_capability[MISC_FEATURES] = (supported & 0xffff) |
66 ((vpid & 0x1) << 16) |
67 ((funcs & 0xf) << 28);
68
69 /* EPT bits are full on scattered and must be manually handled. */
70 if (ept & VMX_EPT_EXECUTE_ONLY_BIT)
71 c->vmx_capability[MISC_FEATURES] |= VMX_F(EPT_EXECUTE_ONLY);
72 if (ept & VMX_EPT_AD_BIT)
73 c->vmx_capability[MISC_FEATURES] |= VMX_F(EPT_AD);
74 if (ept & VMX_EPT_1GB_PAGE_BIT)
75 c->vmx_capability[MISC_FEATURES] |= VMX_F(EPT_1GB);
76 if (ept & VMX_EPT_PAGE_WALK_5_BIT)
77 c->vmx_capability[MISC_FEATURES] |= VMX_F(EPT_5LEVEL);
78
79 /* Synthetic APIC features that are aggregates of multiple features. */
80 if ((c->vmx_capability[PRIMARY_CTLS] & VMX_F(VIRTUAL_TPR)) &&
81 (c->vmx_capability[SECONDARY_CTLS] & VMX_F(VIRT_APIC_ACCESSES)))
82 c->vmx_capability[MISC_FEATURES] |= VMX_F(FLEXPRIORITY);
83
84 if ((c->vmx_capability[PRIMARY_CTLS] & VMX_F(VIRTUAL_TPR)) &&
85 (c->vmx_capability[SECONDARY_CTLS] & VMX_F(APIC_REGISTER_VIRT)) &&
86 (c->vmx_capability[SECONDARY_CTLS] & VMX_F(VIRT_INTR_DELIVERY)) &&
87 (c->vmx_capability[MISC_FEATURES] & VMX_F(POSTED_INTR)))
88 c->vmx_capability[MISC_FEATURES] |= VMX_F(APICV);
89
90 /* Set the synthetic cpufeatures to preserve /proc/cpuinfo's ABI. */
91 if (c->vmx_capability[PRIMARY_CTLS] & VMX_F(VIRTUAL_TPR))
92 set_cpu_cap(c, X86_FEATURE_TPR_SHADOW);
93 if (c->vmx_capability[MISC_FEATURES] & VMX_F(FLEXPRIORITY))
94 set_cpu_cap(c, X86_FEATURE_FLEXPRIORITY);
95 if (c->vmx_capability[MISC_FEATURES] & VMX_F(VIRTUAL_NMIS))
96 set_cpu_cap(c, X86_FEATURE_VNMI);
97 if (c->vmx_capability[SECONDARY_CTLS] & VMX_F(EPT))
98 set_cpu_cap(c, X86_FEATURE_EPT);
99 if (c->vmx_capability[MISC_FEATURES] & VMX_F(EPT_AD))
100 set_cpu_cap(c, X86_FEATURE_EPT_AD);
101 if (c->vmx_capability[MISC_FEATURES] & VMX_F(VPID))
102 set_cpu_cap(c, X86_FEATURE_VPID);
103}
104#endif /* CONFIG_X86_VMX_FEATURE_NAMES */
105
106static int __init nosgx(char *str)
107{
108 setup_clear_cpu_cap(X86_FEATURE_SGX);
109
110 return 0;
111}
112
113early_param("nosgx", nosgx);
114
115void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
116{
117 bool enable_sgx_kvm = false, enable_sgx_driver = false;
118 bool tboot = tboot_enabled();
119 bool enable_vmx;
120 u64 msr;
121
122 if (rdmsrq_safe(MSR_IA32_FEAT_CTL, p: &msr)) {
123 clear_cpu_cap(c, X86_FEATURE_VMX);
124 clear_cpu_cap(c, X86_FEATURE_SGX);
125 return;
126 }
127
128 enable_vmx = cpu_has(c, X86_FEATURE_VMX) &&
129 IS_ENABLED(CONFIG_KVM_INTEL);
130
131 if (cpu_has(c, X86_FEATURE_SGX) && IS_ENABLED(CONFIG_X86_SGX)) {
132 /*
133 * Separate out SGX driver enabling from KVM. This allows KVM
134 * guests to use SGX even if the kernel SGX driver refuses to
135 * use it. This happens if flexible Launch Control is not
136 * available.
137 */
138 enable_sgx_driver = cpu_has(c, X86_FEATURE_SGX_LC);
139 enable_sgx_kvm = enable_vmx && IS_ENABLED(CONFIG_X86_SGX_KVM);
140 }
141
142 if (msr & FEAT_CTL_LOCKED)
143 goto update_caps;
144
145 /*
146 * Ignore whatever value BIOS left in the MSR to avoid enabling random
147 * features or faulting on the WRMSR.
148 */
149 msr = FEAT_CTL_LOCKED;
150
151 /*
152 * Enable VMX if and only if the kernel may do VMXON at some point,
153 * i.e. KVM is enabled, to avoid unnecessarily adding an attack vector
154 * for the kernel, e.g. using VMX to hide malicious code.
155 */
156 if (enable_vmx) {
157 msr |= FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX;
158
159 if (tboot)
160 msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX;
161 }
162
163 if (enable_sgx_kvm || enable_sgx_driver) {
164 msr |= FEAT_CTL_SGX_ENABLED;
165 if (enable_sgx_driver)
166 msr |= FEAT_CTL_SGX_LC_ENABLED;
167 }
168
169 wrmsrq(MSR_IA32_FEAT_CTL, val: msr);
170
171update_caps:
172 set_cpu_cap(c, X86_FEATURE_MSR_IA32_FEAT_CTL);
173
174 if (!cpu_has(c, X86_FEATURE_VMX))
175 goto update_sgx;
176
177 if ( (tboot && !(msr & FEAT_CTL_VMX_ENABLED_INSIDE_SMX)) ||
178 (!tboot && !(msr & FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX))) {
179 if (IS_ENABLED(CONFIG_KVM_INTEL))
180 pr_err_once("VMX (%s TXT) disabled by BIOS\n",
181 tboot ? "inside" : "outside");
182 clear_cpu_cap(c, X86_FEATURE_VMX);
183 } else {
184#ifdef CONFIG_X86_VMX_FEATURE_NAMES
185 init_vmx_capabilities(c);
186#endif
187 }
188
189update_sgx:
190 if (!(msr & FEAT_CTL_SGX_ENABLED)) {
191 if (enable_sgx_kvm || enable_sgx_driver)
192 pr_err_once("SGX disabled or unsupported by BIOS.\n");
193 clear_cpu_cap(c, X86_FEATURE_SGX);
194 return;
195 }
196
197 /*
198 * VMX feature bit may be cleared due to being disabled in BIOS,
199 * in which case SGX virtualization cannot be supported either.
200 */
201 if (!cpu_has(c, X86_FEATURE_VMX) && enable_sgx_kvm) {
202 pr_err_once("SGX virtualization disabled due to lack of VMX.\n");
203 enable_sgx_kvm = 0;
204 }
205
206 if (!(msr & FEAT_CTL_SGX_LC_ENABLED) && enable_sgx_driver) {
207 if (!enable_sgx_kvm) {
208 pr_err_once("SGX Launch Control is locked. Disable SGX.\n");
209 clear_cpu_cap(c, X86_FEATURE_SGX);
210 } else {
211 pr_err_once("SGX Launch Control is locked. Support SGX virtualization only.\n");
212 clear_cpu_cap(c, X86_FEATURE_SGX_LC);
213 }
214 }
215}
216