KVM: x86: Don't adjust guest's CPUID.0x12.1 (allowed SGX enclave XFRM)
authorSean Christopherson <seanjc@google.com>
Wed, 3 May 2023 16:08:37 +0000 (09:08 -0700)
committerPaolo Bonzini <pbonzini@redhat.com>
Sun, 21 May 2023 08:05:51 +0000 (04:05 -0400)
commit275a87244ec8320e5d319132caa787329b04bb7e
tree68ceab5a84e547e61444e201d53cf9912843bb43
parentad45413d22e6a224f8530b6fcc9ac01c8ced7fd6
KVM: x86: Don't adjust guest's CPUID.0x12.1 (allowed SGX enclave XFRM)

Drop KVM's manipulation of guest's CPUID.0x12.1 ECX and EDX, i.e. the
allowed XFRM of SGX enclaves, now that KVM explicitly checks the guest's
allowed XCR0 when emulating ECREATE.

Note, this could theoretically break a setup where userspace advertises
a "bad" XFRM and relies on KVM to provide a sane CPUID model, but QEMU
is the only known user of KVM SGX, and QEMU explicitly sets the SGX CPUID
XFRM subleaf based on the guest's XCR0.

Reviewed-by: Kai Huang <kai.huang@intel.com>
Tested-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230503160838.3412617-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/kvm/cpuid.c