[6.6-velinux] Intel: backport KVM Fix for Clearing SGX EDECCSSA to 6.6 #45
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 7efb4d8 upstream. When SGX EDECCSSA support was added to KVM in commit 16a7fe3 ("KVM/VMX: Allow exposing EDECCSSA user leaf function to KVM guest"), it forgot to clear the X86_FEATURE_SGX_EDECCSSA bit in KVM CPU caps when KVM SGX is disabled. Fix it. Intel-SIG: commit 7efb4d8 KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled Backport a fix for the KVM exposing the SGX EDECCSSA capability. Fixes: 16a7fe3 ("KVM/VMX: Allow exposing EDECCSSA user leaf function to KVM guest") Signed-off-by: Kai Huang <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Sean Christopherson <[email protected]> [ Zhiquan Li: amend commit log ] Signed-off-by: Zhiquan Li <[email protected]>
guojinhui-liam
pushed a commit
that referenced
this pull request
May 8, 2025
…le nodes commit 2eaa6c2 upstream. The decreasing of hugetlb pages number failed with the following message given: sh: page allocation failure: order:0, mode:0x204cc0(GFP_KERNEL|__GFP_RETRY_MAYFAIL|__GFP_THISNODE) CPU: 1 PID: 112 Comm: sh Not tainted 6.5.0-rc7-... #45 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace.part.6+0x84/0xe4 show_stack+0x18/0x24 dump_stack_lvl+0x48/0x60 dump_stack+0x18/0x24 warn_alloc+0x100/0x1bc __alloc_pages_slowpath.constprop.107+0xa40/0xad8 __alloc_pages+0x244/0x2d0 hugetlb_vmemmap_restore+0x104/0x1e4 __update_and_free_hugetlb_folio+0x44/0x1f4 update_and_free_hugetlb_folio+0x20/0x68 update_and_free_pages_bulk+0x4c/0xac set_max_huge_pages+0x198/0x334 nr_hugepages_store_common+0x118/0x178 nr_hugepages_store+0x18/0x24 kobj_attr_store+0x18/0x2c sysfs_kf_write+0x40/0x54 kernfs_fop_write_iter+0x164/0x1dc vfs_write+0x3a8/0x460 ksys_write+0x6c/0x100 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.1+0x6c/0xe4 do_el0_svc+0x38/0x94 el0_svc+0x28/0x74 el0t_64_sync_handler+0xa0/0xc4 el0t_64_sync+0x174/0x178 Mem-Info: ... The reason is that the hugetlb pages being released are allocated from movable nodes, and with hugetlb_optimize_vmemmap enabled, vmemmap pages need to be allocated from the same node during the hugetlb pages releasing. With GFP_KERNEL and __GFP_THISNODE set, allocating from movable node is always failed. Fix this problem by removing __GFP_THISNODE. Link: https://lkml.kernel.org/r/[email protected] Fixes: ad2fa37 ("mm: hugetlb: alloc the vmemmap pages associated with each HugeTLB page") Signed-off-by: Yuan Can <[email protected]> Reviewed-by: Muchun Song <[email protected]> Cc: Kefeng Wang <[email protected]> Cc: Mike Kravetz <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Muchun Song <[email protected]>
guojinhui-liam
pushed a commit
that referenced
this pull request
Jun 17, 2025
…le nodes commit 2eaa6c2 upstream. The decreasing of hugetlb pages number failed with the following message given: sh: page allocation failure: order:0, mode:0x204cc0(GFP_KERNEL|__GFP_RETRY_MAYFAIL|__GFP_THISNODE) CPU: 1 PID: 112 Comm: sh Not tainted 6.5.0-rc7-... #45 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace.part.6+0x84/0xe4 show_stack+0x18/0x24 dump_stack_lvl+0x48/0x60 dump_stack+0x18/0x24 warn_alloc+0x100/0x1bc __alloc_pages_slowpath.constprop.107+0xa40/0xad8 __alloc_pages+0x244/0x2d0 hugetlb_vmemmap_restore+0x104/0x1e4 __update_and_free_hugetlb_folio+0x44/0x1f4 update_and_free_hugetlb_folio+0x20/0x68 update_and_free_pages_bulk+0x4c/0xac set_max_huge_pages+0x198/0x334 nr_hugepages_store_common+0x118/0x178 nr_hugepages_store+0x18/0x24 kobj_attr_store+0x18/0x2c sysfs_kf_write+0x40/0x54 kernfs_fop_write_iter+0x164/0x1dc vfs_write+0x3a8/0x460 ksys_write+0x6c/0x100 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.1+0x6c/0xe4 do_el0_svc+0x38/0x94 el0_svc+0x28/0x74 el0t_64_sync_handler+0xa0/0xc4 el0t_64_sync+0x174/0x178 Mem-Info: ... The reason is that the hugetlb pages being released are allocated from movable nodes, and with hugetlb_optimize_vmemmap enabled, vmemmap pages need to be allocated from the same node during the hugetlb pages releasing. With GFP_KERNEL and __GFP_THISNODE set, allocating from movable node is always failed. Fix this problem by removing __GFP_THISNODE. Link: https://lkml.kernel.org/r/[email protected] Fixes: ad2fa37 ("mm: hugetlb: alloc the vmemmap pages associated with each HugeTLB page") Signed-off-by: Yuan Can <[email protected]> Reviewed-by: Muchun Song <[email protected]> Cc: Kefeng Wang <[email protected]> Cc: Mike Kravetz <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Songtang Liu <[email protected]>
x56Jason
added a commit
to openvelinux/kernel-intel
that referenced
this pull request
Nov 10, 2025
…x-kvm-sgx-clear-edeccssa' into intel-6.6-velinux == Description When SGX EDECCSSA support was added to KVM in commit 16a7fe3 ("KVM/VMX: Allow exposing EDECCSSA user leaf function to KVM guest"), it forgot to clear the X86_FEATURE_SGX_EDECCSSA bit in KVM CPU caps when KVM SGX is disabled. Fix it. Fixes: 16a7fe3 ("KVM/VMX: Allow exposing EDECCSSA user leaf function to KVM guest") About the patches The total patch number is 1: 7efb4d8 KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled == Tests 1. Build successfully for each commit 2. Kernel selftest - SGX: PASSED cd tools/testing/selftests/sgx/ make ./test_sgx 3. Kernel selftest - SGX in VM: PASSED 4. Function test Step 1. Original SGX EDECCSSA status in guest [root@guest ~]# cpuid -1 -l 0x12 CPU: Software Guard Extensions (SGX) capability (0x12/0): SGX1 supported = true SGX2 supported = true SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false SGX ENCLU EVERIFYREPORT2 = false SGX ENCLS EUPDATESVN = false SGX ENCLU EDECCSSA = true MISCSELECT.EXINFO supported: #PF & #GP = true MISCSELECT.CPINFO supported: #CP = false MaxEnclaveSize_Not64 (log2) = 0x1f (31) MaxEnclaveSize_64 (log2) = 0x38 (56) Step 2. Disable SGX in guest root@KVM-host:~# rmmod kvm_intel root@KVM-host:~# modprobe kvm_intel sgx=0 Step 3. The SGX EDECCSSA capability is cleared in KVM, then its status becomes false [root@guest ~]# cpuid -1 -l 0x12 CPU: Software Guard Extensions (SGX) capability (0x12/0): SGX1 supported = false SGX2 supported = false SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false SGX ENCLU EVERIFYREPORT2 = false SGX ENCLS EUPDATESVN = false SGX ENCLU EDECCSSA = false MISCSELECT.EXINFO supported: #PF & #GP = false MISCSELECT.CPINFO supported: #CP = false MaxEnclaveSize_Not64 (log2) = 0x0 (0) MaxEnclaveSize_64 (log2) = 0x0 (0) [root@TDX-guest ~]# == Known issue: None == Default config change: None
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
When SGX EDECCSSA support was added to KVM in commit 16a7fe3 ("KVM/VMX: Allow exposing EDECCSSA user leaf function to KVM guest"), it forgot to clear the X86_FEATURE_SGX_EDECCSSA bit in KVM CPU caps when KVM SGX is disabled. Fix it.
Fixes: 16a7fe3 ("KVM/VMX: Allow exposing EDECCSSA user leaf function to KVM guest")
About the patches
The total patch number is 1:
Tests
Step 1. Original SGX EDECCSSA status in guest
Step 2. Disable SGX in guest
Step 3. The SGX EDECCSSA capability is cleared in KVM, then its status becomes
falseKnown issue:
None
Default config change:
None