diff options
| author | Jarkko Sakkinen | 2022-04-14 14:02:33 +0300 |
|---|---|---|
| committer | Jarkko Sakkinen | 2022-04-14 14:02:33 +0300 |
| commit | afec2440fe350fd8bff0a63df600a8ad1ed9d507 (patch) | |
| tree | 3cee74af9df4a0e2242b7a453b6aca6409ae22f6 | |
| parent | 9e595612af76514fe6b9fecdc384a33473c7fe08 (diff) | |
| download | aur-afec2440fe350fd8bff0a63df600a8ad1ed9d507.tar.gz | |
build: update v4 of sgx2 patches
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
20 files changed, 368 insertions, 252 deletions
diff --git a/0001-x86-sgx-Add-short-descriptions-to-ENCLS-wrappers.patch b/0001-x86-sgx-Add-short-descriptions-to-ENCLS-wrappers.patch index b970b6966932..1e3220adb8c7 100644 --- a/0001-x86-sgx-Add-short-descriptions-to-ENCLS-wrappers.patch +++ b/0001-x86-sgx-Add-short-descriptions-to-ENCLS-wrappers.patch @@ -1,7 +1,7 @@ -From 39ca48af7c889fad9e0fcdea0003bac2ba074cf4 Mon Sep 17 00:00:00 2001 +From 51105664980e12f8f34730c20725ae3ca2229c3e Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Wed, 22 Sep 2021 09:35:36 -0700 -Subject: [PATCH 01/30] x86/sgx: Add short descriptions to ENCLS wrappers +Date: Wed, 13 Apr 2022 14:10:01 -0700 +Subject: [PATCH 01/31] x86/sgx: Add short descriptions to ENCLS wrappers The SGX ENCLS instruction uses EAX to specify an SGX function and may require additional registers, depending on the SGX function. @@ -14,6 +14,7 @@ The wrappers of the supported SGX functions are cryptic. Add short descriptions of each as a comment. Suggested-by: Dave Hansen <dave.hansen@linux.intel.com> +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/kernel/cpu/sgx/encls.h | 15 +++++++++++++++ @@ -104,5 +105,5 @@ index fa04a73daf9c..0e22fa8f77c5 100644 void *va) { -- -2.35.1 +2.35.2 diff --git a/0002-x86-sgx-Add-wrapper-for-SGX2-EMODPR-function.patch b/0002-x86-sgx-Add-wrapper-for-SGX2-EMODPR-function.patch index e4c66a908fd8..02a8bd059f9d 100644 --- a/0002-x86-sgx-Add-wrapper-for-SGX2-EMODPR-function.patch +++ b/0002-x86-sgx-Add-wrapper-for-SGX2-EMODPR-function.patch @@ -1,7 +1,7 @@ -From 5c18c202d19f1e20b7a883a14ac428c54697f47c Mon Sep 17 00:00:00 2001 +From 7f9ca1bdebe92d16d0e176e7dbb0425e3563a2b5 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Mon, 17 May 2021 16:31:35 -0700 -Subject: [PATCH 02/30] x86/sgx: Add wrapper for SGX2 EMODPR function +Date: Wed, 13 Apr 2022 14:10:02 -0700 +Subject: [PATCH 02/31] x86/sgx: Add wrapper for SGX2 EMODPR function Add a wrapper for the EMODPR ENCLS leaf function used to restrict enclave page permissions as maintained in the @@ -29,6 +29,7 @@ is accomplished with the ETRACK flow. Expand enum sgx_return_code with the possible EMODPR return values. +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/include/asm/sgx.h | 5 +++++ @@ -78,5 +79,5 @@ index 0e22fa8f77c5..2b091912f038 100644 + #endif /* _X86_ENCLS_H */ -- -2.35.1 +2.35.2 diff --git a/0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch b/0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch index 3fe5af52a3b4..0bd84703ff56 100644 --- a/0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch +++ b/0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch @@ -1,7 +1,7 @@ -From 9c86a3f70dadbcd0b31a624041ab25c658cdcb95 Mon Sep 17 00:00:00 2001 +From 65f997c50816e3314722b49a4f55ea51eb865d1d Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Fri, 7 Jan 2022 11:27:29 -0800 -Subject: [PATCH 03/30] x86/sgx: Add wrapper for SGX2 EMODT function +Date: Wed, 13 Apr 2022 14:10:03 -0700 +Subject: [PATCH 03/31] x86/sgx: Add wrapper for SGX2 EMODT function Add a wrapper for the EMODT ENCLS leaf function used to change the type of an enclave page as maintained in the @@ -24,6 +24,7 @@ and is required for the enclave's EACCEPT/EACCEPTCOPY to succeed. Ensuring that no references to the changed page remain is accomplished with the ETRACK flow. +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/kernel/cpu/sgx/encls.h | 6 ++++++ @@ -45,5 +46,5 @@ index 2b091912f038..7a1ecf704ec1 100644 + #endif /* _X86_ENCLS_H */ -- -2.35.1 +2.35.2 diff --git a/0004-x86-sgx-Add-wrapper-for-SGX2-EAUG-function.patch b/0004-x86-sgx-Add-wrapper-for-SGX2-EAUG-function.patch index c036e9b8a4ac..09d7a58080e8 100644 --- a/0004-x86-sgx-Add-wrapper-for-SGX2-EAUG-function.patch +++ b/0004-x86-sgx-Add-wrapper-for-SGX2-EAUG-function.patch @@ -1,7 +1,7 @@ -From d6d1ac0735a6e105e37ca3d010d59ce070566ea6 Mon Sep 17 00:00:00 2001 +From c2eaa596a76f7f407e8e590d8b78839a8ac034a8 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Fri, 7 Jan 2022 11:28:42 -0800 -Subject: [PATCH 04/30] x86/sgx: Add wrapper for SGX2 EAUG function +Date: Wed, 13 Apr 2022 14:10:04 -0700 +Subject: [PATCH 04/31] x86/sgx: Add wrapper for SGX2 EAUG function Add a wrapper for the EAUG ENCLS leaf function used to add a page to an initialized enclave. @@ -16,6 +16,7 @@ EAUG: Access from within the enclave to the new enclave page is not possible until the PENDING bit is cleared. +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/kernel/cpu/sgx/encls.h | 6 ++++++ @@ -37,5 +38,5 @@ index 7a1ecf704ec1..99004b02e2ed 100644 + #endif /* _X86_ENCLS_H */ -- -2.35.1 +2.35.2 diff --git a/0005-x86-sgx-Support-loading-enclave-page-without-VMA-per.patch b/0005-x86-sgx-Support-loading-enclave-page-without-VMA-per.patch index e8b0631e7c49..aebc50bcdeb6 100644 --- a/0005-x86-sgx-Support-loading-enclave-page-without-VMA-per.patch +++ b/0005-x86-sgx-Support-loading-enclave-page-without-VMA-per.patch @@ -1,7 +1,7 @@ -From 8e7efbd6ea3242525db8205614a6e7e87ab89415 Mon Sep 17 00:00:00 2001 +From 836478d4e8f9a6b1ce067e597f29e59eb1422423 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Wed, 9 Mar 2022 14:37:47 -0800 -Subject: [PATCH 05/30] x86/sgx: Support loading enclave page without VMA +Date: Wed, 13 Apr 2022 14:10:05 -0700 +Subject: [PATCH 05/31] x86/sgx: Support loading enclave page without VMA permissions check sgx_encl_load_page() is used to find and load an enclave page into @@ -19,9 +19,10 @@ A new call, sgx_encl_load_page_in_vma(), behaves exactly like the current sgx_encl_load_page() that takes VMA permissions into account, while sgx_encl_load_page() just loads an enclave page into EPC. -VMA, PTE, and EPCM permissions would continue to dictate whether +VMA, PTE, and EPCM permissions continue to dictate whether the pages can be accessed from within an enclave. +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 57 ++++++++++++++++++++++------------ @@ -29,10 +30,10 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 2 files changed, 40 insertions(+), 19 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index 7c63a1911fae..05ae1168391c 100644 +index 001808e3901c..b45fcecea4bd 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -131,25 +131,10 @@ static struct sgx_epc_page *sgx_encl_eldu(struct sgx_encl_page *encl_page, +@@ -90,25 +90,10 @@ static struct sgx_epc_page *sgx_encl_eldu(struct sgx_encl_page *encl_page, return epc_page; } @@ -60,7 +61,7 @@ index 7c63a1911fae..05ae1168391c 100644 /* Entry successfully located. */ if (entry->epc_page) { -@@ -175,6 +160,40 @@ static struct sgx_encl_page *sgx_encl_load_page(struct sgx_encl *encl, +@@ -134,6 +119,40 @@ static struct sgx_encl_page *sgx_encl_load_page(struct sgx_encl *encl, return entry; } @@ -101,7 +102,7 @@ index 7c63a1911fae..05ae1168391c 100644 static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) { unsigned long addr = (unsigned long)vmf->address; -@@ -196,7 +215,7 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) +@@ -155,7 +174,7 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) mutex_lock(&encl->lock); @@ -110,7 +111,7 @@ index 7c63a1911fae..05ae1168391c 100644 if (IS_ERR(entry)) { mutex_unlock(&encl->lock); -@@ -344,7 +363,7 @@ static struct sgx_encl_page *sgx_encl_reserve_page(struct sgx_encl *encl, +@@ -303,7 +322,7 @@ static struct sgx_encl_page *sgx_encl_reserve_page(struct sgx_encl *encl, for ( ; ; ) { mutex_lock(&encl->lock); @@ -132,5 +133,5 @@ index fec43ca65065..6b34efba1602 100644 #endif /* _X86_ENCL_H */ -- -2.35.1 +2.35.2 diff --git a/0006-x86-sgx-Export-sgx_encl_ewb_cpumask.patch b/0006-x86-sgx-Export-sgx_encl_ewb_cpumask.patch index 2f5c2faf5354..fa2f045f83ac 100644 --- a/0006-x86-sgx-Export-sgx_encl_ewb_cpumask.patch +++ b/0006-x86-sgx-Export-sgx_encl_ewb_cpumask.patch @@ -1,7 +1,7 @@ -From dfb13ff65827a0f229ee0401ea194cd47d17682e Mon Sep 17 00:00:00 2001 +From 100959e3e9bf237de44f769e204aee46e61b5765 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Thu, 3 Jun 2021 14:58:01 -0700 -Subject: [PATCH 06/30] x86/sgx: Export sgx_encl_ewb_cpumask() +Date: Wed, 13 Apr 2022 14:10:06 -0700 +Subject: [PATCH 06/31] x86/sgx: Export sgx_encl_ewb_cpumask() Using sgx_encl_ewb_cpumask() to learn which CPUs might have executed an enclave is useful to ensure that TLBs are cleared when changes are @@ -22,6 +22,7 @@ to a more prominent location before the function. No functional change. +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 67 ++++++++++++++++++++++++++++++++++ @@ -30,10 +31,10 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 3 files changed, 68 insertions(+), 29 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index 05ae1168391c..c6525eba74e8 100644 +index b45fcecea4bd..2845ec4faf24 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -613,6 +613,73 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) +@@ -570,6 +570,73 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) return 0; } @@ -120,7 +121,7 @@ index 6b34efba1602..d2acb4debde5 100644 struct sgx_backing *backing); void sgx_encl_put_backing(struct sgx_backing *backing, bool do_write); diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c -index 8e4bc6453d26..2de85f459492 100644 +index 4b41efc9e367..d481e8b0e7bc 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -203,35 +203,6 @@ static void sgx_ipi_cb(void *info) @@ -160,5 +161,5 @@ index 8e4bc6453d26..2de85f459492 100644 * Swap page to the regular memory transformed to the blocked state by using * EBLOCK, which means that it can no longer be referenced (no new TLB entries). -- -2.35.1 +2.35.2 diff --git a/0007-x86-sgx-Rename-sgx_encl_ewb_cpumask-as-sgx_encl_cpum.patch b/0007-x86-sgx-Rename-sgx_encl_ewb_cpumask-as-sgx_encl_cpum.patch index 1c17f6f9257a..7575ed87b0ed 100644 --- a/0007-x86-sgx-Rename-sgx_encl_ewb_cpumask-as-sgx_encl_cpum.patch +++ b/0007-x86-sgx-Rename-sgx_encl_ewb_cpumask-as-sgx_encl_cpum.patch @@ -1,7 +1,7 @@ -From 88c9ced2f94ffd6a7a3e5d3a0b6ad47bee0008d3 Mon Sep 17 00:00:00 2001 +From b87d36265a3ceb1574d68772f29c61a24433070e Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Fri, 7 Jan 2022 16:08:11 -0800 -Subject: [PATCH 07/30] x86/sgx: Rename sgx_encl_ewb_cpumask() as +Date: Wed, 13 Apr 2022 14:10:07 -0700 +Subject: [PATCH 07/31] x86/sgx: Rename sgx_encl_ewb_cpumask() as sgx_encl_cpumask() sgx_encl_ewb_cpumask() is no longer unique to the reclaimer where it @@ -18,6 +18,7 @@ no longer point to the changed pages. Rename sgx_encl_ewb_cpumask() to sgx_encl_cpumask() to reflect the broader usage. +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 6 +++--- @@ -26,10 +27,10 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index c6525eba74e8..8de9bebc4d81 100644 +index 2845ec4faf24..f241596ba411 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -614,7 +614,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) +@@ -571,7 +571,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) } /** @@ -38,7 +39,7 @@ index c6525eba74e8..8de9bebc4d81 100644 * @encl: the enclave * * Some SGX functions require that no cached linear-to-physical address -@@ -639,7 +639,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) +@@ -596,7 +596,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) * The following flow is used to support SGX functions that require that * no cached linear-to-physical address mappings are present: * 1) Execute ENCLS[ETRACK] to initiate hardware tracking. @@ -47,7 +48,7 @@ index c6525eba74e8..8de9bebc4d81 100644 * accessing the enclave. * 3) Send IPI to identified CPUs, kicking them out of the enclave and * thus flushing all locally cached linear-to-physical address mappings. -@@ -656,7 +656,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) +@@ -613,7 +613,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) * * Return: cpumask of CPUs that might be accessing @encl */ @@ -70,7 +71,7 @@ index d2acb4debde5..e59c2cbf71e2 100644 struct sgx_backing *backing); void sgx_encl_put_backing(struct sgx_backing *backing, bool do_write); diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c -index 2de85f459492..fa33922879bf 100644 +index d481e8b0e7bc..60b166bff7b4 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -249,7 +249,7 @@ static void sgx_encl_ewb(struct sgx_epc_page *epc_page, @@ -83,5 +84,5 @@ index 2de85f459492..fa33922879bf 100644 ret = __sgx_encl_ewb(epc_page, va_slot, backing); } -- -2.35.1 +2.35.2 diff --git a/0008-x86-sgx-Move-PTE-zap-code-to-new-sgx_zap_enclave_pte.patch b/0008-x86-sgx-Move-PTE-zap-code-to-new-sgx_zap_enclave_pte.patch index 7785e277fcb9..d9f052f0eed2 100644 --- a/0008-x86-sgx-Move-PTE-zap-code-to-new-sgx_zap_enclave_pte.patch +++ b/0008-x86-sgx-Move-PTE-zap-code-to-new-sgx_zap_enclave_pte.patch @@ -1,7 +1,7 @@ -From c7cbef91a72ec9afba76d518a2bc3102a13cfdb6 Mon Sep 17 00:00:00 2001 +From 1e61402b92958e49b5cbb4e47fb8238273e279f4 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Thu, 20 May 2021 14:23:58 -0700 -Subject: [PATCH 08/30] x86/sgx: Move PTE zap code to new +Date: Wed, 13 Apr 2022 14:10:08 -0700 +Subject: [PATCH 08/31] x86/sgx: Move PTE zap code to new sgx_zap_enclave_ptes() The SGX reclaimer removes page table entries pointing to pages that are @@ -23,6 +23,7 @@ Place sgx_zap_enclave_ptes() with the rest of the enclave code in encl.c interacting with the page table since this code is no longer unique to the reclaimer. +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 45 +++++++++++++++++++++++++++++++++- @@ -31,10 +32,10 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 3 files changed, 47 insertions(+), 31 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index 8de9bebc4d81..c77a62432862 100644 +index f241596ba411..a872bd7e953a 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -605,7 +605,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) +@@ -562,7 +562,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) spin_lock(&encl->mm_lock); list_add_rcu(&encl_mm->list, &encl->mm_list); @@ -43,7 +44,7 @@ index 8de9bebc4d81..c77a62432862 100644 smp_wmb(); encl->mm_list_version++; spin_unlock(&encl->mm_lock); -@@ -792,6 +792,49 @@ int sgx_encl_test_and_clear_young(struct mm_struct *mm, +@@ -751,6 +751,49 @@ int sgx_encl_test_and_clear_young(struct mm_struct *mm, return ret; } @@ -107,7 +108,7 @@ index e59c2cbf71e2..1b15d22f6757 100644 unsigned int sgx_alloc_va_slot(struct sgx_va_page *va_page); void sgx_free_va_slot(struct sgx_va_page *va_page, unsigned int offset); diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c -index fa33922879bf..ce9e87d5f8ec 100644 +index 60b166bff7b4..06492dcffcf1 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -137,36 +137,9 @@ static void sgx_reclaimer_block(struct sgx_epc_page *epc_page) @@ -150,5 +151,5 @@ index fa33922879bf..ce9e87d5f8ec 100644 mutex_lock(&encl->lock); -- -2.35.1 +2.35.2 diff --git a/0009-x86-sgx-Make-sgx_ipi_cb-available-internally.patch b/0009-x86-sgx-Make-sgx_ipi_cb-available-internally.patch index b8c7e966716e..b52276685cbc 100644 --- a/0009-x86-sgx-Make-sgx_ipi_cb-available-internally.patch +++ b/0009-x86-sgx-Make-sgx_ipi_cb-available-internally.patch @@ -1,7 +1,7 @@ -From ffff3007d13c58adc39a670951586a40cb999b75 Mon Sep 17 00:00:00 2001 +From 8f56418b1b9d2f70f0b81f6f7f04c2f7ba7e1746 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Thu, 3 Jun 2021 16:56:53 -0700 -Subject: [PATCH 09/30] x86/sgx: Make sgx_ipi_cb() available internally +Date: Wed, 13 Apr 2022 14:10:09 -0700 +Subject: [PATCH 09/31] x86/sgx: Make sgx_ipi_cb() available internally The ETRACK function followed by an IPI to all CPUs within an enclave is a common pattern with more frequent use in support of SGX2. @@ -9,6 +9,7 @@ is a common pattern with more frequent use in support of SGX2. Make the (empty) IPI callback function available internally in preparation for usage by SGX2. +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/kernel/cpu/sgx/main.c | 2 +- @@ -16,7 +17,7 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c -index ce9e87d5f8ec..6e2cb7564080 100644 +index 06492dcffcf1..1a3014aec490 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -172,7 +172,7 @@ static int __sgx_encl_ewb(struct sgx_epc_page *epc_page, void *va_slot, @@ -42,5 +43,5 @@ index 0f17def9fe6f..b30cee4de903 100644 int __init sgx_vepc_init(void); #else -- -2.35.1 +2.35.2 diff --git a/0010-x86-sgx-Create-utility-to-validate-user-provided-off.patch b/0010-x86-sgx-Create-utility-to-validate-user-provided-off.patch index a9105252064e..341d82ac56f6 100644 --- a/0010-x86-sgx-Create-utility-to-validate-user-provided-off.patch +++ b/0010-x86-sgx-Create-utility-to-validate-user-provided-off.patch @@ -1,21 +1,22 @@ -From ecacf0430a389f012555938381664e8f8d86af54 Mon Sep 17 00:00:00 2001 +From 87e7f3c34d6cdd9e2e4d5ff630e85c954c087122 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Fri, 21 Jan 2022 13:35:21 -0800 -Subject: [PATCH 10/30] x86/sgx: Create utility to validate user provided +Date: Wed, 13 Apr 2022 14:10:10 -0700 +Subject: [PATCH 10/31] x86/sgx: Create utility to validate user provided offset and length User provided offset and length is validated when parsing the parameters of the SGX_IOC_ENCLAVE_ADD_PAGES ioctl(). Extract this validation -into a utility that can be used by the SGX2 ioctl()s that will -also provide these values. +(with consistent use of IS_ALIGNED) into a utility that can be used +by the SGX2 ioctl()s that will also provide these values. +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/kernel/cpu/sgx/ioctl.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c -index 83df20e3e633..f487549bccba 100644 +index 83df20e3e633..a66795e0b685 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -372,6 +372,26 @@ static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long src, @@ -33,7 +34,7 @@ index 83df20e3e633..f487549bccba 100644 + if (!IS_ALIGNED(offset, PAGE_SIZE)) + return -EINVAL; + -+ if (!length || length & (PAGE_SIZE - 1)) ++ if (!length || !IS_ALIGNED(length, PAGE_SIZE)) + return -EINVAL; + + if (offset + length - PAGE_SIZE >= encl->size) @@ -63,5 +64,5 @@ index 83df20e3e633..f487549bccba 100644 if (copy_from_user(&secinfo, (void __user *)add_arg.secinfo, -- -2.35.1 +2.35.2 diff --git a/0011-x86-sgx-Keep-record-of-SGX-page-type.patch b/0011-x86-sgx-Keep-record-of-SGX-page-type.patch index 6733c5307d45..5ad1c20ab63d 100644 --- a/0011-x86-sgx-Keep-record-of-SGX-page-type.patch +++ b/0011-x86-sgx-Keep-record-of-SGX-page-type.patch @@ -1,7 +1,7 @@ -From d759347c5feada6386aa3883bb9e0c18d377bd77 Mon Sep 17 00:00:00 2001 +From 588655546cf6bda0ae880233e40240b6a0a6cbbe Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Wed, 9 Jun 2021 15:59:02 -0700 -Subject: [PATCH 11/30] x86/sgx: Keep record of SGX page type +Date: Wed, 13 Apr 2022 14:10:11 -0700 +Subject: [PATCH 11/31] x86/sgx: Keep record of SGX page type SGX2 functions are not allowed on all page types. For example, ENCLS[EMODPR] is only allowed on regular SGX enclave pages and @@ -28,6 +28,7 @@ members to support the additional information without increasing the space consumed by the struct. Acked-by: Jarkko Sakkinen <jarkko@kernel.org> +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/include/asm/sgx.h | 3 +++ @@ -64,7 +65,7 @@ index 1b15d22f6757..07abfc70c8e3 100644 struct sgx_encl *encl; struct sgx_va_page *va_page; diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c -index f487549bccba..0c211af8e948 100644 +index a66795e0b685..21078c6643f7 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -107,6 +107,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) @@ -84,5 +85,5 @@ index f487549bccba..0c211af8e948 100644 if (flags & SGX_PAGE_MEASURE) { -- -2.35.1 +2.35.2 diff --git a/0012-x86-sgx-Export-sgx_encl_-grow-shrink.patch b/0012-x86-sgx-Export-sgx_encl_-grow-shrink.patch index 900f5e5c0015..a096dc6633ba 100644 --- a/0012-x86-sgx-Export-sgx_encl_-grow-shrink.patch +++ b/0012-x86-sgx-Export-sgx_encl_-grow-shrink.patch @@ -1,12 +1,13 @@ -From 1408fa054374699618f56528ce7eda1a9640b0aa Mon Sep 17 00:00:00 2001 +From 224652fefdf04993c3e61f8a5beefe395489c7d0 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Thu, 10 Mar 2022 16:08:12 -0800 -Subject: [PATCH 12/30] x86/sgx: Export sgx_encl_{grow,shrink}() +Date: Wed, 13 Apr 2022 14:10:12 -0700 +Subject: [PATCH 12/31] x86/sgx: Export sgx_encl_{grow,shrink}() In order to use sgx_encl_{grow,shrink}() in the page augmentation code located in encl.c, export these functions. Suggested-by: Jarkko Sakkinen <jarkko@kernel.org> +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/kernel/cpu/sgx/encl.h | 2 ++ @@ -26,7 +27,7 @@ index 07abfc70c8e3..9d673d9531f0 100644 #endif /* _X86_ENCL_H */ diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c -index 0c211af8e948..746acddbb774 100644 +index 21078c6643f7..2df27dd8b30d 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -17,7 +17,7 @@ @@ -48,5 +49,5 @@ index 0c211af8e948..746acddbb774 100644 encl->page_cnt--; -- -2.35.1 +2.35.2 diff --git a/0013-x86-sgx-Export-sgx_encl_page_alloc.patch b/0013-x86-sgx-Export-sgx_encl_page_alloc.patch index c0c97adec60d..50c010eac95b 100644 --- a/0013-x86-sgx-Export-sgx_encl_page_alloc.patch +++ b/0013-x86-sgx-Export-sgx_encl_page_alloc.patch @@ -1,7 +1,7 @@ -From b53096d9fcb368a8d2568c04817c4d2ebd4b24d4 Mon Sep 17 00:00:00 2001 +From 25c6413856fe1d73bef5dfb3c8a6bddc728fe37a Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen <jarkko@kernel.org> -Date: Tue, 8 Mar 2022 13:28:32 +0200 -Subject: [PATCH 13/30] x86/sgx: Export sgx_encl_page_alloc() +Date: Wed, 13 Apr 2022 14:10:13 -0700 +Subject: [PATCH 13/31] x86/sgx: Export sgx_encl_page_alloc() Move sgx_encl_page_alloc() to encl.c and export it so that it can be used in the implementation for support of adding pages to initialized @@ -16,10 +16,10 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 3 files changed, 35 insertions(+), 32 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index c77a62432862..546423753e4c 100644 +index a872bd7e953a..38e42c2d3592 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -792,6 +792,38 @@ int sgx_encl_test_and_clear_young(struct mm_struct *mm, +@@ -751,6 +751,38 @@ int sgx_encl_test_and_clear_young(struct mm_struct *mm, return ret; } @@ -73,7 +73,7 @@ index 9d673d9531f0..253ebdd1c5be 100644 struct sgx_epc_page *sgx_alloc_va_page(void); unsigned int sgx_alloc_va_slot(struct sgx_va_page *va_page); diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c -index 746acddbb774..0460fd224a05 100644 +index 2df27dd8b30d..bb8cdb2ad0d1 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -169,38 +169,6 @@ static long sgx_ioc_enclave_create(struct sgx_encl *encl, void __user *arg) @@ -116,5 +116,5 @@ index 746acddbb774..0460fd224a05 100644 { u64 perm = secinfo->flags & SGX_SECINFO_PERMISSION_MASK; -- -2.35.1 +2.35.2 diff --git a/0014-x86-sgx-Support-VA-page-allocation-without-reclaimin.patch b/0014-x86-sgx-Support-VA-page-allocation-without-reclaimin.patch new file mode 100644 index 000000000000..bad182536397 --- /dev/null +++ b/0014-x86-sgx-Support-VA-page-allocation-without-reclaimin.patch @@ -0,0 +1,136 @@ +From dc8e57ec148e5f440afaedea7705742bf2f00236 Mon Sep 17 00:00:00 2001 +From: Reinette Chatre <reinette.chatre@intel.com> +Date: Wed, 13 Apr 2022 14:10:14 -0700 +Subject: [PATCH 14/31] x86/sgx: Support VA page allocation without reclaiming + +struct sgx_encl should be protected with the mutex +sgx_encl->lock. One exception is sgx_encl->page_cnt that +is incremented (in sgx_encl_grow()) when an enclave page +is added to the enclave. The reason the mutex is not held +is to allow the reclaimer to be called directly if there are +no EPC pages (in support of a new VA page) available at the time. + +Incrementing sgx_encl->page_cnt without sgc_encl->lock held +is currently (before SGX2) safe from concurrent updates because +all paths in which sgx_encl_grow() is called occur before +enclave initialization and are protected with an atomic +operation on SGX_ENCL_IOCTL. + +SGX2 includes support for dynamically adding pages after +enclave initialization where the protection of SGX_ENCL_IOCTL +is not available. + +Make direct reclaim of EPC pages optional when new VA pages +are added to the enclave. Essentially the existing "reclaim" +flag used when regular EPC pages are added to an enclave +becomes available to the caller when used to allocate VA pages +instead of always being "true". + +When adding pages without invoking the reclaimer it is possible +to do so with sgx_encl->lock held, gaining its protection against +concurrent updates to sgx_encl->page_cnt after enclave +initialization. + +No functional change. + +Reported-by: Haitao Huang <haitao.huang@intel.com> +Tested-by: Haitao Huang <haitao.huang@intel.com> +Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> +--- + arch/x86/kernel/cpu/sgx/encl.c | 6 ++++-- + arch/x86/kernel/cpu/sgx/encl.h | 4 ++-- + arch/x86/kernel/cpu/sgx/ioctl.c | 8 ++++---- + 3 files changed, 10 insertions(+), 8 deletions(-) + +diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c +index 38e42c2d3592..8729b254b0cc 100644 +--- a/arch/x86/kernel/cpu/sgx/encl.c ++++ b/arch/x86/kernel/cpu/sgx/encl.c +@@ -828,6 +828,8 @@ void sgx_zap_enclave_ptes(struct sgx_encl *encl, unsigned long addr) + + /** + * sgx_alloc_va_page() - Allocate a Version Array (VA) page ++ * @reclaim: Reclaim EPC pages directly if none available. Enclave ++ * mutex should not be held if this is set. + * + * Allocate a free EPC page and convert it to a Version Array (VA) page. + * +@@ -835,12 +837,12 @@ void sgx_zap_enclave_ptes(struct sgx_encl *encl, unsigned long addr) + * a VA page, + * -errno otherwise + */ +-struct sgx_epc_page *sgx_alloc_va_page(void) ++struct sgx_epc_page *sgx_alloc_va_page(bool reclaim) + { + struct sgx_epc_page *epc_page; + int ret; + +- epc_page = sgx_alloc_epc_page(NULL, true); ++ epc_page = sgx_alloc_epc_page(NULL, reclaim); + if (IS_ERR(epc_page)) + return ERR_CAST(epc_page); + +diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h +index 253ebdd1c5be..66adb8faec45 100644 +--- a/arch/x86/kernel/cpu/sgx/encl.h ++++ b/arch/x86/kernel/cpu/sgx/encl.h +@@ -116,14 +116,14 @@ struct sgx_encl_page *sgx_encl_page_alloc(struct sgx_encl *encl, + unsigned long offset, + u64 secinfo_flags); + void sgx_zap_enclave_ptes(struct sgx_encl *encl, unsigned long addr); +-struct sgx_epc_page *sgx_alloc_va_page(void); ++struct sgx_epc_page *sgx_alloc_va_page(bool reclaim); + unsigned int sgx_alloc_va_slot(struct sgx_va_page *va_page); + void sgx_free_va_slot(struct sgx_va_page *va_page, unsigned int offset); + bool sgx_va_page_full(struct sgx_va_page *va_page); + void sgx_encl_free_epc_page(struct sgx_epc_page *page); + struct sgx_encl_page *sgx_encl_load_page(struct sgx_encl *encl, + unsigned long addr); +-struct sgx_va_page *sgx_encl_grow(struct sgx_encl *encl); ++struct sgx_va_page *sgx_encl_grow(struct sgx_encl *encl, bool reclaim); + void sgx_encl_shrink(struct sgx_encl *encl, struct sgx_va_page *va_page); + + #endif /* _X86_ENCL_H */ +diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c +index bb8cdb2ad0d1..5d41aa204761 100644 +--- a/arch/x86/kernel/cpu/sgx/ioctl.c ++++ b/arch/x86/kernel/cpu/sgx/ioctl.c +@@ -17,7 +17,7 @@ + #include "encl.h" + #include "encls.h" + +-struct sgx_va_page *sgx_encl_grow(struct sgx_encl *encl) ++struct sgx_va_page *sgx_encl_grow(struct sgx_encl *encl, bool reclaim) + { + struct sgx_va_page *va_page = NULL; + void *err; +@@ -30,7 +30,7 @@ struct sgx_va_page *sgx_encl_grow(struct sgx_encl *encl) + if (!va_page) + return ERR_PTR(-ENOMEM); + +- va_page->epc_page = sgx_alloc_va_page(); ++ va_page->epc_page = sgx_alloc_va_page(reclaim); + if (IS_ERR(va_page->epc_page)) { + err = ERR_CAST(va_page->epc_page); + kfree(va_page); +@@ -64,7 +64,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) + struct file *backing; + long ret; + +- va_page = sgx_encl_grow(encl); ++ va_page = sgx_encl_grow(encl, true); + if (IS_ERR(va_page)) + return PTR_ERR(va_page); + else if (va_page) +@@ -275,7 +275,7 @@ static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long src, + return PTR_ERR(epc_page); + } + +- va_page = sgx_encl_grow(encl); ++ va_page = sgx_encl_grow(encl, true); + if (IS_ERR(va_page)) { + ret = PTR_ERR(va_page); + goto err_out_free; +-- +2.35.2 + diff --git a/0014-x86-sgx-Support-restricting-of-enclave-page-permissi.patch b/0015-x86-sgx-Support-restricting-of-enclave-page-permissi.patch index fcd03a7cb57b..1efe9f470ce2 100644 --- a/0014-x86-sgx-Support-restricting-of-enclave-page-permissi.patch +++ b/0015-x86-sgx-Support-restricting-of-enclave-page-permissi.patch @@ -1,7 +1,7 @@ -From cd16553f3cb42e94f3e5ed83c28375e85c4462f7 Mon Sep 17 00:00:00 2001 +From 8ff9ec59a55ea1ccc5f17f8053e747a963efc327 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Mon, 7 Jun 2021 09:13:44 -0700 -Subject: [PATCH 14/30] x86/sgx: Support restricting of enclave page +Date: Wed, 13 Apr 2022 14:10:15 -0700 +Subject: [PATCH 15/31] x86/sgx: Support restricting of enclave page permissions In the initial (SGX1) version of SGX, pages in an enclave need to be @@ -39,18 +39,18 @@ an access attempt. No checking is done to ensure that the permissions are actually being restricted. This is because the enclave may have relaxed -the EPCM permissions from within the enclave without letting the -kernel know. An attempt to relax permissions using this call will +the EPCM permissions from within the enclave without the kernel +knowing. An attempt to relax permissions using this call will be ignored by the hardware. Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- - arch/x86/include/uapi/asm/sgx.h | 21 +++ - arch/x86/kernel/cpu/sgx/ioctl.c | 242 ++++++++++++++++++++++++++++++++ - 2 files changed, 263 insertions(+) + arch/x86/include/uapi/asm/sgx.h | 21 ++++ + arch/x86/kernel/cpu/sgx/ioctl.c | 216 ++++++++++++++++++++++++++++++++ + 2 files changed, 237 insertions(+) diff --git a/arch/x86/include/uapi/asm/sgx.h b/arch/x86/include/uapi/asm/sgx.h -index f4b81587e90b..a0a24e94fb27 100644 +index f4b81587e90b..82648c006470 100644 --- a/arch/x86/include/uapi/asm/sgx.h +++ b/arch/x86/include/uapi/asm/sgx.h @@ -29,6 +29,8 @@ enum sgx_page_flags { @@ -72,15 +72,15 @@ index f4b81587e90b..a0a24e94fb27 100644 + * @offset: starting page offset (page aligned relative to enclave base + * address defined in SECS) + * @length: length of memory (multiple of the page size) -+ * @secinfo: address for the SECINFO data containing the new permission bits -+ * for pages in range described by @offset and @length ++ * @permissions:new permission bits for pages in range described by @offset ++ * and @length + * @result: (output) SGX result code of ENCLS[EMODPR] function + * @count: (output) bytes successfully changed (multiple of page size) + */ +struct sgx_enclave_restrict_permissions { + __u64 offset; + __u64 length; -+ __u64 secinfo; ++ __u64 permissions; + __u64 result; + __u64 count; +}; @@ -89,10 +89,10 @@ index f4b81587e90b..a0a24e94fb27 100644 /** diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c -index 0460fd224a05..4d88bfd163e7 100644 +index 5d41aa204761..395b4e58a295 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c -@@ -660,6 +660,244 @@ static long sgx_ioc_enclave_provision(struct sgx_encl *encl, void __user *arg) +@@ -660,6 +660,218 @@ static long sgx_ioc_enclave_provision(struct sgx_encl *encl, void __user *arg) return sgx_set_attribute(&encl->attributes_mask, params.fd); } @@ -113,46 +113,15 @@ index 0460fd224a05..4d88bfd163e7 100644 +} + +/* -+ * Return valid permission fields from a secinfo structure provided by -+ * user space. The secinfo structure is required to only have bits in -+ * the permission fields set. -+ */ -+static int sgx_perm_from_user_secinfo(void __user *_secinfo, u64 *secinfo_perm) -+{ -+ struct sgx_secinfo secinfo; -+ u64 perm; -+ -+ if (copy_from_user(&secinfo, (void __user *)_secinfo, -+ sizeof(secinfo))) -+ return -EFAULT; -+ -+ if (secinfo.flags & ~SGX_SECINFO_PERMISSION_MASK) -+ return -EINVAL; -+ -+ if (memchr_inv(secinfo.reserved, 0, sizeof(secinfo.reserved))) -+ return -EINVAL; -+ -+ perm = secinfo.flags & SGX_SECINFO_PERMISSION_MASK; -+ -+ /* -+ * Read access is required for the enclave to be able to use the page. -+ * SGX instructions like ENCLU[EMODPE] and ENCLU[EACCEPT] require -+ * read access. -+ */ -+ if (!(perm & SGX_SECINFO_R)) -+ return -EINVAL; -+ -+ *secinfo_perm = perm; -+ -+ return 0; -+} -+ -+/* + * Some SGX functions require that no cached linear-to-physical address + * mappings are present before they can succeed. Collaborate with + * hardware via ENCLS[ETRACK] to ensure that all cached + * linear-to-physical address mappings belonging to all threads of + * the enclave are cleared. See sgx_encl_cpumask() for details. ++ * ++ * Must be called with enclave's mutex held from the time the ++ * SGX function requiring that no cached linear-to-physical mappings ++ * are present is executed until this ETRACK flow is complete. + */ +static int sgx_enclave_etrack(struct sgx_encl *encl) +{ @@ -188,8 +157,8 @@ index 0460fd224a05..4d88bfd163e7 100644 +/** + * sgx_enclave_restrict_permissions() - Restrict EPCM permissions + * @encl: Enclave to which the pages belong. -+ * @modp: Checked parameters from user on which pages need modifying. -+ * @secinfo_perm: New (validated) permission bits. ++ * @modp: Checked parameters from user on which pages need modifying and ++ * their new permissions. + * + * Return: + * - 0: Success. @@ -197,8 +166,7 @@ index 0460fd224a05..4d88bfd163e7 100644 + */ +static long +sgx_enclave_restrict_permissions(struct sgx_encl *encl, -+ struct sgx_enclave_restrict_permissions *modp, -+ u64 secinfo_perm) ++ struct sgx_enclave_restrict_permissions *modp) +{ + struct sgx_encl_page *entry; + struct sgx_secinfo secinfo; @@ -208,7 +176,7 @@ index 0460fd224a05..4d88bfd163e7 100644 + int ret; + + memset(&secinfo, 0, sizeof(secinfo)); -+ secinfo.flags = secinfo_perm; ++ secinfo.flags = modp->permissions & SGX_SECINFO_PERMISSION_MASK; + + for (c = 0 ; c < modp->length; c += PAGE_SIZE) { + addr = encl->base + modp->offset + c; @@ -232,11 +200,12 @@ index 0460fd224a05..4d88bfd163e7 100644 + } + + /* -+ * Do not verify the permission bits requested. Kernel -+ * has no control over how EPCM permissions can be relaxed -+ * from within the enclave. ENCLS[EMODPR] can only -+ * remove existing EPCM permissions, attempting to set -+ * new permissions will be ignored by the hardware. ++ * Apart from ensuring that read-access remains, do not verify ++ * the permission bits requested. Kernel has no control over ++ * how EPCM permissions can be relaxed from within the enclave. ++ * ENCLS[EMODPR] can only remove existing EPCM permissions, ++ * attempting to set new permissions will be ignored by the ++ * hardware. + */ + + /* Change EPCM permissions. */ @@ -305,7 +274,6 @@ index 0460fd224a05..4d88bfd163e7 100644 + void __user *arg) +{ + struct sgx_enclave_restrict_permissions params; -+ u64 secinfo_perm; + long ret; + + ret = sgx_ioc_sgx2_ready(encl); @@ -318,15 +286,21 @@ index 0460fd224a05..4d88bfd163e7 100644 + if (sgx_validate_offset_length(encl, params.offset, params.length)) + return -EINVAL; + -+ ret = sgx_perm_from_user_secinfo((void __user *)params.secinfo, -+ &secinfo_perm); -+ if (ret) -+ return ret; ++ if (params.permissions & ~SGX_SECINFO_PERMISSION_MASK) ++ return -EINVAL; ++ ++ /* ++ * Read access is required for the enclave to be able to use the page. ++ * SGX instructions like ENCLU[EMODPE] and ENCLU[EACCEPT] require ++ * read access. ++ */ ++ if (!(params.permissions & SGX_SECINFO_R)) ++ return -EINVAL; + + if (params.result || params.count) + return -EINVAL; + -+ ret = sgx_enclave_restrict_permissions(encl, ¶ms, secinfo_perm); ++ ret = sgx_enclave_restrict_permissions(encl, ¶ms); + + if (copy_to_user(arg, ¶ms, sizeof(params))) + return -EFAULT; @@ -337,7 +311,7 @@ index 0460fd224a05..4d88bfd163e7 100644 long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg) { struct sgx_encl *encl = filep->private_data; -@@ -681,6 +919,10 @@ long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg) +@@ -681,6 +893,10 @@ long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg) case SGX_IOC_ENCLAVE_PROVISION: ret = sgx_ioc_enclave_provision(encl, (void __user *)arg); break; @@ -349,5 +323,5 @@ index 0460fd224a05..4d88bfd163e7 100644 ret = -ENOIOCTLCMD; break; -- -2.35.1 +2.35.2 diff --git a/0015-x86-sgx-Support-adding-of-pages-to-an-initialized-en.patch b/0016-x86-sgx-Support-adding-of-pages-to-an-initialized-en.patch index b7ab3e4d0fcb..38ad636ed843 100644 --- a/0015-x86-sgx-Support-adding-of-pages-to-an-initialized-en.patch +++ b/0016-x86-sgx-Support-adding-of-pages-to-an-initialized-en.patch @@ -1,7 +1,7 @@ -From c2c09a7fbb72fd5eb423f8e84ade9d1511503612 Mon Sep 17 00:00:00 2001 +From 467c051f0ccb4a65846d9c174fbb4587e028d008 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Tue, 13 Jul 2021 08:58:53 -0700 -Subject: [PATCH 15/30] x86/sgx: Support adding of pages to an initialized +Date: Wed, 13 Apr 2022 14:10:16 -0700 +Subject: [PATCH 16/31] x86/sgx: Support adding of pages to an initialized enclave With SGX1 an enclave needs to be created with its maximum memory demands @@ -14,10 +14,10 @@ Pages can be added during enclave runtime. Add support for dynamically adding pages to an initialized enclave, architecturally limited to RW permission at creation but allowed to -obtain RWX permissions after enclave runs EMODPE. Add pages via the -page fault handler at the time an enclave address without a backing -enclave page is accessed, potentially directly reclaiming pages if -no free pages are available. +obtain RWX permissions after trusted enclave runs EMODPE. Add pages +via the page fault handler at the time an enclave address without a +backing enclave page is accessed, potentially directly reclaiming +pages if no free pages are available. The enclave is still required to run ENCLU[EACCEPT] on the page before it can be used. A useful flow is for the enclave to run ENCLU[EACCEPT] @@ -40,16 +40,18 @@ triggers this flow but the page will remain inaccessible (access will result in #PF) until accepted from within the enclave via ENCLU[EACCEPT]. +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> +Tested-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- - arch/x86/kernel/cpu/sgx/encl.c | 124 +++++++++++++++++++++++++++++++++ - 1 file changed, 124 insertions(+) + arch/x86/kernel/cpu/sgx/encl.c | 117 +++++++++++++++++++++++++++++++++ + 1 file changed, 117 insertions(+) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index 546423753e4c..fa4f947f8496 100644 +index 8729b254b0cc..91d648f68080 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -194,6 +194,119 @@ struct sgx_encl_page *sgx_encl_load_page(struct sgx_encl *encl, +@@ -153,6 +153,112 @@ struct sgx_encl_page *sgx_encl_load_page(struct sgx_encl *encl, return __sgx_encl_load_page(encl, entry); } @@ -98,20 +100,14 @@ index 546423753e4c..fa4f947f8496 100644 + return VM_FAULT_SIGBUS; + } + -+ va_page = sgx_encl_grow(encl); ++ mutex_lock(&encl->lock); ++ ++ va_page = sgx_encl_grow(encl, false); + if (IS_ERR(va_page)) { + ret = PTR_ERR(va_page); -+ goto err_out_free; ++ goto err_out_unlock; + } + -+ mutex_lock(&encl->lock); -+ -+ /* -+ * Copy comment from sgx_encl_add_page() to maintain guidance in -+ * this similar flow: -+ * Adding to encl->va_pages must be done under encl->lock. Ditto for -+ * deleting (via sgx_encl_shrink()) in the error path. -+ */ + if (va_page) + list_add(&va_page->list, &encl->va_pages); + @@ -122,7 +118,7 @@ index 546423753e4c..fa4f947f8496 100644 + * running without encl->lock + */ + if (ret) -+ goto err_out_unlock; ++ goto err_out_shrink; + + pginfo.secs = (unsigned long)sgx_get_epc_virt_addr(encl->secs.epc_page); + pginfo.addr = encl_page->desc & PAGE_MASK; @@ -155,11 +151,10 @@ index 546423753e4c..fa4f947f8496 100644 +err_out: + xa_erase(&encl->page_array, PFN_DOWN(encl_page->desc)); + -+err_out_unlock: ++err_out_shrink: + sgx_encl_shrink(encl, va_page); ++err_out_unlock: + mutex_unlock(&encl->lock); -+ -+err_out_free: + sgx_encl_free_epc_page(epc_page); + kfree(encl_page); + @@ -169,7 +164,7 @@ index 546423753e4c..fa4f947f8496 100644 static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) { unsigned long addr = (unsigned long)vmf->address; -@@ -213,6 +326,17 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) +@@ -172,6 +278,17 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) if (unlikely(!encl)) return VM_FAULT_SIGBUS; @@ -188,5 +183,5 @@ index 546423753e4c..fa4f947f8496 100644 entry = sgx_encl_load_page_in_vma(encl, addr, vma->vm_flags); -- -2.35.1 +2.35.2 diff --git a/0016-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch b/0017-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch index 313d0c99ac13..66ea43b7d590 100644 --- a/0016-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch +++ b/0017-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch @@ -1,7 +1,7 @@ -From ad4892ff45c6bb365cfc090572059bba52b79a78 Mon Sep 17 00:00:00 2001 +From e190e78cfceb89eb658cb27afe5456dc2ba24dd4 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Mon, 13 Sep 2021 11:08:47 -0700 -Subject: [PATCH 16/30] x86/sgx: Tighten accessible memory range after enclave +Date: Wed, 13 Apr 2022 14:10:17 -0700 +Subject: [PATCH 17/31] x86/sgx: Tighten accessible memory range after enclave initialization Before an enclave is initialized the enclave's memory range is unknown. @@ -31,16 +31,17 @@ the access was from outside the enclave. Disallowing invalid memory to be mapped in the first place avoids preventable failures. +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index fa4f947f8496..7909570736a0 100644 +index 91d648f68080..ae4f444f4a43 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -409,6 +409,11 @@ int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start, +@@ -361,6 +361,11 @@ int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start, XA_STATE(xas, &encl->page_array, PFN_DOWN(start)); @@ -53,5 +54,5 @@ index fa4f947f8496..7909570736a0 100644 * Disallow READ_IMPLIES_EXEC tasks as their VMA permissions might * conflict with the enclave page permissions. -- -2.35.1 +2.35.2 diff --git a/0017-x86-sgx-Support-modifying-SGX-page-type.patch b/0018-x86-sgx-Support-modifying-SGX-page-type.patch index bdba64106788..d4f871756959 100644 --- a/0017-x86-sgx-Support-modifying-SGX-page-type.patch +++ b/0018-x86-sgx-Support-modifying-SGX-page-type.patch @@ -1,7 +1,7 @@ -From 1d37a875597233c79bf09c64d310d75ebb4cb083 Mon Sep 17 00:00:00 2001 +From 710eae1c72f307515eda27b51dac3b320ddd3305 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Mon, 9 Aug 2021 14:03:54 -0700 -Subject: [PATCH 17/30] x86/sgx: Support modifying SGX page type +Date: Wed, 13 Apr 2022 14:10:18 -0700 +Subject: [PATCH 18/31] x86/sgx: Support modifying SGX page type Every enclave contains one or more Thread Control Structures (TCS). The TCS contains meta-data used by the hardware to save and restore thread @@ -27,15 +27,15 @@ Changing the enclave page type to SGX_PAGE_TYPE_TRIM is the first step of dynamically removing pages from an initialized enclave. The complete page removal flow is: 1) Change the type of the pages to be removed to SGX_PAGE_TYPE_TRIM - using the SGX_IOC_ENCLAVE_MODIFY_TYPE ioctl() introduced here. + using the SGX_IOC_ENCLAVE_MODIFY_TYPES ioctl() introduced here. 2) Approve the page removal by running ENCLU[EACCEPT] from within the enclave. 3) Initiate actual page removal using the ioctl() introduced in the following patch. -Add ioctl() SGX_IOC_ENCLAVE_MODIFY_TYPE to support changing SGX +Add ioctl() SGX_IOC_ENCLAVE_MODIFY_TYPES to support changing SGX enclave page types within an initialized enclave. With -SGX_IOC_ENCLAVE_MODIFY_TYPE the user specifies a page range and the +SGX_IOC_ENCLAVE_MODIFY_TYPES the user specifies a page range and the enclave page type to be applied to all pages in the provided range. The ioctl() itself can return an error code based on failures encountered by the kernel. It is also possible for SGX specific @@ -52,41 +52,40 @@ will encounter a page fault with SGX flag set in error code. Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- - arch/x86/include/uapi/asm/sgx.h | 20 +++ - arch/x86/kernel/cpu/sgx/ioctl.c | 209 ++++++++++++++++++++++++++++++++ - 2 files changed, 229 insertions(+) + arch/x86/include/uapi/asm/sgx.h | 19 +++ + arch/x86/kernel/cpu/sgx/ioctl.c | 201 ++++++++++++++++++++++++++++++++ + 2 files changed, 220 insertions(+) diff --git a/arch/x86/include/uapi/asm/sgx.h b/arch/x86/include/uapi/asm/sgx.h -index a0a24e94fb27..529f4ab28410 100644 +index 82648c006470..de4d1af628d5 100644 --- a/arch/x86/include/uapi/asm/sgx.h +++ b/arch/x86/include/uapi/asm/sgx.h @@ -31,6 +31,8 @@ enum sgx_page_flags { _IO(SGX_MAGIC, 0x04) #define SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS \ _IOWR(SGX_MAGIC, 0x05, struct sgx_enclave_restrict_permissions) -+#define SGX_IOC_ENCLAVE_MODIFY_TYPE \ ++#define SGX_IOC_ENCLAVE_MODIFY_TYPES \ + _IOWR(SGX_MAGIC, 0x06, struct sgx_enclave_modify_type) /** * struct sgx_enclave_create - parameter structure for the -@@ -97,6 +99,24 @@ struct sgx_enclave_restrict_permissions { +@@ -97,6 +99,23 @@ struct sgx_enclave_restrict_permissions { __u64 count; }; +/** -+ * struct sgx_enclave_modify_type - parameters for %SGX_IOC_ENCLAVE_MODIFY_TYPE ++ * struct sgx_enclave_modify_type - parameters for %SGX_IOC_ENCLAVE_MODIFY_TYPES + * @offset: starting page offset (page aligned relative to enclave base + * address defined in SECS) + * @length: length of memory (multiple of the page size) -+ * @secinfo: address for the SECINFO data containing the new type -+ * for pages in range described by @offset and @length ++ * @page_type: new type for pages in range described by @offset and @length + * @result: (output) SGX result code of ENCLS[EMODT] function + * @count: (output) bytes successfully changed (multiple of page size) + */ +struct sgx_enclave_modify_type { + __u64 offset; + __u64 length; -+ __u64 secinfo; ++ __u64 page_type; + __u64 result; + __u64 count; +}; @@ -95,28 +94,28 @@ index a0a24e94fb27..529f4ab28410 100644 /** diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c -index 4d88bfd163e7..6f769e67ec2d 100644 +index 395b4e58a295..8709f131ae40 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c -@@ -898,6 +898,212 @@ static long sgx_ioc_enclave_restrict_permissions(struct sgx_encl *encl, +@@ -872,6 +872,204 @@ static long sgx_ioc_enclave_restrict_permissions(struct sgx_encl *encl, return ret; } +/** + * sgx_enclave_modify_type() - Modify type of SGX enclave pages + * @encl: Enclave to which the pages belong. -+ * @modt: Checked parameters from user about which pages need modifying. -+ * @page_type: New page type. ++ * @modt: Checked parameters from user about which pages need modifying ++ * and their new page type. + * + * Return: + * - 0: Success + * - -errno: Otherwise + */ +static long sgx_enclave_modify_type(struct sgx_encl *encl, -+ struct sgx_enclave_modify_type *modt, -+ enum sgx_page_type page_type) ++ struct sgx_enclave_modify_type *modt) +{ + unsigned long max_prot_restore; ++ enum sgx_page_type page_type; + struct sgx_encl_page *entry; + struct sgx_secinfo secinfo; + unsigned long prot; @@ -125,6 +124,8 @@ index 4d88bfd163e7..6f769e67ec2d 100644 + void *epc_virt; + int ret; + ++ page_type = modt->page_type & SGX_PAGE_TYPE_MASK; ++ + /* + * The only new page types allowed by hardware are PT_TCS and PT_TRIM. + */ @@ -247,7 +248,7 @@ index 4d88bfd163e7..6f769e67ec2d 100644 +} + +/** -+ * sgx_ioc_enclave_modify_type() - handler for %SGX_IOC_ENCLAVE_MODIFY_TYPE ++ * sgx_ioc_enclave_modify_type() - handler for %SGX_IOC_ENCLAVE_MODIFY_TYPES + * @encl: an enclave pointer + * @arg: userspace pointer to a &struct sgx_enclave_modify_type instance + * @@ -272,8 +273,6 @@ index 4d88bfd163e7..6f769e67ec2d 100644 +static long sgx_ioc_enclave_modify_type(struct sgx_encl *encl, void __user *arg) +{ + struct sgx_enclave_modify_type params; -+ enum sgx_page_type page_type; -+ struct sgx_secinfo secinfo; + long ret; + + ret = sgx_ioc_sgx2_ready(encl); @@ -286,21 +285,13 @@ index 4d88bfd163e7..6f769e67ec2d 100644 + if (sgx_validate_offset_length(encl, params.offset, params.length)) + return -EINVAL; + -+ if (copy_from_user(&secinfo, (void __user *)params.secinfo, -+ sizeof(secinfo))) -+ return -EFAULT; -+ -+ if (secinfo.flags & ~SGX_SECINFO_PAGE_TYPE_MASK) -+ return -EINVAL; -+ -+ if (memchr_inv(secinfo.reserved, 0, sizeof(secinfo.reserved))) ++ if (params.page_type & ~SGX_PAGE_TYPE_MASK) + return -EINVAL; + + if (params.result || params.count) + return -EINVAL; + -+ page_type = (secinfo.flags & SGX_SECINFO_PAGE_TYPE_MASK) >> 8; -+ ret = sgx_enclave_modify_type(encl, ¶ms, page_type); ++ ret = sgx_enclave_modify_type(encl, ¶ms); + + if (copy_to_user(arg, ¶ms, sizeof(params))) + return -EFAULT; @@ -311,16 +302,16 @@ index 4d88bfd163e7..6f769e67ec2d 100644 long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg) { struct sgx_encl *encl = filep->private_data; -@@ -923,6 +1129,9 @@ long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg) +@@ -897,6 +1095,9 @@ long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg) ret = sgx_ioc_enclave_restrict_permissions(encl, (void __user *)arg); break; -+ case SGX_IOC_ENCLAVE_MODIFY_TYPE: ++ case SGX_IOC_ENCLAVE_MODIFY_TYPES: + ret = sgx_ioc_enclave_modify_type(encl, (void __user *)arg); + break; default: ret = -ENOIOCTLCMD; break; -- -2.35.1 +2.35.2 diff --git a/0018-x86-sgx-Support-complete-page-removal.patch b/0019-x86-sgx-Support-complete-page-removal.patch index 8201a1788009..bd641e00b777 100644 --- a/0018-x86-sgx-Support-complete-page-removal.patch +++ b/0019-x86-sgx-Support-complete-page-removal.patch @@ -1,12 +1,12 @@ -From 342f61fe55c7e9a5e981d1d1a5102ef8f1384322 Mon Sep 17 00:00:00 2001 +From 9a8e4129b4520df5f77037e8be9a69d9878dc949 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Wed, 8 Sep 2021 11:51:35 -0700 -Subject: [PATCH 18/30] x86/sgx: Support complete page removal +Date: Wed, 13 Apr 2022 14:10:19 -0700 +Subject: [PATCH 19/31] x86/sgx: Support complete page removal The SGX2 page removal flow was introduced in previous patch and is as follows: 1) Change the type of the pages to be removed to SGX_PAGE_TYPE_TRIM - using the ioctl() SGX_IOC_ENCLAVE_MODIFY_TYPE introduced in + using the ioctl() SGX_IOC_ENCLAVE_MODIFY_TYPES introduced in previous patch. 2) Approve the page removal by running ENCLU[EACCEPT] from within the enclave. @@ -31,6 +31,7 @@ removed. If the user omits running SGX_IOC_ENCLAVE_REMOVE_PAGES the pages will still be removed when the enclave is unloaded. +Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- arch/x86/include/uapi/asm/sgx.h | 21 +++++ @@ -38,19 +39,19 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 2 files changed, 166 insertions(+) diff --git a/arch/x86/include/uapi/asm/sgx.h b/arch/x86/include/uapi/asm/sgx.h -index 529f4ab28410..feda7f85b2ce 100644 +index de4d1af628d5..ec708bd30528 100644 --- a/arch/x86/include/uapi/asm/sgx.h +++ b/arch/x86/include/uapi/asm/sgx.h @@ -33,6 +33,8 @@ enum sgx_page_flags { _IOWR(SGX_MAGIC, 0x05, struct sgx_enclave_restrict_permissions) - #define SGX_IOC_ENCLAVE_MODIFY_TYPE \ + #define SGX_IOC_ENCLAVE_MODIFY_TYPES \ _IOWR(SGX_MAGIC, 0x06, struct sgx_enclave_modify_type) +#define SGX_IOC_ENCLAVE_REMOVE_PAGES \ + _IOWR(SGX_MAGIC, 0x07, struct sgx_enclave_remove_pages) /** * struct sgx_enclave_create - parameter structure for the -@@ -117,6 +119,25 @@ struct sgx_enclave_modify_type { +@@ -116,6 +118,25 @@ struct sgx_enclave_modify_type { __u64 count; }; @@ -62,7 +63,7 @@ index 529f4ab28410..feda7f85b2ce 100644 + * @count: (output) bytes successfully changed (multiple of page size) + * + * Regular (PT_REG) or TCS (PT_TCS) can be removed from an initialized -+ * enclave if the system supports SGX2. First, the %SGX_IOC_ENCLAVE_MODIFY_TYPE ++ * enclave if the system supports SGX2. First, the %SGX_IOC_ENCLAVE_MODIFY_TYPES + * ioctl() should be used to change the page type to PT_TRIM. After that + * succeeds ENCLU[EACCEPT] should be run from within the enclave and then + * %SGX_IOC_ENCLAVE_REMOVE_PAGES can be used to complete the page removal. @@ -77,10 +78,10 @@ index 529f4ab28410..feda7f85b2ce 100644 /** diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c -index 6f769e67ec2d..515e1961cc02 100644 +index 8709f131ae40..f9a1654a49b7 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c -@@ -1104,6 +1104,148 @@ static long sgx_ioc_enclave_modify_type(struct sgx_encl *encl, void __user *arg) +@@ -1070,6 +1070,148 @@ static long sgx_ioc_enclave_modify_type(struct sgx_encl *encl, void __user *arg) return ret; } @@ -182,7 +183,7 @@ index 6f769e67ec2d..515e1961cc02 100644 + * complete flow is: + * + * 1) User changes the type of the pages to be removed to %SGX_PAGE_TYPE_TRIM -+ * using the %SGX_IOC_ENCLAVE_MODIFY_TYPE ioctl(). ++ * using the %SGX_IOC_ENCLAVE_MODIFY_TYPES ioctl(). + * 2) User approves the page removal by running ENCLU[EACCEPT] from within + * the enclave. + * 3) User initiates actual page removal using the @@ -229,8 +230,8 @@ index 6f769e67ec2d..515e1961cc02 100644 long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg) { struct sgx_encl *encl = filep->private_data; -@@ -1132,6 +1274,9 @@ long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg) - case SGX_IOC_ENCLAVE_MODIFY_TYPE: +@@ -1098,6 +1240,9 @@ long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg) + case SGX_IOC_ENCLAVE_MODIFY_TYPES: ret = sgx_ioc_enclave_modify_type(encl, (void __user *)arg); break; + case SGX_IOC_ENCLAVE_REMOVE_PAGES: @@ -240,5 +241,5 @@ index 6f769e67ec2d..515e1961cc02 100644 ret = -ENOIOCTLCMD; break; -- -2.35.1 +2.35.2 diff --git a/0019-x86-sgx-Free-up-EPC-pages-directly-to-support-large-.patch b/0020-x86-sgx-Free-up-EPC-pages-directly-to-support-large-.patch index 6beecdd6a67f..bd86089962d2 100644 --- a/0019-x86-sgx-Free-up-EPC-pages-directly-to-support-large-.patch +++ b/0020-x86-sgx-Free-up-EPC-pages-directly-to-support-large-.patch @@ -1,7 +1,7 @@ -From f64beb4d3a1c793f928a4111daef0fee85f4733f Mon Sep 17 00:00:00 2001 +From 0ed2b241836b30d344da4f8f73ce87878aea5c87 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Thu, 23 Sep 2021 14:56:45 -0700 -Subject: [PATCH 19/30] x86/sgx: Free up EPC pages directly to support large +Date: Wed, 13 Apr 2022 14:10:20 -0700 +Subject: [PATCH 20/31] x86/sgx: Free up EPC pages directly to support large page ranges The page reclaimer ensures availability of EPC pages across all @@ -23,53 +23,59 @@ Ensure there are EPC pages available before attempting to load a page that may potentially be pulled from swap into an available EPC page. +Acked-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> --- - arch/x86/kernel/cpu/sgx/ioctl.c | 6 ++++++ - arch/x86/kernel/cpu/sgx/main.c | 6 ++++++ - arch/x86/kernel/cpu/sgx/sgx.h | 1 + - 3 files changed, 13 insertions(+) + arch/x86/kernel/cpu/sgx/ioctl.c | 6 ++++++ + arch/x86/kernel/cpu/sgx/main.c | 11 +++++++++++ + arch/x86/kernel/cpu/sgx/sgx.h | 1 + + 3 files changed, 18 insertions(+) diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c -index 515e1961cc02..f88bc1236276 100644 +index f9a1654a49b7..83674d054c13 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c -@@ -777,6 +777,8 @@ sgx_enclave_restrict_permissions(struct sgx_encl *encl, +@@ -745,6 +745,8 @@ sgx_enclave_restrict_permissions(struct sgx_encl *encl, for (c = 0 ; c < modp->length; c += PAGE_SIZE) { addr = encl->base + modp->offset + c; -+ sgx_direct_reclaim(); ++ sgx_reclaim_direct(); + mutex_lock(&encl->lock); entry = sgx_encl_load_page(encl, addr); -@@ -934,6 +936,8 @@ static long sgx_enclave_modify_type(struct sgx_encl *encl, +@@ -910,6 +912,8 @@ static long sgx_enclave_modify_type(struct sgx_encl *encl, for (c = 0 ; c < modt->length; c += PAGE_SIZE) { addr = encl->base + modt->offset + c; -+ sgx_direct_reclaim(); ++ sgx_reclaim_direct(); + mutex_lock(&encl->lock); entry = sgx_encl_load_page(encl, addr); -@@ -1129,6 +1133,8 @@ static long sgx_encl_remove_pages(struct sgx_encl *encl, +@@ -1095,6 +1099,8 @@ static long sgx_encl_remove_pages(struct sgx_encl *encl, for (c = 0 ; c < params->length; c += PAGE_SIZE) { addr = encl->base + params->offset + c; -+ sgx_direct_reclaim(); ++ sgx_reclaim_direct(); + mutex_lock(&encl->lock); entry = sgx_encl_load_page(encl, addr); diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c -index 6e2cb7564080..545da16bb3ea 100644 +index 1a3014aec490..c6adb7edebca 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c -@@ -370,6 +370,12 @@ static bool sgx_should_reclaim(unsigned long watermark) +@@ -378,6 +378,17 @@ static bool sgx_should_reclaim(unsigned long watermark) !list_empty(&sgx_active_page_list); } -+void sgx_direct_reclaim(void) ++/* ++ * sgx_reclaim_direct() should be called (without enclave's mutex held) ++ * in locations where SGX memory resources might be low and might be ++ * needed in order to make forward progress. ++ */ ++void sgx_reclaim_direct(void) +{ + if (sgx_should_reclaim(SGX_NR_LOW_PAGES)) + sgx_reclaim_pages(); @@ -79,17 +85,17 @@ index 6e2cb7564080..545da16bb3ea 100644 { set_freezable(); diff --git a/arch/x86/kernel/cpu/sgx/sgx.h b/arch/x86/kernel/cpu/sgx/sgx.h -index b30cee4de903..85cbf103b0dd 100644 +index b30cee4de903..0f2020653fba 100644 --- a/arch/x86/kernel/cpu/sgx/sgx.h +++ b/arch/x86/kernel/cpu/sgx/sgx.h @@ -86,6 +86,7 @@ static inline void *sgx_get_epc_virt_addr(struct sgx_epc_page *page) struct sgx_epc_page *__sgx_alloc_epc_page(void); void sgx_free_epc_page(struct sgx_epc_page *page); -+void sgx_direct_reclaim(void); ++void sgx_reclaim_direct(void); void sgx_mark_page_reclaimable(struct sgx_epc_page *page); int sgx_unmark_page_reclaimable(struct sgx_epc_page *page); struct sgx_epc_page *sgx_alloc_epc_page(void *owner, bool reclaim); -- -2.35.1 +2.35.2 |