diff options
| author | Jarkko Sakkinen | 2022-04-05 02:09:19 +0300 |
|---|---|---|
| committer | Jarkko Sakkinen | 2022-04-05 02:09:19 +0300 |
| commit | 71077f1ec07d0cdb3bf641af1263865b04eaafa3 (patch) | |
| tree | 5805928bd20330836e8e913fe53d20ffa011b074 | |
| parent | 821e7ad83f137fa0df068ed7256c854119dffa80 (diff) | |
| download | aur-71077f1ec07d0cdb3bf641af1263865b04eaafa3.tar.gz | |
Revert "refactor: replace SGX2 patches with rchatre/sgx/sgx2_submitted_v2_plus_rwx"
This reverts commit 821e7ad83f137fa0df068ed7256c854119dffa80.
37 files changed, 527 insertions, 2286 deletions
diff --git a/0001-x86-sgx-Add-short-descriptions-to-ENCLS-wrappers.patch b/0001-x86-sgx-Add-short-descriptions-to-ENCLS-wrappers.patch index f9da13755b97..fc5947429922 100644 --- a/0001-x86-sgx-Add-short-descriptions-to-ENCLS-wrappers.patch +++ b/0001-x86-sgx-Add-short-descriptions-to-ENCLS-wrappers.patch @@ -1,7 +1,7 @@ -From 7dcfaa58fc8c16e5344f5229895e7dfbe9f39211 Mon Sep 17 00:00:00 2001 +From fd368818463168ceaa7904dcb0ac4072537c8fcc Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Wed, 22 Sep 2021 09:35:36 -0700 -Subject: [PATCH 01/33] x86/sgx: Add short descriptions to ENCLS wrappers +Date: Mon, 7 Feb 2022 16:45:23 -0800 +Subject: [PATCH 01/34] x86/sgx: Add short descriptions to ENCLS wrappers The SGX ENCLS instruction uses EAX to specify an SGX function and may require additional registers, depending on the SGX function. diff --git a/0002-x86-sgx-Add-wrapper-for-SGX2-EMODPR-function.patch b/0002-x86-sgx-Add-wrapper-for-SGX2-EMODPR-function.patch index f5995042d28a..ccf5148a7f3d 100644 --- a/0002-x86-sgx-Add-wrapper-for-SGX2-EMODPR-function.patch +++ b/0002-x86-sgx-Add-wrapper-for-SGX2-EMODPR-function.patch @@ -1,7 +1,7 @@ -From d4c73024a6729d83334897dcc9c184b220f1752f Mon Sep 17 00:00:00 2001 +From 783686dae546c6d1f273a47cf36335bc7fdbaa89 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Mon, 17 May 2021 16:31:35 -0700 -Subject: [PATCH 02/33] x86/sgx: Add wrapper for SGX2 EMODPR function +Date: Mon, 7 Feb 2022 16:45:24 -0800 +Subject: [PATCH 02/34] x86/sgx: Add wrapper for SGX2 EMODPR function Add a wrapper for the EMODPR ENCLS leaf function used to restrict enclave page permissions as maintained in the diff --git a/0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch b/0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch index 8975341fe29e..3c1cd27bf41d 100644 --- a/0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch +++ b/0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch @@ -1,7 +1,7 @@ -From d4a2b782e1cb9addfc1ddc1a5f7a62789a8f9608 Mon Sep 17 00:00:00 2001 +From df48fa17c819d200e92b6862d39dc15f32c58e4e Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Fri, 7 Jan 2022 11:27:29 -0800 -Subject: [PATCH 03/33] x86/sgx: Add wrapper for SGX2 EMODT function +Date: Mon, 7 Feb 2022 16:45:25 -0800 +Subject: [PATCH 03/34] x86/sgx: Add wrapper for SGX2 EMODT function Add a wrapper for the EMODT ENCLS leaf function used to change the type of an enclave page as maintained in the diff --git a/0004-x86-sgx-Add-wrapper-for-SGX2-EAUG-function.patch b/0004-x86-sgx-Add-wrapper-for-SGX2-EAUG-function.patch index f4020ea34ac5..a44344dd65e5 100644 --- a/0004-x86-sgx-Add-wrapper-for-SGX2-EAUG-function.patch +++ b/0004-x86-sgx-Add-wrapper-for-SGX2-EAUG-function.patch @@ -1,7 +1,7 @@ -From 2b3e642bdc7a35cf06e42f8d8a34b0b0870bd1b8 Mon Sep 17 00:00:00 2001 +From dd3f8f27edf1638ae4eb10d40513ca6f290a826c Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Fri, 7 Jan 2022 11:28:42 -0800 -Subject: [PATCH 04/33] x86/sgx: Add wrapper for SGX2 EAUG function +Date: Mon, 7 Feb 2022 16:45:26 -0800 +Subject: [PATCH 04/34] x86/sgx: Add wrapper for SGX2 EAUG function Add a wrapper for the EAUG ENCLS leaf function used to add a page to an initialized enclave. diff --git a/0005-Documentation-x86-Document-SGX-permission-details.patch b/0005-Documentation-x86-Document-SGX-permission-details.patch index 691ae43cd4f2..1587e9be19b4 100644 --- a/0005-Documentation-x86-Document-SGX-permission-details.patch +++ b/0005-Documentation-x86-Document-SGX-permission-details.patch @@ -1,7 +1,7 @@ -From 46d31de79df27d730ae8625fbdffc8690310dc53 Mon Sep 17 00:00:00 2001 +From 6580ecec3c24b798a94858e32820e047dd14317c Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Tue, 25 Jan 2022 13:32:34 -0800 -Subject: [PATCH 05/33] Documentation/x86: Document SGX permission details +Date: Mon, 7 Feb 2022 16:45:27 -0800 +Subject: [PATCH 05/34] Documentation/x86: Document SGX permission details Provide summary of the various permissions involved in managing access to enclave pages. This summary documents diff --git a/0006-x86-sgx-Support-VMA-permissions-more-relaxed-than-en.patch b/0006-x86-sgx-Support-VMA-permissions-more-relaxed-than-en.patch index 4b902f9ffbf1..defee425b1d2 100644 --- a/0006-x86-sgx-Support-VMA-permissions-more-relaxed-than-en.patch +++ b/0006-x86-sgx-Support-VMA-permissions-more-relaxed-than-en.patch @@ -1,7 +1,7 @@ -From 9b2b9fb957ea59b81327d1367f1d6126f4ad5d66 Mon Sep 17 00:00:00 2001 +From 721f971c8c55d4b3eff23466c48235f121e038fe Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Tue, 8 Jun 2021 09:51:52 -0700 -Subject: [PATCH 06/33] x86/sgx: Support VMA permissions more relaxed than +Date: Mon, 7 Feb 2022 16:45:28 -0800 +Subject: [PATCH 06/34] x86/sgx: Support VMA permissions more relaxed than enclave permissions === Summary === @@ -120,10 +120,10 @@ index 89ff924b1480..5659932728a5 100644 ===================== diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index 48afe96ae0f0..b6105d9e7c46 100644 +index 6fa3d0a14b93..2f80f9e5e8c6 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -91,10 +91,8 @@ static struct sgx_epc_page *sgx_encl_eldu(struct sgx_encl_page *encl_page, +@@ -132,10 +132,8 @@ static struct sgx_epc_page *sgx_encl_eldu(struct sgx_encl_page *encl_page, } static struct sgx_encl_page *sgx_encl_load_page(struct sgx_encl *encl, @@ -135,7 +135,7 @@ index 48afe96ae0f0..b6105d9e7c46 100644 struct sgx_epc_page *epc_page; struct sgx_encl_page *entry; -@@ -102,14 +100,6 @@ static struct sgx_encl_page *sgx_encl_load_page(struct sgx_encl *encl, +@@ -143,14 +141,6 @@ static struct sgx_encl_page *sgx_encl_load_page(struct sgx_encl *encl, if (!entry) return ERR_PTR(-EFAULT); @@ -150,7 +150,7 @@ index 48afe96ae0f0..b6105d9e7c46 100644 /* Entry successfully located. */ if (entry->epc_page) { if (entry->desc & SGX_ENCL_PAGE_BEING_RECLAIMED) -@@ -138,7 +128,9 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) +@@ -179,7 +169,9 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) { unsigned long addr = (unsigned long)vmf->address; struct vm_area_struct *vma = vmf->vma; @@ -160,7 +160,7 @@ index 48afe96ae0f0..b6105d9e7c46 100644 unsigned long phys_addr; struct sgx_encl *encl; vm_fault_t ret; -@@ -155,7 +147,7 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) +@@ -196,7 +188,7 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) mutex_lock(&encl->lock); @@ -169,7 +169,7 @@ index 48afe96ae0f0..b6105d9e7c46 100644 if (IS_ERR(entry)) { mutex_unlock(&encl->lock); -@@ -167,7 +159,19 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) +@@ -208,7 +200,19 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) phys_addr = sgx_get_epc_phys_addr(entry->epc_page); @@ -190,7 +190,7 @@ index 48afe96ae0f0..b6105d9e7c46 100644 if (ret != VM_FAULT_NOPAGE) { mutex_unlock(&encl->lock); -@@ -295,15 +299,14 @@ static int sgx_encl_debug_write(struct sgx_encl *encl, struct sgx_encl_page *pag +@@ -336,15 +340,14 @@ static int sgx_encl_debug_write(struct sgx_encl *encl, struct sgx_encl_page *pag * Load an enclave page to EPC if required, and take encl->lock. */ static struct sgx_encl_page *sgx_encl_reserve_page(struct sgx_encl *encl, @@ -208,7 +208,7 @@ index 48afe96ae0f0..b6105d9e7c46 100644 if (PTR_ERR(entry) != -EBUSY) break; -@@ -339,8 +342,7 @@ static int sgx_vma_access(struct vm_area_struct *vma, unsigned long addr, +@@ -380,8 +383,7 @@ static int sgx_vma_access(struct vm_area_struct *vma, unsigned long addr, return -EFAULT; for (i = 0; i < len; i += cnt) { diff --git a/0007-x86-sgx-Add-pfn_mkwrite-handler-for-present-PTEs.patch b/0007-x86-sgx-Add-pfn_mkwrite-handler-for-present-PTEs.patch index 98d13d5b9140..522d6c7e3a0f 100644 --- a/0007-x86-sgx-Add-pfn_mkwrite-handler-for-present-PTEs.patch +++ b/0007-x86-sgx-Add-pfn_mkwrite-handler-for-present-PTEs.patch @@ -1,7 +1,7 @@ -From 38eecb2b2219d19f60bd0ef88057202ceb1c69f0 Mon Sep 17 00:00:00 2001 +From 2cf17dff036b8b00dc43747698ae72f51c751361 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Thu, 2 Sep 2021 14:29:50 -0700 -Subject: [PATCH 07/33] x86/sgx: Add pfn_mkwrite() handler for present PTEs +Date: Mon, 7 Feb 2022 16:45:29 -0800 +Subject: [PATCH 07/34] x86/sgx: Add pfn_mkwrite() handler for present PTEs By default a write page fault on a present PTE inherits the permissions of the VMA. @@ -97,10 +97,10 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 1 file changed, 42 insertions(+) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index b6105d9e7c46..1ba01c75a579 100644 +index 2f80f9e5e8c6..acedccf8c4ef 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -184,6 +184,47 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) +@@ -225,6 +225,47 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) return VM_FAULT_NOPAGE; } @@ -148,7 +148,7 @@ index b6105d9e7c46..1ba01c75a579 100644 static void sgx_vma_open(struct vm_area_struct *vma) { struct sgx_encl *encl = vma->vm_private_data; -@@ -381,6 +422,7 @@ const struct vm_operations_struct sgx_vm_ops = { +@@ -422,6 +463,7 @@ const struct vm_operations_struct sgx_vm_ops = { .mprotect = sgx_vma_mprotect, .open = sgx_vma_open, .access = sgx_vma_access, diff --git a/0008-x86-sgx-x86-sgx-Add-sgx_encl_page-vm_run_prot_bits-f.patch b/0008-x86-sgx-x86-sgx-Add-sgx_encl_page-vm_run_prot_bits-f.patch index a007a7e4c1c7..e05dcbd7cdc2 100644 --- a/0008-x86-sgx-x86-sgx-Add-sgx_encl_page-vm_run_prot_bits-f.patch +++ b/0008-x86-sgx-x86-sgx-Add-sgx_encl_page-vm_run_prot_bits-f.patch @@ -1,7 +1,7 @@ -From d6814f2c0e96b528614fe0d9663b1da5286f43be Mon Sep 17 00:00:00 2001 +From f2bdca656a164126d3a89893828d334ae008c93a Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Thu, 20 May 2021 13:55:36 -0700 -Subject: [PATCH 08/33] x86/sgx: x86/sgx: Add sgx_encl_page->vm_run_prot_bits +Date: Mon, 7 Feb 2022 16:45:30 -0800 +Subject: [PATCH 08/34] x86/sgx: x86/sgx: Add sgx_encl_page->vm_run_prot_bits for dynamic permission changes Enclave creators declare their enclave page permissions (EPCM @@ -102,10 +102,10 @@ index 5659932728a5..9df620b59f83 100644 enclave page belongs to a VMA without impacting the VMA permissions. This means that a running VMA may appear to allow access to an enclave diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index 1ba01c75a579..a980d8458949 100644 +index acedccf8c4ef..85429db8c8b5 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -164,7 +164,7 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) +@@ -205,7 +205,7 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) * exceed the VMA permissions. */ vm_prot_bits = vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC); @@ -114,7 +114,7 @@ index 1ba01c75a579..a980d8458949 100644 /* * Add VM_SHARED so that PTE is made writable right away if VMA * and EPCM are writable (no COW in SGX). -@@ -217,7 +217,7 @@ static vm_fault_t sgx_vma_pfn_mkwrite(struct vm_fault *vmf) +@@ -258,7 +258,7 @@ static vm_fault_t sgx_vma_pfn_mkwrite(struct vm_fault *vmf) goto out; } @@ -123,7 +123,7 @@ index 1ba01c75a579..a980d8458949 100644 ret = VM_FAULT_SIGBUS; out: -@@ -280,7 +280,7 @@ int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start, +@@ -321,7 +321,7 @@ int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start, mutex_lock(&encl->lock); xas_lock(&xas); xas_for_each(&xas, page, PFN_DOWN(end - 1)) { diff --git a/0009-x86-sgx-Export-sgx_encl_ewb_cpumask.patch b/0009-x86-sgx-Export-sgx_encl_ewb_cpumask.patch index b0e3dd46211d..308deffd42ce 100644 --- a/0009-x86-sgx-Export-sgx_encl_ewb_cpumask.patch +++ b/0009-x86-sgx-Export-sgx_encl_ewb_cpumask.patch @@ -1,7 +1,7 @@ -From 3b27a1d792bba6e07eb6907a96f9ecc183abe6a9 Mon Sep 17 00:00:00 2001 +From 72ff8cf57132e843e3dc95c3f49696c112f9a1b0 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Thu, 3 Jun 2021 14:58:01 -0700 -Subject: [PATCH 09/33] x86/sgx: Export sgx_encl_ewb_cpumask() +Date: Mon, 7 Feb 2022 16:45:31 -0800 +Subject: [PATCH 09/34] x86/sgx: Export sgx_encl_ewb_cpumask() Using sgx_encl_ewb_cpumask() to learn which CPUs might have executed an enclave is useful to ensure that TLBs are cleared when changes are @@ -30,10 +30,10 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 3 files changed, 68 insertions(+), 29 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index a980d8458949..687166769ca8 100644 +index 85429db8c8b5..8cb99fc542a6 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -597,6 +597,73 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) +@@ -636,6 +636,73 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) return 0; } @@ -120,7 +120,7 @@ index dc262d843411..44431da21757 100644 struct sgx_backing *backing); void sgx_encl_put_backing(struct sgx_backing *backing, bool do_write); diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c -index 8e4bc6453d26..2de85f459492 100644 +index 4b41efc9e367..d481e8b0e7bc 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -203,35 +203,6 @@ static void sgx_ipi_cb(void *info) diff --git a/0010-x86-sgx-Rename-sgx_encl_ewb_cpumask-as-sgx_encl_cpum.patch b/0010-x86-sgx-Rename-sgx_encl_ewb_cpumask-as-sgx_encl_cpum.patch index 39c01bb9b916..f7b34257766f 100644 --- a/0010-x86-sgx-Rename-sgx_encl_ewb_cpumask-as-sgx_encl_cpum.patch +++ b/0010-x86-sgx-Rename-sgx_encl_ewb_cpumask-as-sgx_encl_cpum.patch @@ -1,7 +1,7 @@ -From 1938915ca292893bf9a5bedf51a58daddcaded14 Mon Sep 17 00:00:00 2001 +From a755b1d15e60d9b081586bbaa219d9eb11e0f2bd Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Fri, 7 Jan 2022 16:08:11 -0800 -Subject: [PATCH 10/33] x86/sgx: Rename sgx_encl_ewb_cpumask() as +Date: Mon, 7 Feb 2022 16:45:32 -0800 +Subject: [PATCH 10/34] x86/sgx: Rename sgx_encl_ewb_cpumask() as sgx_encl_cpumask() sgx_encl_ewb_cpumask() is no longer unique to the reclaimer where it @@ -26,10 +26,10 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index 687166769ca8..6f5d01121766 100644 +index 8cb99fc542a6..a8b23e21fd86 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -598,7 +598,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) +@@ -637,7 +637,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) } /** @@ -38,7 +38,7 @@ index 687166769ca8..6f5d01121766 100644 * @encl: the enclave * * Some SGX functions require that no cached linear-to-physical address -@@ -623,7 +623,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) +@@ -662,7 +662,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) * The following flow is used to support SGX functions that require that * no cached linear-to-physical address mappings are present: * 1) Execute ENCLS[ETRACK] to initiate hardware tracking. @@ -47,7 +47,7 @@ index 687166769ca8..6f5d01121766 100644 * accessing the enclave. * 3) Send IPI to identified CPUs, kicking them out of the enclave and * thus flushing all locally cached linear-to-physical address mappings. -@@ -640,7 +640,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) +@@ -679,7 +679,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) * * Return: cpumask of CPUs that might be accessing @encl */ @@ -70,7 +70,7 @@ index 44431da21757..becb68503baa 100644 struct sgx_backing *backing); void sgx_encl_put_backing(struct sgx_backing *backing, bool do_write); diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c -index 2de85f459492..fa33922879bf 100644 +index d481e8b0e7bc..60b166bff7b4 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -249,7 +249,7 @@ static void sgx_encl_ewb(struct sgx_epc_page *epc_page, diff --git a/0011-x86-sgx-Move-PTE-zap-code-to-new-sgx_zap_enclave_pte.patch b/0011-x86-sgx-Move-PTE-zap-code-to-new-sgx_zap_enclave_pte.patch index 76753caecfae..920d5b6a07de 100644 --- a/0011-x86-sgx-Move-PTE-zap-code-to-new-sgx_zap_enclave_pte.patch +++ b/0011-x86-sgx-Move-PTE-zap-code-to-new-sgx_zap_enclave_pte.patch @@ -1,7 +1,7 @@ -From 75003f98315736003527ca5d25503fa2cb98cefd Mon Sep 17 00:00:00 2001 +From 27ed183bbe2ab9f33c14b33fd1f47d8b2ab733f6 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Thu, 20 May 2021 14:23:58 -0700 -Subject: [PATCH 11/33] x86/sgx: Move PTE zap code to new +Date: Mon, 7 Feb 2022 16:45:33 -0800 +Subject: [PATCH 11/34] x86/sgx: Move PTE zap code to new sgx_zap_enclave_ptes() The SGX reclaimer removes page table entries pointing to pages that are @@ -31,10 +31,10 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 3 files changed, 47 insertions(+), 31 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index 6f5d01121766..8da813504249 100644 +index a8b23e21fd86..0fd184fd25d7 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -589,7 +589,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) +@@ -628,7 +628,7 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) spin_lock(&encl->mm_lock); list_add_rcu(&encl_mm->list, &encl->mm_list); @@ -43,7 +43,7 @@ index 6f5d01121766..8da813504249 100644 smp_wmb(); encl->mm_list_version++; spin_unlock(&encl->mm_lock); -@@ -778,6 +778,49 @@ int sgx_encl_test_and_clear_young(struct mm_struct *mm, +@@ -815,6 +815,49 @@ int sgx_encl_test_and_clear_young(struct mm_struct *mm, return ret; } @@ -107,7 +107,7 @@ index becb68503baa..82e21088e68b 100644 unsigned int sgx_alloc_va_slot(struct sgx_va_page *va_page); void sgx_free_va_slot(struct sgx_va_page *va_page, unsigned int offset); diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c -index fa33922879bf..ce9e87d5f8ec 100644 +index 60b166bff7b4..06492dcffcf1 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -137,36 +137,9 @@ static void sgx_reclaimer_block(struct sgx_epc_page *epc_page) diff --git a/0012-x86-sgx-Make-sgx_ipi_cb-available-internally.patch b/0012-x86-sgx-Make-sgx_ipi_cb-available-internally.patch index c32e063e23ad..85c89d635708 100644 --- a/0012-x86-sgx-Make-sgx_ipi_cb-available-internally.patch +++ b/0012-x86-sgx-Make-sgx_ipi_cb-available-internally.patch @@ -1,7 +1,7 @@ -From 2f3a36706c54682ef5e8a95a75d0986307993dca Mon Sep 17 00:00:00 2001 +From ef7d7909abfc46b2a8b3aaa0ab5375033688123e Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Thu, 3 Jun 2021 16:56:53 -0700 -Subject: [PATCH 12/33] x86/sgx: Make sgx_ipi_cb() available internally +Date: Mon, 7 Feb 2022 16:45:34 -0800 +Subject: [PATCH 12/34] x86/sgx: Make sgx_ipi_cb() available internally The ETRACK function followed by an IPI to all CPUs within an enclave is a common pattern with more frequent use in support of SGX2. @@ -16,7 +16,7 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c -index ce9e87d5f8ec..6e2cb7564080 100644 +index 06492dcffcf1..1a3014aec490 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -172,7 +172,7 @@ static int __sgx_encl_ewb(struct sgx_epc_page *epc_page, void *va_slot, diff --git a/0013-x86-sgx-Create-utility-to-validate-user-provided-off.patch b/0013-x86-sgx-Create-utility-to-validate-user-provided-off.patch index 84b1ed8201c4..dad6bc6267d8 100644 --- a/0013-x86-sgx-Create-utility-to-validate-user-provided-off.patch +++ b/0013-x86-sgx-Create-utility-to-validate-user-provided-off.patch @@ -1,7 +1,7 @@ -From 9c34fdc638b508ff674e3fde0d333f412d3c36a8 Mon Sep 17 00:00:00 2001 +From 3f7c2ce6cf953014eb405b35f3f31e3bd3a7c757 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Fri, 21 Jan 2022 13:35:21 -0800 -Subject: [PATCH 13/33] x86/sgx: Create utility to validate user provided +Date: Mon, 7 Feb 2022 16:45:35 -0800 +Subject: [PATCH 13/34] x86/sgx: Create utility to validate user provided offset and length User provided offset and length is validated when parsing the parameters diff --git a/0014-x86-sgx-Keep-record-of-SGX-page-type.patch b/0014-x86-sgx-Keep-record-of-SGX-page-type.patch index ab413c154eba..b3d8af97fe35 100644 --- a/0014-x86-sgx-Keep-record-of-SGX-page-type.patch +++ b/0014-x86-sgx-Keep-record-of-SGX-page-type.patch @@ -1,7 +1,7 @@ -From dfbdbfb266f889fbf99edc79924a1b855331f5fe Mon Sep 17 00:00:00 2001 +From b5fb28ae93bf2d97c3a3aae2d37f94a6789d51ce Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Wed, 9 Jun 2021 15:59:02 -0700 -Subject: [PATCH 14/33] x86/sgx: Keep record of SGX page type +Date: Mon, 7 Feb 2022 16:45:36 -0800 +Subject: [PATCH 14/34] x86/sgx: Keep record of SGX page type SGX2 functions are not allowed on all page types. For example, ENCLS[EMODPR] is only allowed on regular SGX enclave pages and diff --git a/0015-x86-sgx-Support-relaxing-of-enclave-page-permissions.patch b/0015-x86-sgx-Support-relaxing-of-enclave-page-permissions.patch index 87932d5fc578..c39ad552f928 100644 --- a/0015-x86-sgx-Support-relaxing-of-enclave-page-permissions.patch +++ b/0015-x86-sgx-Support-relaxing-of-enclave-page-permissions.patch @@ -1,7 +1,7 @@ -From 6f61b355040b50992ff67eafea1905e07fc86775 Mon Sep 17 00:00:00 2001 +From 3bdc7000cff598e3c065a103a62c12571300d5e6 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Mon, 7 Jun 2021 09:13:44 -0700 -Subject: [PATCH 15/33] x86/sgx: Support relaxing of enclave page permissions +Date: Mon, 7 Feb 2022 16:45:37 -0800 +Subject: [PATCH 15/34] x86/sgx: Support relaxing of enclave page permissions In the initial (SGX1) version of SGX, pages in an enclave need to be created with permissions that support all usages of the pages, from diff --git a/0016-x86-sgx-Support-restricting-of-enclave-page-permissi.patch b/0016-x86-sgx-Support-restricting-of-enclave-page-permissi.patch index ab1004418607..b11fd2de8e70 100644 --- a/0016-x86-sgx-Support-restricting-of-enclave-page-permissi.patch +++ b/0016-x86-sgx-Support-restricting-of-enclave-page-permissi.patch @@ -1,7 +1,7 @@ -From 38bebba8a89d2f15261e4b4891e4444c0b0b0c50 Mon Sep 17 00:00:00 2001 +From 20d33afacabde997e8a99e4bd08a424d1a40669b Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Mon, 7 Jun 2021 09:13:44 -0700 -Subject: [PATCH 16/33] x86/sgx: Support restricting of enclave page +Date: Mon, 7 Feb 2022 16:45:38 -0800 +Subject: [PATCH 16/34] x86/sgx: Support restricting of enclave page permissions In the initial (SGX1) version of SGX, pages in an enclave need to be @@ -99,10 +99,10 @@ index 5c678b27bb72..b0ffb80bc67f 100644 /** diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index 8da813504249..a5d4a7efb986 100644 +index 0fd184fd25d7..cbd852fb760b 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -90,8 +90,8 @@ static struct sgx_epc_page *sgx_encl_eldu(struct sgx_encl_page *encl_page, +@@ -131,8 +131,8 @@ static struct sgx_epc_page *sgx_encl_eldu(struct sgx_encl_page *encl_page, return epc_page; } diff --git a/0017-selftests-sgx-Add-test-for-EPCM-permission-changes.patch b/0017-selftests-sgx-Add-test-for-EPCM-permission-changes.patch deleted file mode 100644 index 448dfe621abf..000000000000 --- a/0017-selftests-sgx-Add-test-for-EPCM-permission-changes.patch +++ /dev/null @@ -1,401 +0,0 @@ -From ee57823718b7b24b86bd626f9c415724e42d7223 Mon Sep 17 00:00:00 2001 -From: Reinette Chatre <reinette.chatre@intel.com> -Date: Mon, 7 Jun 2021 14:41:53 -0700 -Subject: [PATCH 17/33] selftests/sgx: Add test for EPCM permission changes - -EPCM permission changes could be made from within (to relax -permissions) or out (to restrict permissions) the enclave. Kernel -support is needed when permissions are restricted to be able to -call the privileged ENCLS[EMODPR] instruction and ensure PTEs -allowing the restricted permissions are flushed. EPCM permissions -can be relaxed via ENCLU[EMODPE] from within the enclave but the -enclave still depends on the kernel to install PTEs with the new -permissions. - -Add a test that exercises a few of the enclave page permission flows: -1) Test starts with a RW (from enclave and kernel perspective) - enclave page that is mapped via a RW VMA. -2) Use the SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS ioctl() to restrict - the enclave (EPCM) page permissions to read-only (kernel removes - PTE in the process). -3) Run ENCLU[EACCEPT] from within the enclave to accept the new page - permissions. -4) Attempt to write to the enclave page from within the enclave - this - should fail with a page fault on the PTE since the page - table entry accurately reflects the (read-only) EPCM permissions. -5) Restore EPCM permissions to RW by running ENCLU[EMODPE] from within - the enclave. -6) Attempt to write to the enclave page from within the enclave - this - should fail again with a page fault because even though the EPCM - permissions are RW the PTE does not yet reflect that. -7) Use the SGX_IOC_ENCLAVE_RELAX_PERMISSIONS ioctl() to inform the - kernel of new page permissions and PTEs will accurately reflect - RW EPCM permissions. -8) Writing to enclave page from within enclave succeeds. - -Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> ---- - tools/testing/selftests/sgx/defines.h | 15 ++ - tools/testing/selftests/sgx/main.c | 253 ++++++++++++++++++++++++ - tools/testing/selftests/sgx/test_encl.c | 38 ++++ - 3 files changed, 306 insertions(+) - -diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h -index 02d775789ea7..b638eb98c80c 100644 ---- a/tools/testing/selftests/sgx/defines.h -+++ b/tools/testing/selftests/sgx/defines.h -@@ -24,6 +24,8 @@ enum encl_op_type { - ENCL_OP_PUT_TO_ADDRESS, - ENCL_OP_GET_FROM_ADDRESS, - ENCL_OP_NOP, -+ ENCL_OP_EACCEPT, -+ ENCL_OP_EMODPE, - ENCL_OP_MAX, - }; - -@@ -53,4 +55,17 @@ struct encl_op_get_from_addr { - uint64_t addr; - }; - -+struct encl_op_eaccept { -+ struct encl_op_header header; -+ uint64_t epc_addr; -+ uint64_t flags; -+ uint64_t ret; -+}; -+ -+struct encl_op_emodpe { -+ struct encl_op_header header; -+ uint64_t epc_addr; -+ uint64_t flags; -+}; -+ - #endif /* DEFINES_H */ -diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c -index dd74fa42302e..4f348ed1dc29 100644 ---- a/tools/testing/selftests/sgx/main.c -+++ b/tools/testing/selftests/sgx/main.c -@@ -25,6 +25,18 @@ static const uint64_t MAGIC = 0x1122334455667788ULL; - static const uint64_t MAGIC2 = 0x8877665544332211ULL; - vdso_sgx_enter_enclave_t vdso_sgx_enter_enclave; - -+/* -+ * Security Information (SECINFO) data structure needed by a few SGX -+ * instructions (eg. ENCLU[EACCEPT] and ENCLU[EMODPE]) holds meta-data -+ * about an enclave page. &enum sgx_secinfo_page_state specifies the -+ * secinfo flags used for page state. -+ */ -+enum sgx_secinfo_page_state { -+ SGX_SECINFO_PENDING = (1 << 3), -+ SGX_SECINFO_MODIFIED = (1 << 4), -+ SGX_SECINFO_PR = (1 << 5), -+}; -+ - struct vdso_symtab { - Elf64_Sym *elf_symtab; - const char *elf_symstrtab; -@@ -555,4 +567,245 @@ TEST_F(enclave, pte_permissions) - EXPECT_EQ(self->run.exception_addr, 0); - } - -+/* -+ * Enclave page permission test. -+ * -+ * Modify and restore enclave page's EPCM (enclave) permissions from -+ * outside enclave (ENCLS[EMODPR] via kernel) as well as from within -+ * enclave (via ENCLU[EMODPE]). Kernel should ensure PTE permissions -+ * are the same as the EPCM permissions so check for page fault if -+ * VMA allows access but EPCM and PTE does not. -+ */ -+TEST_F(enclave, epcm_permissions) -+{ -+ struct sgx_enclave_restrict_perm restrict_ioc; -+ struct encl_op_get_from_addr get_addr_op; -+ struct sgx_enclave_relax_perm relax_ioc; -+ struct encl_op_put_to_addr put_addr_op; -+ struct encl_op_eaccept eaccept_op; -+ struct encl_op_emodpe emodpe_op; -+ struct sgx_secinfo secinfo; -+ unsigned long data_start; -+ int ret, errno_save; -+ -+ ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); -+ -+ memset(&self->run, 0, sizeof(self->run)); -+ self->run.tcs = self->encl.encl_base; -+ -+ /* -+ * Ensure kernel supports needed ioctl() and system supports needed -+ * commands. -+ */ -+ memset(&restrict_ioc, 0, sizeof(restrict_ioc)); -+ memset(&secinfo, 0, sizeof(secinfo)); -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS, -+ &restrict_ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ /* -+ * Invalid parameters were provided during sanity check, -+ * expect command to fail. -+ */ -+ ASSERT_EQ(ret, -1); -+ -+ /* ret == -1 */ -+ if (errno_save == ENOTTY) -+ SKIP(return, -+ "Kernel does not support SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS ioctl()"); -+ else if (errno_save == ENODEV) -+ SKIP(return, "System does not support SGX2"); -+ -+ /* -+ * Page that will have its permissions changed is the second data -+ * page in the .data segment. This forms part of the local encl_buffer -+ * within the enclave. -+ * -+ * At start of test @data_start should have EPCM as well as PTE -+ * permissions of RW. -+ */ -+ -+ data_start = self->encl.encl_base + -+ encl_get_data_offset(&self->encl) + PAGE_SIZE; -+ -+ /* -+ * Sanity check that page at @data_start is writable before making -+ * any changes to page permissions. -+ * -+ * Start by writing MAGIC to test page. -+ */ -+ put_addr_op.value = MAGIC; -+ put_addr_op.addr = data_start; -+ put_addr_op.header.type = ENCL_OP_PUT_TO_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* -+ * Read memory that was just written to, confirming that -+ * page is writable. -+ */ -+ get_addr_op.value = 0; -+ get_addr_op.addr = data_start; -+ get_addr_op.header.type = ENCL_OP_GET_FROM_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0); -+ -+ EXPECT_EQ(get_addr_op.value, MAGIC); -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* -+ * Change EPCM permissions to read-only, PTE entry flushed by -+ * kernel in the process. -+ */ -+ memset(&restrict_ioc, 0, sizeof(restrict_ioc)); -+ memset(&secinfo, 0, sizeof(secinfo)); -+ -+ secinfo.flags = PROT_READ; -+ restrict_ioc.offset = encl_get_data_offset(&self->encl) + PAGE_SIZE; -+ restrict_ioc.length = PAGE_SIZE; -+ restrict_ioc.secinfo = (unsigned long)&secinfo; -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS, -+ &restrict_ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, 0); -+ EXPECT_EQ(errno_save, 0); -+ EXPECT_EQ(restrict_ioc.result, 0); -+ EXPECT_EQ(restrict_ioc.count, 4096); -+ -+ /* -+ * EPCM permissions changed from kernel, need to EACCEPT from enclave. -+ */ -+ eaccept_op.epc_addr = data_start; -+ eaccept_op.flags = PROT_READ | SGX_SECINFO_REG | SGX_SECINFO_PR; -+ eaccept_op.ret = 0; -+ eaccept_op.header.type = ENCL_OP_EACCEPT; -+ -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ EXPECT_EQ(eaccept_op.ret, 0); -+ -+ /* -+ * EPCM permissions of page is now read-only, expect #PF -+ * on PTE (not EPCM) when attempting to write to page from -+ * within enclave. -+ */ -+ put_addr_op.value = MAGIC2; -+ -+ EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0); -+ -+ EXPECT_EQ(self->run.function, ERESUME); -+ EXPECT_EQ(self->run.exception_vector, 14); -+ EXPECT_EQ(self->run.exception_error_code, 0x7); -+ EXPECT_EQ(self->run.exception_addr, data_start); -+ -+ self->run.exception_vector = 0; -+ self->run.exception_error_code = 0; -+ self->run.exception_addr = 0; -+ -+ /* -+ * Received AEX but cannot return to enclave at same entrypoint, -+ * need different TCS from where EPCM permission can be made writable -+ * again. -+ */ -+ self->run.tcs = self->encl.encl_base + PAGE_SIZE; -+ -+ /* -+ * Enter enclave at new TCS to change EPCM permissions to be -+ * writable again and thus fix the page fault that triggered the -+ * AEX. -+ */ -+ -+ emodpe_op.epc_addr = data_start; -+ emodpe_op.flags = PROT_READ | PROT_WRITE; -+ emodpe_op.header.type = ENCL_OP_EMODPE; -+ -+ EXPECT_EQ(ENCL_CALL(&emodpe_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* -+ * Attempt to return to main TCS to resume execution at faulting -+ * instruction, but PTE should still prevent writing to the page. -+ */ -+ self->run.tcs = self->encl.encl_base; -+ -+ EXPECT_EQ(vdso_sgx_enter_enclave((unsigned long)&put_addr_op, 0, 0, -+ ERESUME, 0, 0, -+ &self->run), -+ 0); -+ -+ EXPECT_EQ(self->run.function, ERESUME); -+ EXPECT_EQ(self->run.exception_vector, 14); -+ EXPECT_EQ(self->run.exception_error_code, 0x7); -+ EXPECT_EQ(self->run.exception_addr, data_start); -+ -+ self->run.exception_vector = 0; -+ self->run.exception_error_code = 0; -+ self->run.exception_addr = 0; -+ /* -+ * Inform kernel about new permissions to have PTEs match EPCM. -+ */ -+ memset(&relax_ioc, 0, sizeof(relax_ioc)); -+ memset(&secinfo, 0, sizeof(secinfo)); -+ -+ secinfo.flags = PROT_READ | PROT_WRITE; -+ relax_ioc.offset = encl_get_data_offset(&self->encl) + PAGE_SIZE; -+ relax_ioc.length = PAGE_SIZE; -+ relax_ioc.secinfo = (unsigned long)&secinfo; -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_RELAX_PERMISSIONS, -+ &relax_ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, 0); -+ EXPECT_EQ(errno_save, 0); -+ EXPECT_EQ(relax_ioc.count, 4096); -+ -+ /* -+ * Wrong page permissions that caused original fault has -+ * now been fixed via EPCM permissions as well as PTE. -+ * Resume execution in main TCS to re-attempt the memory access. -+ */ -+ self->run.tcs = self->encl.encl_base; -+ -+ EXPECT_EQ(vdso_sgx_enter_enclave((unsigned long)&put_addr_op, 0, 0, -+ ERESUME, 0, 0, -+ &self->run), -+ 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ get_addr_op.value = 0; -+ -+ EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0); -+ -+ EXPECT_EQ(get_addr_op.value, MAGIC2); -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.user_data, 0); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+} -+ - TEST_HARNESS_MAIN -diff --git a/tools/testing/selftests/sgx/test_encl.c b/tools/testing/selftests/sgx/test_encl.c -index 4fca01cfd898..5b6c65331527 100644 ---- a/tools/testing/selftests/sgx/test_encl.c -+++ b/tools/testing/selftests/sgx/test_encl.c -@@ -11,6 +11,42 @@ - */ - static uint8_t encl_buffer[8192] = { 1 }; - -+enum sgx_enclu_function { -+ EACCEPT = 0x5, -+ EMODPE = 0x6, -+}; -+ -+static void do_encl_emodpe(void *_op) -+{ -+ struct sgx_secinfo secinfo __aligned(sizeof(struct sgx_secinfo)) = {0}; -+ struct encl_op_emodpe *op = _op; -+ -+ secinfo.flags = op->flags; -+ -+ asm volatile(".byte 0x0f, 0x01, 0xd7" -+ : -+ : "a" (EMODPE), -+ "b" (&secinfo), -+ "c" (op->epc_addr)); -+} -+ -+static void do_encl_eaccept(void *_op) -+{ -+ struct sgx_secinfo secinfo __aligned(sizeof(struct sgx_secinfo)) = {0}; -+ struct encl_op_eaccept *op = _op; -+ int rax; -+ -+ secinfo.flags = op->flags; -+ -+ asm volatile(".byte 0x0f, 0x01, 0xd7" -+ : "=a" (rax) -+ : "a" (EACCEPT), -+ "b" (&secinfo), -+ "c" (op->epc_addr)); -+ -+ op->ret = rax; -+} -+ - static void *memcpy(void *dest, const void *src, size_t n) - { - size_t i; -@@ -62,6 +98,8 @@ void encl_body(void *rdi, void *rsi) - do_encl_op_put_to_addr, - do_encl_op_get_from_addr, - do_encl_op_nop, -+ do_encl_eaccept, -+ do_encl_emodpe, - }; - - struct encl_op_header *op = (struct encl_op_header *)rdi; --- -2.35.1 - diff --git a/0018-selftests-sgx-Add-test-for-TCS-page-permission-chang.patch b/0018-selftests-sgx-Add-test-for-TCS-page-permission-chang.patch deleted file mode 100644 index 53d9bd7d141a..000000000000 --- a/0018-selftests-sgx-Add-test-for-TCS-page-permission-chang.patch +++ /dev/null @@ -1,108 +0,0 @@ -From ab01c1b184c568c449c01f452b484213f5d29b9d Mon Sep 17 00:00:00 2001 -From: Reinette Chatre <reinette.chatre@intel.com> -Date: Wed, 9 Jun 2021 16:26:08 -0700 -Subject: [PATCH 18/33] selftests/sgx: Add test for TCS page permission changes - -Kernel should not allow permission changes on TCS pages. Add test to -confirm this behavior. - -Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> ---- - tools/testing/selftests/sgx/main.c | 74 ++++++++++++++++++++++++++++++ - 1 file changed, 74 insertions(+) - -diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c -index 4f348ed1dc29..1398cd1b0983 100644 ---- a/tools/testing/selftests/sgx/main.c -+++ b/tools/testing/selftests/sgx/main.c -@@ -121,6 +121,24 @@ static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name) - return NULL; - } - -+/* -+ * Return the offset in the enclave where the TCS segment can be found. -+ * The first RW segment loaded is the TCS. -+ */ -+static off_t encl_get_tcs_offset(struct encl *encl) -+{ -+ int i; -+ -+ for (i = 0; i < encl->nr_segments; i++) { -+ struct encl_segment *seg = &encl->segment_tbl[i]; -+ -+ if (i == 0 && seg->prot == (PROT_READ | PROT_WRITE)) -+ return seg->offset; -+ } -+ -+ return -1; -+} -+ - /* - * Return the offset in the enclave where the data segment can be found. - * The first RW segment loaded is the TCS, skip that to get info on the -@@ -567,6 +585,62 @@ TEST_F(enclave, pte_permissions) - EXPECT_EQ(self->run.exception_addr, 0); - } - -+/* -+ * Modifying permissions of TCS page should not be possible. -+ */ -+TEST_F(enclave, tcs_permissions) -+{ -+ struct sgx_enclave_restrict_perm ioc; -+ struct sgx_secinfo secinfo; -+ int ret, errno_save; -+ -+ ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); -+ -+ memset(&self->run, 0, sizeof(self->run)); -+ self->run.tcs = self->encl.encl_base; -+ -+ memset(&ioc, 0, sizeof(ioc)); -+ memset(&secinfo, 0, sizeof(secinfo)); -+ -+ /* -+ * Ensure kernel supports needed ioctl() and system supports needed -+ * commands. -+ */ -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS, &ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ /* -+ * Invalid parameters were provided during sanity check, -+ * expect command to fail. -+ */ -+ ASSERT_EQ(ret, -1); -+ -+ /* ret == -1 */ -+ if (errno_save == ENOTTY) -+ SKIP(return, -+ "Kernel does not support SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS ioctl()"); -+ else if (errno_save == ENODEV) -+ SKIP(return, "System does not support SGX2"); -+ -+ /* -+ * Attempt to make TCS page read-only. This is not allowed and -+ * should be prevented by the kernel. -+ */ -+ secinfo.flags = PROT_READ; -+ ioc.offset = encl_get_tcs_offset(&self->encl); -+ ioc.length = PAGE_SIZE; -+ ioc.secinfo = (unsigned long)&secinfo; -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS, &ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, -1); -+ EXPECT_EQ(errno_save, EINVAL); -+ EXPECT_EQ(ioc.result, 0); -+ EXPECT_EQ(ioc.count, 0); -+} -+ - /* - * Enclave page permission test. - * --- -2.35.1 - diff --git a/0019-x86-sgx-Support-adding-of-pages-to-an-initialized-en.patch b/0019-x86-sgx-Support-adding-of-pages-to-an-initialized-en.patch index 85da53a1ba97..800e691ed388 100644 --- a/0019-x86-sgx-Support-adding-of-pages-to-an-initialized-en.patch +++ b/0019-x86-sgx-Support-adding-of-pages-to-an-initialized-en.patch @@ -1,7 +1,7 @@ -From 74d6d35abc90cfa00ee86bc5454e8a38f87a2daf Mon Sep 17 00:00:00 2001 +From 6c2777344708ad4194d1f9088bd7dbd2c740fd16 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Tue, 13 Jul 2021 08:58:53 -0700 -Subject: [PATCH 19/33] x86/sgx: Support adding of pages to an initialized +Date: Mon, 7 Feb 2022 16:45:41 -0800 +Subject: [PATCH 19/34] x86/sgx: Support adding of pages to an initialized enclave With SGX1 an enclave needs to be created with its maximum memory demands @@ -54,10 +54,10 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 3 files changed, 137 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index a5d4a7efb986..d1e3ea86b902 100644 +index cbd852fb760b..a5b1da1e5bd4 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -124,6 +124,128 @@ struct sgx_encl_page *sgx_encl_load_page(struct sgx_encl *encl, +@@ -165,6 +165,128 @@ struct sgx_encl_page *sgx_encl_load_page(struct sgx_encl *encl, return entry; } @@ -186,7 +186,7 @@ index a5d4a7efb986..d1e3ea86b902 100644 static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) { unsigned long addr = (unsigned long)vmf->address; -@@ -145,6 +267,17 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) +@@ -186,6 +308,17 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) if (unlikely(!encl)) return VM_FAULT_SIGBUS; diff --git a/0020-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch b/0020-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch index 47f1ebc812f1..2381237df89c 100644 --- a/0020-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch +++ b/0020-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch @@ -1,7 +1,7 @@ -From e25a72c0e9ec68c33626de7afea226aeb13c7f5c Mon Sep 17 00:00:00 2001 +From 94d96d463650dee683538bb1563a71afca7719cb Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Mon, 13 Sep 2021 11:08:47 -0700 -Subject: [PATCH 20/33] x86/sgx: Tighten accessible memory range after enclave +Date: Mon, 7 Feb 2022 16:45:42 -0800 +Subject: [PATCH 20/34] x86/sgx: Tighten accessible memory range after enclave initialization Before an enclave is initialized the enclave's memory range is unknown. @@ -37,10 +37,10 @@ Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> 1 file changed, 5 insertions(+) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index d1e3ea86b902..c20100245411 100644 +index a5b1da1e5bd4..5fe7189eac9d 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -403,6 +403,11 @@ int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start, +@@ -444,6 +444,11 @@ int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start, XA_STATE(xas, &encl->page_array, PFN_DOWN(start)); diff --git a/0021-selftests-sgx-Test-two-different-SGX2-EAUG-flows.patch b/0021-selftests-sgx-Test-two-different-SGX2-EAUG-flows.patch deleted file mode 100644 index 85e5ff485af8..000000000000 --- a/0021-selftests-sgx-Test-two-different-SGX2-EAUG-flows.patch +++ /dev/null @@ -1,294 +0,0 @@ -From 2314851e359b6202768eb7741753ff518d4e99db Mon Sep 17 00:00:00 2001 -From: Reinette Chatre <reinette.chatre@intel.com> -Date: Wed, 14 Jul 2021 09:46:55 -0700 -Subject: [PATCH 21/33] selftests/sgx: Test two different SGX2 EAUG flows - -Enclave pages can be added to an initialized enclave when an address -belonging to the enclave but without a backing page is accessed from -within the enclave. - -Accessing memory without a backing enclave page from within an enclave -can be in different ways: -1) Pre-emptively run ENCLU[EACCEPT]. Since the addition of a page - always needs to be accepted by the enclave via ENCLU[EACCEPT] this - flow is efficient since the first execution of ENCLU[EACCEPT] - triggers the addition of the page and when execution returns to the - same instruction the second execution would be successful as an - acceptance of the page. - -2) A direct read or write. The flow where a direct read or write - triggers the page addition execution cannot resume from the - instruction (read/write) that triggered the fault but instead - the enclave needs to be entered at a different entry point to - run needed ENCLU[EACCEPT] before execution can return to the - original entry point and the read/write instruction that faulted. - -Add tests for both flows. - -Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> ---- - tools/testing/selftests/sgx/main.c | 243 +++++++++++++++++++++++++++++ - 1 file changed, 243 insertions(+) - -diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c -index 1398cd1b0983..68285603b3f0 100644 ---- a/tools/testing/selftests/sgx/main.c -+++ b/tools/testing/selftests/sgx/main.c -@@ -86,6 +86,15 @@ static bool vdso_get_symtab(void *addr, struct vdso_symtab *symtab) - return true; - } - -+static inline int sgx2_supported(void) -+{ -+ unsigned int eax, ebx, ecx, edx; -+ -+ __cpuid_count(SGX_CPUID, 0x0, eax, ebx, ecx, edx); -+ -+ return eax & 0x2; -+} -+ - static unsigned long elf_sym_hash(const char *name) - { - unsigned long h = 0, high; -@@ -882,4 +891,238 @@ TEST_F(enclave, epcm_permissions) - EXPECT_EQ(self->run.exception_addr, 0); - } - -+/* -+ * Test the addition of pages to an initialized enclave via writing to -+ * a page belonging to the enclave's address space but was not added -+ * during enclave creation. -+ */ -+TEST_F(enclave, augment) -+{ -+ struct encl_op_get_from_addr get_addr_op; -+ struct encl_op_put_to_addr put_addr_op; -+ struct encl_op_eaccept eaccept_op; -+ size_t total_size = 0; -+ void *addr; -+ int i; -+ -+ if (!sgx2_supported()) -+ SKIP(return, "SGX2 not supported"); -+ -+ ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); -+ -+ memset(&self->run, 0, sizeof(self->run)); -+ self->run.tcs = self->encl.encl_base; -+ -+ for (i = 0; i < self->encl.nr_segments; i++) { -+ struct encl_segment *seg = &self->encl.segment_tbl[i]; -+ -+ total_size += seg->size; -+ } -+ -+ /* -+ * Actual enclave size is expected to be larger than the loaded -+ * test enclave since enclave size must be a power of 2 in bytes -+ * and test_encl does not consume it all. -+ */ -+ EXPECT_LT(total_size + PAGE_SIZE, self->encl.encl_size); -+ -+ /* -+ * Create memory mapping for the page that will be added. New -+ * memory mapping is for one page right after all existing -+ * mappings. -+ */ -+ addr = mmap((void *)self->encl.encl_base + total_size, PAGE_SIZE, -+ PROT_READ | PROT_WRITE | PROT_EXEC, -+ MAP_SHARED | MAP_FIXED, self->encl.fd, 0); -+ EXPECT_NE(addr, MAP_FAILED); -+ -+ self->run.exception_vector = 0; -+ self->run.exception_error_code = 0; -+ self->run.exception_addr = 0; -+ -+ /* -+ * Attempt to write to the new page from within enclave. -+ * Expected to fail since page is not (yet) part of the enclave. -+ * The first #PF will trigger the addition of the page to the -+ * enclave, but since the new page needs an EACCEPT from within the -+ * enclave before it can be used it would not be possible -+ * to successfully return to the failing instruction. This is the -+ * cause of the second #PF captured here having the SGX bit set, -+ * it is from hardware preventing the page from being used. -+ */ -+ put_addr_op.value = MAGIC; -+ put_addr_op.addr = (unsigned long)addr; -+ put_addr_op.header.type = ENCL_OP_PUT_TO_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0); -+ -+ EXPECT_EQ(self->run.function, ERESUME); -+ EXPECT_EQ(self->run.exception_vector, 14); -+ EXPECT_EQ(self->run.exception_addr, (unsigned long)addr); -+ -+ if (self->run.exception_error_code == 0x6) { -+ munmap(addr, PAGE_SIZE); -+ SKIP(return, "Kernel does not support adding pages to initialized enclave"); -+ } -+ -+ EXPECT_EQ(self->run.exception_error_code, 0x8007); -+ -+ self->run.exception_vector = 0; -+ self->run.exception_error_code = 0; -+ self->run.exception_addr = 0; -+ -+ /* Handle AEX by running EACCEPT from new entry point. */ -+ self->run.tcs = self->encl.encl_base + PAGE_SIZE; -+ -+ eaccept_op.epc_addr = self->encl.encl_base + total_size; -+ eaccept_op.flags = SGX_SECINFO_R | SGX_SECINFO_W | SGX_SECINFO_REG | SGX_SECINFO_PENDING; -+ eaccept_op.ret = 0; -+ eaccept_op.header.type = ENCL_OP_EACCEPT; -+ -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ EXPECT_EQ(eaccept_op.ret, 0); -+ -+ /* Can now return to main TCS to resume execution. */ -+ self->run.tcs = self->encl.encl_base; -+ -+ EXPECT_EQ(vdso_sgx_enter_enclave((unsigned long)&put_addr_op, 0, 0, -+ ERESUME, 0, 0, -+ &self->run), -+ 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* -+ * Read memory from newly added page that was just written to, -+ * confirming that data previously written (MAGIC) is present. -+ */ -+ get_addr_op.value = 0; -+ get_addr_op.addr = (unsigned long)addr; -+ get_addr_op.header.type = ENCL_OP_GET_FROM_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0); -+ -+ EXPECT_EQ(get_addr_op.value, MAGIC); -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ munmap(addr, PAGE_SIZE); -+} -+ -+/* -+ * Test for the addition of pages to an initialized enclave via a -+ * pre-emptive run of EACCEPT on page to be added. -+ */ -+TEST_F(enclave, augment_via_eaccept) -+{ -+ struct encl_op_get_from_addr get_addr_op; -+ struct encl_op_put_to_addr put_addr_op; -+ struct encl_op_eaccept eaccept_op; -+ size_t total_size = 0; -+ void *addr; -+ int i; -+ -+ if (!sgx2_supported()) -+ SKIP(return, "SGX2 not supported"); -+ -+ ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); -+ -+ memset(&self->run, 0, sizeof(self->run)); -+ self->run.tcs = self->encl.encl_base; -+ -+ for (i = 0; i < self->encl.nr_segments; i++) { -+ struct encl_segment *seg = &self->encl.segment_tbl[i]; -+ -+ total_size += seg->size; -+ } -+ -+ /* -+ * Actual enclave size is expected to be larger than the loaded -+ * test enclave since enclave size must be a power of 2 in bytes while -+ * test_encl does not consume it all. -+ */ -+ EXPECT_LT(total_size + PAGE_SIZE, self->encl.encl_size); -+ -+ /* -+ * mmap() a page at end of existing enclave to be used for dynamic -+ * EPC page. -+ */ -+ -+ addr = mmap((void *)self->encl.encl_base + total_size, PAGE_SIZE, -+ PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED | MAP_FIXED, -+ self->encl.fd, 0); -+ EXPECT_NE(addr, MAP_FAILED); -+ -+ self->run.exception_vector = 0; -+ self->run.exception_error_code = 0; -+ self->run.exception_addr = 0; -+ -+ /* -+ * Run EACCEPT on new page to trigger the #PF->EAUG->EACCEPT(again -+ * without a #PF). All should be transparent to userspace. -+ */ -+ eaccept_op.epc_addr = self->encl.encl_base + total_size; -+ eaccept_op.flags = SGX_SECINFO_R | SGX_SECINFO_W | SGX_SECINFO_REG | SGX_SECINFO_PENDING; -+ eaccept_op.ret = 0; -+ eaccept_op.header.type = ENCL_OP_EACCEPT; -+ -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ -+ if (self->run.exception_vector == 14 && -+ self->run.exception_error_code == 4 && -+ self->run.exception_addr == self->encl.encl_base + total_size) { -+ munmap(addr, PAGE_SIZE); -+ SKIP(return, "Kernel does not support adding pages to initialized enclave"); -+ } -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ EXPECT_EQ(eaccept_op.ret, 0); -+ -+ /* -+ * New page should be accessible from within enclave - attempt to -+ * write to it. -+ */ -+ put_addr_op.value = MAGIC; -+ put_addr_op.addr = (unsigned long)addr; -+ put_addr_op.header.type = ENCL_OP_PUT_TO_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* -+ * Read memory from newly added page that was just written to, -+ * confirming that data previously written (MAGIC) is present. -+ */ -+ get_addr_op.value = 0; -+ get_addr_op.addr = (unsigned long)addr; -+ get_addr_op.header.type = ENCL_OP_GET_FROM_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0); -+ -+ EXPECT_EQ(get_addr_op.value, MAGIC); -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ munmap(addr, PAGE_SIZE); -+} -+ - TEST_HARNESS_MAIN --- -2.35.1 - diff --git a/0022-x86-sgx-Support-modifying-SGX-page-type.patch b/0022-x86-sgx-Support-modifying-SGX-page-type.patch index a397a6eb5713..eab8118013cb 100644 --- a/0022-x86-sgx-Support-modifying-SGX-page-type.patch +++ b/0022-x86-sgx-Support-modifying-SGX-page-type.patch @@ -1,7 +1,7 @@ -From b4c7cbd24a91e612ae7ecbffa4e2d62e89f28aa4 Mon Sep 17 00:00:00 2001 +From 88584ef777031604add6ed66b4d060ad9fce7cab Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Mon, 9 Aug 2021 14:03:54 -0700 -Subject: [PATCH 22/33] x86/sgx: Support modifying SGX page type +Date: Mon, 7 Feb 2022 16:45:44 -0800 +Subject: [PATCH 22/34] x86/sgx: Support modifying SGX page type Every enclave contains one or more Thread Control Structures (TCS). The TCS contains meta-data used by the hardware to save and restore thread diff --git a/0023-x86-sgx-Support-complete-page-removal.patch b/0023-x86-sgx-Support-complete-page-removal.patch index 50249dab7354..57ab38265d99 100644 --- a/0023-x86-sgx-Support-complete-page-removal.patch +++ b/0023-x86-sgx-Support-complete-page-removal.patch @@ -1,7 +1,7 @@ -From 893e5491bb5dfd3b6fcfe246c5de0a47c977e0c6 Mon Sep 17 00:00:00 2001 +From e8450696982167257dffebfbd8983e8d7b9bc235 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Wed, 8 Sep 2021 11:51:35 -0700 -Subject: [PATCH 23/33] x86/sgx: Support complete page removal +Date: Mon, 7 Feb 2022 16:45:45 -0800 +Subject: [PATCH 23/34] x86/sgx: Support complete page removal The SGX2 page removal flow was introduced in previous patch and is as follows: diff --git a/0024-Documentation-x86-Introduce-enclave-runtime-manageme.patch b/0024-Documentation-x86-Introduce-enclave-runtime-manageme.patch index 4d425b56b340..381c703a49aa 100644 --- a/0024-Documentation-x86-Introduce-enclave-runtime-manageme.patch +++ b/0024-Documentation-x86-Introduce-enclave-runtime-manageme.patch @@ -1,7 +1,7 @@ -From 432470df34c2805bccac4dc1bb4164b5440e1a67 Mon Sep 17 00:00:00 2001 +From 20acb57bc235f289b2d083a408d134a0db676ed1 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Tue, 25 Jan 2022 14:29:23 -0800 -Subject: [PATCH 24/33] Documentation/x86: Introduce enclave runtime management +Date: Mon, 7 Feb 2022 16:45:46 -0800 +Subject: [PATCH 24/34] Documentation/x86: Introduce enclave runtime management section Enclave runtime management is introduced following the pattern diff --git a/0025-selftests-sgx-Introduce-dynamic-entry-point.patch b/0025-selftests-sgx-Introduce-dynamic-entry-point.patch deleted file mode 100644 index 59a4a54898ab..000000000000 --- a/0025-selftests-sgx-Introduce-dynamic-entry-point.patch +++ /dev/null @@ -1,49 +0,0 @@ -From d8d13f21f81fb2b0c774099d56c1f9556100e52f Mon Sep 17 00:00:00 2001 -From: Reinette Chatre <reinette.chatre@intel.com> -Date: Tue, 24 Aug 2021 08:45:42 -0700 -Subject: [PATCH 25/33] selftests/sgx: Introduce dynamic entry point - -The test enclave (test_encl.elf) is built with two initialized -Thread Control Structures (TCS) included in the binary. Both TCS are -initialized with the same entry point, encl_entry, that correctly -computes the absolute address of the stack based on the stack of each -TCS that is also built into the binary. - -A new TCS can be added dynamically to the enclave and requires to be -initialized with an entry point used to enter the enclave. Since the -existing entry point, encl_entry, assumes that the TCS and its stack -exists at particular offsets within the binary it is not able to handle -a dynamically added TCS and its stack. - -Introduce a new entry point, encl_dyn_entry, that initializes the -absolute address of that thread's stack to the address immediately -preceding the TCS itself. It is now possible to dynamically add a -contiguous memory region to the enclave with the new stack preceding -the new TCS. With the new TCS initialized with encl_dyn_entry as entry -point the absolute address of the stack is computed correctly on entry. - -Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> ---- - tools/testing/selftests/sgx/test_encl_bootstrap.S | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/tools/testing/selftests/sgx/test_encl_bootstrap.S b/tools/testing/selftests/sgx/test_encl_bootstrap.S -index 82fb0dfcbd23..03ae0f57e29d 100644 ---- a/tools/testing/selftests/sgx/test_encl_bootstrap.S -+++ b/tools/testing/selftests/sgx/test_encl_bootstrap.S -@@ -45,6 +45,12 @@ encl_entry: - # TCS #2. By adding the value of encl_stack to it, we get - # the absolute address for the stack. - lea (encl_stack)(%rbx), %rax -+ jmp encl_entry_core -+encl_dyn_entry: -+ # Entry point for dynamically created TCS page expected to follow -+ # its stack directly. -+ lea -1(%rbx), %rax -+encl_entry_core: - xchg %rsp, %rax - push %rax - --- -2.35.1 - diff --git a/0026-selftests-sgx-Introduce-TCS-initialization-enclave-o.patch b/0026-selftests-sgx-Introduce-TCS-initialization-enclave-o.patch deleted file mode 100644 index 9eaf14b8d42c..000000000000 --- a/0026-selftests-sgx-Introduce-TCS-initialization-enclave-o.patch +++ /dev/null @@ -1,101 +0,0 @@ -From ed1e3dbee43c97b98889cde111b9b7ca541c5bd0 Mon Sep 17 00:00:00 2001 -From: Reinette Chatre <reinette.chatre@intel.com> -Date: Tue, 24 Aug 2021 09:05:11 -0700 -Subject: [PATCH 26/33] selftests/sgx: Introduce TCS initialization enclave - operation - -The Thread Control Structure (TCS) contains meta-data used by the -hardware to save and restore thread specific information when -entering/exiting the enclave. A TCS can be added to an initialized -enclave by first adding a new regular enclave page, initializing the -content of the new page from within the enclave, and then changing that -page's type to a TCS. - -Support the initialization of a TCS from within the enclave. -The variable information needed that should be provided from outside -the enclave is the address of the TCS, address of the State Save Area -(SSA), and the entry point that the thread should use to enter the -enclave. With this information provided all needed fields of a TCS -can be initialized. - -Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> ---- - tools/testing/selftests/sgx/defines.h | 8 +++++++ - tools/testing/selftests/sgx/test_encl.c | 30 +++++++++++++++++++++++++ - 2 files changed, 38 insertions(+) - -diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h -index b638eb98c80c..d8587c971941 100644 ---- a/tools/testing/selftests/sgx/defines.h -+++ b/tools/testing/selftests/sgx/defines.h -@@ -26,6 +26,7 @@ enum encl_op_type { - ENCL_OP_NOP, - ENCL_OP_EACCEPT, - ENCL_OP_EMODPE, -+ ENCL_OP_INIT_TCS_PAGE, - ENCL_OP_MAX, - }; - -@@ -68,4 +69,11 @@ struct encl_op_emodpe { - uint64_t flags; - }; - -+struct encl_op_init_tcs_page { -+ struct encl_op_header header; -+ uint64_t tcs_page; -+ uint64_t ssa; -+ uint64_t entry; -+}; -+ - #endif /* DEFINES_H */ -diff --git a/tools/testing/selftests/sgx/test_encl.c b/tools/testing/selftests/sgx/test_encl.c -index 5b6c65331527..c0d6397295e3 100644 ---- a/tools/testing/selftests/sgx/test_encl.c -+++ b/tools/testing/selftests/sgx/test_encl.c -@@ -57,6 +57,35 @@ static void *memcpy(void *dest, const void *src, size_t n) - return dest; - } - -+static void *memset(void *dest, int c, size_t n) -+{ -+ size_t i; -+ -+ for (i = 0; i < n; i++) -+ ((char *)dest)[i] = c; -+ -+ return dest; -+} -+ -+static void do_encl_init_tcs_page(void *_op) -+{ -+ struct encl_op_init_tcs_page *op = _op; -+ void *tcs = (void *)op->tcs_page; -+ uint32_t val_32; -+ -+ memset(tcs, 0, 16); /* STATE and FLAGS */ -+ memcpy(tcs + 16, &op->ssa, 8); /* OSSA */ -+ memset(tcs + 24, 0, 4); /* CSSA */ -+ val_32 = 1; -+ memcpy(tcs + 28, &val_32, 4); /* NSSA */ -+ memcpy(tcs + 32, &op->entry, 8); /* OENTRY */ -+ memset(tcs + 40, 0, 24); /* AEP, OFSBASE, OGSBASE */ -+ val_32 = 0xFFFFFFFF; -+ memcpy(tcs + 64, &val_32, 4); /* FSLIMIT */ -+ memcpy(tcs + 68, &val_32, 4); /* GSLIMIT */ -+ memset(tcs + 72, 0, 4024); /* Reserved */ -+} -+ - static void do_encl_op_put_to_buf(void *op) - { - struct encl_op_put_to_buf *op2 = op; -@@ -100,6 +129,7 @@ void encl_body(void *rdi, void *rsi) - do_encl_op_nop, - do_encl_eaccept, - do_encl_emodpe, -+ do_encl_init_tcs_page, - }; - - struct encl_op_header *op = (struct encl_op_header *)rdi; --- -2.35.1 - diff --git a/0027-selftests-sgx-Test-complete-changing-of-page-type-fl.patch b/0027-selftests-sgx-Test-complete-changing-of-page-type-fl.patch deleted file mode 100644 index 10f134674d53..000000000000 --- a/0027-selftests-sgx-Test-complete-changing-of-page-type-fl.patch +++ /dev/null @@ -1,451 +0,0 @@ -From c696012d201e573cfb4767f4854a7ecac713498d Mon Sep 17 00:00:00 2001 -From: Reinette Chatre <reinette.chatre@intel.com> -Date: Tue, 24 Aug 2021 10:34:27 -0700 -Subject: [PATCH 27/33] selftests/sgx: Test complete changing of page type flow - -Support for changing an enclave page's type enables an initialized -enclave to be expanded with support for more threads by changing the -type of a regular enclave page to that of a Thread Control Structure -(TCS). Additionally, being able to change a TCS or regular enclave -page's type to be trimmed (SGX_PAGE_TYPE_TRIM) initiates the removal -of the page from the enclave. - -Test changing page type to TCS as well as page removal flows -in two phases: In the first phase support for a new thread is -dynamically added to an initialized enclave and in the second phase -the pages associated with the new thread are removed from the enclave. -As an additional sanity check after the second phase the page used as -a TCS page during the first phase is added back as a regular page and -ensured that it can be written to (which is not possible if it was a -TCS page). - -Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> ---- - tools/testing/selftests/sgx/load.c | 41 ++++ - tools/testing/selftests/sgx/main.c | 347 +++++++++++++++++++++++++++++ - tools/testing/selftests/sgx/main.h | 1 + - 3 files changed, 389 insertions(+) - -diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c -index 006b464c8fc9..94bdeac1cf04 100644 ---- a/tools/testing/selftests/sgx/load.c -+++ b/tools/testing/selftests/sgx/load.c -@@ -130,6 +130,47 @@ static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg) - return true; - } - -+/* -+ * Parse the enclave code's symbol table to locate and return address of -+ * the provided symbol -+ */ -+uint64_t encl_get_entry(struct encl *encl, const char *symbol) -+{ -+ Elf64_Shdr *sections; -+ Elf64_Sym *symtab; -+ Elf64_Ehdr *ehdr; -+ char *sym_names; -+ int num_sym; -+ int i; -+ -+ ehdr = encl->bin; -+ sections = encl->bin + ehdr->e_shoff; -+ -+ for (i = 0; i < ehdr->e_shnum; i++) { -+ if (sections[i].sh_type == SHT_SYMTAB) { -+ symtab = (Elf64_Sym *)((char *)encl->bin + sections[i].sh_offset); -+ num_sym = sections[i].sh_size / sections[i].sh_entsize; -+ break; -+ } -+ } -+ -+ for (i = 0; i < ehdr->e_shnum; i++) { -+ if (sections[i].sh_type == SHT_STRTAB) { -+ sym_names = (char *)encl->bin + sections[i].sh_offset; -+ break; -+ } -+ } -+ -+ for (i = 0; i < num_sym; i++) { -+ Elf64_Sym *sym = &symtab[i]; -+ -+ if (!strcmp(symbol, sym_names + sym->st_name)) -+ return (uint64_t)sym->st_value; -+ } -+ -+ return 0; -+} -+ - bool encl_load(const char *path, struct encl *encl, unsigned long heap_size) - { - const char device_path[] = "/dev/sgx_enclave"; -diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c -index 68285603b3f0..53a581bd56c5 100644 ---- a/tools/testing/selftests/sgx/main.c -+++ b/tools/testing/selftests/sgx/main.c -@@ -1125,4 +1125,351 @@ TEST_F(enclave, augment_via_eaccept) - munmap(addr, PAGE_SIZE); - } - -+/* -+ * SGX2 page type modification test in two phases: -+ * Phase 1: -+ * Create a new TCS, consisting out of three new pages (stack page with regular -+ * page type, SSA page with regular page type, and TCS page with TCS page -+ * type) in an initialized enclave and run a simple workload within it. -+ * Phase 2: -+ * Remove the three pages added in phase 1, add a new regular page at the -+ * same address that previously hosted the TCS page and verify that it can -+ * be modified. -+ */ -+TEST_F(enclave, tcs_create) -+{ -+ struct encl_op_init_tcs_page init_tcs_page_op; -+ struct sgx_enclave_remove_pages remove_ioc; -+ struct encl_op_get_from_addr get_addr_op; -+ struct encl_op_put_to_addr put_addr_op; -+ struct encl_op_get_from_buf get_buf_op; -+ struct encl_op_put_to_buf put_buf_op; -+ void *addr, *tcs, *stack_end, *ssa; -+ struct encl_op_eaccept eaccept_op; -+ struct sgx_enclave_modt modt_ioc; -+ struct sgx_secinfo secinfo; -+ size_t total_size = 0; -+ uint64_t val_64; -+ int errno_save; -+ int ret, i; -+ -+ ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, -+ _metadata)); -+ -+ memset(&self->run, 0, sizeof(self->run)); -+ self->run.tcs = self->encl.encl_base; -+ -+ /* -+ * Hardware (SGX2) and kernel support is needed for this test. Start -+ * with check that test has a chance of succeeding. -+ */ -+ memset(&modt_ioc, 0, sizeof(modt_ioc)); -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPE, &modt_ioc); -+ -+ if (ret == -1) { -+ if (errno == ENOTTY) -+ SKIP(return, "Kernel does not support SGX_IOC_ENCLAVE_MODIFY_TYPE ioctl()"); -+ else if (errno == ENODEV) -+ SKIP(return, "System does not support SGX2"); -+ } -+ -+ /* -+ * Invalid parameters were provided during sanity check, -+ * expect command to fail. -+ */ -+ EXPECT_EQ(ret, -1); -+ -+ /* -+ * Add three regular pages via EAUG: one will be the TCS stack, one -+ * will be the TCS SSA, and one will be the new TCS. The stack and -+ * SSA will remain as regular pages, the TCS page will need its -+ * type changed after populated with needed data. -+ */ -+ for (i = 0; i < self->encl.nr_segments; i++) { -+ struct encl_segment *seg = &self->encl.segment_tbl[i]; -+ -+ total_size += seg->size; -+ } -+ -+ /* -+ * Actual enclave size is expected to be larger than the loaded -+ * test enclave since enclave size must be a power of 2 in bytes while -+ * test_encl does not consume it all. -+ */ -+ EXPECT_LT(total_size + 3 * PAGE_SIZE, self->encl.encl_size); -+ -+ /* -+ * mmap() three pages at end of existing enclave to be used for the -+ * three new pages. -+ */ -+ addr = mmap((void *)self->encl.encl_base + total_size, 3 * PAGE_SIZE, -+ PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, -+ self->encl.fd, 0); -+ EXPECT_NE(addr, MAP_FAILED); -+ -+ self->run.exception_vector = 0; -+ self->run.exception_error_code = 0; -+ self->run.exception_addr = 0; -+ -+ stack_end = (void *)self->encl.encl_base + total_size; -+ tcs = (void *)self->encl.encl_base + total_size + PAGE_SIZE; -+ ssa = (void *)self->encl.encl_base + total_size + 2 * PAGE_SIZE; -+ -+ /* -+ * Run EACCEPT on each new page to trigger the -+ * EACCEPT->(#PF)->EAUG->EACCEPT(again without a #PF) flow. -+ */ -+ -+ eaccept_op.epc_addr = (unsigned long)stack_end; -+ eaccept_op.flags = SGX_SECINFO_R | SGX_SECINFO_W | SGX_SECINFO_REG | SGX_SECINFO_PENDING; -+ eaccept_op.ret = 0; -+ eaccept_op.header.type = ENCL_OP_EACCEPT; -+ -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ -+ if (self->run.exception_vector == 14 && -+ self->run.exception_error_code == 4 && -+ self->run.exception_addr == (unsigned long)stack_end) { -+ munmap(addr, 3 * PAGE_SIZE); -+ SKIP(return, "Kernel does not support adding pages to initialized enclave"); -+ } -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ EXPECT_EQ(eaccept_op.ret, 0); -+ -+ eaccept_op.epc_addr = (unsigned long)ssa; -+ -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ EXPECT_EQ(eaccept_op.ret, 0); -+ -+ eaccept_op.epc_addr = (unsigned long)tcs; -+ -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ EXPECT_EQ(eaccept_op.ret, 0); -+ -+ /* -+ * Three new pages added to enclave. Now populate the TCS page with -+ * needed data. This should be done from within enclave. Provide -+ * the function that will do the actual data population with needed -+ * data. -+ */ -+ -+ /* -+ * New TCS will use the "encl_dyn_entry" entrypoint that expects -+ * stack to begin in page before TCS page. -+ */ -+ val_64 = encl_get_entry(&self->encl, "encl_dyn_entry"); -+ EXPECT_NE(val_64, 0); -+ -+ init_tcs_page_op.tcs_page = (unsigned long)tcs; -+ init_tcs_page_op.ssa = (unsigned long)total_size + 2 * PAGE_SIZE; -+ init_tcs_page_op.entry = val_64; -+ init_tcs_page_op.header.type = ENCL_OP_INIT_TCS_PAGE; -+ -+ EXPECT_EQ(ENCL_CALL(&init_tcs_page_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* Change TCS page type to TCS. */ -+ memset(&modt_ioc, 0, sizeof(modt_ioc)); -+ memset(&secinfo, 0, sizeof(secinfo)); -+ -+ secinfo.flags = SGX_PAGE_TYPE_TCS << 8; -+ modt_ioc.offset = total_size + PAGE_SIZE; -+ modt_ioc.length = PAGE_SIZE; -+ modt_ioc.secinfo = (unsigned long)&secinfo; -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPE, &modt_ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, 0); -+ EXPECT_EQ(errno_save, 0); -+ EXPECT_EQ(modt_ioc.result, 0); -+ EXPECT_EQ(modt_ioc.count, 4096); -+ -+ /* EACCEPT new TCS page from enclave. */ -+ eaccept_op.epc_addr = (unsigned long)tcs; -+ eaccept_op.flags = SGX_SECINFO_TCS | SGX_SECINFO_MODIFIED; -+ eaccept_op.ret = 0; -+ eaccept_op.header.type = ENCL_OP_EACCEPT; -+ -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ EXPECT_EQ(eaccept_op.ret, 0); -+ -+ /* Run workload from new TCS. */ -+ self->run.tcs = (unsigned long)tcs; -+ -+ /* -+ * Simple workload to write to data buffer and read value back. -+ */ -+ put_buf_op.header.type = ENCL_OP_PUT_TO_BUFFER; -+ put_buf_op.value = MAGIC; -+ -+ EXPECT_EQ(ENCL_CALL(&put_buf_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ get_buf_op.header.type = ENCL_OP_GET_FROM_BUFFER; -+ get_buf_op.value = 0; -+ -+ EXPECT_EQ(ENCL_CALL(&get_buf_op, &self->run, true), 0); -+ -+ EXPECT_EQ(get_buf_op.value, MAGIC); -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* -+ * Phase 2 of test: -+ * Remove pages associated with new TCS, create a regular page -+ * where TCS page used to be and verify it can be used as a regular -+ * page. -+ */ -+ -+ /* Start page removal by requesting change of page type to PT_TRIM. */ -+ memset(&modt_ioc, 0, sizeof(modt_ioc)); -+ memset(&secinfo, 0, sizeof(secinfo)); -+ -+ secinfo.flags = SGX_PAGE_TYPE_TRIM << 8; -+ modt_ioc.offset = total_size; -+ modt_ioc.length = 3 * PAGE_SIZE; -+ modt_ioc.secinfo = (unsigned long)&secinfo; -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPE, &modt_ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, 0); -+ EXPECT_EQ(errno_save, 0); -+ EXPECT_EQ(modt_ioc.result, 0); -+ EXPECT_EQ(modt_ioc.count, 3 * PAGE_SIZE); -+ -+ /* -+ * Enter enclave via TCS #1 and approve page removal by sending -+ * EACCEPT for each of three removed pages. -+ */ -+ self->run.tcs = self->encl.encl_base; -+ -+ eaccept_op.epc_addr = (unsigned long)stack_end; -+ eaccept_op.flags = SGX_SECINFO_TRIM | SGX_SECINFO_MODIFIED; -+ eaccept_op.ret = 0; -+ eaccept_op.header.type = ENCL_OP_EACCEPT; -+ -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ EXPECT_EQ(eaccept_op.ret, 0); -+ -+ eaccept_op.epc_addr = (unsigned long)tcs; -+ eaccept_op.ret = 0; -+ -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ EXPECT_EQ(eaccept_op.ret, 0); -+ -+ eaccept_op.epc_addr = (unsigned long)ssa; -+ eaccept_op.ret = 0; -+ -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ EXPECT_EQ(eaccept_op.ret, 0); -+ -+ /* Send final ioctl() to complete page removal. */ -+ memset(&remove_ioc, 0, sizeof(remove_ioc)); -+ -+ remove_ioc.offset = total_size; -+ remove_ioc.length = 3 * PAGE_SIZE; -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_REMOVE_PAGES, &remove_ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, 0); -+ EXPECT_EQ(errno_save, 0); -+ EXPECT_EQ(remove_ioc.count, 3 * PAGE_SIZE); -+ -+ /* -+ * Enter enclave via TCS #1 and access location where TCS #3 was to -+ * trigger dynamic add of regular page at that location. -+ */ -+ eaccept_op.epc_addr = (unsigned long)tcs; -+ eaccept_op.flags = SGX_SECINFO_R | SGX_SECINFO_W | SGX_SECINFO_REG | SGX_SECINFO_PENDING; -+ eaccept_op.ret = 0; -+ eaccept_op.header.type = ENCL_OP_EACCEPT; -+ -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ EXPECT_EQ(eaccept_op.ret, 0); -+ -+ /* -+ * New page should be accessible from within enclave - write to it. -+ */ -+ put_addr_op.value = MAGIC; -+ put_addr_op.addr = (unsigned long)tcs; -+ put_addr_op.header.type = ENCL_OP_PUT_TO_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* -+ * Read memory from newly added page that was just written to, -+ * confirming that data previously written (MAGIC) is present. -+ */ -+ get_addr_op.value = 0; -+ get_addr_op.addr = (unsigned long)tcs; -+ get_addr_op.header.type = ENCL_OP_GET_FROM_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0); -+ -+ EXPECT_EQ(get_addr_op.value, MAGIC); -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ munmap(addr, 3 * PAGE_SIZE); -+} -+ - TEST_HARNESS_MAIN -diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h -index b45c52ec7ab3..fc585be97e2f 100644 ---- a/tools/testing/selftests/sgx/main.h -+++ b/tools/testing/selftests/sgx/main.h -@@ -38,6 +38,7 @@ void encl_delete(struct encl *ctx); - bool encl_load(const char *path, struct encl *encl, unsigned long heap_size); - bool encl_measure(struct encl *encl); - bool encl_build(struct encl *encl); -+uint64_t encl_get_entry(struct encl *encl, const char *symbol); - - int sgx_enter_enclave(void *rdi, void *rsi, long rdx, u32 function, void *r8, void *r9, - struct sgx_enclave_run *run); --- -2.35.1 - diff --git a/0028-selftests-sgx-Test-faulty-enclave-behavior.patch b/0028-selftests-sgx-Test-faulty-enclave-behavior.patch deleted file mode 100644 index 35586578deb6..000000000000 --- a/0028-selftests-sgx-Test-faulty-enclave-behavior.patch +++ /dev/null @@ -1,150 +0,0 @@ -From c10188b372204d471ece3598ef5cf8651de79b82 Mon Sep 17 00:00:00 2001 -From: Reinette Chatre <reinette.chatre@intel.com> -Date: Tue, 24 Aug 2021 10:35:40 -0700 -Subject: [PATCH 28/33] selftests/sgx: Test faulty enclave behavior - -Removing a page from an initialized enclave involves three steps: -first the user requests changing the page type to SGX_PAGE_TYPE_TRIM -via an ioctl(), on success the ENCLU[EACCEPT] instruction needs to be -run from within the enclave to accept the page removal, finally the -user requests page removal to be completed via an ioctl(). Only after -acceptance (ENCLU[EACCEPT]) from within the enclave can the kernel -remove the page from a running enclave. - -Test the behavior when the user's request to change the page type -succeeds, but the ENCLU[EACCEPT] instruction is not run before the -ioctl() requesting page removal is run. This should not be permitted. - -Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> ---- - tools/testing/selftests/sgx/main.c | 116 +++++++++++++++++++++++++++++ - 1 file changed, 116 insertions(+) - -diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c -index 53a581bd56c5..e9513ced1853 100644 ---- a/tools/testing/selftests/sgx/main.c -+++ b/tools/testing/selftests/sgx/main.c -@@ -1472,4 +1472,120 @@ TEST_F(enclave, tcs_create) - munmap(addr, 3 * PAGE_SIZE); - } - -+/* -+ * Ensure sane behavior if user requests page removal, does not run -+ * EACCEPT from within enclave but still attempts to finalize page removal -+ * with the SGX_IOC_ENCLAVE_REMOVE_PAGES ioctl(). The latter should fail -+ * because the removal was not EACCEPTed from within the enclave. -+ */ -+TEST_F(enclave, remove_added_page_no_eaccept) -+{ -+ struct sgx_enclave_remove_pages remove_ioc; -+ struct encl_op_get_from_addr get_addr_op; -+ struct encl_op_put_to_addr put_addr_op; -+ struct sgx_enclave_modt modt_ioc; -+ struct sgx_secinfo secinfo; -+ unsigned long data_start; -+ int ret, errno_save; -+ -+ ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); -+ -+ memset(&self->run, 0, sizeof(self->run)); -+ self->run.tcs = self->encl.encl_base; -+ -+ /* -+ * Hardware (SGX2) and kernel support is needed for this test. Start -+ * with check that test has a chance of succeeding. -+ */ -+ memset(&modt_ioc, 0, sizeof(modt_ioc)); -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPE, &modt_ioc); -+ -+ if (ret == -1) { -+ if (errno == ENOTTY) -+ SKIP(return, "Kernel does not support SGX_IOC_ENCLAVE_MODIFY_TYPE ioctl()"); -+ else if (errno == ENODEV) -+ SKIP(return, "System does not support SGX2"); -+ } -+ -+ /* -+ * Invalid parameters were provided during sanity check, -+ * expect command to fail. -+ */ -+ EXPECT_EQ(ret, -1); -+ -+ /* -+ * Page that will be removed is the second data page in the .data -+ * segment. This forms part of the local encl_buffer within the -+ * enclave. -+ */ -+ data_start = self->encl.encl_base + -+ encl_get_data_offset(&self->encl) + PAGE_SIZE; -+ -+ /* -+ * Sanity check that page at @data_start is writable before -+ * removing it. -+ * -+ * Start by writing MAGIC to test page. -+ */ -+ put_addr_op.value = MAGIC; -+ put_addr_op.addr = data_start; -+ put_addr_op.header.type = ENCL_OP_PUT_TO_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* -+ * Read memory that was just written to, confirming that data -+ * previously written (MAGIC) is present. -+ */ -+ get_addr_op.value = 0; -+ get_addr_op.addr = data_start; -+ get_addr_op.header.type = ENCL_OP_GET_FROM_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0); -+ -+ EXPECT_EQ(get_addr_op.value, MAGIC); -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* Start page removal by requesting change of page type to PT_TRIM */ -+ memset(&modt_ioc, 0, sizeof(modt_ioc)); -+ memset(&secinfo, 0, sizeof(secinfo)); -+ -+ secinfo.flags = SGX_PAGE_TYPE_TRIM << 8; -+ modt_ioc.offset = encl_get_data_offset(&self->encl) + PAGE_SIZE; -+ modt_ioc.length = PAGE_SIZE; -+ modt_ioc.secinfo = (unsigned long)&secinfo; -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPE, &modt_ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, 0); -+ EXPECT_EQ(errno_save, 0); -+ EXPECT_EQ(modt_ioc.result, 0); -+ EXPECT_EQ(modt_ioc.count, 4096); -+ -+ /* Skip EACCEPT */ -+ -+ /* Send final ioctl() to complete page removal */ -+ memset(&remove_ioc, 0, sizeof(remove_ioc)); -+ -+ remove_ioc.offset = encl_get_data_offset(&self->encl) + PAGE_SIZE; -+ remove_ioc.length = PAGE_SIZE; -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_REMOVE_PAGES, &remove_ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ /* Operation not permitted since EACCEPT was omitted. */ -+ EXPECT_EQ(ret, -1); -+ EXPECT_EQ(errno_save, EPERM); -+ EXPECT_EQ(remove_ioc.count, 0); -+} -+ - TEST_HARNESS_MAIN --- -2.35.1 - diff --git a/0029-selftests-sgx-Test-invalid-access-to-removed-enclave.patch b/0029-selftests-sgx-Test-invalid-access-to-removed-enclave.patch deleted file mode 100644 index 114e761b3795..000000000000 --- a/0029-selftests-sgx-Test-invalid-access-to-removed-enclave.patch +++ /dev/null @@ -1,293 +0,0 @@ -From b09c5d4061067f27da32b0ed000914f0451fa269 Mon Sep 17 00:00:00 2001 -From: Reinette Chatre <reinette.chatre@intel.com> -Date: Tue, 24 Aug 2021 10:36:45 -0700 -Subject: [PATCH 29/33] selftests/sgx: Test invalid access to removed enclave - page - -Removing a page from an initialized enclave involves three steps: -(1) the user requests changing the page type to SGX_PAGE_TYPE_TRIM -via the SGX_IOC_ENCLAVE_MODIFY_TYPE ioctl(), (2) on success the -ENCLU[EACCEPT] instruction is run from within the enclave to accept -the page removal, (3) the user initiates the actual removal of the -page via the SGX_IOC_ENCLAVE_REMOVE_PAGES ioctl(). - -Test two possible invalid accesses during the page removal flow: -* Test the behavior when a request to remove the page by changing its - type to SGX_PAGE_TYPE_TRIM completes successfully but instead of - executing ENCLU[EACCEPT] from within the enclave the enclave attempts - to read from the page. Even though the page is accessible from the - page table entries its type is SGX_PAGE_TYPE_TRIM and thus not - accessible according to SGX. The expected behavior is a page fault - with the SGX flag set in the error code. -* Test the behavior when the page type is changed successfully and - ENCLU[EACCEPT] was run from within the enclave. The final ioctl(), - SGX_IOC_ENCLAVE_REMOVE_PAGES, is omitted and replaced with an - attempt to access the page. Even though the page is accessible - from the page table entries its type is SGX_PAGE_TYPE_TRIM and - thus not accessible according to SGX. The expected behavior is - a page fault with the SGX flag set in the error code. - -Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> ---- - tools/testing/selftests/sgx/main.c | 247 +++++++++++++++++++++++++++++ - 1 file changed, 247 insertions(+) - -diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c -index e9513ced1853..239d3c9df169 100644 ---- a/tools/testing/selftests/sgx/main.c -+++ b/tools/testing/selftests/sgx/main.c -@@ -1588,4 +1588,251 @@ TEST_F(enclave, remove_added_page_no_eaccept) - EXPECT_EQ(remove_ioc.count, 0); - } - -+/* -+ * Request enclave page removal but instead of correctly following with -+ * EACCEPT a read attempt to page is made from within the enclave. -+ */ -+TEST_F(enclave, remove_added_page_invalid_access) -+{ -+ struct encl_op_get_from_addr get_addr_op; -+ struct encl_op_put_to_addr put_addr_op; -+ struct sgx_enclave_modt ioc; -+ struct sgx_secinfo secinfo; -+ unsigned long data_start; -+ int ret, errno_save; -+ -+ ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); -+ -+ memset(&self->run, 0, sizeof(self->run)); -+ self->run.tcs = self->encl.encl_base; -+ -+ /* -+ * Hardware (SGX2) and kernel support is needed for this test. Start -+ * with check that test has a chance of succeeding. -+ */ -+ memset(&ioc, 0, sizeof(ioc)); -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPE, &ioc); -+ -+ if (ret == -1) { -+ if (errno == ENOTTY) -+ SKIP(return, "Kernel does not support SGX_IOC_ENCLAVE_MODIFY_TYPE ioctl()"); -+ else if (errno == ENODEV) -+ SKIP(return, "System does not support SGX2"); -+ } -+ -+ /* -+ * Invalid parameters were provided during sanity check, -+ * expect command to fail. -+ */ -+ EXPECT_EQ(ret, -1); -+ -+ /* -+ * Page that will be removed is the second data page in the .data -+ * segment. This forms part of the local encl_buffer within the -+ * enclave. -+ */ -+ data_start = self->encl.encl_base + -+ encl_get_data_offset(&self->encl) + PAGE_SIZE; -+ -+ /* -+ * Sanity check that page at @data_start is writable before -+ * removing it. -+ * -+ * Start by writing MAGIC to test page. -+ */ -+ put_addr_op.value = MAGIC; -+ put_addr_op.addr = data_start; -+ put_addr_op.header.type = ENCL_OP_PUT_TO_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* -+ * Read memory that was just written to, confirming that data -+ * previously written (MAGIC) is present. -+ */ -+ get_addr_op.value = 0; -+ get_addr_op.addr = data_start; -+ get_addr_op.header.type = ENCL_OP_GET_FROM_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0); -+ -+ EXPECT_EQ(get_addr_op.value, MAGIC); -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* Start page removal by requesting change of page type to PT_TRIM. */ -+ memset(&ioc, 0, sizeof(ioc)); -+ memset(&secinfo, 0, sizeof(secinfo)); -+ -+ secinfo.flags = SGX_PAGE_TYPE_TRIM << 8; -+ ioc.offset = encl_get_data_offset(&self->encl) + PAGE_SIZE; -+ ioc.length = PAGE_SIZE; -+ ioc.secinfo = (unsigned long)&secinfo; -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPE, &ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, 0); -+ EXPECT_EQ(errno_save, 0); -+ EXPECT_EQ(ioc.result, 0); -+ EXPECT_EQ(ioc.count, 4096); -+ -+ /* -+ * Read from page that was just removed. -+ */ -+ get_addr_op.value = 0; -+ -+ EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0); -+ -+ /* -+ * From kernel perspective the page is present but according to SGX the -+ * page should not be accessible so a #PF with SGX bit set is -+ * expected. -+ */ -+ -+ EXPECT_EQ(self->run.function, ERESUME); -+ EXPECT_EQ(self->run.exception_vector, 14); -+ EXPECT_EQ(self->run.exception_error_code, 0x8005); -+ EXPECT_EQ(self->run.exception_addr, data_start); -+} -+ -+/* -+ * Request enclave page removal and correctly follow with -+ * EACCEPT but do not follow with removal ioctl() but instead a read attempt -+ * to removed page is made from within the enclave. -+ */ -+TEST_F(enclave, remove_added_page_invalid_access_after_eaccept) -+{ -+ struct encl_op_get_from_addr get_addr_op; -+ struct encl_op_put_to_addr put_addr_op; -+ struct encl_op_eaccept eaccept_op; -+ struct sgx_enclave_modt ioc; -+ struct sgx_secinfo secinfo; -+ unsigned long data_start; -+ int ret, errno_save; -+ -+ ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); -+ -+ memset(&self->run, 0, sizeof(self->run)); -+ self->run.tcs = self->encl.encl_base; -+ -+ /* -+ * Hardware (SGX2) and kernel support is needed for this test. Start -+ * with check that test has a chance of succeeding. -+ */ -+ memset(&ioc, 0, sizeof(ioc)); -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPE, &ioc); -+ -+ if (ret == -1) { -+ if (errno == ENOTTY) -+ SKIP(return, "Kernel does not support SGX_IOC_ENCLAVE_MODIFY_TYPE ioctl()"); -+ else if (errno == ENODEV) -+ SKIP(return, "System does not support SGX2"); -+ } -+ -+ /* -+ * Invalid parameters were provided during sanity check, -+ * expect command to fail. -+ */ -+ EXPECT_EQ(ret, -1); -+ -+ /* -+ * Page that will be removed is the second data page in the .data -+ * segment. This forms part of the local encl_buffer within the -+ * enclave. -+ */ -+ data_start = self->encl.encl_base + -+ encl_get_data_offset(&self->encl) + PAGE_SIZE; -+ -+ /* -+ * Sanity check that page at @data_start is writable before -+ * removing it. -+ * -+ * Start by writing MAGIC to test page. -+ */ -+ put_addr_op.value = MAGIC; -+ put_addr_op.addr = data_start; -+ put_addr_op.header.type = ENCL_OP_PUT_TO_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* -+ * Read memory that was just written to, confirming that data -+ * previously written (MAGIC) is present. -+ */ -+ get_addr_op.value = 0; -+ get_addr_op.addr = data_start; -+ get_addr_op.header.type = ENCL_OP_GET_FROM_ADDRESS; -+ -+ EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0); -+ -+ EXPECT_EQ(get_addr_op.value, MAGIC); -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ -+ /* Start page removal by requesting change of page type to PT_TRIM. */ -+ memset(&ioc, 0, sizeof(ioc)); -+ memset(&secinfo, 0, sizeof(secinfo)); -+ -+ secinfo.flags = SGX_PAGE_TYPE_TRIM << 8; -+ ioc.offset = encl_get_data_offset(&self->encl) + PAGE_SIZE; -+ ioc.length = PAGE_SIZE; -+ ioc.secinfo = (unsigned long)&secinfo; -+ -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPE, &ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, 0); -+ EXPECT_EQ(errno_save, 0); -+ EXPECT_EQ(ioc.result, 0); -+ EXPECT_EQ(ioc.count, 4096); -+ -+ eaccept_op.epc_addr = (unsigned long)data_start; -+ eaccept_op.ret = 0; -+ eaccept_op.flags = SGX_SECINFO_TRIM | SGX_SECINFO_MODIFIED; -+ eaccept_op.header.type = ENCL_OP_EACCEPT; -+ -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ EXPECT_EQ(eaccept_op.ret, 0); -+ -+ /* Skip ioctl() to remove page. */ -+ -+ /* -+ * Read from page that was just removed. -+ */ -+ get_addr_op.value = 0; -+ -+ EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0); -+ -+ /* -+ * From kernel perspective the page is present but according to SGX the -+ * page should not be accessible so a #PF with SGX bit set is -+ * expected. -+ */ -+ -+ EXPECT_EQ(self->run.function, ERESUME); -+ EXPECT_EQ(self->run.exception_vector, 14); -+ EXPECT_EQ(self->run.exception_error_code, 0x8005); -+ EXPECT_EQ(self->run.exception_addr, data_start); -+} -+ - TEST_HARNESS_MAIN --- -2.35.1 - diff --git a/0030-selftests-sgx-Test-reclaiming-of-untouched-page.patch b/0030-selftests-sgx-Test-reclaiming-of-untouched-page.patch deleted file mode 100644 index 0a6945808954..000000000000 --- a/0030-selftests-sgx-Test-reclaiming-of-untouched-page.patch +++ /dev/null @@ -1,120 +0,0 @@ -From c4a4a195ef92015fb5e3807eae79c603bb12f670 Mon Sep 17 00:00:00 2001 -From: Reinette Chatre <reinette.chatre@intel.com> -Date: Thu, 26 Aug 2021 11:47:24 -0700 -Subject: [PATCH 30/33] selftests/sgx: Test reclaiming of untouched page - -Removing a page from an initialized enclave involves three steps: -(1) the user requests changing the page type to PT_TRIM via the - SGX_IOC_ENCLAVE_MODIFY_TYPE ioctl() -(2) on success the ENCLU[EACCEPT] instruction is run from within - the enclave to accept the page removal -(3) the user initiates the actual removal of the page via the - SGX_IOC_ENCLAVE_REMOVE_PAGES ioctl(). - -Remove a page that has never been accessed. This means that when the -first ioctl() requesting page removal arrives, there will be no page -table entry, yet a valid page table entry needs to exist for the -ENCLU[EACCEPT] function to succeed. In this test it is verified that -a page table entry can still be installed for a page that is in the -process of being removed. - -Suggested-by: Haitao Huang <haitao.huang@intel.com> -Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> ---- - tools/testing/selftests/sgx/main.c | 82 ++++++++++++++++++++++++++++++ - 1 file changed, 82 insertions(+) - -diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c -index 239d3c9df169..4fe5a0324c97 100644 ---- a/tools/testing/selftests/sgx/main.c -+++ b/tools/testing/selftests/sgx/main.c -@@ -1835,4 +1835,86 @@ TEST_F(enclave, remove_added_page_invalid_access_after_eaccept) - EXPECT_EQ(self->run.exception_addr, data_start); - } - -+TEST_F(enclave, remove_untouched_page) -+{ -+ struct sgx_enclave_remove_pages remove_ioc; -+ struct encl_op_eaccept eaccept_op; -+ struct sgx_enclave_modt modt_ioc; -+ struct sgx_secinfo secinfo; -+ unsigned long data_start; -+ int ret, errno_save; -+ -+ ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); -+ -+ /* -+ * Hardware (SGX2) and kernel support is needed for this test. Start -+ * with check that test has a chance of succeeding. -+ */ -+ memset(&modt_ioc, 0, sizeof(modt_ioc)); -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPE, &modt_ioc); -+ -+ if (ret == -1) { -+ if (errno == ENOTTY) -+ SKIP(return, "Kernel does not support SGX_IOC_ENCLAVE_MODIFY_TYPE ioctl()"); -+ else if (errno == ENODEV) -+ SKIP(return, "System does not support SGX2"); -+ } -+ -+ /* -+ * Invalid parameters were provided during sanity check, -+ * expect command to fail. -+ */ -+ EXPECT_EQ(ret, -1); -+ -+ /* SGX2 is supported by kernel and hardware, test can proceed. */ -+ memset(&self->run, 0, sizeof(self->run)); -+ self->run.tcs = self->encl.encl_base; -+ -+ data_start = self->encl.encl_base + -+ encl_get_data_offset(&self->encl) + PAGE_SIZE; -+ -+ memset(&modt_ioc, 0, sizeof(modt_ioc)); -+ memset(&secinfo, 0, sizeof(secinfo)); -+ -+ secinfo.flags = SGX_PAGE_TYPE_TRIM << 8; -+ modt_ioc.offset = encl_get_data_offset(&self->encl) + PAGE_SIZE; -+ modt_ioc.length = PAGE_SIZE; -+ modt_ioc.secinfo = (unsigned long)&secinfo; -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPE, &modt_ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, 0); -+ EXPECT_EQ(errno_save, 0); -+ EXPECT_EQ(modt_ioc.result, 0); -+ EXPECT_EQ(modt_ioc.count, 4096); -+ -+ /* -+ * Enter enclave via TCS #1 and approve page removal by sending -+ * EACCEPT for removed page. -+ */ -+ -+ eaccept_op.epc_addr = data_start; -+ eaccept_op.flags = SGX_SECINFO_TRIM | SGX_SECINFO_MODIFIED; -+ eaccept_op.ret = 0; -+ eaccept_op.header.type = ENCL_OP_EACCEPT; -+ -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ EXPECT_EQ(eaccept_op.ret, 0); -+ -+ memset(&remove_ioc, 0, sizeof(remove_ioc)); -+ -+ remove_ioc.offset = encl_get_data_offset(&self->encl) + PAGE_SIZE; -+ remove_ioc.length = PAGE_SIZE; -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_REMOVE_PAGES, &remove_ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, 0); -+ EXPECT_EQ(errno_save, 0); -+ EXPECT_EQ(remove_ioc.count, 4096); -+} -+ - TEST_HARNESS_MAIN --- -2.35.1 - diff --git a/0031-x86-sgx-Free-up-EPC-pages-directly-to-support-large-.patch b/0031-x86-sgx-Free-up-EPC-pages-directly-to-support-large-.patch index fddeebea7d62..e911fb8c4a11 100644 --- a/0031-x86-sgx-Free-up-EPC-pages-directly-to-support-large-.patch +++ b/0031-x86-sgx-Free-up-EPC-pages-directly-to-support-large-.patch @@ -1,7 +1,7 @@ -From b84ac8de47d5b48e0b09b05cce9540199b685d66 Mon Sep 17 00:00:00 2001 +From be44ee6db36a464e6f9d2847c4c095ab5bbb65b2 Mon Sep 17 00:00:00 2001 From: Reinette Chatre <reinette.chatre@intel.com> -Date: Thu, 23 Sep 2021 14:56:45 -0700 -Subject: [PATCH 31/33] x86/sgx: Free up EPC pages directly to support large +Date: Mon, 7 Feb 2022 16:45:53 -0800 +Subject: [PATCH 31/34] x86/sgx: Free up EPC pages directly to support large page ranges The page reclaimer ensures availability of EPC pages across all @@ -62,10 +62,10 @@ index 0ffb07095a80..d8c3c07badb3 100644 entry = sgx_encl_load_page(encl, addr); diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c -index 6e2cb7564080..545da16bb3ea 100644 +index 1a3014aec490..a1cb7435932a 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c -@@ -370,6 +370,12 @@ static bool sgx_should_reclaim(unsigned long watermark) +@@ -378,6 +378,12 @@ static bool sgx_should_reclaim(unsigned long watermark) !list_empty(&sgx_active_page_list); } diff --git a/0032-selftests-sgx-Page-removal-stress-test.patch b/0032-selftests-sgx-Page-removal-stress-test.patch deleted file mode 100644 index 91a8b42a9f9f..000000000000 --- a/0032-selftests-sgx-Page-removal-stress-test.patch +++ /dev/null @@ -1,156 +0,0 @@ -From c1e97dbeea2e85be3f3cafe2b06bc82a41889544 Mon Sep 17 00:00:00 2001 -From: Reinette Chatre <reinette.chatre@intel.com> -Date: Fri, 24 Sep 2021 10:08:31 -0700 -Subject: [PATCH 32/33] selftests/sgx: Page removal stress test - -Create enclave with additional heap that consumes all physical SGX -memory and then remove it. - -Depending on the available SGX memory this test could take a -significant time to run (several minutes) as it (1) creates the -enclave, (2) changes the type of every page to be trimmed, -(3) enters the enclave once per page to run EACCEPT, before -(4) the pages are finally removed. - -Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> ---- - tools/testing/selftests/sgx/main.c | 122 +++++++++++++++++++++++++++++ - 1 file changed, 122 insertions(+) - -diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c -index 4fe5a0324c97..22abda2696e2 100644 ---- a/tools/testing/selftests/sgx/main.c -+++ b/tools/testing/selftests/sgx/main.c -@@ -378,7 +378,129 @@ TEST_F(enclave, unclobbered_vdso_oversubscribed) - EXPECT_EQ(get_op.value, MAGIC); - EXPECT_EEXIT(&self->run); - EXPECT_EQ(self->run.user_data, 0); -+} -+ -+TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900) -+{ -+ struct sgx_enclave_remove_pages remove_ioc; -+ struct encl_op_get_from_buf get_op; -+ struct encl_op_eaccept eaccept_op; -+ struct encl_op_put_to_buf put_op; -+ struct sgx_enclave_modt modt_ioc; -+ struct sgx_secinfo secinfo; -+ struct encl_segment *heap; -+ unsigned long total_mem; -+ int ret, errno_save; -+ unsigned long addr; -+ unsigned long i; -+ -+ /* -+ * Create enclave with additional heap that is as big as all -+ * available physical SGX memory. -+ */ -+ total_mem = get_total_epc_mem(); -+ ASSERT_NE(total_mem, 0); -+ TH_LOG("Creating an enclave with %lu bytes heap may take a while ...", -+ total_mem); -+ ASSERT_TRUE(setup_test_encl(total_mem, &self->encl, _metadata)); -+ -+ /* -+ * Hardware (SGX2) and kernel support is needed for this test. Start -+ * with check that test has a chance of succeeding. -+ */ -+ memset(&modt_ioc, 0, sizeof(modt_ioc)); -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPE, &modt_ioc); -+ -+ if (ret == -1) { -+ if (errno == ENOTTY) -+ SKIP(return, "Kernel does not support SGX_IOC_ENCLAVE_MODIFY_TYPE ioctl()"); -+ else if (errno == ENODEV) -+ SKIP(return, "System does not support SGX2"); -+ } -+ -+ /* -+ * Invalid parameters were provided during sanity check, -+ * expect command to fail. -+ */ -+ EXPECT_EQ(ret, -1); -+ -+ /* SGX2 is supported by kernel and hardware, test can proceed. */ -+ memset(&self->run, 0, sizeof(self->run)); -+ self->run.tcs = self->encl.encl_base; -+ -+ heap = &self->encl.segment_tbl[self->encl.nr_segments - 1]; -+ -+ put_op.header.type = ENCL_OP_PUT_TO_BUFFER; -+ put_op.value = MAGIC; -+ -+ EXPECT_EQ(ENCL_CALL(&put_op, &self->run, false), 0); -+ -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.user_data, 0); -+ -+ get_op.header.type = ENCL_OP_GET_FROM_BUFFER; -+ get_op.value = 0; -+ -+ EXPECT_EQ(ENCL_CALL(&get_op, &self->run, false), 0); -+ -+ EXPECT_EQ(get_op.value, MAGIC); -+ EXPECT_EEXIT(&self->run); -+ EXPECT_EQ(self->run.user_data, 0); -+ -+ /* Trim entire heap. */ -+ memset(&modt_ioc, 0, sizeof(modt_ioc)); -+ memset(&secinfo, 0, sizeof(secinfo)); -+ -+ secinfo.flags = SGX_PAGE_TYPE_TRIM << 8; -+ modt_ioc.offset = heap->offset; -+ modt_ioc.length = heap->size; -+ modt_ioc.secinfo = (unsigned long)&secinfo; -+ -+ TH_LOG("Changing type of %zd bytes to trimmed may take a while ...", -+ heap->size); -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPE, &modt_ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, 0); -+ EXPECT_EQ(errno_save, 0); -+ EXPECT_EQ(modt_ioc.result, 0); -+ EXPECT_EQ(modt_ioc.count, heap->size); -+ -+ /* EACCEPT all removed pages. */ -+ addr = self->encl.encl_base + heap->offset; -+ -+ eaccept_op.flags = SGX_SECINFO_TRIM | SGX_SECINFO_MODIFIED; -+ eaccept_op.header.type = ENCL_OP_EACCEPT; -+ -+ TH_LOG("Entering enclave to run EACCEPT for each page of %zd bytes may take a while ...", -+ heap->size); -+ for (i = 0; i < heap->size; i += 4096) { -+ eaccept_op.epc_addr = addr + i; -+ eaccept_op.ret = 0; - -+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); -+ -+ EXPECT_EQ(self->run.exception_vector, 0); -+ EXPECT_EQ(self->run.exception_error_code, 0); -+ EXPECT_EQ(self->run.exception_addr, 0); -+ ASSERT_EQ(eaccept_op.ret, 0); -+ ASSERT_EQ(self->run.function, EEXIT); -+ } -+ -+ /* Complete page removal. */ -+ memset(&remove_ioc, 0, sizeof(remove_ioc)); -+ -+ remove_ioc.offset = heap->offset; -+ remove_ioc.length = heap->size; -+ -+ TH_LOG("Removing %zd bytes from enclave may take a while ...", -+ heap->size); -+ ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_REMOVE_PAGES, &remove_ioc); -+ errno_save = ret == -1 ? errno : 0; -+ -+ EXPECT_EQ(ret, 0); -+ EXPECT_EQ(errno_save, 0); -+ EXPECT_EQ(remove_ioc.count, heap->size); - } - - TEST_F(enclave, clobbered_vdso) --- -2.35.1 - diff --git a/0033-NOTFORUPSREAM-x86-sgx-Temporary-user-space-policy-st.patch b/0033-NOTFORUPSREAM-x86-sgx-Temporary-user-space-policy-st.patch deleted file mode 100644 index 82875bf5c4b2..000000000000 --- a/0033-NOTFORUPSREAM-x86-sgx-Temporary-user-space-policy-st.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 27708d9c7f97fd0f8d6478c2e47e12b931a5a0ad Mon Sep 17 00:00:00 2001 -From: Reinette Chatre <reinette.chatre@intel.com> -Date: Fri, 3 Dec 2021 14:44:00 -0800 -Subject: [PATCH 33/33] NOTFORUPSREAM: x86/sgx: Temporary user space policy - stopgap - -Enclave pages are added to an initialized enclave with default RW -permissions and not allowed to exceed these permissions during their -lifetime. - -There are some use cases that require dynamically added pages to obtain -executable permissions and that is not possible with the current -implementation. - -Supporting dynamically added pages to obtain executable permission require -integration with user space policy that does not yet exist. - -As a temporary stopgap, allow dynamically allowed pages to obtain -executable permissions in support of these use cases. - -This is not the solution that will be targeted for upstream inclusion. ---- - arch/x86/kernel/cpu/sgx/encl.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c -index c20100245411..a0255d41e075 100644 ---- a/arch/x86/kernel/cpu/sgx/encl.c -+++ b/arch/x86/kernel/cpu/sgx/encl.c -@@ -167,7 +167,15 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, - */ - prot = PROT_READ | PROT_WRITE; - encl_page->vm_run_prot_bits = calc_vm_prot_bits(prot, 0); -- encl_page->vm_max_prot_bits = encl_page->vm_run_prot_bits; -+ -+ /* -+ * FIXME: Workaround to support RWX of dynamically added -+ * pages. This is a temporary workaround provided for those needing -+ * these capabilities until palatable user space policy -+ * integration can be agreed upon. -+ */ -+ prot = PROT_READ | PROT_WRITE | PROT_EXEC; -+ encl_page->vm_max_prot_bits = calc_vm_prot_bits(prot, 0); - - epc_page = sgx_alloc_epc_page(encl_page, true); - if (IS_ERR(epc_page)) { --- -2.35.1 - diff --git a/0033-x86-sgx-Enable-PROT_EXEC-for-EAUG-d-pages.patch b/0033-x86-sgx-Enable-PROT_EXEC-for-EAUG-d-pages.patch new file mode 100644 index 000000000000..9285bc9a6c44 --- /dev/null +++ b/0033-x86-sgx-Enable-PROT_EXEC-for-EAUG-d-pages.patch @@ -0,0 +1,46 @@ +From 48d8abe084ef10a653a831437f6fb5117051acec Mon Sep 17 00:00:00 2001 +From: Jarkko Sakkinen <jarkko@kernel.org> +Date: Mon, 7 Mar 2022 17:28:42 +0200 +Subject: [PATCH 33/34] x86/sgx: Enable PROT_EXEC for EAUG'd pages + +vm_max_permissions was created to control the pre-initialization content +that contributes to MRSIGNATURE. It was never meant to be as a limit to +dynamically added pages. + +E.g. static content could be used as a hook for LSM's to decide whether +certain signature is qualified for EINIT. Dynamic content has nothing to +do with that. The current mechanisms only add to the complexity on how +to control PTE and EPCM permissions, and do not add anything else than +obfuscity to security side of things. + +Thus add PROT_EXEC to the permissions assigned by the #PF handler. + +Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> +--- + arch/x86/kernel/cpu/sgx/encl.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c +index 5fe7189eac9d..cbafad786ff5 100644 +--- a/arch/x86/kernel/cpu/sgx/encl.c ++++ b/arch/x86/kernel/cpu/sgx/encl.c +@@ -201,12 +201,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, + encl_page->encl = encl; + + /* +- * Adding a regular page that is architecturally allowed to only +- * be created with RW permissions. +- * TBD: Interface with user space policy to support max permissions +- * of RWX. ++ * Dynamic pages do not contribute to MRSIGNATURE, i.e. they are ++ * controlled only by PTE and EPCM permissions. Thus, the no limit ++ * is set here. + */ +- prot = PROT_READ | PROT_WRITE; ++ prot = PROT_READ | PROT_WRITE | PROT_EXEC; + encl_page->vm_run_prot_bits = calc_vm_prot_bits(prot, 0); + encl_page->vm_max_prot_bits = encl_page->vm_run_prot_bits; + +-- +2.35.1 + diff --git a/0034-Revert-x86-sgx-x86-sgx-Add-sgx_encl_page-vm_run_prot.patch b/0034-Revert-x86-sgx-x86-sgx-Add-sgx_encl_page-vm_run_prot.patch new file mode 100644 index 000000000000..3c26d615cc6a --- /dev/null +++ b/0034-Revert-x86-sgx-x86-sgx-Add-sgx_encl_page-vm_run_prot.patch @@ -0,0 +1,206 @@ +From e144c0fc07a2a84a60ff35c25eaf39bc465dc7a2 Mon Sep 17 00:00:00 2001 +From: Jarkko Sakkinen <jarkko@kernel.org> +Date: Fri, 11 Mar 2022 15:59:23 +0200 +Subject: [PATCH 34/34] Revert "x86/sgx: x86/sgx: Add + sgx_encl_page->vm_run_prot_bits for dynamic permission changes" + +This reverts commit 730033a082775ac59f28c35c18aa39132fd4cfe9. +--- + Documentation/x86/sgx.rst | 10 ---------- + arch/x86/kernel/cpu/sgx/encl.c | 9 ++++----- + arch/x86/kernel/cpu/sgx/encl.h | 3 +-- + arch/x86/kernel/cpu/sgx/ioctl.c | 33 ++++----------------------------- + 4 files changed, 9 insertions(+), 46 deletions(-) + +diff --git a/Documentation/x86/sgx.rst b/Documentation/x86/sgx.rst +index 4059efbb4d2e..6c66ce0ec69c 100644 +--- a/Documentation/x86/sgx.rst ++++ b/Documentation/x86/sgx.rst +@@ -99,16 +99,6 @@ The relationships between the different permission masks are: + * PTEs are installed to match the EPCM permissions, but not be more + relaxed than the VMA permissions. + +-During runtime the EPCM permissions of enclave pages belonging to an +-initialized enclave can change on systems supporting SGX2. In support +-of these runtime changes the kernel maintains (for each enclave page) +-the most permissive EPCM permission mask allowed by policy as +-the ``vm_max_prot_bits`` of that page. EPCM permissions are not allowed +-to be relaxed beyond ``vm_max_prot_bits``. The kernel also maintains +-the currently active EPCM permissions of an enclave page as its +-``vm_run_prot_bits`` to ensure PTEs and new VMAs respect the active +-EPCM permission values. +- + On systems supporting SGX2 EPCM permissions may change while the + enclave page belongs to a VMA without impacting the VMA permissions. + This means that a running VMA may appear to allow access to an enclave +diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c +index cbafad786ff5..fbb19ebe065c 100644 +--- a/arch/x86/kernel/cpu/sgx/encl.c ++++ b/arch/x86/kernel/cpu/sgx/encl.c +@@ -206,8 +206,7 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, + * is set here. + */ + prot = PROT_READ | PROT_WRITE | PROT_EXEC; +- encl_page->vm_run_prot_bits = calc_vm_prot_bits(prot, 0); +- encl_page->vm_max_prot_bits = encl_page->vm_run_prot_bits; ++ encl_page->vm_max_prot_bits = calc_vm_prot_bits(prot, 0); + + epc_page = sgx_alloc_epc_page(encl_page, true); + if (IS_ERR(epc_page)) { +@@ -337,7 +336,7 @@ static vm_fault_t sgx_vma_fault(struct vm_fault *vmf) + * exceed the VMA permissions. + */ + vm_prot_bits = vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC); +- page_prot_bits = entry->vm_run_prot_bits & vm_prot_bits; ++ page_prot_bits = entry->vm_max_prot_bits & vm_prot_bits; + /* + * Add VM_SHARED so that PTE is made writable right away if VMA + * and EPCM are writable (no COW in SGX). +@@ -390,7 +389,7 @@ static vm_fault_t sgx_vma_pfn_mkwrite(struct vm_fault *vmf) + goto out; + } + +- if (!(entry->vm_run_prot_bits & VM_WRITE)) ++ if (!(entry->vm_max_prot_bits & VM_WRITE)) + ret = VM_FAULT_SIGBUS; + + out: +@@ -458,7 +457,7 @@ int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start, + mutex_lock(&encl->lock); + xas_lock(&xas); + xas_for_each(&xas, page, PFN_DOWN(end - 1)) { +- if (~page->vm_run_prot_bits & vm_prot_bits) { ++ if (~page->vm_max_prot_bits & vm_prot_bits) { + ret = -EACCES; + break; + } +diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h +index 1b6ce1da7c92..47d4750b581f 100644 +--- a/arch/x86/kernel/cpu/sgx/encl.h ++++ b/arch/x86/kernel/cpu/sgx/encl.h +@@ -27,8 +27,7 @@ + + struct sgx_encl_page { + unsigned long desc; +- unsigned long vm_max_prot_bits:8; +- unsigned long vm_run_prot_bits:8; ++ unsigned long vm_max_prot_bits:16; + enum sgx_page_type type:16; + struct sgx_epc_page *epc_page; + struct sgx_encl *encl; +diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c +index d8c3c07badb3..9ce13a962483 100644 +--- a/arch/x86/kernel/cpu/sgx/ioctl.c ++++ b/arch/x86/kernel/cpu/sgx/ioctl.c +@@ -198,12 +198,6 @@ static struct sgx_encl_page *sgx_encl_page_alloc(struct sgx_encl *encl, + /* Calculate maximum of the VM flags for the page. */ + encl_page->vm_max_prot_bits = calc_vm_prot_bits(prot, 0); + +- /* +- * At time of allocation, the runtime protection bits are the same +- * as the maximum protection bits. +- */ +- encl_page->vm_run_prot_bits = encl_page->vm_max_prot_bits; +- + return encl_page; + } + +@@ -764,12 +758,6 @@ static long sgx_enclave_relax_perm(struct sgx_encl *encl, + goto out_unlock; + } + +- /* +- * Change runtime protection before zapping PTEs to ensure +- * any new #PF uses new permissions. +- */ +- entry->vm_run_prot_bits = vm_prot; +- + mutex_unlock(&encl->lock); + /* + * Do not keep encl->lock because of dependency on +@@ -946,9 +934,9 @@ static long sgx_enclave_restrict_perm(struct sgx_encl *encl, + struct sgx_enclave_restrict_perm *modp, + u64 secinfo_perm) + { +- unsigned long vm_prot, run_prot_restore; + struct sgx_encl_page *entry; + struct sgx_secinfo secinfo; ++ unsigned long vm_prot; + unsigned long addr; + unsigned long c; + void *epc_virt; +@@ -1002,14 +990,6 @@ static long sgx_enclave_restrict_perm(struct sgx_encl *encl, + goto out_unlock; + } + +- /* +- * Change runtime protection before zapping PTEs to ensure +- * any new #PF uses new permissions. EPCM permissions (if +- * needed) not changed yet. +- */ +- run_prot_restore = entry->vm_run_prot_bits; +- entry->vm_run_prot_bits = vm_prot; +- + mutex_unlock(&encl->lock); + /* + * Do not keep encl->lock because of dependency on +@@ -1033,12 +1013,12 @@ static long sgx_enclave_restrict_perm(struct sgx_encl *encl, + pr_err_once("EMODPR encountered exception %d\n", + ENCLS_TRAPNR(ret)); + ret = -EFAULT; +- goto out_prot_restore; ++ goto out_reclaim; + } + if (encls_failed(ret)) { + modp->result = ret; + ret = -EFAULT; +- goto out_prot_restore; ++ goto out_reclaim; + } + + ret = sgx_enclave_etrack(encl); +@@ -1054,8 +1034,6 @@ static long sgx_enclave_restrict_perm(struct sgx_encl *encl, + ret = 0; + goto out; + +-out_prot_restore: +- entry->vm_run_prot_bits = run_prot_restore; + out_reclaim: + sgx_mark_page_reclaimable(entry->epc_page); + out_unlock: +@@ -1136,7 +1114,7 @@ static long sgx_enclave_modt(struct sgx_encl *encl, + struct sgx_enclave_modt *modt, + enum sgx_page_type page_type) + { +- unsigned long max_prot_restore, run_prot_restore; ++ unsigned long max_prot_restore; + struct sgx_encl_page *entry; + struct sgx_secinfo secinfo; + unsigned long prot; +@@ -1182,7 +1160,6 @@ static long sgx_enclave_modt(struct sgx_encl *encl, + } + + max_prot_restore = entry->vm_max_prot_bits; +- run_prot_restore = entry->vm_run_prot_bits; + + /* + * Once a regular page becomes a TCS page it cannot be +@@ -1200,7 +1177,6 @@ static long sgx_enclave_modt(struct sgx_encl *encl, + } + prot = PROT_READ | PROT_WRITE; + entry->vm_max_prot_bits = calc_vm_prot_bits(prot, 0); +- entry->vm_run_prot_bits = entry->vm_max_prot_bits; + + /* + * Prevent page from being reclaimed while mutex +@@ -1262,7 +1238,6 @@ static long sgx_enclave_modt(struct sgx_encl *encl, + + out_entry_changed: + entry->vm_max_prot_bits = max_prot_restore; +- entry->vm_run_prot_bits = run_prot_restore; + out_unlock: + mutex_unlock(&encl->lock); + out: +-- +2.35.1 + diff --git a/0035-x86-sgx-Free-backing-memory-after-faulting-the-encla.patch b/0035-x86-sgx-Free-backing-memory-after-faulting-the-encla.patch new file mode 100644 index 000000000000..f04a288aa7aa --- /dev/null +++ b/0035-x86-sgx-Free-backing-memory-after-faulting-the-encla.patch @@ -0,0 +1,170 @@ +From 4ab8c58f8e9d96e300dff48552f62caedbdac582 Mon Sep 17 00:00:00 2001 +From: Jarkko Sakkinen <jarkko@kernel.org> +Date: Sat, 8 Jan 2022 16:05:10 +0200 +Subject: [PATCH] x86/sgx: Free backing memory after faulting the enclave page + +There is a limited amount of SGX memory (EPC) on each system. When that +memory is used up, SGX has its own swapping mechanism which is similar +in concept but totally separate from the core mm/* code. Instead of +swapping to disk, SGX swaps from EPC to normal RAM. That normal RAM +comes from a shared memory pseudo-file and can itself be swapped by the +core mm code. There is a hierarchy like this: + + EPC <-> shmem <-> disk + +After data is swapped back in from shmem to EPC, the shmem backing +storage needs to be freed. Currently, the backing shmem is not freed. +This effectively wastes the shmem while the enclave is running. The +memory is recovered when the enclave is destroyed and the backing +storage freed. + +Sort this out by freeing memory with shmem_truncate_range(), as soon as +a page is faulted back to the EPC. In addition, free the memory for +PCMD pages as soon as all PCMD's in a page have been marked as unused +by zeroing its contents. + +Reported-by: Dave Hansen <dave.hansen@linux.intel.com> +Cc: stable@vger.kernel.org +Fixes: 1728ab54b4be ("x86/sgx: Add a page reclaimer") +Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> + +v5: +* Encapsulated file offset calculation for PCMD struct. +* Replaced "magic number" PAGE_SIZE with sizeof(struct sgx_secs) to make + the offset calculation more self-documentative. +v4: +* Sanitized the offset calculations. +v3: +* Resend. +v2: +* Rewrite commit message as proposed by Dave. +* Truncate PCMD pages (Dave). +--- + arch/x86/kernel/cpu/sgx/encl.c | 57 ++++++++++++++++++++++++++++------ + 1 file changed, 48 insertions(+), 9 deletions(-) + +diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c +index 8be6f0592bdc..3d2ed8d27747 100644 +--- a/arch/x86/kernel/cpu/sgx/encl.c ++++ b/arch/x86/kernel/cpu/sgx/encl.c +@@ -12,6 +12,30 @@ + #include "encls.h" + #include "sgx.h" + ++/* ++ * Calculate byte offset of a PCMD struct associated with an enclave page. PCMD's ++ * follow right after the EPC data in the backing storage. In addition to the ++ * visible enclave pages, there's one extra page slot for SECS, before PCMD ++ * structs. ++ */ ++static inline pgoff_t sgx_encl_get_backing_page_pcmd_offset(struct sgx_encl *encl, ++ unsigned long page_index) ++{ ++ pgoff_t epc_end_off = encl->size + sizeof(struct sgx_secs); ++ ++ return epc_end_off + page_index * sizeof(struct sgx_pcmd); ++} ++ ++/* ++ * Free a page from the backing storage in the given page index. ++ */ ++static inline void sgx_encl_truncate_backing_page(struct sgx_encl *encl, unsigned long page_index) ++{ ++ struct inode *inode = file_inode(encl->backing); ++ ++ shmem_truncate_range(inode, PFN_PHYS(page_index), PFN_PHYS(page_index) + PAGE_SIZE - 1); ++} ++ + /* + * ELDU: Load an EPC page as unblocked. For more info, see "OS Management of EPC + * Pages" in the SDM. +@@ -22,9 +46,11 @@ static int __sgx_encl_eldu(struct sgx_encl_page *encl_page, + { + unsigned long va_offset = encl_page->desc & SGX_ENCL_PAGE_VA_OFFSET_MASK; + struct sgx_encl *encl = encl_page->encl; ++ pgoff_t page_index, page_pcmd_off; + struct sgx_pageinfo pginfo; + struct sgx_backing b; +- pgoff_t page_index; ++ bool pcmd_page_empty; ++ u8 *pcmd_page; + int ret; + + if (secs_page) +@@ -32,14 +58,16 @@ static int __sgx_encl_eldu(struct sgx_encl_page *encl_page, + else + page_index = PFN_DOWN(encl->size); + ++ page_pcmd_off = sgx_encl_get_backing_page_pcmd_offset(encl, page_index); ++ + ret = sgx_encl_lookup_backing(encl, page_index, &b); + if (ret) + return ret; + + pginfo.addr = encl_page->desc & PAGE_MASK; + pginfo.contents = (unsigned long)kmap_atomic(b.contents); +- pginfo.metadata = (unsigned long)kmap_atomic(b.pcmd) + +- b.pcmd_offset; ++ pcmd_page = kmap_atomic(b.pcmd); ++ pginfo.metadata = (unsigned long)pcmd_page + b.pcmd_offset; + + if (secs_page) + pginfo.secs = (u64)sgx_get_epc_virt_addr(secs_page); +@@ -55,11 +83,24 @@ static int __sgx_encl_eldu(struct sgx_encl_page *encl_page, + ret = -EFAULT; + } + +- kunmap_atomic((void *)(unsigned long)(pginfo.metadata - b.pcmd_offset)); ++ memset(pcmd_page + b.pcmd_offset, 0, sizeof(struct sgx_pcmd)); ++ ++ /* ++ * The area for the PCMD in the page was zeroed above. Check if the ++ * whole page is now empty meaning that all PCMD's have been zeroed: ++ */ ++ pcmd_page_empty = !memchr_inv(pcmd_page, 0, PAGE_SIZE); ++ ++ kunmap_atomic(pcmd_page); + kunmap_atomic((void *)(unsigned long)pginfo.contents); + + sgx_encl_put_backing(&b, false); + ++ sgx_encl_truncate_backing_page(encl, page_index); ++ ++ if (pcmd_page_empty) ++ sgx_encl_truncate_backing_page(encl, PFN_DOWN(page_pcmd_off)); ++ + return ret; + } + +@@ -583,7 +624,7 @@ static struct page *sgx_encl_get_backing_page(struct sgx_encl *encl, + static int sgx_encl_get_backing(struct sgx_encl *encl, unsigned long page_index, + struct sgx_backing *backing) + { +- pgoff_t pcmd_index = PFN_DOWN(encl->size) + 1 + (page_index >> 5); ++ pgoff_t page_pcmd_off = sgx_encl_get_backing_page_pcmd_offset(encl, page_index); + struct page *contents; + struct page *pcmd; + +@@ -591,7 +632,7 @@ static int sgx_encl_get_backing(struct sgx_encl *encl, unsigned long page_index, + if (IS_ERR(contents)) + return PTR_ERR(contents); + +- pcmd = sgx_encl_get_backing_page(encl, pcmd_index); ++ pcmd = sgx_encl_get_backing_page(encl, PFN_DOWN(page_pcmd_off)); + if (IS_ERR(pcmd)) { + put_page(contents); + return PTR_ERR(pcmd); +@@ -600,9 +641,7 @@ static int sgx_encl_get_backing(struct sgx_encl *encl, unsigned long page_index, + backing->page_index = page_index; + backing->contents = contents; + backing->pcmd = pcmd; +- backing->pcmd_offset = +- (page_index & (PAGE_SIZE / sizeof(struct sgx_pcmd) - 1)) * +- sizeof(struct sgx_pcmd); ++ backing->pcmd_offset = page_pcmd_off & (PAGE_SIZE - 1); + + return 0; + } +-- +2.35.1 + @@ -34,23 +34,14 @@ source=( 0014-x86-sgx-Keep-record-of-SGX-page-type.patch 0015-x86-sgx-Support-relaxing-of-enclave-page-permissions.patch 0016-x86-sgx-Support-restricting-of-enclave-page-permissi.patch - 0017-selftests-sgx-Add-test-for-EPCM-permission-changes.patch - 0018-selftests-sgx-Add-test-for-TCS-page-permission-chang.patch 0019-x86-sgx-Support-adding-of-pages-to-an-initialized-en.patch 0020-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch - 0021-selftests-sgx-Test-two-different-SGX2-EAUG-flows.patch 0022-x86-sgx-Support-modifying-SGX-page-type.patch 0023-x86-sgx-Support-complete-page-removal.patch 0024-Documentation-x86-Introduce-enclave-runtime-manageme.patch - 0025-selftests-sgx-Introduce-dynamic-entry-point.patch - 0026-selftests-sgx-Introduce-TCS-initialization-enclave-o.patch - 0027-selftests-sgx-Test-complete-changing-of-page-type-fl.patch - 0028-selftests-sgx-Test-faulty-enclave-behavior.patch - 0029-selftests-sgx-Test-invalid-access-to-removed-enclave.patch - 0030-selftests-sgx-Test-reclaiming-of-untouched-page.patch 0031-x86-sgx-Free-up-EPC-pages-directly-to-support-large-.patch - 0032-selftests-sgx-Page-removal-stress-test.patch - 0033-NOTFORUPSREAM-x86-sgx-Temporary-user-space-policy-st.patch + 0033-x86-sgx-Enable-PROT_EXEC-for-EAUG-d-pages.patch + 0034-Revert-x86-sgx-x86-sgx-Add-sgx_encl_page-vm_run_prot.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds |