summarylogtreecommitdiffstats
path: root/0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch
diff options
context:
space:
mode:
Diffstat (limited to '0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch')
-rw-r--r--0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch49
1 files changed, 49 insertions, 0 deletions
diff --git a/0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch b/0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch
new file mode 100644
index 000000000000..3c1cd27bf41d
--- /dev/null
+++ b/0003-x86-sgx-Add-wrapper-for-SGX2-EMODT-function.patch
@@ -0,0 +1,49 @@
+From df48fa17c819d200e92b6862d39dc15f32c58e4e Mon Sep 17 00:00:00 2001
+From: Reinette Chatre <reinette.chatre@intel.com>
+Date: Mon, 7 Feb 2022 16:45:25 -0800
+Subject: [PATCH 03/34] x86/sgx: Add wrapper for SGX2 EMODT function
+
+Add a wrapper for the EMODT ENCLS leaf function used to
+change the type of an enclave page as maintained in the
+SGX hardware's Enclave Page Cache Map (EPCM).
+
+EMODT:
+1) Updates the EPCM page type of the enclave page.
+2) Sets the MODIFIED bit in the EPCM entry of the enclave page.
+ This bit is reset by the enclave by invoking ENCLU leaf
+ function EACCEPT or EACCEPTCOPY.
+
+Access from within the enclave to the enclave page is not possible
+while the MODIFIED bit is set.
+
+After changing the enclave page type by issuing EMODT the kernel
+needs to collaborate with the hardware to ensure that no logical
+processor continues to hold a reference to the changed page. This
+is required to ensure no required security checks are circumvented
+and is required for the enclave's EACCEPT/EACCEPTCOPY to succeed.
+Ensuring that no references to the changed page remain is
+accomplished with the ETRACK flow.
+
+Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
+---
+ arch/x86/kernel/cpu/sgx/encls.h | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/arch/x86/kernel/cpu/sgx/encls.h b/arch/x86/kernel/cpu/sgx/encls.h
+index 2b091912f038..7a1ecf704ec1 100644
+--- a/arch/x86/kernel/cpu/sgx/encls.h
++++ b/arch/x86/kernel/cpu/sgx/encls.h
+@@ -221,4 +221,10 @@ static inline int __emodpr(struct sgx_secinfo *secinfo, void *addr)
+ return __encls_ret_2(EMODPR, secinfo, addr);
+ }
+
++/* Change the type of an EPC page. */
++static inline int __emodt(struct sgx_secinfo *secinfo, void *addr)
++{
++ return __encls_ret_2(EMODT, secinfo, addr);
++}
++
+ #endif /* _X86_ENCLS_H */
+--
+2.35.1
+