From patchwork Fri Mar 4 09:34:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 12768842 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50324C433F5 for ; Fri, 4 Mar 2022 09:38:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233804AbiCDJiu (ORCPT ); Fri, 4 Mar 2022 04:38:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239176AbiCDJhy (ORCPT ); Fri, 4 Mar 2022 04:37:54 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9216C1A8CA7; Fri, 4 Mar 2022 01:36:22 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 39749B827C2; Fri, 4 Mar 2022 09:36:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8E8B9C340F2; Fri, 4 Mar 2022 09:36:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1646386579; bh=YqYLCqwD1X+T8L25kJJyKxL+NMAHdYWK/JIwR/cXnBs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JbT6mvPetxwI+bSP+GZPmjh3Uzzs2CSOrzimmPw9QbUiBNKg+ZkH6yrgrr7ali3iI eRPqG5eYu/2eYotVCyFrSLAW+u2pSDyoeZm7ctMqYP9RpPT7xmxAInDtUnmWQiHEvG 52bG3hmR4flXpkgoc5QW3TvYD7JCDwbk5J6ucZ+D95HrSJUW8igkb5vwfbc5qr0oa9 +ieoXqqTrunJGLA8ITbGw2Ou97GpY+geAlyVVubyq5rPuqVZIN7HAw6o38JzVLkpy4 zLAU3St2g/UAdKe3lXRKKN+7c0alIf2Ge8CyWMKNLMDeaTFUrWeChtuSVVRYCdz3gX xHSoW2fBUzsNA== From: Jarkko Sakkinen To: linux-sgx@vger.kernel.org Cc: Nathaniel McCallum , Reinette Chatre , Jarkko Sakkinen , Dave Hansen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)), "H. Peter Anvin" , linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)) Subject: [RFC PATCH v2.1 03/30] x86/sgx: Add wrapper for SGX2 EMODT function Date: Fri, 4 Mar 2022 11:34:57 +0200 Message-Id: <20220304093524.397485-3-jarkko@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220304093524.397485-1-jarkko@kernel.org> References: <20220304093524.397485-1-jarkko@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org From: Reinette Chatre Add a wrapper for the EMODT ENCLS leaf function used to change the type of an enclave page as maintained in the SGX hardware's Enclave Page Cache Map (EPCM). EMODT: 1) Updates the EPCM page type of the enclave page. 2) Sets the MODIFIED bit in the EPCM entry of the enclave page. This bit is reset by the enclave by invoking ENCLU leaf function EACCEPT or EACCEPTCOPY. Access from within the enclave to the enclave page is not possible while the MODIFIED bit is set. After changing the enclave page type by issuing EMODT the kernel needs to collaborate with the hardware to ensure that no logical processor continues to hold a reference to the changed page. This is required to ensure no required security checks are circumvented and is required for the enclave's EACCEPT/EACCEPTCOPY to succeed. Ensuring that no references to the changed page remain is accomplished with the ETRACK flow. Signed-off-by: Reinette Chatre --- arch/x86/kernel/cpu/sgx/encls.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kernel/cpu/sgx/encls.h b/arch/x86/kernel/cpu/sgx/encls.h index 2b091912f038..7a1ecf704ec1 100644 --- a/arch/x86/kernel/cpu/sgx/encls.h +++ b/arch/x86/kernel/cpu/sgx/encls.h @@ -221,4 +221,10 @@ static inline int __emodpr(struct sgx_secinfo *secinfo, void *addr) return __encls_ret_2(EMODPR, secinfo, addr); } +/* Change the type of an EPC page. */ +static inline int __emodt(struct sgx_secinfo *secinfo, void *addr) +{ + return __encls_ret_2(EMODT, secinfo, addr); +} + #endif /* _X86_ENCLS_H */