Message ID | 9978af37f51fa45c8878a3c05ceaf44f35806bb8.1649878359.git.reinette.chatre@intel.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | x86/sgx and selftests/sgx: Support SGX2 | expand |
On Wed, 2022-04-13 at 14:10 -0700, Reinette Chatre wrote: > SGX2 functions are not allowed on all page types. For example, > ENCLS[EMODPR] is only allowed on regular SGX enclave pages and > ENCLS[EMODPT] is only allowed on TCS and regular pages. If these > functions are attempted on another type of page the hardware would > trigger a fault. > > Keep a record of the SGX page type so that there is more > certainty whether an SGX2 instruction can succeed and faults > can be treated as real failures. > > The page type is a property of struct sgx_encl_page > and thus does not cover the VA page type. VA pages are maintained > in separate structures and their type can be determined in > a different way. The SGX2 instructions needing the page type do not > operate on VA pages and this is thus not a scenario needing to > be covered at this time. > > struct sgx_encl_page hosting this information is maintained for each > enclave page so the space consumed by the struct is important. > The existing sgx_encl_page->vm_max_prot_bits is already unsigned long > while only using three bits. Transition to a bitfield for the two > members to support the additional information without increasing > the space consumed by the struct. > > Acked-by: Jarkko Sakkinen <jarkko@kernel.org> > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> > Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Nit: reviewed-by overrides acked-by so you can remove acked-by and keep reviewed-by. > --- > Changes since V3: > - Add Jarkko's Reviewed-by tag. > > Changes since V2: > - Update changelog to motivate transition to bitfield that > was previously done when (now removed) vm_run_prot_bits was > added. > > Changes since V1: > - Add Acked-by from Jarkko. > > arch/x86/include/asm/sgx.h | 3 +++ > arch/x86/kernel/cpu/sgx/encl.h | 3 ++- > arch/x86/kernel/cpu/sgx/ioctl.c | 2 ++ > 3 files changed, 7 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h > index d67810b50a81..eae20fa52b93 100644 > --- a/arch/x86/include/asm/sgx.h > +++ b/arch/x86/include/asm/sgx.h > @@ -239,6 +239,9 @@ struct sgx_pageinfo { > * %SGX_PAGE_TYPE_REG: a regular page > * %SGX_PAGE_TYPE_VA: a VA page > * %SGX_PAGE_TYPE_TRIM: a page in trimmed state > + * > + * Make sure when making changes to this enum that its values can still fit > + * in the bitfield within &struct sgx_encl_page > */ > enum sgx_page_type { > SGX_PAGE_TYPE_SECS, > diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h > index 1b15d22f6757..07abfc70c8e3 100644 > --- a/arch/x86/kernel/cpu/sgx/encl.h > +++ b/arch/x86/kernel/cpu/sgx/encl.h > @@ -27,7 +27,8 @@ > > struct sgx_encl_page { > unsigned long desc; > - unsigned long vm_max_prot_bits; > + unsigned long vm_max_prot_bits:8; > + enum sgx_page_type type:16; > struct sgx_epc_page *epc_page; > struct sgx_encl *encl; > struct sgx_va_page *va_page; > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c > index a66795e0b685..21078c6643f7 100644 > --- a/arch/x86/kernel/cpu/sgx/ioctl.c > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c > @@ -107,6 +107,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) > set_bit(SGX_ENCL_DEBUG, &encl->flags); > > encl->secs.encl = encl; > + encl->secs.type = SGX_PAGE_TYPE_SECS; > encl->base = secs->base; > encl->size = secs->size; > encl->attributes = secs->attributes; > @@ -344,6 +345,7 @@ static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long src, > */ > encl_page->encl = encl; > encl_page->epc_page = epc_page; > + encl_page->type = (secinfo->flags & SGX_SECINFO_PAGE_TYPE_MASK) >> 8; > encl->secs_child_cnt++; > > if (flags & SGX_PAGE_MEASURE) { BR, Jarkko
Hi Jarkko, On 4/14/2022 4:12 AM, Jarkko Sakkinen wrote: > On Wed, 2022-04-13 at 14:10 -0700, Reinette Chatre wrote: >> SGX2 functions are not allowed on all page types. For example, >> ENCLS[EMODPR] is only allowed on regular SGX enclave pages and >> ENCLS[EMODPT] is only allowed on TCS and regular pages. If these >> functions are attempted on another type of page the hardware would >> trigger a fault. >> >> Keep a record of the SGX page type so that there is more >> certainty whether an SGX2 instruction can succeed and faults >> can be treated as real failures. >> >> The page type is a property of struct sgx_encl_page >> and thus does not cover the VA page type. VA pages are maintained >> in separate structures and their type can be determined in >> a different way. The SGX2 instructions needing the page type do not >> operate on VA pages and this is thus not a scenario needing to >> be covered at this time. >> >> struct sgx_encl_page hosting this information is maintained for each >> enclave page so the space consumed by the struct is important. >> The existing sgx_encl_page->vm_max_prot_bits is already unsigned long >> while only using three bits. Transition to a bitfield for the two >> members to support the additional information without increasing >> the space consumed by the struct. >> >> Acked-by: Jarkko Sakkinen <jarkko@kernel.org> >> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> >> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> > > Nit: reviewed-by overrides acked-by so you can remove acked-by and > keep reviewed-by. Understood. I'll do so in the next version. Reinette
diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h index d67810b50a81..eae20fa52b93 100644 --- a/arch/x86/include/asm/sgx.h +++ b/arch/x86/include/asm/sgx.h @@ -239,6 +239,9 @@ struct sgx_pageinfo { * %SGX_PAGE_TYPE_REG: a regular page * %SGX_PAGE_TYPE_VA: a VA page * %SGX_PAGE_TYPE_TRIM: a page in trimmed state + * + * Make sure when making changes to this enum that its values can still fit + * in the bitfield within &struct sgx_encl_page */ enum sgx_page_type { SGX_PAGE_TYPE_SECS, diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h index 1b15d22f6757..07abfc70c8e3 100644 --- a/arch/x86/kernel/cpu/sgx/encl.h +++ b/arch/x86/kernel/cpu/sgx/encl.h @@ -27,7 +27,8 @@ struct sgx_encl_page { unsigned long desc; - unsigned long vm_max_prot_bits; + unsigned long vm_max_prot_bits:8; + enum sgx_page_type type:16; struct sgx_epc_page *epc_page; struct sgx_encl *encl; struct sgx_va_page *va_page; diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index a66795e0b685..21078c6643f7 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -107,6 +107,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) set_bit(SGX_ENCL_DEBUG, &encl->flags); encl->secs.encl = encl; + encl->secs.type = SGX_PAGE_TYPE_SECS; encl->base = secs->base; encl->size = secs->size; encl->attributes = secs->attributes; @@ -344,6 +345,7 @@ static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long src, */ encl_page->encl = encl; encl_page->epc_page = epc_page; + encl_page->type = (secinfo->flags & SGX_SECINFO_PAGE_TYPE_MASK) >> 8; encl->secs_child_cnt++; if (flags & SGX_PAGE_MEASURE) {