[V4,11/31] x86/sgx: Keep record of SGX page type

Message ID	9978af37f51fa45c8878a3c05ceaf44f35806bb8.1649878359.git.reinette.chatre@intel.com (mailing list archive)
State	Accepted
Commit	8cb7b502f31e6cc4c6ebe2c5eeaa90dcab418cf1
Headers	show Return-Path: <linux-kselftest-owner@kernel.org> From: Reinette Chatre <reinette.chatre@intel.com> To: dave.hansen@linux.intel.com, jarkko@kernel.org, tglx@linutronix.de, bp@alien8.de, luto@kernel.org, mingo@redhat.com, linux-sgx@vger.kernel.org, x86@kernel.org, shuah@kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, kai.huang@intel.com, cathy.zhang@intel.com, cedric.xing@intel.com, haitao.huang@intel.com, mark.shanahan@intel.com, vijay.dhanraj@intel.com, hpa@zytor.com, linux-kernel@vger.kernel.org Subject: [PATCH V4 11/31] x86/sgx: Keep record of SGX page type Date: Wed, 13 Apr 2022 14:10:11 -0700 Message-Id: <9978af37f51fa45c8878a3c05ceaf44f35806bb8.1649878359.git.reinette.chatre@intel.com> In-Reply-To: <cover.1649878359.git.reinette.chatre@intel.com> References: <cover.1649878359.git.reinette.chatre@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	x86/sgx and selftests/sgx: Support SGX2 \| expand [V4,00/31] x86/sgx and selftests/sgx: Support SGX2 [V4,01/31] x86/sgx: Add short descriptions to ENCLS wrappers [V4,02/31] x86/sgx: Add wrapper for SGX2 EMODPR function [V4,03/31] x86/sgx: Add wrapper for SGX2 EMODT function [V4,04/31] x86/sgx: Add wrapper for SGX2 EAUG function [V4,05/31] x86/sgx: Support loading enclave page without VMA permissions check [V4,06/31] x86/sgx: Export sgx_encl_ewb_cpumask() [V4,07/31] x86/sgx: Rename sgx_encl_ewb_cpumask() as sgx_encl_cpumask() [V4,08/31] x86/sgx: Move PTE zap code to new sgx_zap_enclave_ptes() [V4,09/31] x86/sgx: Make sgx_ipi_cb() available internally [V4,10/31] x86/sgx: Create utility to validate user provided offset and length [V4,11/31] x86/sgx: Keep record of SGX page type [V4,12/31] x86/sgx: Export sgx_encl_{grow,shrink}() [V4,13/31] x86/sgx: Export sgx_encl_page_alloc() [V4,14/31] x86/sgx: Support VA page allocation without reclaiming [V4,15/31] x86/sgx: Support restricting of enclave page permissions [V4,16/31] x86/sgx: Support adding of pages to an initialized enclave [V4,17/31] x86/sgx: Tighten accessible memory range after enclave initialization [V4,18/31] x86/sgx: Support modifying SGX page type [V4,19/31] x86/sgx: Support complete page removal [V4,20/31] x86/sgx: Free up EPC pages directly to support large page ranges [V4,21/31] Documentation/x86: Introduce enclave runtime management section [V4,22/31] selftests/sgx: Add test for EPCM permission changes [V4,23/31] selftests/sgx: Add test for TCS page permission changes [V4,24/31] selftests/sgx: Test two different SGX2 EAUG flows [V4,25/31] selftests/sgx: Introduce dynamic entry point [V4,26/31] selftests/sgx: Introduce TCS initialization enclave operation [V4,27/31] selftests/sgx: Test complete changing of page type flow [V4,28/31] selftests/sgx: Test faulty enclave behavior [V4,29/31] selftests/sgx: Test invalid access to removed enclave page [V4,30/31] selftests/sgx: Test reclaiming of untouched page [V4,31/31] selftests/sgx: Page removal stress test

Message ID

9978af37f51fa45c8878a3c05ceaf44f35806bb8.1649878359.git.reinette.chatre@intel.com (mailing list archive)

State

Accepted

Commit

8cb7b502f31e6cc4c6ebe2c5eeaa90dcab418cf1

Headers

From: Reinette Chatre <reinette.chatre@intel.com>
To: dave.hansen@linux.intel.com, jarkko@kernel.org, tglx@linutronix.de,
        bp@alien8.de, luto@kernel.org, mingo@redhat.com,
        linux-sgx@vger.kernel.org, x86@kernel.org, shuah@kernel.org,
        linux-kselftest@vger.kernel.org
Cc: seanjc@google.com, kai.huang@intel.com, cathy.zhang@intel.com,
        cedric.xing@intel.com, haitao.huang@intel.com,
        mark.shanahan@intel.com, vijay.dhanraj@intel.com, hpa@zytor.com,
        linux-kernel@vger.kernel.org
Subject: [PATCH V4 11/31] x86/sgx: Keep record of SGX page type
Date: Wed, 13 Apr 2022 14:10:11 -0700
Message-Id: 
 <9978af37f51fa45c8878a3c05ceaf44f35806bb8.1649878359.git.reinette.chatre@intel.com>
In-Reply-To: <cover.1649878359.git.reinette.chatre@intel.com>
References: <cover.1649878359.git.reinette.chatre@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

x86/sgx and selftests/sgx: Support SGX2 | expand

Commit Message

Reinette Chatre April 13, 2022, 9:10 p.m. UTC

SGX2 functions are not allowed on all page types. For example,
ENCLS[EMODPR] is only allowed on regular SGX enclave pages and
ENCLS[EMODPT] is only allowed on TCS and regular pages. If these
functions are attempted on another type of page the hardware would
trigger a fault.

Keep a record of the SGX page type so that there is more
certainty whether an SGX2 instruction can succeed and faults
can be treated as real failures.

The page type is a property of struct sgx_encl_page
and thus does not cover the VA page type. VA pages are maintained
in separate structures and their type can be determined in
a different way. The SGX2 instructions needing the page type do not
operate on VA pages and this is thus not a scenario needing to
be covered at this time.

struct sgx_encl_page hosting this information is maintained for each
enclave page so the space consumed by the struct is important.
The existing sgx_encl_page->vm_max_prot_bits is already unsigned long
while only using three bits. Transition to a bitfield for the two
members to support the additional information without increasing
the space consumed by the struct.

Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
---
Changes since V3:
- Add Jarkko's Reviewed-by tag.

Changes since V2:
- Update changelog to motivate transition to bitfield that
  was previously done when (now removed) vm_run_prot_bits was
  added.

Changes since V1:
- Add Acked-by from Jarkko.

 arch/x86/include/asm/sgx.h      | 3 +++
 arch/x86/kernel/cpu/sgx/encl.h  | 3 ++-
 arch/x86/kernel/cpu/sgx/ioctl.c | 2 ++
 3 files changed, 7 insertions(+), 1 deletion(-)

Comments

Jarkko Sakkinen April 14, 2022, 11:12 a.m. UTC | #1

On Wed, 2022-04-13 at 14:10 -0700, Reinette Chatre wrote:
> SGX2 functions are not allowed on all page types. For example,
> ENCLS[EMODPR] is only allowed on regular SGX enclave pages and
> ENCLS[EMODPT] is only allowed on TCS and regular pages. If these
> functions are attempted on another type of page the hardware would
> trigger a fault.
> 
> Keep a record of the SGX page type so that there is more
> certainty whether an SGX2 instruction can succeed and faults
> can be treated as real failures.
> 
> The page type is a property of struct sgx_encl_page
> and thus does not cover the VA page type. VA pages are maintained
> in separate structures and their type can be determined in
> a different way. The SGX2 instructions needing the page type do not
> operate on VA pages and this is thus not a scenario needing to
> be covered at this time.
> 
> struct sgx_encl_page hosting this information is maintained for each
> enclave page so the space consumed by the struct is important.
> The existing sgx_encl_page->vm_max_prot_bits is already unsigned long
> while only using three bits. Transition to a bitfield for the two
> members to support the additional information without increasing
> the space consumed by the struct.
> 
> Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>

Nit: reviewed-by overrides acked-by so you can remove acked-by and
keep reviewed-by.

> ---
> Changes since V3:
> - Add Jarkko's Reviewed-by tag.
> 
> Changes since V2:
> - Update changelog to motivate transition to bitfield that
>   was previously done when (now removed) vm_run_prot_bits was
>   added.
> 
> Changes since V1:
> - Add Acked-by from Jarkko.
> 
>  arch/x86/include/asm/sgx.h      | 3 +++
>  arch/x86/kernel/cpu/sgx/encl.h  | 3 ++-
>  arch/x86/kernel/cpu/sgx/ioctl.c | 2 ++
>  3 files changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h
> index d67810b50a81..eae20fa52b93 100644
> --- a/arch/x86/include/asm/sgx.h
> +++ b/arch/x86/include/asm/sgx.h
> @@ -239,6 +239,9 @@ struct sgx_pageinfo {
>   * %SGX_PAGE_TYPE_REG: a regular page
>   * %SGX_PAGE_TYPE_VA:  a VA page
>   * %SGX_PAGE_TYPE_TRIM:        a page in trimmed state
> + *
> + * Make sure when making changes to this enum that its values can still fit
> + * in the bitfield within &struct sgx_encl_page
>   */
>  enum sgx_page_type {
>         SGX_PAGE_TYPE_SECS,
> diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h
> index 1b15d22f6757..07abfc70c8e3 100644
> --- a/arch/x86/kernel/cpu/sgx/encl.h
> +++ b/arch/x86/kernel/cpu/sgx/encl.h
> @@ -27,7 +27,8 @@
>  
>  struct sgx_encl_page {
>         unsigned long desc;
> -       unsigned long vm_max_prot_bits;
> +       unsigned long vm_max_prot_bits:8;
> +       enum sgx_page_type type:16;
>         struct sgx_epc_page *epc_page;
>         struct sgx_encl *encl;
>         struct sgx_va_page *va_page;
> diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
> index a66795e0b685..21078c6643f7 100644
> --- a/arch/x86/kernel/cpu/sgx/ioctl.c
> +++ b/arch/x86/kernel/cpu/sgx/ioctl.c
> @@ -107,6 +107,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
>                 set_bit(SGX_ENCL_DEBUG, &encl->flags);
>  
>         encl->secs.encl = encl;
> +       encl->secs.type = SGX_PAGE_TYPE_SECS;
>         encl->base = secs->base;
>         encl->size = secs->size;
>         encl->attributes = secs->attributes;
> @@ -344,6 +345,7 @@ static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long src,
>          */
>         encl_page->encl = encl;
>         encl_page->epc_page = epc_page;
> +       encl_page->type = (secinfo->flags & SGX_SECINFO_PAGE_TYPE_MASK) >> 8;
>         encl->secs_child_cnt++;
>  
>         if (flags & SGX_PAGE_MEASURE) {

BR, Jarkko

Reinette Chatre April 14, 2022, 4:27 p.m. UTC | #2

Hi Jarkko,

On 4/14/2022 4:12 AM, Jarkko Sakkinen wrote:
> On Wed, 2022-04-13 at 14:10 -0700, Reinette Chatre wrote:
>> SGX2 functions are not allowed on all page types. For example,
>> ENCLS[EMODPR] is only allowed on regular SGX enclave pages and
>> ENCLS[EMODPT] is only allowed on TCS and regular pages. If these
>> functions are attempted on another type of page the hardware would
>> trigger a fault.
>>
>> Keep a record of the SGX page type so that there is more
>> certainty whether an SGX2 instruction can succeed and faults
>> can be treated as real failures.
>>
>> The page type is a property of struct sgx_encl_page
>> and thus does not cover the VA page type. VA pages are maintained
>> in separate structures and their type can be determined in
>> a different way. The SGX2 instructions needing the page type do not
>> operate on VA pages and this is thus not a scenario needing to
>> be covered at this time.
>>
>> struct sgx_encl_page hosting this information is maintained for each
>> enclave page so the space consumed by the struct is important.
>> The existing sgx_encl_page->vm_max_prot_bits is already unsigned long
>> while only using three bits. Transition to a bitfield for the two
>> members to support the additional information without increasing
>> the space consumed by the struct.
>>
>> Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
>> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
>> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
> 
> Nit: reviewed-by overrides acked-by so you can remove acked-by and
> keep reviewed-by.

Understood. I'll do so in the next version.

Reinette

diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h
index d67810b50a81..eae20fa52b93 100644
--- a/arch/x86/include/asm/sgx.h
+++ b/arch/x86/include/asm/sgx.h
@@ -239,6 +239,9 @@  struct sgx_pageinfo {
  * %SGX_PAGE_TYPE_REG:	a regular page
  * %SGX_PAGE_TYPE_VA:	a VA page
  * %SGX_PAGE_TYPE_TRIM:	a page in trimmed state
+ *
+ * Make sure when making changes to this enum that its values can still fit
+ * in the bitfield within &struct sgx_encl_page
  */
 enum sgx_page_type {
 	SGX_PAGE_TYPE_SECS,
diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h
index 1b15d22f6757..07abfc70c8e3 100644
--- a/arch/x86/kernel/cpu/sgx/encl.h
+++ b/arch/x86/kernel/cpu/sgx/encl.h
@@ -27,7 +27,8 @@ 
 
 struct sgx_encl_page {
 	unsigned long desc;
-	unsigned long vm_max_prot_bits;
+	unsigned long vm_max_prot_bits:8;
+	enum sgx_page_type type:16;
 	struct sgx_epc_page *epc_page;
 	struct sgx_encl *encl;
 	struct sgx_va_page *va_page;
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index a66795e0b685..21078c6643f7 100644
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -107,6 +107,7 @@  static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
 		set_bit(SGX_ENCL_DEBUG, &encl->flags);
 
 	encl->secs.encl = encl;
+	encl->secs.type = SGX_PAGE_TYPE_SECS;
 	encl->base = secs->base;
 	encl->size = secs->size;
 	encl->attributes = secs->attributes;
@@ -344,6 +345,7 @@  static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long src,
 	 */
 	encl_page->encl = encl;
 	encl_page->epc_page = epc_page;
+	encl_page->type = (secinfo->flags & SGX_SECINFO_PAGE_TYPE_MASK) >> 8;
 	encl->secs_child_cnt++;
 
 	if (flags & SGX_PAGE_MEASURE) {

[V4,11/31] x86/sgx: Keep record of SGX page type

Commit Message

Comments

Patch