Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1454742imm; Tue, 3 Jul 2018 11:25:12 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLq0mSClVCttB+uPkK3Mhl7ao2mPRETDQVyT8BnG7K/FMApFaopLaTGj8CaZ0Hn4PhzKQwj X-Received: by 2002:a63:416:: with SMTP id 22-v6mr26716430pge.229.1530642312932; Tue, 03 Jul 2018 11:25:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530642312; cv=none; d=google.com; s=arc-20160816; b=yaLJ4kyAxQ+vYgSkUsYyOOcbYnr3GeW6YL2Ijlfp4+5NkUS8zN6izlTi+KDjc6O4Kd 1xlhVyVRyxK7iP1YTfEaCk4duEsW2c2wNzJcoc/KpZJ9FruW/jcSNTU3Nhm8ZTMPtdlo y5qRWpv5cxAmohqx5mQvAbIO96jQfDrsW0BIYDG/atasd3PYA+l9pveaI6DWpEGro181 fjQYwvd26DzzQ4ghRtQgUhAw8cXRBhcQ/3I2mwbnKY/ltPXi+qNSeb2R9N8jDdXge+vW C7KdJRK9tSlbDQ/yeMd8Rdf5oeI/TwLbHSTbI9eFIkwxNoRnFzwFj4aSUp4Ai2z+lXq/ 1tXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=3fAv96P43Ih3zuLEcFR4Cv3BE99A//lK2oZ140GtC9o=; b=B3T76WYnnoC16V26RmWoagteIj/tvK9/g+C6DxCP8102nESxPxQjDOi6M9BkKU04rm lIEGnqnUofp0c67fK6AWwd2O49jqQzhcB9e2jWsI+6tHsqLeYFZJJDuQgMlufKMkl1O+ XqmU8BNaV+flPabumHJjQUp78FvN+G/v9g78r/QaLsVvtKOkkdGhQqy8EBA3in2UA7u+ 8fKqXpgCi786Dzpkm9qTjTGgIh9PFi7YYOQDwIGWsQZEWpvNOyb7R40QsBlx0ggiNkd4 9MgOmPWcVCytTXDlCm3bAK4ikXOlJyd7lTwPf1NtTcjSUteRTGNZM4IKw94mDVes+2m6 XptA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g33-v6si1633015plb.297.2018.07.03.11.24.58; Tue, 03 Jul 2018 11:25:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934649AbeGCSXN (ORCPT + 99 others); Tue, 3 Jul 2018 14:23:13 -0400 Received: from mga02.intel.com ([134.134.136.20]:31211 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934440AbeGCSXL (ORCPT ); Tue, 3 Jul 2018 14:23:11 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Jul 2018 11:23:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,304,1526367600"; d="scan'208";a="242708190" Received: from cdikicix-mobl.ger.corp.intel.com (HELO localhost) ([10.249.254.69]) by fmsmga006.fm.intel.com with ESMTP; 03 Jul 2018 11:23:05 -0700 From: Jarkko Sakkinen To: x86@kernel.org, platform-driver-x86@vger.kernel.org Cc: dave.hansen@intel.com, sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, linux-sgx@vger.kernel.org, Jarkko Sakkinen , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)) Subject: [PATCH v12 07/13] x86/sgx: data structures for tracking available EPC pages Date: Tue, 3 Jul 2018 21:19:52 +0300 Message-Id: <20180703182118.15024-8-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180703182118.15024-1-jarkko.sakkinen@linux.intel.com> References: <20180703182118.15024-1-jarkko.sakkinen@linux.intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org SGX has a set of data structures to maintain information about the enclaves and their security properties. BIOS reserves a fixed size region of physical memory for these structures by setting Processor Reserved Memory Range Registers (PRMRR). This memory area is called Enclave Page Cache (EPC). This commit adds a database of EPC banks for kernel to easily access the available EPC pages. On UMA architectures there is a singe bank of EPC pages. On NUMA architectures there is an EPC bank for each node. Signed-off-by: Jarkko Sakkinen Co-developed-by: Serge Ayoun Co-developed-by: Sean Christopherson --- arch/x86/include/asm/sgx.h | 30 +++++++ arch/x86/kernel/cpu/intel_sgx.c | 146 +++++++++++++++++++++++++++++++- 2 files changed, 175 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h index 2130e639ab49..77b2294fcfb0 100644 --- a/arch/x86/include/asm/sgx.h +++ b/arch/x86/include/asm/sgx.h @@ -4,9 +4,39 @@ #ifndef _ASM_X86_SGX_H #define _ASM_X86_SGX_H +#include +#include +#include +#include +#include #include +#define SGX_MAX_EPC_BANKS 8 + +#define SGX_EPC_BANK(epc_page) \ + (&sgx_epc_banks[(unsigned long)(epc_page->desc) & ~PAGE_MASK]) +#define SGX_EPC_PFN(epc_page) PFN_DOWN((unsigned long)(epc_page->desc)) +#define SGX_EPC_ADDR(epc_page) ((unsigned long)(epc_page->desc) & PAGE_MASK) + +struct sgx_epc_page { + unsigned long desc; + struct list_head list; +}; + +struct sgx_epc_bank { + unsigned long pa; + unsigned long va; + unsigned long size; + struct sgx_epc_page *pages_data; + struct sgx_epc_page **pages; + atomic_t free_cnt; + struct rw_semaphore lock; +}; + extern bool sgx_enabled; extern bool sgx_lc_enabled; +void *sgx_get_page(struct sgx_epc_page *ptr); +void sgx_put_page(void *epc_page_ptr); + #endif /* _ASM_X86_SGX_H */ diff --git a/arch/x86/kernel/cpu/intel_sgx.c b/arch/x86/kernel/cpu/intel_sgx.c index 77d94115c4cf..60cbc7cfb868 100644 --- a/arch/x86/kernel/cpu/intel_sgx.c +++ b/arch/x86/kernel/cpu/intel_sgx.c @@ -6,8 +6,10 @@ #include #include #include +#include #include #include +#include #include bool sgx_enabled __ro_after_init; @@ -15,6 +17,139 @@ EXPORT_SYMBOL(sgx_enabled); bool sgx_lc_enabled __ro_after_init; EXPORT_SYMBOL(sgx_lc_enabled); +static atomic_t sgx_nr_free_pages = ATOMIC_INIT(0); +static struct sgx_epc_bank sgx_epc_banks[SGX_MAX_EPC_BANKS]; +static int sgx_nr_epc_banks; + +/** + * sgx_get_page - pin an EPC page + * @page: an EPC page + * + * Return: a pointer to the pinned EPC page + */ +void *sgx_get_page(struct sgx_epc_page *page) +{ + struct sgx_epc_bank *bank = SGX_EPC_BANK(page); + + if (IS_ENABLED(CONFIG_X86_64)) + return (void *)(bank->va + SGX_EPC_ADDR(page) - bank->pa); + + return kmap_atomic_pfn(SGX_EPC_PFN(page)); +} +EXPORT_SYMBOL(sgx_get_page); + +/** + * sgx_put_page - unpin an EPC page + * @ptr: a pointer to the pinned EPC page + */ +void sgx_put_page(void *ptr) +{ + if (IS_ENABLED(CONFIG_X86_64)) + return; + + kunmap_atomic(ptr); +} +EXPORT_SYMBOL(sgx_put_page); + +static __init int sgx_init_epc_bank(unsigned long addr, unsigned long size, + unsigned long index, + struct sgx_epc_bank *bank) +{ + unsigned long nr_pages = size >> PAGE_SHIFT; + unsigned long i; + void *va; + + if (IS_ENABLED(CONFIG_X86_64)) { + va = ioremap_cache(addr, size); + if (!va) + return -ENOMEM; + } + + bank->pages_data = kzalloc(nr_pages * sizeof(struct sgx_epc_page), + GFP_KERNEL); + if (!bank->pages_data) { + if (IS_ENABLED(CONFIG_X86_64)) + iounmap(va); + + return -ENOMEM; + } + + bank->pages = kzalloc(nr_pages * sizeof(struct sgx_epc_page *), + GFP_KERNEL); + if (!bank->pages) { + if (IS_ENABLED(CONFIG_X86_64)) + iounmap(va); + kfree(bank->pages_data); + bank->pages_data = NULL; + return -ENOMEM; + } + + for (i = 0; i < nr_pages; i++) { + bank->pages[i] = &bank->pages_data[i]; + bank->pages[i]->desc = (addr + (i << PAGE_SHIFT)) | index; + } + + bank->pa = addr; + bank->size = size; + if (IS_ENABLED(CONFIG_X86_64)) + bank->va = (unsigned long)va; + + atomic_set(&bank->free_cnt, nr_pages); + init_rwsem(&bank->lock); + atomic_add(nr_pages, &sgx_nr_free_pages); + return 0; +} + +static __init void sgx_page_cache_teardown(void) +{ + struct sgx_epc_bank *bank; + int i; + + for (i = 0; i < sgx_nr_epc_banks; i++) { + bank = &sgx_epc_banks[i]; + + if (IS_ENABLED(CONFIG_X86_64)) + iounmap((void *)bank->va); + + kfree(bank->pages); + kfree(bank->pages_data); + } +} + +static __init int sgx_page_cache_init(void) +{ + unsigned long size; + unsigned int eax; + unsigned int ebx; + unsigned int ecx; + unsigned int edx; + unsigned long pa; + int i; + int ret; + + for (i = 0; i < SGX_MAX_EPC_BANKS; i++) { + cpuid_count(SGX_CPUID, i + SGX_CPUID_EPC_BANKS, &eax, &ebx, + &ecx, &edx); + if (!(eax & 0xf)) + break; + + pa = ((u64)(ebx & 0xfffff) << 32) + (u64)(eax & 0xfffff000); + size = ((u64)(edx & 0xfffff) << 32) + (u64)(ecx & 0xfffff000); + + pr_info("EPC bank 0x%lx-0x%lx\n", pa, pa + size); + + ret = sgx_init_epc_bank(pa, size, i, &sgx_epc_banks[i]); + if (ret) { + sgx_page_cache_teardown(); + return ret; + } + + sgx_nr_epc_banks++; + } + + return 0; +} + static __init bool sgx_is_enabled(bool *lc_enabled) { unsigned long fc; @@ -47,7 +182,16 @@ static __init bool sgx_is_enabled(bool *lc_enabled) static __init int sgx_init(void) { - sgx_enabled = sgx_is_enabled(&sgx_lc_enabled); + int ret; + + if (!sgx_is_enabled(&sgx_lc_enabled)) + return 0; + + ret = sgx_page_cache_init(); + if (ret) + return ret; + + sgx_enabled = true; return 0; } -- 2.17.1