Received: by 2002:ac0:83e4:0:0:0:0:0 with SMTP id xs91-v6csp7273imc; Fri, 2 Nov 2018 16:20:19 -0700 (PDT) X-Google-Smtp-Source: AJdET5edoUSwXf24OpWYJbCW6NraxbBjz//wRkRoqvRT/CtDM0ZUFDTH6k/spluPJQu1rbNfijbq X-Received: by 2002:a17:902:b709:: with SMTP id d9-v6mr13163448pls.199.1541200819162; Fri, 02 Nov 2018 16:20:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541200819; cv=none; d=google.com; s=arc-20160816; b=ROPZjgvOzIx+85WW6sN8t2D+PhGgcaZYFo9NoqDWER/mYpC09xz1GPThvrHgweEHdQ SD91oCUXiubsMtI7QH1KnN0edLQCIVMZIlRji2NQMVKm8yAdT5yBx+tUKPGvdpwDeHdT sEiM2jdDz14puFwMrRxcAQeBaJFKDVuP+zgoPEb0JKnpt/kC9WqifDO2jkxGPQolc1K7 txa8/NgHFLkzDgs2C/QJNaJWXdW3F6WVzBbbsAEIS+piftxb7XrZ4AAhmHg0d2tLGKGF nbIyJQ/oCcBlLkq1d0WGKymH2oisOD5dV81iwpZBqwRgIUndyowMgur/8ZqSrK91eLk8 Yrtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=zfZ8Eo3i+Wd5ILFaLedpwuKTMA9FZ6qfdDfVYxT3OQQ=; b=D9AzEZJew5cBaV0NilGNioMKLP7FrmuF4cZKo3lNeLOvOjEeo5kh2KLF4Cy7hZDmG2 0eeXRTVwn7uINtvfbEiCQYuCJudYuT0D2ncEil5MdCQey61aCmLVvdWl/SxKMWlgaXkr gpp2X4dQyocLYvxK/vtERG6Whr4OILG8ee/l3darMqv4r6MbohXj6TguN7+rc1ppAlNI 0LJ6A75X9s1lqrE8QYhe0P4teHEv6RSnndMbIVr8B/AMuZMQREBDkRZkFm5wISGMHHmq xw/2YUXWO7oB7EE9IBmujK20TxLxKIIU4A+lzRTiex7dvXxUyLGGvYcUTC3XhEurmcIR Xe4w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 144si9568899pga.322.2018.11.02.16.20.04; Fri, 02 Nov 2018 16:20:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728553AbeKCI06 (ORCPT + 99 others); Sat, 3 Nov 2018 04:26:58 -0400 Received: from mga03.intel.com ([134.134.136.65]:2537 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726705AbeKCI06 (ORCPT ); Sat, 3 Nov 2018 04:26:58 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Nov 2018 16:17:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,457,1534834800"; d="scan'208";a="270988149" Received: from btyborox-mobl.ger.corp.intel.com (HELO localhost) ([10.249.254.138]) by orsmga005.jf.intel.com with ESMTP; 02 Nov 2018 16:17:42 -0700 From: Jarkko Sakkinen To: x86@kernel.org, platform-driver-x86@vger.kernel.org, linux-sgx@vger.kernel.org Cc: dave.hansen@intel.com, sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, haitao.huang@intel.com, mark.shanahan@intel.com, andriy.shevchenko@linux.intel.com, Jarkko Sakkinen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Suresh Siddha , linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)) Subject: [PATCH v15 18/23] x86/sgx: Add sgx_einit() for initializing enclaves Date: Sat, 3 Nov 2018 01:11:17 +0200 Message-Id: <20181102231320.29164-19-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181102231320.29164-1-jarkko.sakkinen@linux.intel.com> References: <20181102231320.29164-1-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson Add a helper function to perform ENCLS(EINIT) with the correct LE hash MSR values. ENCLS[EINIT] initializes an enclave, verifying the enclave's measurement and preparing it for execution, i.e. the enclave cannot be run until it has been initialized. The measurement aspect of EINIT references the MSR_IA32_SGXLEPUBKEYHASH* MSRs, with the CPU comparing CPU compares the key (technically its hash) used to sign the enclave[1] with the key hash stored in the MSRs, and will reject EINIT if the keys do not match. A per-cpu cache is used to avoid writing the MSRs as writing the MSRs is extraordinarily expensive, e.g. 300-400 cycles per MSR. Because the cache may become stale, force update the MSRs and retry EINIT if the first EINIT fails due to an "invalid token". An invalid token error does not necessarily mean the MSRs need to be updated, but the cost of an unnecessary write is minimal relative to the cost of EINIT itself. [1] For EINIT's purposes, the effective signer of the enclave may be the enclave's owner, or a separate Launch Enclave that has created an EINIT token for the target enclave. When using an EINIT token, the key used to sign the token must match the MSRs in order for EINIT to succeed. Signed-off-by: Sean Christopherson Co-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- arch/x86/include/asm/sgx.h | 2 ++ arch/x86/kernel/cpu/intel_sgx.c | 50 +++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h index 4e39bcfad018..b6f014d0d88d 100644 --- a/arch/x86/include/asm/sgx.h +++ b/arch/x86/include/asm/sgx.h @@ -312,5 +312,7 @@ static inline int __emodt(struct sgx_secinfo *secinfo, void __iomem *addr) struct sgx_epc_page *sgx_alloc_page(void); int __sgx_free_page(struct sgx_epc_page *page); void sgx_free_page(struct sgx_epc_page *page); +int sgx_einit(struct sgx_sigstruct *sigstruct, struct sgx_einittoken *token, + struct sgx_epc_page *secs, u64 *lepubkeyhash); #endif /* _ASM_X86_SGX_H */ diff --git a/arch/x86/kernel/cpu/intel_sgx.c b/arch/x86/kernel/cpu/intel_sgx.c index b06709a9ea65..19041e96d1da 100644 --- a/arch/x86/kernel/cpu/intel_sgx.c +++ b/arch/x86/kernel/cpu/intel_sgx.c @@ -15,6 +15,9 @@ EXPORT_SYMBOL_GPL(sgx_epc_sections); static int sgx_nr_epc_sections; +/* A per-cpu cache for the last known values of IA32_SGXLEPUBKEYHASHx MSRs. */ +static DEFINE_PER_CPU(u64 [4], sgx_lepubkeyhash_cache); + /** * sgx_alloc_page - Allocate an EPC page * @@ -91,6 +94,53 @@ void sgx_free_page(struct sgx_epc_page *page) } EXPORT_SYMBOL_GPL(sgx_free_page); +static void sgx_update_lepubkeyhash_msrs(u64 *lepubkeyhash, bool enforce) +{ + u64 __percpu *cache; + int i; + + cache = per_cpu(sgx_lepubkeyhash_cache, smp_processor_id()); + for (i = 0; i < 4; i++) { + if (enforce || (lepubkeyhash[i] != cache[i])) { + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + i, lepubkeyhash[i]); + cache[i] = lepubkeyhash[i]; + } + } +} + +/** + * sgx_einit - initialize an enclave + * @sigstruct: a pointer a SIGSTRUCT + * @token: a pointer an EINITTOKEN (optional) + * @secs: a pointer a SECS + * @lepubkeyhash: the desired value for IA32_SGXLEPUBKEYHASHx MSRs + * + * Execute ENCLS[EINIT], writing the IA32_SGXLEPUBKEYHASHx MSRs according + * to @lepubkeyhash (if possible and necessary). + * + * Return: + * 0 on success, + * -errno or SGX error on failure + */ +int sgx_einit(struct sgx_sigstruct *sigstruct, struct sgx_einittoken *token, + struct sgx_epc_page *secs, u64 *lepubkeyhash) +{ + int ret; + + if (!boot_cpu_has(X86_FEATURE_SGX_LC)) + return __einit(sigstruct, token, sgx_epc_addr(secs)); + + preempt_disable(); + sgx_update_lepubkeyhash_msrs(lepubkeyhash, false); + ret = __einit(sigstruct, token, sgx_epc_addr(secs)); + if (ret == SGX_INVALID_EINITTOKEN) { + sgx_update_lepubkeyhash_msrs(lepubkeyhash, true); + ret = __einit(sigstruct, token, sgx_epc_addr(secs)); + } + preempt_enable(); + return ret; +} +EXPORT_SYMBOL(sgx_einit); static __init void sgx_free_epc_section(struct sgx_epc_section *section) { -- 2.19.1