Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1034315pxb; Tue, 8 Feb 2022 07:54:40 -0800 (PST) X-Google-Smtp-Source: ABdhPJx+rkwJa+6hPuAsvdVK23CWhKi4jsEepaY16ziWOaNewUo1PxB9NTtZ9prRRh/36F39hoXv X-Received: by 2002:a17:902:da91:: with SMTP id j17mr4893811plx.89.1644335680326; Tue, 08 Feb 2022 07:54:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644335680; cv=none; d=google.com; s=arc-20160816; b=0VBaWwzs9oJYubXAcEk7h7cA/IHRiVQZcazQA7AIk1VIaRvpmcG1HlwqF6cGB2jzoz Trjdhd3b9+y+vb07/QoI0ZR3p8tofLR0tcF/ATE8Chtu2kzmUlYGXuT13kk60c232Ozg BH5CAvPtbr/KSw5ltqLRw29rQulZUzVssUyAGtrG9xpsJXdSxB8YwWQeOQ3oGSXzd+9s Rojka61mqbrwBnRQ03sXenn/sphTKTdqR3aLPeX3uMnyfcn48JYT7NG3/O+I0ZBABEam 5Intj7d+A26Ob7mk2RgMlrHdenspb3OaAWgD5g4b6wCEW6CwGvC7LW3jSn5hTMA+L+Mz nIfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=f8hNCDDi/z/8X7yBcBIz2phkRPUla10gsKGQHYCQZps=; b=w+SOXEKEvF5gRnlHi+mGSxYJE013PTYlg8Cc5dO0LiVgFrgXLh9ojgY3gAK/H5grrG X82p+GJffV6U7RotxOKqI/ZcbE24LL1EkHcfoOC6eARvQBBmCkWf8S+cdwOrf4E1uZpN Rx0SBwStlp9sRFlLazaMv1L5If2TX6LX+kCwi5EDhba8gJzE0bZWNMCRYj43+wXI0bP+ BnlDevbb63/fklCHwX5KatXdSesHIQIFgpH5ekz9KgEiUXSmYYVSrYkMG5rNuwYoqHOo 8Mi+vzuLbzTLe4HeVSAxgzCI2w2luoyjA6+CZZX5XX/XONXH70LSMVDWLtzGMhnDXKVm t2Tg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="DqhAG0o/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q141si12812299pgq.557.2022.02.08.07.54.26; Tue, 08 Feb 2022 07:54:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="DqhAG0o/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343832AbiBHBIx (ORCPT + 99 others); Mon, 7 Feb 2022 20:08:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59298 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344132AbiBHAqL (ORCPT ); Mon, 7 Feb 2022 19:46:11 -0500 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 137ABC06109E; Mon, 7 Feb 2022 16:46:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644281171; x=1675817171; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=q0vphHXpAQ7cBGzaSnch/i7jIsfuQCmDvKVvEhi6WfE=; b=DqhAG0o/3gNfJdXRAurh4XCfhf0A1afodJ1xbUNkTk+ZJrfjD7NnGd8l I9w5oSzPrVel+bb0ZYhQy0nvJ7NSI+g8ypV7RK33QKb65AblQkP3bUaRt XofMGYwVK4HkShJM8alyhwpVz5Kq1WNGa6mIsqXXEPL14DANGOmrD6CEr 3FmXcrFf2cYJ7EN/EM4jnWzscKsv8BRHqaPURUpH6XzBGCA6KTcTQHEEm SQ6CMV+py8stsDx4OMszqB8WORr5mUGFmFNynSZMCTJVdyumwzU0sWApq MbjSSauO6ZM5qIwn2OxjYo07EZDHGjhwCdoYi26lEEK3yA48/mzui0IPP Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10251"; a="232407937" X-IronPort-AV: E=Sophos;i="5.88,351,1635231600"; d="scan'208";a="232407937" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 16:46:08 -0800 X-IronPort-AV: E=Sophos;i="5.88,351,1635231600"; d="scan'208";a="499389473" Received: from rchatre-ws.ostc.intel.com ([10.54.69.144]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 16:46:08 -0800 From: Reinette Chatre To: dave.hansen@linux.intel.com, jarkko@kernel.org, tglx@linutronix.de, bp@alien8.de, luto@kernel.org, mingo@redhat.com, linux-sgx@vger.kernel.org, x86@kernel.org Cc: seanjc@google.com, kai.huang@intel.com, cathy.zhang@intel.com, cedric.xing@intel.com, haitao.huang@intel.com, mark.shanahan@intel.com, hpa@zytor.com, linux-kernel@vger.kernel.org Subject: [PATCH V2 03/32] x86/sgx: Add wrapper for SGX2 EMODT function Date: Mon, 7 Feb 2022 16:45:25 -0800 Message-Id: <794af0e3cfe04cf886304b3dd644f9b4787b7125.1644274683.git.reinette.chatre@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add a wrapper for the EMODT ENCLS leaf function used to change the type of an enclave page as maintained in the SGX hardware's Enclave Page Cache Map (EPCM). EMODT: 1) Updates the EPCM page type of the enclave page. 2) Sets the MODIFIED bit in the EPCM entry of the enclave page. This bit is reset by the enclave by invoking ENCLU leaf function EACCEPT or EACCEPTCOPY. Access from within the enclave to the enclave page is not possible while the MODIFIED bit is set. After changing the enclave page type by issuing EMODT the kernel needs to collaborate with the hardware to ensure that no logical processor continues to hold a reference to the changed page. This is required to ensure no required security checks are circumvented and is required for the enclave's EACCEPT/EACCEPTCOPY to succeed. Ensuring that no references to the changed page remain is accomplished with the ETRACK flow. Signed-off-by: Reinette Chatre --- Changes since V1: - Split original patch ("x86/sgx: Add wrappers for SGX2 functions") in three to introduce the SGX2 functions separately (Jarkko). - Rewrite commit message to include how the EPCM within the hardware is changed by the SGX2 function as well as the calling conditions (Jarkko). arch/x86/kernel/cpu/sgx/encls.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kernel/cpu/sgx/encls.h b/arch/x86/kernel/cpu/sgx/encls.h index 2b091912f038..7a1ecf704ec1 100644 --- a/arch/x86/kernel/cpu/sgx/encls.h +++ b/arch/x86/kernel/cpu/sgx/encls.h @@ -221,4 +221,10 @@ static inline int __emodpr(struct sgx_secinfo *secinfo, void *addr) return __encls_ret_2(EMODPR, secinfo, addr); } +/* Change the type of an EPC page. */ +static inline int __emodt(struct sgx_secinfo *secinfo, void *addr) +{ + return __encls_ret_2(EMODT, secinfo, addr); +} + #endif /* _X86_ENCLS_H */ -- 2.25.1