Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3472806pxb; Mon, 4 Apr 2022 18:04:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxdJy6YB+WWCfdM9yp7CQkbnfWWolcn3ZGt7KiPyhVY7K2WQFHgO0qBf+E/OpXI2C2HTCEi X-Received: by 2002:a17:90b:4f88:b0:1c9:b632:9462 with SMTP id qe8-20020a17090b4f8800b001c9b6329462mr1095190pjb.54.1649120668019; Mon, 04 Apr 2022 18:04:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649120668; cv=none; d=google.com; s=arc-20160816; b=PhHF5UPuvCUc+UkZAIZri6XHJ3gocwr8HHXGxxElzCncHiCsOhSP/mFBvrlZRvYWxF VvJheGVBulVK8spA246s17rSNBwhlQzEV4JGTqRkPn+hxgyhtapnxMMUKE0qamvP7po5 K3AP33BbY4dGyHYcOCKlcWdhk4FDJG0tN9ClrPo9ESQEF2qJswDj+OP4eUz/pMxBAEoX HrNqZcgzL7ThZhUSPXh9Kz8tUCeVG9BZFIqsSCaMuUr4CCKlp32yJqGF+Irtp6R21GTl eHwZQ/b7Ge3ipkLB6OX/eVEWJFZJEjhNa3b2ZoaSl7mbr9sUEm0JvEy4G9h1dYQ00HzZ 8/MQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=7xFj+5mpkQNc/ppD2rvSaxRQeo52dnPwBzMEumFw9V8=; b=LVSiJBv9CVTV8N1WAVA4p8SH0WHy0vfKuKDZRB0T7AgGmn9M6jH1XubSJxRo0KV5Dy EHxkAOkltnwff1dvB2pHDQUcjF6LOD6wT9FalqXbrDfluFvAV/fov0arZFuePifIwFCl 2eCR/t+ttwlh/QdjBJF1LMKqi3bcqJ28mbUhMvNH81aAtB3JipPk99uvfXC6y9QvGiO+ zwFLHgQ8Rd7yGa/5YFI28zyWCJTxdetqTtT2Lxuhy3KGNayH9BWnU8akL0IrvZ/05YJZ F4U9GqTXwA15UFQXisQtf71VBArcqD/qxdYgv2vgHXd3x8aT1JMB2NFWFt8PCjnmEnli 6OFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=erKfRQM3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id d59-20020a17090a6f4100b001c6739ec79asi824764pjk.160.2022.04.04.18.04.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 18:04:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=erKfRQM3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E173E126FBA; Mon, 4 Apr 2022 17:03:14 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1383237AbiDDVdK (ORCPT + 99 others); Mon, 4 Apr 2022 17:33:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46302 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379256AbiDDQvt (ORCPT ); Mon, 4 Apr 2022 12:51:49 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2CBF2E086; Mon, 4 Apr 2022 09:49:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1649090992; x=1680626992; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=7soraypShUzq59PRY96Ss2w9MzztKJRkAjurCflHILo=; b=erKfRQM3ULdd7ZRjZxK2CnmQkvgmgeV3PRhAqXIPNwiMkC9YcvNHS/nY dqR/G+TzOcVsjFGmM3mWDXp3lFo2RAtcjuDTQB/tmHcOpZO9DumgLUf6n J0FS4hpz0LawYEI7kxcFd9WnFsAEJ+jBZaQSBDkva/gS7S67yZWlmhVY/ Bof1j0xxJzSQBYWVjTHt6tHicXNjIr6XSUhMzfvJw8BdLf/C3iUEhm+ng GTpHK4Zd6LLt/oQOEArHL7l3/P0zA3oYLDkIGJKbF67JhryOLnYiR4K9t DsTbzojjKsFkqo358i4tWH8ruu/sxQgzmzEuP6fDE5vfHPDavmEbeaD7f g==; X-IronPort-AV: E=McAfee;i="6200,9189,10307"; a="259390770" X-IronPort-AV: E=Sophos;i="5.90,234,1643702400"; d="scan'208";a="259390770" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2022 09:49:50 -0700 X-IronPort-AV: E=Sophos;i="5.90,234,1643702400"; d="scan'208";a="523105156" Received: from rchatre-ws.ostc.intel.com ([10.54.69.144]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2022 09:49:50 -0700 From: Reinette Chatre To: dave.hansen@linux.intel.com, jarkko@kernel.org, tglx@linutronix.de, bp@alien8.de, luto@kernel.org, mingo@redhat.com, linux-sgx@vger.kernel.org, x86@kernel.org Cc: seanjc@google.com, kai.huang@intel.com, cathy.zhang@intel.com, cedric.xing@intel.com, haitao.huang@intel.com, mark.shanahan@intel.com, hpa@zytor.com, linux-kernel@vger.kernel.org Subject: [PATCH V3 03/30] x86/sgx: Add wrapper for SGX2 EMODT function Date: Mon, 4 Apr 2022 09:49:11 -0700 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add a wrapper for the EMODT ENCLS leaf function used to change the type of an enclave page as maintained in the SGX hardware's Enclave Page Cache Map (EPCM). EMODT: 1) Updates the EPCM page type of the enclave page. 2) Sets the MODIFIED bit in the EPCM entry of the enclave page. This bit is reset by the enclave by invoking ENCLU leaf function EACCEPT or EACCEPTCOPY. Access from within the enclave to the enclave page is not possible while the MODIFIED bit is set. After changing the enclave page type by issuing EMODT the kernel needs to collaborate with the hardware to ensure that no logical processor continues to hold a reference to the changed page. This is required to ensure no required security checks are circumvented and is required for the enclave's EACCEPT/EACCEPTCOPY to succeed. Ensuring that no references to the changed page remain is accomplished with the ETRACK flow. Signed-off-by: Reinette Chatre --- No changes since V2 Changes since V1: - Split original patch ("x86/sgx: Add wrappers for SGX2 functions") in three to introduce the SGX2 functions separately (Jarkko). - Rewrite commit message to include how the EPCM within the hardware is changed by the SGX2 function as well as the calling conditions (Jarkko). arch/x86/kernel/cpu/sgx/encls.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kernel/cpu/sgx/encls.h b/arch/x86/kernel/cpu/sgx/encls.h index 2b091912f038..7a1ecf704ec1 100644 --- a/arch/x86/kernel/cpu/sgx/encls.h +++ b/arch/x86/kernel/cpu/sgx/encls.h @@ -221,4 +221,10 @@ static inline int __emodpr(struct sgx_secinfo *secinfo, void *addr) return __encls_ret_2(EMODPR, secinfo, addr); } +/* Change the type of an EPC page. */ +static inline int __emodt(struct sgx_secinfo *secinfo, void *addr) +{ + return __encls_ret_2(EMODT, secinfo, addr); +} + #endif /* _X86_ENCLS_H */ -- 2.25.1