Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp6262702iob; Tue, 10 May 2022 14:17:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzF3HLA2k77csohTo2pjiQrYBuQSGbBmbYOhMaDrBKnTCEtxFafIbPJgtH0VF5xZsLd0DCo X-Received: by 2002:a63:fb0a:0:b0:3c1:cd4a:4f93 with SMTP id o10-20020a63fb0a000000b003c1cd4a4f93mr18155246pgh.78.1652217456605; Tue, 10 May 2022 14:17:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652217456; cv=none; d=google.com; s=arc-20160816; b=RRS7Rfm652FeHGpc9vztEUbPvtV+18HqAR4OuJZWgBOEEBATfKdFriE/PcYmUmSaHK kJ1No/atVsl4u93hPwQLgiBEJh7a8PPUmGlzqLwf5gvZkJTZE4Y+pnQB01Dzn+EtoPpT N7OCpbwYe60fnxnlAdb1+cBnCkyaBMK+lwmh/XOjnNrsUxBm8uM2MXd/Kh/B0D7PFS2l iSLj/Y/TbbgPL3U+GuO6BJr9cISQE6hFbfu4ZnFicyRp44af/KGLmUQOBnZ4b+m+QyQq rLrXrzzKEbQzGjK9uOjtYSsRuM6fDRF/BFH5AN/fyUYron1qKmk8V8a0qFok1RRFuWel oSmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=XgNLfy6nkR8+WW7QK28/S4UCTOWL8x5uhEDzWBg/kc0=; b=k3PLNFDXUhBrKmzuagptDNrEybQWumyB7r4b65mPTz7P9z2QGiS6xHlhT/TFfqqiws B5lxLdJ1BFvZYO6on/nlpdhVDuFDi7nXroDz7YbmaS2a8fr0A15xW+ObOBB5u+sQSiy1 0QFKGUZTlPmregmjr4oJtZctIxOP0btWRESKy/ViX+PeYE2UUebPs7KMTt7kZo4C5VVg t25AiGprUFTHthdUh7z0Hm81aFBNdfUnhslO9TxTNjums1if7Au7IfAVJOv2CK7A7ysH CWBD/7ksDnhorhDQECbYvLdqySP29ia8mM6KX7fubwRX0EElk/CUiMN37yubhDurUM0q uKeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=jhi1SR1r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f1-20020a170902ce8100b0015eaa840a13si236558plg.224.2022.05.10.14.17.17; Tue, 10 May 2022 14:17:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=jhi1SR1r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348594AbiEJSNZ (ORCPT + 99 others); Tue, 10 May 2022 14:13:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58034 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348536AbiEJSNS (ORCPT ); Tue, 10 May 2022 14:13:18 -0400 Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E33C29820; Tue, 10 May 2022 11:09:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1652206160; x=1683742160; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=J1dxio/jrdcQWYirsDtrovCCz05E7xe6apx4ehqATxw=; b=jhi1SR1rvOP92zjU9OAYti48+L9wgnN8VftELU3CryHUUcxQ2G63G6WG 5kpkttNJgg8NDhEFwAnK384MPuzYQp0QnkpGeVqHkoCk+24g1VC6gB/Ri h8/43N812wWn7u4D9ZL/4+mUyO+kGuv2ExkBZQhPj79MSdiciSUTXsv06 LAnmFdahYsMa2n+4TWXW6dbzp3Kvbn+WoWuDj/zy9ZqmlFsAv1Nq5AMnB uPngTsWRUa3Z4GWrofA+gQWGUbsWAttvw8Dx5RL/yGwUA6o0oexjmCKKm ZFupOq7GSQ47/xcL9o+D+EY0avLiNt3NCTpQYxbw7h++gg7po2Ng6o37c A==; X-IronPort-AV: E=McAfee;i="6400,9594,10343"; a="330057503" X-IronPort-AV: E=Sophos;i="5.91,214,1647327600"; d="scan'208";a="330057503" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 May 2022 11:09:16 -0700 X-IronPort-AV: E=Sophos;i="5.91,214,1647327600"; d="scan'208";a="541908749" Received: from rchatre-ws.ostc.intel.com ([10.54.69.144]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 May 2022 11:09:16 -0700 From: Reinette Chatre To: dave.hansen@linux.intel.com, jarkko@kernel.org, tglx@linutronix.de, bp@alien8.de, luto@kernel.org, mingo@redhat.com, linux-sgx@vger.kernel.org, x86@kernel.org, shuah@kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, kai.huang@intel.com, cathy.zhang@intel.com, cedric.xing@intel.com, haitao.huang@intel.com, mark.shanahan@intel.com, vijay.dhanraj@intel.com, hpa@zytor.com, linux-kernel@vger.kernel.org Subject: [PATCH V5 03/31] x86/sgx: Add wrapper for SGX2 EMODT function Date: Tue, 10 May 2022 11:08:39 -0700 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add a wrapper for the EMODT ENCLS leaf function used to change the type of an enclave page as maintained in the SGX hardware's Enclave Page Cache Map (EPCM). EMODT: 1) Updates the EPCM page type of the enclave page. 2) Sets the MODIFIED bit in the EPCM entry of the enclave page. This bit is reset by the enclave by invoking ENCLU leaf function EACCEPT or EACCEPTCOPY. Access from within the enclave to the enclave page is not possible while the MODIFIED bit is set. After changing the enclave page type by issuing EMODT the kernel needs to collaborate with the hardware to ensure that no logical processor continues to hold a reference to the changed page. This is required to ensure no required security checks are circumvented and is required for the enclave's EACCEPT/EACCEPTCOPY to succeed. Ensuring that no references to the changed page remain is accomplished with the ETRACK flow. Reviewed-by: Jarkko Sakkinen Signed-off-by: Reinette Chatre --- No changes since V4. Changes since V3: - Add Jarkko's Reviewed-by tag. Changes since V1: - Split original patch ("x86/sgx: Add wrappers for SGX2 functions") in three to introduce the SGX2 functions separately (Jarkko). - Rewrite commit message to include how the EPCM within the hardware is changed by the SGX2 function as well as the calling conditions (Jarkko). arch/x86/kernel/cpu/sgx/encls.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kernel/cpu/sgx/encls.h b/arch/x86/kernel/cpu/sgx/encls.h index 2b091912f038..7a1ecf704ec1 100644 --- a/arch/x86/kernel/cpu/sgx/encls.h +++ b/arch/x86/kernel/cpu/sgx/encls.h @@ -221,4 +221,10 @@ static inline int __emodpr(struct sgx_secinfo *secinfo, void *addr) return __encls_ret_2(EMODPR, secinfo, addr); } +/* Change the type of an EPC page. */ +static inline int __emodt(struct sgx_secinfo *secinfo, void *addr) +{ + return __encls_ret_2(EMODT, secinfo, addr); +} + #endif /* _X86_ENCLS_H */ -- 2.25.1