mirror of
https://git.proxmox.com/git/mirror_ubuntu-kernels.git
synced 2025-11-22 08:46:59 +00:00
9e2f402336
dynamic. For instance, enclaves can now change enclave page
permissions on the fly.
- Removal of an unused structure member
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEV76QKkVc4xCGURexaDWVMHDJkrAFAmLq2M8ACgkQaDWVMHDJ
krCbAw/+J4nHXxZNMQQX1c8CYJ7XHIr+YtsqNFYwH58rJJstHO/YwQf+mesVOeeu
08BYn+T5cdAbShKcxdkowPB17S6w/WzACtUfVhaoRQC7Md40cBiyc45UiC2e1u9g
W3Osk5+fTVcSYA9WiizPntIQkjVs9e7hcNKjTyVPnSw8W8mFCLg+ZiPb7YvKERTO
o8Wi2+zzX1BGDNOyBEqvnstz9uXDbCbFUTYX6zToBUk+Y1ZPXHwuHgNTtrAqGYaL
qyi0O2zoWnfOUmplzjJ/1aPmzPJDPgDNImC+gjTpYXGmg05Ryds+VZAc64IIjqYn
K+/5674PZFdsp5/YfctubdsQm0l0xen94sccAacd7KfsVurcHs3E2bdQPDw0htxv
svCX0Sai/qv52tPNzw+n9EJRcQsiwd9Pn0rWwx2i8hQcgMFiwCus6DBKhU7uh2Jp
oTwlspqJy2NHu9bici78tmsOio9CORjrh1WOfWX+yHEux4dtQAl889Gw5qzId6V1
Bh1MgoAu/pQ78feo96f3h5yOultOtpbTGyXEC8t4MTSpIVgZ2NzfUxe4RhOCBnhA
kdftVNfZLGOzwBbgFy0gYTe/ukt1DkP4BNHQilf2I+bUP/kZFlN8wfxBipWzr0bs
Skrz4+brBIaTdGoFgzhgt3g5YH16DSasmy/HCkIeV7eaAHFRLoE=
=Y7YA
-----END PGP SIGNATURE-----
Merge tag 'x86_sgx_for_v6.0-2022-08-03.1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 SGX updates from Dave Hansen:
"A set of x86/sgx changes focused on implementing the "SGX2" features,
plus a minor cleanup:
- SGX2 ISA support which makes enclave memory management much more
dynamic. For instance, enclaves can now change enclave page
permissions on the fly.
- Removal of an unused structure member"
* tag 'x86_sgx_for_v6.0-2022-08-03.1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (32 commits)
x86/sgx: Drop 'page_index' from sgx_backing
selftests/sgx: Page removal stress test
selftests/sgx: Test reclaiming of untouched page
selftests/sgx: Test invalid access to removed enclave page
selftests/sgx: Test faulty enclave behavior
selftests/sgx: Test complete changing of page type flow
selftests/sgx: Introduce TCS initialization enclave operation
selftests/sgx: Introduce dynamic entry point
selftests/sgx: Test two different SGX2 EAUG flows
selftests/sgx: Add test for TCS page permission changes
selftests/sgx: Add test for EPCM permission changes
Documentation/x86: Introduce enclave runtime management section
x86/sgx: Free up EPC pages directly to support large page ranges
x86/sgx: Support complete page removal
x86/sgx: Support modifying SGX page type
x86/sgx: Tighten accessible memory range after enclave initialization
x86/sgx: Support adding of pages to an initialized enclave
x86/sgx: Support restricting of enclave page permissions
x86/sgx: Support VA page allocation without reclaiming
x86/sgx: Export sgx_encl_page_alloc()
...
132 lines
3.6 KiB
C
132 lines
3.6 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/**
|
|
* Copyright(c) 2016-20 Intel Corporation.
|
|
*
|
|
* Contains the software defined data structures for enclaves.
|
|
*/
|
|
#ifndef _X86_ENCL_H
|
|
#define _X86_ENCL_H
|
|
|
|
#include <linux/cpumask.h>
|
|
#include <linux/kref.h>
|
|
#include <linux/list.h>
|
|
#include <linux/mm_types.h>
|
|
#include <linux/mmu_notifier.h>
|
|
#include <linux/mutex.h>
|
|
#include <linux/notifier.h>
|
|
#include <linux/srcu.h>
|
|
#include <linux/workqueue.h>
|
|
#include <linux/xarray.h>
|
|
#include "sgx.h"
|
|
|
|
/* 'desc' bits holding the offset in the VA (version array) page. */
|
|
#define SGX_ENCL_PAGE_VA_OFFSET_MASK GENMASK_ULL(11, 3)
|
|
|
|
/* 'desc' bit marking that the page is being reclaimed. */
|
|
#define SGX_ENCL_PAGE_BEING_RECLAIMED BIT(3)
|
|
|
|
struct sgx_encl_page {
|
|
unsigned long desc;
|
|
unsigned long vm_max_prot_bits:8;
|
|
enum sgx_page_type type:16;
|
|
struct sgx_epc_page *epc_page;
|
|
struct sgx_encl *encl;
|
|
struct sgx_va_page *va_page;
|
|
};
|
|
|
|
enum sgx_encl_flags {
|
|
SGX_ENCL_IOCTL = BIT(0),
|
|
SGX_ENCL_DEBUG = BIT(1),
|
|
SGX_ENCL_CREATED = BIT(2),
|
|
SGX_ENCL_INITIALIZED = BIT(3),
|
|
};
|
|
|
|
struct sgx_encl_mm {
|
|
struct sgx_encl *encl;
|
|
struct mm_struct *mm;
|
|
struct list_head list;
|
|
struct mmu_notifier mmu_notifier;
|
|
};
|
|
|
|
struct sgx_encl {
|
|
unsigned long base;
|
|
unsigned long size;
|
|
unsigned long flags;
|
|
unsigned int page_cnt;
|
|
unsigned int secs_child_cnt;
|
|
struct mutex lock;
|
|
struct xarray page_array;
|
|
struct sgx_encl_page secs;
|
|
unsigned long attributes;
|
|
unsigned long attributes_mask;
|
|
|
|
cpumask_t cpumask;
|
|
struct file *backing;
|
|
struct kref refcount;
|
|
struct list_head va_pages;
|
|
unsigned long mm_list_version;
|
|
struct list_head mm_list;
|
|
spinlock_t mm_lock;
|
|
struct srcu_struct srcu;
|
|
};
|
|
|
|
#define SGX_VA_SLOT_COUNT 512
|
|
|
|
struct sgx_va_page {
|
|
struct sgx_epc_page *epc_page;
|
|
DECLARE_BITMAP(slots, SGX_VA_SLOT_COUNT);
|
|
struct list_head list;
|
|
};
|
|
|
|
struct sgx_backing {
|
|
struct page *contents;
|
|
struct page *pcmd;
|
|
unsigned long pcmd_offset;
|
|
};
|
|
|
|
extern const struct vm_operations_struct sgx_vm_ops;
|
|
|
|
static inline int sgx_encl_find(struct mm_struct *mm, unsigned long addr,
|
|
struct vm_area_struct **vma)
|
|
{
|
|
struct vm_area_struct *result;
|
|
|
|
result = vma_lookup(mm, addr);
|
|
if (!result || result->vm_ops != &sgx_vm_ops)
|
|
return -EINVAL;
|
|
|
|
*vma = result;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start,
|
|
unsigned long end, unsigned long vm_flags);
|
|
|
|
bool current_is_ksgxd(void);
|
|
void sgx_encl_release(struct kref *ref);
|
|
int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm);
|
|
const cpumask_t *sgx_encl_cpumask(struct sgx_encl *encl);
|
|
int sgx_encl_lookup_backing(struct sgx_encl *encl, unsigned long page_index,
|
|
struct sgx_backing *backing);
|
|
int sgx_encl_alloc_backing(struct sgx_encl *encl, unsigned long page_index,
|
|
struct sgx_backing *backing);
|
|
void sgx_encl_put_backing(struct sgx_backing *backing);
|
|
int sgx_encl_test_and_clear_young(struct mm_struct *mm,
|
|
struct sgx_encl_page *page);
|
|
struct sgx_encl_page *sgx_encl_page_alloc(struct sgx_encl *encl,
|
|
unsigned long offset,
|
|
u64 secinfo_flags);
|
|
void sgx_zap_enclave_ptes(struct sgx_encl *encl, unsigned long addr);
|
|
struct sgx_epc_page *sgx_alloc_va_page(bool reclaim);
|
|
unsigned int sgx_alloc_va_slot(struct sgx_va_page *va_page);
|
|
void sgx_free_va_slot(struct sgx_va_page *va_page, unsigned int offset);
|
|
bool sgx_va_page_full(struct sgx_va_page *va_page);
|
|
void sgx_encl_free_epc_page(struct sgx_epc_page *page);
|
|
struct sgx_encl_page *sgx_encl_load_page(struct sgx_encl *encl,
|
|
unsigned long addr);
|
|
struct sgx_va_page *sgx_encl_grow(struct sgx_encl *encl, bool reclaim);
|
|
void sgx_encl_shrink(struct sgx_encl *encl, struct sgx_va_page *va_page);
|
|
|
|
#endif /* _X86_ENCL_H */
|