* [PATCH 1/2] x86/sgx: Wrap ENCLS[EWB]
@ 2019-09-12 19:38 Jarkko Sakkinen
2019-09-12 19:38 ` [PATCH 2/2] x86/sgx: Take sgx_ewb() into use Jarkko Sakkinen
2019-09-14 12:22 ` [PATCH 1/2] x86/sgx: Wrap ENCLS[EWB] Jarkko Sakkinen
0 siblings, 2 replies; 3+ messages in thread
From: Jarkko Sakkinen @ 2019-09-12 19:38 UTC (permalink / raw)
To: linux-sgx
Cc: sean.j.christopherson, serge.ayoun, shay.katz-zamir, Jarkko Sakkinen
A reclaimed page is represented by two entities:
1. A version number in the Enclave Page Cache (EPC). Version numbers are
stored in Version Array (VA) pages [1].
2. Page contents and MAC [2] encrypted with a random transient key and the
version number in the system memory.
This commit introduces a wrapper function for ENCLS[EWB], which transforms
a page from EPC to the system memory, resulting the forementioned entities.
The reason for having struct sgx_ewb_context is that the reclaiming process
can pin the resources in early phases of the page reclaiming process when a
clean rollback from a failure (e.g. running out of memory) is still
possible.
[1] Intel SDM: 37.18 VERSION ARRAY (VA)
[2] Intel SDM: 37.12 PAGING CRYPTO METADATA (PCMD)
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
arch/x86/kernel/cpu/sgx/encls.c | 33 +++++++++++++++++++++++++++++++++
arch/x86/kernel/cpu/sgx/encls.h | 10 ++++++++++
2 files changed, 43 insertions(+)
diff --git a/arch/x86/kernel/cpu/sgx/encls.c b/arch/x86/kernel/cpu/sgx/encls.c
index cda09cf8b927..06004b665d88 100644
--- a/arch/x86/kernel/cpu/sgx/encls.c
+++ b/arch/x86/kernel/cpu/sgx/encls.c
@@ -54,3 +54,36 @@ int sgx_einit(struct sgx_sigstruct *sigstruct, struct sgx_einittoken *token,
preempt_enable();
return ret;
}
+
+/**
+ * sgx_ewb() - Execute ENCLS[EWB]
+ * @ctx: a struct &sgx_ewb_context
+ *
+ * Execute ENCLS[EWB], which transforms a page from EPC to the system memory.
+ * @ctx should be initialized to reference all of the data needed in this
+ * process.
+ *
+ * Return:
+ * 0 on success,
+ * -errno or SGX error on failure
+ */
+int sgx_ewb(struct sgx_ewb_context *ctx)
+{
+ struct sgx_pageinfo pginfo;
+ int ret;
+
+ pginfo.addr = 0;
+ pginfo.contents = (unsigned long)kmap_atomic(ctx->contents);
+ pginfo.metadata = (unsigned long)kmap_atomic(ctx->pcmd) +
+ ctx->pcmd_offset;
+ pginfo.secs = 0;
+
+ ret = __ewb(&pginfo, sgx_epc_addr(ctx->page),
+ sgx_epc_addr(ctx->version_array) + ctx->version_offset);
+
+ kunmap_atomic((void *)(unsigned long)(pginfo.metadata -
+ ctx->pcmd_offset));
+ kunmap_atomic((void *)(unsigned long)pginfo.contents);
+
+ return ret;
+}
diff --git a/arch/x86/kernel/cpu/sgx/encls.h b/arch/x86/kernel/cpu/sgx/encls.h
index e3713337c187..d27cbc2f76e0 100644
--- a/arch/x86/kernel/cpu/sgx/encls.h
+++ b/arch/x86/kernel/cpu/sgx/encls.h
@@ -257,7 +257,17 @@ static inline int __emodt(struct sgx_secinfo *secinfo, void *addr)
return __encls_ret_2(SGX_EMODT, secinfo, addr);
}
+struct sgx_ewb_context {
+ struct sgx_epc_page *page;
+ struct page *contents;
+ struct page *pcmd;
+ unsigned long pcmd_offset;
+ struct sgx_epc_page *version_array;
+ unsigned long version_offset;
+};
+
int sgx_einit(struct sgx_sigstruct *sigstruct, struct sgx_einittoken *token,
struct sgx_epc_page *secs, u64 *lepubkeyhash);
+int sgx_ewb(struct sgx_ewb_context *ctx);
#endif /* _X86_ENCLS_H */
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] x86/sgx: Take sgx_ewb() into use
2019-09-12 19:38 [PATCH 1/2] x86/sgx: Wrap ENCLS[EWB] Jarkko Sakkinen
@ 2019-09-12 19:38 ` Jarkko Sakkinen
2019-09-14 12:22 ` [PATCH 1/2] x86/sgx: Wrap ENCLS[EWB] Jarkko Sakkinen
1 sibling, 0 replies; 3+ messages in thread
From: Jarkko Sakkinen @ 2019-09-12 19:38 UTC (permalink / raw)
To: linux-sgx
Cc: sean.j.christopherson, serge.ayoun, shay.katz-zamir, Jarkko Sakkinen
Take the first step integrating sgx_ewb() i.e. just fill struct
sgx_ewb_context inside __sgx_encl_ewb() and call sgx_ewb(). The 2nd step
isto move resource binding up to the part where the page is picked up to
the reclaiming process.
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
arch/x86/kernel/cpu/sgx/reclaim.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/arch/x86/kernel/cpu/sgx/reclaim.c b/arch/x86/kernel/cpu/sgx/reclaim.c
index e2b978664f9d..4542d47f48a5 100644
--- a/arch/x86/kernel/cpu/sgx/reclaim.c
+++ b/arch/x86/kernel/cpu/sgx/reclaim.c
@@ -225,8 +225,7 @@ static int __sgx_encl_ewb(struct sgx_encl *encl, struct sgx_epc_page *epc_page,
unsigned int pt)
{
struct sgx_encl_page *encl_page = epc_page->owner;
- struct sgx_pageinfo pginfo;
- unsigned long pcmd_offset;
+ struct sgx_ewb_context ctx;
struct page *backing;
pgoff_t page_index;
pgoff_t pcmd_index;
@@ -243,7 +242,6 @@ static int __sgx_encl_ewb(struct sgx_encl *encl, struct sgx_epc_page *epc_page,
page_index = SGX_ENCL_PAGE_INDEX(encl_page);
pcmd_index = sgx_pcmd_index(encl, page_index);
- pcmd_offset = sgx_pcmd_offset(page_index);
backing = sgx_encl_get_backing_page(encl, page_index);
if (IS_ERR(backing)) {
@@ -257,14 +255,14 @@ static int __sgx_encl_ewb(struct sgx_encl *encl, struct sgx_epc_page *epc_page,
goto err_pcmd;
}
- pginfo.addr = 0;
- pginfo.contents = (unsigned long)kmap_atomic(backing);
- pginfo.metadata = (unsigned long)kmap_atomic(pcmd) + pcmd_offset;
- pginfo.secs = 0;
- ret = __ewb(&pginfo, sgx_epc_addr(epc_page),
- sgx_epc_addr(va_page->epc_page) + va_offset);
- kunmap_atomic((void *)(unsigned long)(pginfo.metadata - pcmd_offset));
- kunmap_atomic((void *)(unsigned long)pginfo.contents);
+ ctx.page = epc_page;
+ ctx.contents = backing;
+ ctx.pcmd = pcmd;
+ ctx.pcmd_offset = sgx_pcmd_offset(page_index);
+ ctx.version_array = va_page->epc_page;
+ ctx.version_offset = va_offset;
+
+ ret = sgx_ewb(&ctx);
if (!ret) {
set_page_dirty(pcmd);
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 1/2] x86/sgx: Wrap ENCLS[EWB]
2019-09-12 19:38 [PATCH 1/2] x86/sgx: Wrap ENCLS[EWB] Jarkko Sakkinen
2019-09-12 19:38 ` [PATCH 2/2] x86/sgx: Take sgx_ewb() into use Jarkko Sakkinen
@ 2019-09-14 12:22 ` Jarkko Sakkinen
1 sibling, 0 replies; 3+ messages in thread
From: Jarkko Sakkinen @ 2019-09-14 12:22 UTC (permalink / raw)
To: linux-sgx; +Cc: sean.j.christopherson, serge.ayoun, shay.katz-zamir
On Thu, Sep 12, 2019 at 08:38:08PM +0100, Jarkko Sakkinen wrote:
> A reclaimed page is represented by two entities:
>
> 1. A version number in the Enclave Page Cache (EPC). Version numbers are
> stored in Version Array (VA) pages [1].
> 2. Page contents and MAC [2] encrypted with a random transient key and the
> version number in the system memory.
>
> This commit introduces a wrapper function for ENCLS[EWB], which transforms
> a page from EPC to the system memory, resulting the forementioned entities.
> The reason for having struct sgx_ewb_context is that the reclaiming process
> can pin the resources in early phases of the page reclaiming process when a
> clean rollback from a failure (e.g. running out of memory) is still
> possible.
Ignore these. Sent by mistake.
In my tree in for-v23 there is already some alternative patches in
progress on top of my other v23 changes.
/Jarkko
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-09-14 12:22 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-12 19:38 [PATCH 1/2] x86/sgx: Wrap ENCLS[EWB] Jarkko Sakkinen
2019-09-12 19:38 ` [PATCH 2/2] x86/sgx: Take sgx_ewb() into use Jarkko Sakkinen
2019-09-14 12:22 ` [PATCH 1/2] x86/sgx: Wrap ENCLS[EWB] Jarkko Sakkinen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.