1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright(c) 2016-20 Intel Corporation. */
3
4 #include <asm/mman.h>
5 #include <asm/sgx.h>
6 #include <linux/mman.h>
7 #include <linux/delay.h>
8 #include <linux/file.h>
9 #include <linux/hashtable.h>
10 #include <linux/highmem.h>
11 #include <linux/ratelimit.h>
12 #include <linux/sched/signal.h>
13 #include <linux/shmem_fs.h>
14 #include <linux/slab.h>
15 #include <linux/suspend.h>
16 #include "driver.h"
17 #include "encl.h"
18 #include "encls.h"
19
sgx_encl_grow(struct sgx_encl * encl,bool reclaim)20 struct sgx_va_page *sgx_encl_grow(struct sgx_encl *encl, bool reclaim)
21 {
22 struct sgx_va_page *va_page = NULL;
23 void *err;
24
25 BUILD_BUG_ON(SGX_VA_SLOT_COUNT !=
26 (SGX_ENCL_PAGE_VA_OFFSET_MASK >> 3) + 1);
27
28 if (!(encl->page_cnt % SGX_VA_SLOT_COUNT)) {
29 va_page = kzalloc(sizeof(*va_page), GFP_KERNEL);
30 if (!va_page)
31 return ERR_PTR(-ENOMEM);
32
33 va_page->epc_page = sgx_alloc_va_page(reclaim);
34 if (IS_ERR(va_page->epc_page)) {
35 err = ERR_CAST(va_page->epc_page);
36 kfree(va_page);
37 return err;
38 }
39
40 WARN_ON_ONCE(encl->page_cnt % SGX_VA_SLOT_COUNT);
41 }
42 encl->page_cnt++;
43 return va_page;
44 }
45
sgx_encl_shrink(struct sgx_encl * encl,struct sgx_va_page * va_page)46 void sgx_encl_shrink(struct sgx_encl *encl, struct sgx_va_page *va_page)
47 {
48 encl->page_cnt--;
49
50 if (va_page) {
51 sgx_encl_free_epc_page(va_page->epc_page);
52 list_del(&va_page->list);
53 kfree(va_page);
54 }
55 }
56
sgx_encl_create(struct sgx_encl * encl,struct sgx_secs * secs)57 static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
58 {
59 struct sgx_epc_page *secs_epc;
60 struct sgx_va_page *va_page;
61 struct sgx_pageinfo pginfo;
62 struct sgx_secinfo secinfo;
63 unsigned long encl_size;
64 struct file *backing;
65 long ret;
66
67 /*
68 * ECREATE would detect this too, but checking here also ensures
69 * that the 'encl_size' calculations below can never overflow.
70 */
71 if (!is_power_of_2(secs->size))
72 return -EINVAL;
73
74 va_page = sgx_encl_grow(encl, true);
75 if (IS_ERR(va_page))
76 return PTR_ERR(va_page);
77 else if (va_page)
78 list_add(&va_page->list, &encl->va_pages);
79 /* else the tail page of the VA page list had free slots. */
80
81 /* The extra page goes to SECS. */
82 encl_size = secs->size + PAGE_SIZE;
83
84 backing = shmem_file_setup("SGX backing", encl_size + (encl_size >> 5),
85 VM_NORESERVE);
86 if (IS_ERR(backing)) {
87 ret = PTR_ERR(backing);
88 goto err_out_shrink;
89 }
90
91 encl->backing = backing;
92
93 secs_epc = sgx_alloc_epc_page(&encl->secs, true);
94 if (IS_ERR(secs_epc)) {
95 ret = PTR_ERR(secs_epc);
96 goto err_out_backing;
97 }
98
99 encl->secs.epc_page = secs_epc;
100
101 pginfo.addr = 0;
102 pginfo.contents = (unsigned long)secs;
103 pginfo.metadata = (unsigned long)&secinfo;
104 pginfo.secs = 0;
105 memset(&secinfo, 0, sizeof(secinfo));
106
107 ret = __ecreate((void *)&pginfo, sgx_get_epc_virt_addr(secs_epc));
108 if (ret) {
109 ret = -EIO;
110 goto err_out;
111 }
112
113 if (secs->attributes & SGX_ATTR_DEBUG)
114 set_bit(SGX_ENCL_DEBUG, &encl->flags);
115
116 encl->secs.encl = encl;
117 encl->secs.type = SGX_PAGE_TYPE_SECS;
118 encl->base = secs->base;
119 encl->size = secs->size;
120 encl->attributes = secs->attributes;
121 encl->attributes_mask = SGX_ATTR_UNPRIV_MASK;
122
123 /* Set only after completion, as encl->lock has not been taken. */
124 set_bit(SGX_ENCL_CREATED, &encl->flags);
125
126 return 0;
127
128 err_out:
129 sgx_encl_free_epc_page(encl->secs.epc_page);
130 encl->secs.epc_page = NULL;
131
132 err_out_backing:
133 fput(encl->backing);
134 encl->backing = NULL;
135
136 err_out_shrink:
137 sgx_encl_shrink(encl, va_page);
138
139 return ret;
140 }
141
142 /**
143 * sgx_ioc_enclave_create() - handler for %SGX_IOC_ENCLAVE_CREATE
144 * @encl: An enclave pointer.
145 * @arg: The ioctl argument.
146 *
147 * Allocate kernel data structures for the enclave and invoke ECREATE.
148 *
149 * Return:
150 * - 0: Success.
151 * - -EIO: ECREATE failed.
152 * - -errno: POSIX error.
153 */
sgx_ioc_enclave_create(struct sgx_encl * encl,void __user * arg)154 static long sgx_ioc_enclave_create(struct sgx_encl *encl, void __user *arg)
155 {
156 struct sgx_enclave_create create_arg;
157 void *secs;
158 int ret;
159
160 if (test_bit(SGX_ENCL_CREATED, &encl->flags))
161 return -EINVAL;
162
163 if (copy_from_user(&create_arg, arg, sizeof(create_arg)))
164 return -EFAULT;
165
166 secs = kmalloc(PAGE_SIZE, GFP_KERNEL);
167 if (!secs)
168 return -ENOMEM;
169
170 if (copy_from_user(secs, (void __user *)create_arg.src, PAGE_SIZE))
171 ret = -EFAULT;
172 else
173 ret = sgx_encl_create(encl, secs);
174
175 kfree(secs);
176 return ret;
177 }
178
sgx_validate_secinfo(struct sgx_secinfo * secinfo)179 static int sgx_validate_secinfo(struct sgx_secinfo *secinfo)
180 {
181 u64 perm = secinfo->flags & SGX_SECINFO_PERMISSION_MASK;
182 u64 pt = secinfo->flags & SGX_SECINFO_PAGE_TYPE_MASK;
183
184 if (pt != SGX_SECINFO_REG && pt != SGX_SECINFO_TCS)
185 return -EINVAL;
186
187 if ((perm & SGX_SECINFO_W) && !(perm & SGX_SECINFO_R))
188 return -EINVAL;
189
190 /*
191 * CPU will silently overwrite the permissions as zero, which means
192 * that we need to validate it ourselves.
193 */
194 if (pt == SGX_SECINFO_TCS && perm)
195 return -EINVAL;
196
197 if (secinfo->flags & SGX_SECINFO_RESERVED_MASK)
198 return -EINVAL;
199
200 if (memchr_inv(secinfo->reserved, 0, sizeof(secinfo->reserved)))
201 return -EINVAL;
202
203 return 0;
204 }
205
__sgx_encl_add_page(struct sgx_encl * encl,struct sgx_encl_page * encl_page,struct sgx_epc_page * epc_page,struct sgx_secinfo * secinfo,unsigned long src)206 static int __sgx_encl_add_page(struct sgx_encl *encl,
207 struct sgx_encl_page *encl_page,
208 struct sgx_epc_page *epc_page,
209 struct sgx_secinfo *secinfo, unsigned long src)
210 {
211 struct sgx_pageinfo pginfo;
212 struct vm_area_struct *vma;
213 struct page *src_page;
214 int ret;
215
216 /* Deny noexec. */
217 vma = find_vma(current->mm, src);
218 if (!vma)
219 return -EFAULT;
220
221 if (!(vma->vm_flags & VM_MAYEXEC))
222 return -EACCES;
223
224 ret = get_user_pages(src, 1, 0, &src_page);
225 if (ret < 1)
226 return -EFAULT;
227
228 pginfo.secs = (unsigned long)sgx_get_epc_virt_addr(encl->secs.epc_page);
229 pginfo.addr = encl_page->desc & PAGE_MASK;
230 pginfo.metadata = (unsigned long)secinfo;
231 pginfo.contents = (unsigned long)kmap_local_page(src_page);
232
233 ret = __eadd(&pginfo, sgx_get_epc_virt_addr(epc_page));
234
235 kunmap_local((void *)pginfo.contents);
236 put_page(src_page);
237
238 return ret ? -EIO : 0;
239 }
240
241 /*
242 * If the caller requires measurement of the page as a proof for the content,
243 * use EEXTEND to add a measurement for 256 bytes of the page. Repeat this
244 * operation until the entire page is measured."
245 */
__sgx_encl_extend(struct sgx_encl * encl,struct sgx_epc_page * epc_page)246 static int __sgx_encl_extend(struct sgx_encl *encl,
247 struct sgx_epc_page *epc_page)
248 {
249 unsigned long offset;
250 int ret;
251
252 for (offset = 0; offset < PAGE_SIZE; offset += SGX_EEXTEND_BLOCK_SIZE) {
253 ret = __eextend(sgx_get_epc_virt_addr(encl->secs.epc_page),
254 sgx_get_epc_virt_addr(epc_page) + offset);
255 if (ret) {
256 if (encls_failed(ret))
257 ENCLS_WARN(ret, "EEXTEND");
258
259 return -EIO;
260 }
261 }
262
263 return 0;
264 }
265
sgx_encl_add_page(struct sgx_encl * encl,unsigned long src,unsigned long offset,struct sgx_secinfo * secinfo,unsigned long flags)266 static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long src,
267 unsigned long offset, struct sgx_secinfo *secinfo,
268 unsigned long flags)
269 {
270 struct sgx_encl_page *encl_page;
271 struct sgx_epc_page *epc_page;
272 struct sgx_va_page *va_page;
273 int ret;
274
275 encl_page = sgx_encl_page_alloc(encl, offset, secinfo->flags);
276 if (IS_ERR(encl_page))
277 return PTR_ERR(encl_page);
278
279 epc_page = sgx_alloc_epc_page(encl_page, true);
280 if (IS_ERR(epc_page)) {
281 kfree(encl_page);
282 return PTR_ERR(epc_page);
283 }
284
285 va_page = sgx_encl_grow(encl, true);
286 if (IS_ERR(va_page)) {
287 ret = PTR_ERR(va_page);
288 goto err_out_free;
289 }
290
291 mmap_read_lock(current->mm);
292 mutex_lock(&encl->lock);
293
294 /*
295 * Adding to encl->va_pages must be done under encl->lock. Ditto for
296 * deleting (via sgx_encl_shrink()) in the error path.
297 */
298 if (va_page)
299 list_add(&va_page->list, &encl->va_pages);
300
301 /*
302 * Insert prior to EADD in case of OOM. EADD modifies MRENCLAVE, i.e.
303 * can't be gracefully unwound, while failure on EADD/EXTEND is limited
304 * to userspace errors (or kernel/hardware bugs).
305 */
306 ret = xa_insert(&encl->page_array, PFN_DOWN(encl_page->desc),
307 encl_page, GFP_KERNEL);
308 if (ret)
309 goto err_out_unlock;
310
311 ret = __sgx_encl_add_page(encl, encl_page, epc_page, secinfo,
312 src);
313 if (ret)
314 goto err_out;
315
316 /*
317 * Complete the "add" before doing the "extend" so that the "add"
318 * isn't in a half-baked state in the extremely unlikely scenario
319 * the enclave will be destroyed in response to EEXTEND failure.
320 */
321 encl_page->encl = encl;
322 encl_page->epc_page = epc_page;
323 encl_page->type = (secinfo->flags & SGX_SECINFO_PAGE_TYPE_MASK) >> 8;
324 encl->secs_child_cnt++;
325
326 if (flags & SGX_PAGE_MEASURE) {
327 ret = __sgx_encl_extend(encl, epc_page);
328 if (ret)
329 goto err_out;
330 }
331
332 sgx_mark_page_reclaimable(encl_page->epc_page);
333 mutex_unlock(&encl->lock);
334 mmap_read_unlock(current->mm);
335 return ret;
336
337 err_out:
338 xa_erase(&encl->page_array, PFN_DOWN(encl_page->desc));
339
340 err_out_unlock:
341 sgx_encl_shrink(encl, va_page);
342 mutex_unlock(&encl->lock);
343 mmap_read_unlock(current->mm);
344
345 err_out_free:
346 sgx_encl_free_epc_page(epc_page);
347 kfree(encl_page);
348
349 return ret;
350 }
351
352 /*
353 * Ensure user provided offset and length values are valid for
354 * an enclave.
355 */
sgx_validate_offset_length(struct sgx_encl * encl,unsigned long offset,unsigned long length)356 static int sgx_validate_offset_length(struct sgx_encl *encl,
357 unsigned long offset,
358 unsigned long length)
359 {
360 if (!IS_ALIGNED(offset, PAGE_SIZE))
361 return -EINVAL;
362
363 if (!length || !IS_ALIGNED(length, PAGE_SIZE))
364 return -EINVAL;
365
366 if (offset + length < offset)
367 return -EINVAL;
368
369 if (offset + length - PAGE_SIZE >= encl->size)
370 return -EINVAL;
371
372 return 0;
373 }
374
375 /**
376 * sgx_ioc_enclave_add_pages() - The handler for %SGX_IOC_ENCLAVE_ADD_PAGES
377 * @encl: an enclave pointer
378 * @arg: a user pointer to a struct sgx_enclave_add_pages instance
379 *
380 * Add one or more pages to an uninitialized enclave, and optionally extend the
381 * measurement with the contents of the page. The SECINFO and measurement mask
382 * are applied to all pages.
383 *
384 * A SECINFO for a TCS is required to always contain zero permissions because
385 * CPU silently zeros them. Allowing anything else would cause a mismatch in
386 * the measurement.
387 *
388 * mmap()'s protection bits are capped by the page permissions. For each page
389 * address, the maximum protection bits are computed with the following
390 * heuristics:
391 *
392 * 1. A regular page: PROT_R, PROT_W and PROT_X match the SECINFO permissions.
393 * 2. A TCS page: PROT_R | PROT_W.
394 *
395 * mmap() is not allowed to surpass the minimum of the maximum protection bits
396 * within the given address range.
397 *
398 * The function deinitializes kernel data structures for enclave and returns
399 * -EIO in any of the following conditions:
400 *
401 * - Enclave Page Cache (EPC), the physical memory holding enclaves, has
402 * been invalidated. This will cause EADD and EEXTEND to fail.
403 * - If the source address is corrupted somehow when executing EADD.
404 *
405 * Return:
406 * - 0: Success.
407 * - -EACCES: The source page is located in a noexec partition.
408 * - -ENOMEM: Out of EPC pages.
409 * - -EINTR: The call was interrupted before data was processed.
410 * - -EIO: Either EADD or EEXTEND failed because invalid source address
411 * or power cycle.
412 * - -errno: POSIX error.
413 */
sgx_ioc_enclave_add_pages(struct sgx_encl * encl,void __user * arg)414 static long sgx_ioc_enclave_add_pages(struct sgx_encl *encl, void __user *arg)
415 {
416 struct sgx_enclave_add_pages add_arg;
417 struct sgx_secinfo secinfo;
418 unsigned long c;
419 int ret;
420
421 if (!test_bit(SGX_ENCL_CREATED, &encl->flags) ||
422 test_bit(SGX_ENCL_INITIALIZED, &encl->flags))
423 return -EINVAL;
424
425 if (copy_from_user(&add_arg, arg, sizeof(add_arg)))
426 return -EFAULT;
427
428 if (!IS_ALIGNED(add_arg.src, PAGE_SIZE))
429 return -EINVAL;
430
431 if (sgx_validate_offset_length(encl, add_arg.offset, add_arg.length))
432 return -EINVAL;
433
434 if (copy_from_user(&secinfo, (void __user *)add_arg.secinfo,
435 sizeof(secinfo)))
436 return -EFAULT;
437
438 if (sgx_validate_secinfo(&secinfo))
439 return -EINVAL;
440
441 for (c = 0 ; c < add_arg.length; c += PAGE_SIZE) {
442 if (signal_pending(current)) {
443 if (!c)
444 ret = -ERESTARTSYS;
445
446 break;
447 }
448
449 if (need_resched())
450 cond_resched();
451
452 ret = sgx_encl_add_page(encl, add_arg.src + c, add_arg.offset + c,
453 &secinfo, add_arg.flags);
454 if (ret)
455 break;
456 }
457
458 add_arg.count = c;
459
460 if (copy_to_user(arg, &add_arg, sizeof(add_arg)))
461 return -EFAULT;
462
463 return ret;
464 }
465
__sgx_get_key_hash(struct crypto_shash * tfm,const void * modulus,void * hash)466 static int __sgx_get_key_hash(struct crypto_shash *tfm, const void *modulus,
467 void *hash)
468 {
469 SHASH_DESC_ON_STACK(shash, tfm);
470
471 shash->tfm = tfm;
472
473 return crypto_shash_digest(shash, modulus, SGX_MODULUS_SIZE, hash);
474 }
475
sgx_get_key_hash(const void * modulus,void * hash)476 static int sgx_get_key_hash(const void *modulus, void *hash)
477 {
478 struct crypto_shash *tfm;
479 int ret;
480
481 tfm = crypto_alloc_shash("sha256", 0, CRYPTO_ALG_ASYNC);
482 if (IS_ERR(tfm))
483 return PTR_ERR(tfm);
484
485 ret = __sgx_get_key_hash(tfm, modulus, hash);
486
487 crypto_free_shash(tfm);
488 return ret;
489 }
490
sgx_encl_init(struct sgx_encl * encl,struct sgx_sigstruct * sigstruct,void * token)491 static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct,
492 void *token)
493 {
494 u64 mrsigner[4];
495 int i, j;
496 void *addr;
497 int ret;
498
499 /*
500 * Deny initializing enclaves with attributes (namely provisioning)
501 * that have not been explicitly allowed.
502 */
503 if (encl->attributes & ~encl->attributes_mask)
504 return -EACCES;
505
506 /*
507 * Attributes should not be enforced *only* against what's available on
508 * platform (done in sgx_encl_create) but checked and enforced against
509 * the mask for enforcement in sigstruct. For example an enclave could
510 * opt to sign with AVX bit in xfrm, but still be loadable on a platform
511 * without it if the sigstruct->body.attributes_mask does not turn that
512 * bit on.
513 */
514 if (sigstruct->body.attributes & sigstruct->body.attributes_mask &
515 sgx_attributes_reserved_mask)
516 return -EINVAL;
517
518 if (sigstruct->body.miscselect & sigstruct->body.misc_mask &
519 sgx_misc_reserved_mask)
520 return -EINVAL;
521
522 if (sigstruct->body.xfrm & sigstruct->body.xfrm_mask &
523 sgx_xfrm_reserved_mask)
524 return -EINVAL;
525
526 ret = sgx_get_key_hash(sigstruct->modulus, mrsigner);
527 if (ret)
528 return ret;
529
530 mutex_lock(&encl->lock);
531
532 /*
533 * ENCLS[EINIT] is interruptible because it has such a high latency,
534 * e.g. 50k+ cycles on success. If an IRQ/NMI/SMI becomes pending,
535 * EINIT may fail with SGX_UNMASKED_EVENT so that the event can be
536 * serviced.
537 */
538 for (i = 0; i < SGX_EINIT_SLEEP_COUNT; i++) {
539 for (j = 0; j < SGX_EINIT_SPIN_COUNT; j++) {
540 addr = sgx_get_epc_virt_addr(encl->secs.epc_page);
541
542 preempt_disable();
543
544 sgx_update_lepubkeyhash(mrsigner);
545
546 ret = __einit(sigstruct, token, addr);
547
548 preempt_enable();
549
550 if (ret == SGX_UNMASKED_EVENT)
551 continue;
552 else
553 break;
554 }
555
556 if (ret != SGX_UNMASKED_EVENT)
557 break;
558
559 msleep_interruptible(SGX_EINIT_SLEEP_TIME);
560
561 if (signal_pending(current)) {
562 ret = -ERESTARTSYS;
563 goto err_out;
564 }
565 }
566
567 if (encls_faulted(ret)) {
568 if (encls_failed(ret))
569 ENCLS_WARN(ret, "EINIT");
570
571 ret = -EIO;
572 } else if (ret) {
573 pr_debug("EINIT returned %d\n", ret);
574 ret = -EPERM;
575 } else {
576 set_bit(SGX_ENCL_INITIALIZED, &encl->flags);
577 }
578
579 err_out:
580 mutex_unlock(&encl->lock);
581 return ret;
582 }
583
584 /**
585 * sgx_ioc_enclave_init() - handler for %SGX_IOC_ENCLAVE_INIT
586 * @encl: an enclave pointer
587 * @arg: userspace pointer to a struct sgx_enclave_init instance
588 *
589 * Flush any outstanding enqueued EADD operations and perform EINIT. The
590 * Launch Enclave Public Key Hash MSRs are rewritten as necessary to match
591 * the enclave's MRSIGNER, which is calculated from the provided sigstruct.
592 *
593 * Return:
594 * - 0: Success.
595 * - -EPERM: Invalid SIGSTRUCT.
596 * - -EIO: EINIT failed because of a power cycle.
597 * - -errno: POSIX error.
598 */
sgx_ioc_enclave_init(struct sgx_encl * encl,void __user * arg)599 static long sgx_ioc_enclave_init(struct sgx_encl *encl, void __user *arg)
600 {
601 struct sgx_sigstruct *sigstruct;
602 struct sgx_enclave_init init_arg;
603 void *token;
604 int ret;
605
606 if (!test_bit(SGX_ENCL_CREATED, &encl->flags) ||
607 test_bit(SGX_ENCL_INITIALIZED, &encl->flags))
608 return -EINVAL;
609
610 if (copy_from_user(&init_arg, arg, sizeof(init_arg)))
611 return -EFAULT;
612
613 /*
614 * 'sigstruct' must be on a page boundary and 'token' on a 512 byte
615 * boundary. kmalloc() will give this alignment when allocating
616 * PAGE_SIZE bytes.
617 */
618 sigstruct = kmalloc(PAGE_SIZE, GFP_KERNEL);
619 if (!sigstruct)
620 return -ENOMEM;
621
622 token = (void *)((unsigned long)sigstruct + PAGE_SIZE / 2);
623 memset(token, 0, SGX_LAUNCH_TOKEN_SIZE);
624
625 if (copy_from_user(sigstruct, (void __user *)init_arg.sigstruct,
626 sizeof(*sigstruct))) {
627 ret = -EFAULT;
628 goto out;
629 }
630
631 /*
632 * A legacy field used with Intel signed enclaves. These used to mean
633 * regular and architectural enclaves. The CPU only accepts these values
634 * but they do not have any other meaning.
635 *
636 * Thus, reject any other values.
637 */
638 if (sigstruct->header.vendor != 0x0000 &&
639 sigstruct->header.vendor != 0x8086) {
640 ret = -EINVAL;
641 goto out;
642 }
643
644 ret = sgx_encl_init(encl, sigstruct, token);
645
646 out:
647 kfree(sigstruct);
648 return ret;
649 }
650
651 /**
652 * sgx_ioc_enclave_provision() - handler for %SGX_IOC_ENCLAVE_PROVISION
653 * @encl: an enclave pointer
654 * @arg: userspace pointer to a struct sgx_enclave_provision instance
655 *
656 * Allow ATTRIBUTE.PROVISION_KEY for an enclave by providing a file handle to
657 * /dev/sgx_provision.
658 *
659 * Return:
660 * - 0: Success.
661 * - -errno: Otherwise.
662 */
sgx_ioc_enclave_provision(struct sgx_encl * encl,void __user * arg)663 static long sgx_ioc_enclave_provision(struct sgx_encl *encl, void __user *arg)
664 {
665 struct sgx_enclave_provision params;
666
667 if (copy_from_user(¶ms, arg, sizeof(params)))
668 return -EFAULT;
669
670 return sgx_set_attribute(&encl->attributes_mask, params.fd);
671 }
672
673 /*
674 * Ensure enclave is ready for SGX2 functions. Readiness is checked
675 * by ensuring the hardware supports SGX2 and the enclave is initialized
676 * and thus able to handle requests to modify pages within it.
677 */
sgx_ioc_sgx2_ready(struct sgx_encl * encl)678 static int sgx_ioc_sgx2_ready(struct sgx_encl *encl)
679 {
680 if (!(cpu_feature_enabled(X86_FEATURE_SGX2)))
681 return -ENODEV;
682
683 if (!test_bit(SGX_ENCL_INITIALIZED, &encl->flags))
684 return -EINVAL;
685
686 return 0;
687 }
688
689 /*
690 * Some SGX functions require that no cached linear-to-physical address
691 * mappings are present before they can succeed. Collaborate with
692 * hardware via ENCLS[ETRACK] to ensure that all cached
693 * linear-to-physical address mappings belonging to all threads of
694 * the enclave are cleared. See sgx_encl_cpumask() for details.
695 *
696 * Must be called with enclave's mutex held from the time the
697 * SGX function requiring that no cached linear-to-physical mappings
698 * are present is executed until this ETRACK flow is complete.
699 */
sgx_enclave_etrack(struct sgx_encl * encl)700 static int sgx_enclave_etrack(struct sgx_encl *encl)
701 {
702 void *epc_virt;
703 int ret;
704
705 epc_virt = sgx_get_epc_virt_addr(encl->secs.epc_page);
706 ret = __etrack(epc_virt);
707 if (ret) {
708 /*
709 * ETRACK only fails when there is an OS issue. For
710 * example, two consecutive ETRACK was sent without
711 * completed IPI between.
712 */
713 pr_err_once("ETRACK returned %d (0x%x)", ret, ret);
714 /*
715 * Send IPIs to kick CPUs out of the enclave and
716 * try ETRACK again.
717 */
718 on_each_cpu_mask(sgx_encl_cpumask(encl), sgx_ipi_cb, NULL, 1);
719 ret = __etrack(epc_virt);
720 if (ret) {
721 pr_err_once("ETRACK repeat returned %d (0x%x)",
722 ret, ret);
723 return -EFAULT;
724 }
725 }
726 on_each_cpu_mask(sgx_encl_cpumask(encl), sgx_ipi_cb, NULL, 1);
727
728 return 0;
729 }
730
731 /**
732 * sgx_enclave_restrict_permissions() - Restrict EPCM permissions
733 * @encl: Enclave to which the pages belong.
734 * @modp: Checked parameters from user on which pages need modifying and
735 * their new permissions.
736 *
737 * Return:
738 * - 0: Success.
739 * - -errno: Otherwise.
740 */
741 static long
sgx_enclave_restrict_permissions(struct sgx_encl * encl,struct sgx_enclave_restrict_permissions * modp)742 sgx_enclave_restrict_permissions(struct sgx_encl *encl,
743 struct sgx_enclave_restrict_permissions *modp)
744 {
745 struct sgx_encl_page *entry;
746 struct sgx_secinfo secinfo;
747 unsigned long addr;
748 unsigned long c;
749 void *epc_virt;
750 int ret;
751
752 memset(&secinfo, 0, sizeof(secinfo));
753 secinfo.flags = modp->permissions & SGX_SECINFO_PERMISSION_MASK;
754
755 for (c = 0 ; c < modp->length; c += PAGE_SIZE) {
756 addr = encl->base + modp->offset + c;
757
758 sgx_reclaim_direct();
759
760 mutex_lock(&encl->lock);
761
762 entry = sgx_encl_load_page(encl, addr);
763 if (IS_ERR(entry)) {
764 ret = PTR_ERR(entry) == -EBUSY ? -EAGAIN : -EFAULT;
765 goto out_unlock;
766 }
767
768 /*
769 * Changing EPCM permissions is only supported on regular
770 * SGX pages. Attempting this change on other pages will
771 * result in #PF.
772 */
773 if (entry->type != SGX_PAGE_TYPE_REG) {
774 ret = -EINVAL;
775 goto out_unlock;
776 }
777
778 /*
779 * Apart from ensuring that read-access remains, do not verify
780 * the permission bits requested. Kernel has no control over
781 * how EPCM permissions can be relaxed from within the enclave.
782 * ENCLS[EMODPR] can only remove existing EPCM permissions,
783 * attempting to set new permissions will be ignored by the
784 * hardware.
785 */
786
787 /* Change EPCM permissions. */
788 epc_virt = sgx_get_epc_virt_addr(entry->epc_page);
789 ret = __emodpr(&secinfo, epc_virt);
790 if (encls_faulted(ret)) {
791 /*
792 * All possible faults should be avoidable:
793 * parameters have been checked, will only change
794 * permissions of a regular page, and no concurrent
795 * SGX1/SGX2 ENCLS instructions since these
796 * are protected with mutex.
797 */
798 pr_err_once("EMODPR encountered exception %d\n",
799 ENCLS_TRAPNR(ret));
800 ret = -EFAULT;
801 goto out_unlock;
802 }
803 if (encls_failed(ret)) {
804 modp->result = ret;
805 ret = -EFAULT;
806 goto out_unlock;
807 }
808
809 ret = sgx_enclave_etrack(encl);
810 if (ret) {
811 ret = -EFAULT;
812 goto out_unlock;
813 }
814
815 mutex_unlock(&encl->lock);
816 }
817
818 ret = 0;
819 goto out;
820
821 out_unlock:
822 mutex_unlock(&encl->lock);
823 out:
824 modp->count = c;
825
826 return ret;
827 }
828
829 /**
830 * sgx_ioc_enclave_restrict_permissions() - handler for
831 * %SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS
832 * @encl: an enclave pointer
833 * @arg: userspace pointer to a &struct sgx_enclave_restrict_permissions
834 * instance
835 *
836 * SGX2 distinguishes between relaxing and restricting the enclave page
837 * permissions maintained by the hardware (EPCM permissions) of pages
838 * belonging to an initialized enclave (after SGX_IOC_ENCLAVE_INIT).
839 *
840 * EPCM permissions cannot be restricted from within the enclave, the enclave
841 * requires the kernel to run the privileged level 0 instructions ENCLS[EMODPR]
842 * and ENCLS[ETRACK]. An attempt to relax EPCM permissions with this call
843 * will be ignored by the hardware.
844 *
845 * Return:
846 * - 0: Success
847 * - -errno: Otherwise
848 */
sgx_ioc_enclave_restrict_permissions(struct sgx_encl * encl,void __user * arg)849 static long sgx_ioc_enclave_restrict_permissions(struct sgx_encl *encl,
850 void __user *arg)
851 {
852 struct sgx_enclave_restrict_permissions params;
853 long ret;
854
855 ret = sgx_ioc_sgx2_ready(encl);
856 if (ret)
857 return ret;
858
859 if (copy_from_user(¶ms, arg, sizeof(params)))
860 return -EFAULT;
861
862 if (sgx_validate_offset_length(encl, params.offset, params.length))
863 return -EINVAL;
864
865 if (params.permissions & ~SGX_SECINFO_PERMISSION_MASK)
866 return -EINVAL;
867
868 /*
869 * Fail early if invalid permissions requested to prevent ENCLS[EMODPR]
870 * from faulting later when the CPU does the same check.
871 */
872 if ((params.permissions & SGX_SECINFO_W) &&
873 !(params.permissions & SGX_SECINFO_R))
874 return -EINVAL;
875
876 if (params.result || params.count)
877 return -EINVAL;
878
879 ret = sgx_enclave_restrict_permissions(encl, ¶ms);
880
881 if (copy_to_user(arg, ¶ms, sizeof(params)))
882 return -EFAULT;
883
884 return ret;
885 }
886
887 /**
888 * sgx_enclave_modify_types() - Modify type of SGX enclave pages
889 * @encl: Enclave to which the pages belong.
890 * @modt: Checked parameters from user about which pages need modifying
891 * and their new page type.
892 *
893 * Return:
894 * - 0: Success
895 * - -errno: Otherwise
896 */
sgx_enclave_modify_types(struct sgx_encl * encl,struct sgx_enclave_modify_types * modt)897 static long sgx_enclave_modify_types(struct sgx_encl *encl,
898 struct sgx_enclave_modify_types *modt)
899 {
900 unsigned long max_prot_restore;
901 enum sgx_page_type page_type;
902 struct sgx_encl_page *entry;
903 struct sgx_secinfo secinfo;
904 unsigned long prot;
905 unsigned long addr;
906 unsigned long c;
907 void *epc_virt;
908 int ret;
909
910 page_type = modt->page_type & SGX_PAGE_TYPE_MASK;
911
912 /*
913 * The only new page types allowed by hardware are PT_TCS and PT_TRIM.
914 */
915 if (page_type != SGX_PAGE_TYPE_TCS && page_type != SGX_PAGE_TYPE_TRIM)
916 return -EINVAL;
917
918 memset(&secinfo, 0, sizeof(secinfo));
919
920 secinfo.flags = page_type << 8;
921
922 for (c = 0 ; c < modt->length; c += PAGE_SIZE) {
923 addr = encl->base + modt->offset + c;
924
925 sgx_reclaim_direct();
926
927 mutex_lock(&encl->lock);
928
929 entry = sgx_encl_load_page(encl, addr);
930 if (IS_ERR(entry)) {
931 ret = PTR_ERR(entry) == -EBUSY ? -EAGAIN : -EFAULT;
932 goto out_unlock;
933 }
934
935 /*
936 * Borrow the logic from the Intel SDM. Regular pages
937 * (SGX_PAGE_TYPE_REG) can change type to SGX_PAGE_TYPE_TCS
938 * or SGX_PAGE_TYPE_TRIM but TCS pages can only be trimmed.
939 * CET pages not supported yet.
940 */
941 if (!(entry->type == SGX_PAGE_TYPE_REG ||
942 (entry->type == SGX_PAGE_TYPE_TCS &&
943 page_type == SGX_PAGE_TYPE_TRIM))) {
944 ret = -EINVAL;
945 goto out_unlock;
946 }
947
948 max_prot_restore = entry->vm_max_prot_bits;
949
950 /*
951 * Once a regular page becomes a TCS page it cannot be
952 * changed back. So the maximum allowed protection reflects
953 * the TCS page that is always RW from kernel perspective but
954 * will be inaccessible from within enclave. Before doing
955 * so, do make sure that the new page type continues to
956 * respect the originally vetted page permissions.
957 */
958 if (entry->type == SGX_PAGE_TYPE_REG &&
959 page_type == SGX_PAGE_TYPE_TCS) {
960 if (~entry->vm_max_prot_bits & (VM_READ | VM_WRITE)) {
961 ret = -EPERM;
962 goto out_unlock;
963 }
964 prot = PROT_READ | PROT_WRITE;
965 entry->vm_max_prot_bits = calc_vm_prot_bits(prot, 0);
966
967 /*
968 * Prevent page from being reclaimed while mutex
969 * is released.
970 */
971 if (sgx_unmark_page_reclaimable(entry->epc_page)) {
972 ret = -EAGAIN;
973 goto out_entry_changed;
974 }
975
976 /*
977 * Do not keep encl->lock because of dependency on
978 * mmap_lock acquired in sgx_zap_enclave_ptes().
979 */
980 mutex_unlock(&encl->lock);
981
982 sgx_zap_enclave_ptes(encl, addr);
983
984 mutex_lock(&encl->lock);
985
986 sgx_mark_page_reclaimable(entry->epc_page);
987 }
988
989 /* Change EPC type */
990 epc_virt = sgx_get_epc_virt_addr(entry->epc_page);
991 ret = __emodt(&secinfo, epc_virt);
992 if (encls_faulted(ret)) {
993 /*
994 * All possible faults should be avoidable:
995 * parameters have been checked, will only change
996 * valid page types, and no concurrent
997 * SGX1/SGX2 ENCLS instructions since these are
998 * protected with mutex.
999 */
1000 pr_err_once("EMODT encountered exception %d\n",
1001 ENCLS_TRAPNR(ret));
1002 ret = -EFAULT;
1003 goto out_entry_changed;
1004 }
1005 if (encls_failed(ret)) {
1006 modt->result = ret;
1007 ret = -EFAULT;
1008 goto out_entry_changed;
1009 }
1010
1011 ret = sgx_enclave_etrack(encl);
1012 if (ret) {
1013 ret = -EFAULT;
1014 goto out_unlock;
1015 }
1016
1017 entry->type = page_type;
1018
1019 mutex_unlock(&encl->lock);
1020 }
1021
1022 ret = 0;
1023 goto out;
1024
1025 out_entry_changed:
1026 entry->vm_max_prot_bits = max_prot_restore;
1027 out_unlock:
1028 mutex_unlock(&encl->lock);
1029 out:
1030 modt->count = c;
1031
1032 return ret;
1033 }
1034
1035 /**
1036 * sgx_ioc_enclave_modify_types() - handler for %SGX_IOC_ENCLAVE_MODIFY_TYPES
1037 * @encl: an enclave pointer
1038 * @arg: userspace pointer to a &struct sgx_enclave_modify_types instance
1039 *
1040 * Ability to change the enclave page type supports the following use cases:
1041 *
1042 * * It is possible to add TCS pages to an enclave by changing the type of
1043 * regular pages (%SGX_PAGE_TYPE_REG) to TCS (%SGX_PAGE_TYPE_TCS) pages.
1044 * With this support the number of threads supported by an initialized
1045 * enclave can be increased dynamically.
1046 *
1047 * * Regular or TCS pages can dynamically be removed from an initialized
1048 * enclave by changing the page type to %SGX_PAGE_TYPE_TRIM. Changing the
1049 * page type to %SGX_PAGE_TYPE_TRIM marks the page for removal with actual
1050 * removal done by handler of %SGX_IOC_ENCLAVE_REMOVE_PAGES ioctl() called
1051 * after ENCLU[EACCEPT] is run on %SGX_PAGE_TYPE_TRIM page from within the
1052 * enclave.
1053 *
1054 * Return:
1055 * - 0: Success
1056 * - -errno: Otherwise
1057 */
sgx_ioc_enclave_modify_types(struct sgx_encl * encl,void __user * arg)1058 static long sgx_ioc_enclave_modify_types(struct sgx_encl *encl,
1059 void __user *arg)
1060 {
1061 struct sgx_enclave_modify_types params;
1062 long ret;
1063
1064 ret = sgx_ioc_sgx2_ready(encl);
1065 if (ret)
1066 return ret;
1067
1068 if (copy_from_user(¶ms, arg, sizeof(params)))
1069 return -EFAULT;
1070
1071 if (sgx_validate_offset_length(encl, params.offset, params.length))
1072 return -EINVAL;
1073
1074 if (params.page_type & ~SGX_PAGE_TYPE_MASK)
1075 return -EINVAL;
1076
1077 if (params.result || params.count)
1078 return -EINVAL;
1079
1080 ret = sgx_enclave_modify_types(encl, ¶ms);
1081
1082 if (copy_to_user(arg, ¶ms, sizeof(params)))
1083 return -EFAULT;
1084
1085 return ret;
1086 }
1087
1088 /**
1089 * sgx_encl_remove_pages() - Remove trimmed pages from SGX enclave
1090 * @encl: Enclave to which the pages belong
1091 * @params: Checked parameters from user on which pages need to be removed
1092 *
1093 * Return:
1094 * - 0: Success.
1095 * - -errno: Otherwise.
1096 */
sgx_encl_remove_pages(struct sgx_encl * encl,struct sgx_enclave_remove_pages * params)1097 static long sgx_encl_remove_pages(struct sgx_encl *encl,
1098 struct sgx_enclave_remove_pages *params)
1099 {
1100 struct sgx_encl_page *entry;
1101 struct sgx_secinfo secinfo;
1102 unsigned long addr;
1103 unsigned long c;
1104 void *epc_virt;
1105 int ret;
1106
1107 memset(&secinfo, 0, sizeof(secinfo));
1108 secinfo.flags = SGX_SECINFO_R | SGX_SECINFO_W | SGX_SECINFO_X;
1109
1110 for (c = 0 ; c < params->length; c += PAGE_SIZE) {
1111 addr = encl->base + params->offset + c;
1112
1113 sgx_reclaim_direct();
1114
1115 mutex_lock(&encl->lock);
1116
1117 entry = sgx_encl_load_page(encl, addr);
1118 if (IS_ERR(entry)) {
1119 ret = PTR_ERR(entry) == -EBUSY ? -EAGAIN : -EFAULT;
1120 goto out_unlock;
1121 }
1122
1123 if (entry->type != SGX_PAGE_TYPE_TRIM) {
1124 ret = -EPERM;
1125 goto out_unlock;
1126 }
1127
1128 /*
1129 * ENCLS[EMODPR] is a no-op instruction used to inform if
1130 * ENCLU[EACCEPT] was run from within the enclave. If
1131 * ENCLS[EMODPR] is run with RWX on a trimmed page that is
1132 * not yet accepted then it will return
1133 * %SGX_PAGE_NOT_MODIFIABLE, after the trimmed page is
1134 * accepted the instruction will encounter a page fault.
1135 */
1136 epc_virt = sgx_get_epc_virt_addr(entry->epc_page);
1137 ret = __emodpr(&secinfo, epc_virt);
1138 if (!encls_faulted(ret) || ENCLS_TRAPNR(ret) != X86_TRAP_PF) {
1139 ret = -EPERM;
1140 goto out_unlock;
1141 }
1142
1143 if (sgx_unmark_page_reclaimable(entry->epc_page)) {
1144 ret = -EBUSY;
1145 goto out_unlock;
1146 }
1147
1148 /*
1149 * Do not keep encl->lock because of dependency on
1150 * mmap_lock acquired in sgx_zap_enclave_ptes().
1151 */
1152 mutex_unlock(&encl->lock);
1153
1154 sgx_zap_enclave_ptes(encl, addr);
1155
1156 mutex_lock(&encl->lock);
1157
1158 sgx_encl_free_epc_page(entry->epc_page);
1159 encl->secs_child_cnt--;
1160 entry->epc_page = NULL;
1161 xa_erase(&encl->page_array, PFN_DOWN(entry->desc));
1162 sgx_encl_shrink(encl, NULL);
1163 kfree(entry);
1164
1165 mutex_unlock(&encl->lock);
1166 }
1167
1168 ret = 0;
1169 goto out;
1170
1171 out_unlock:
1172 mutex_unlock(&encl->lock);
1173 out:
1174 params->count = c;
1175
1176 return ret;
1177 }
1178
1179 /**
1180 * sgx_ioc_enclave_remove_pages() - handler for %SGX_IOC_ENCLAVE_REMOVE_PAGES
1181 * @encl: an enclave pointer
1182 * @arg: userspace pointer to &struct sgx_enclave_remove_pages instance
1183 *
1184 * Final step of the flow removing pages from an initialized enclave. The
1185 * complete flow is:
1186 *
1187 * 1) User changes the type of the pages to be removed to %SGX_PAGE_TYPE_TRIM
1188 * using the %SGX_IOC_ENCLAVE_MODIFY_TYPES ioctl().
1189 * 2) User approves the page removal by running ENCLU[EACCEPT] from within
1190 * the enclave.
1191 * 3) User initiates actual page removal using the
1192 * %SGX_IOC_ENCLAVE_REMOVE_PAGES ioctl() that is handled here.
1193 *
1194 * First remove any page table entries pointing to the page and then proceed
1195 * with the actual removal of the enclave page and data in support of it.
1196 *
1197 * VA pages are not affected by this removal. It is thus possible that the
1198 * enclave may end up with more VA pages than needed to support all its
1199 * pages.
1200 *
1201 * Return:
1202 * - 0: Success
1203 * - -errno: Otherwise
1204 */
sgx_ioc_enclave_remove_pages(struct sgx_encl * encl,void __user * arg)1205 static long sgx_ioc_enclave_remove_pages(struct sgx_encl *encl,
1206 void __user *arg)
1207 {
1208 struct sgx_enclave_remove_pages params;
1209 long ret;
1210
1211 ret = sgx_ioc_sgx2_ready(encl);
1212 if (ret)
1213 return ret;
1214
1215 if (copy_from_user(¶ms, arg, sizeof(params)))
1216 return -EFAULT;
1217
1218 if (sgx_validate_offset_length(encl, params.offset, params.length))
1219 return -EINVAL;
1220
1221 if (params.count)
1222 return -EINVAL;
1223
1224 ret = sgx_encl_remove_pages(encl, ¶ms);
1225
1226 if (copy_to_user(arg, ¶ms, sizeof(params)))
1227 return -EFAULT;
1228
1229 return ret;
1230 }
1231
sgx_ioctl(struct file * filep,unsigned int cmd,unsigned long arg)1232 long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg)
1233 {
1234 struct sgx_encl *encl = filep->private_data;
1235 int ret;
1236
1237 if (test_and_set_bit(SGX_ENCL_IOCTL, &encl->flags))
1238 return -EBUSY;
1239
1240 switch (cmd) {
1241 case SGX_IOC_ENCLAVE_CREATE:
1242 ret = sgx_ioc_enclave_create(encl, (void __user *)arg);
1243 break;
1244 case SGX_IOC_ENCLAVE_ADD_PAGES:
1245 ret = sgx_ioc_enclave_add_pages(encl, (void __user *)arg);
1246 break;
1247 case SGX_IOC_ENCLAVE_INIT:
1248 ret = sgx_ioc_enclave_init(encl, (void __user *)arg);
1249 break;
1250 case SGX_IOC_ENCLAVE_PROVISION:
1251 ret = sgx_ioc_enclave_provision(encl, (void __user *)arg);
1252 break;
1253 case SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS:
1254 ret = sgx_ioc_enclave_restrict_permissions(encl,
1255 (void __user *)arg);
1256 break;
1257 case SGX_IOC_ENCLAVE_MODIFY_TYPES:
1258 ret = sgx_ioc_enclave_modify_types(encl, (void __user *)arg);
1259 break;
1260 case SGX_IOC_ENCLAVE_REMOVE_PAGES:
1261 ret = sgx_ioc_enclave_remove_pages(encl, (void __user *)arg);
1262 break;
1263 default:
1264 ret = -ENOIOCTLCMD;
1265 break;
1266 }
1267
1268 clear_bit(SGX_ENCL_IOCTL, &encl->flags);
1269 return ret;
1270 }
1271