LXR linux/arch/x86/kernel/cpu/sgx/driver.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*  Copyright(c) 2016-20 Intel Corporation. */
   3
   4#include <linux/acpi.h>
   5#include <linux/miscdevice.h>
   6#include <linux/mman.h>
   7#include <linux/security.h>
   8#include <linux/suspend.h>
   9#include <asm/traps.h>
  10#include "driver.h"
  11#include "encl.h"
  12
  13u64 sgx_attributes_reserved_mask;
  14u64 sgx_xfrm_reserved_mask = ~0x3;
  15u32 sgx_misc_reserved_mask;
  16
  17static int sgx_open(struct inode *inode, struct file *file)
  18{
  19        struct sgx_encl *encl;
  20        int ret;
  21
  22        encl = kzalloc(sizeof(*encl), GFP_KERNEL);
  23        if (!encl)
  24                return -ENOMEM;
  25
  26        kref_init(&encl->refcount);
  27        xa_init(&encl->page_array);
  28        mutex_init(&encl->lock);
  29        INIT_LIST_HEAD(&encl->va_pages);
  30        INIT_LIST_HEAD(&encl->mm_list);
  31        spin_lock_init(&encl->mm_lock);
  32
  33        ret = init_srcu_struct(&encl->srcu);
  34        if (ret) {
  35                kfree(encl);
  36                return ret;
  37        }
  38
  39        file->private_data = encl;
  40
  41        return 0;
  42}
  43
  44static int sgx_release(struct inode *inode, struct file *file)
  45{
  46        struct sgx_encl *encl = file->private_data;
  47        struct sgx_encl_mm *encl_mm;
  48
  49        /*
  50         * Drain the remaining mm_list entries. At this point the list contains
  51         * entries for processes, which have closed the enclave file but have
  52         * not exited yet. The processes, which have exited, are gone from the
  53         * list by sgx_mmu_notifier_release().
  54         */
  55        for ( ; ; )  {
  56                spin_lock(&encl->mm_lock);
  57
  58                if (list_empty(&encl->mm_list)) {
  59                        encl_mm = NULL;
  60                } else {
  61                        encl_mm = list_first_entry(&encl->mm_list,
  62                                                   struct sgx_encl_mm, list);
  63                        list_del_rcu(&encl_mm->list);
  64                }
  65
  66                spin_unlock(&encl->mm_lock);
  67
  68                /* The enclave is no longer mapped by any mm. */
  69                if (!encl_mm)
  70                        break;
  71
  72                synchronize_srcu(&encl->srcu);
  73                mmu_notifier_unregister(&encl_mm->mmu_notifier, encl_mm->mm);
  74                kfree(encl_mm);
  75
  76                /* 'encl_mm' is gone, put encl_mm->encl reference: */
  77                kref_put(&encl->refcount, sgx_encl_release);
  78        }
  79
  80        kref_put(&encl->refcount, sgx_encl_release);
  81        return 0;
  82}
  83
  84static int sgx_mmap(struct file *file, struct vm_area_struct *vma)
  85{
  86        struct sgx_encl *encl = file->private_data;
  87        int ret;
  88
  89        ret = sgx_encl_may_map(encl, vma->vm_start, vma->vm_end, vma->vm_flags);
  90        if (ret)
  91                return ret;
  92
  93        ret = sgx_encl_mm_add(encl, vma->vm_mm);
  94        if (ret)
  95                return ret;
  96
  97        vma->vm_ops = &sgx_vm_ops;
  98        vma->vm_flags |= VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP | VM_IO;
  99        vma->vm_private_data = encl;
 100
 101        return 0;
 102}
 103
 104static unsigned long sgx_get_unmapped_area(struct file *file,
 105                                           unsigned long addr,
 106                                           unsigned long len,
 107                                           unsigned long pgoff,
 108                                           unsigned long flags)
 109{
 110        if ((flags & MAP_TYPE) == MAP_PRIVATE)
 111                return -EINVAL;
 112
 113        if (flags & MAP_FIXED)
 114                return addr;
 115
 116        return current->mm->get_unmapped_area(file, addr, len, pgoff, flags);
 117}
 118
 119#ifdef CONFIG_COMPAT
 120static long sgx_compat_ioctl(struct file *filep, unsigned int cmd,
 121                              unsigned long arg)
 122{
 123        return sgx_ioctl(filep, cmd, arg);
 124}
 125#endif
 126
 127static const struct file_operations sgx_encl_fops = {
 128        .owner                  = THIS_MODULE,
 129        .open                   = sgx_open,
 130        .release                = sgx_release,
 131        .unlocked_ioctl         = sgx_ioctl,
 132#ifdef CONFIG_COMPAT
 133        .compat_ioctl           = sgx_compat_ioctl,
 134#endif
 135        .mmap                   = sgx_mmap,
 136        .get_unmapped_area      = sgx_get_unmapped_area,
 137};
 138
 139static struct miscdevice sgx_dev_enclave = {
 140        .minor = MISC_DYNAMIC_MINOR,
 141        .name = "sgx_enclave",
 142        .nodename = "sgx_enclave",
 143        .fops = &sgx_encl_fops,
 144};
 145
 146int __init sgx_drv_init(void)
 147{
 148        unsigned int eax, ebx, ecx, edx;
 149        u64 attr_mask;
 150        u64 xfrm_mask;
 151        int ret;
 152
 153        if (!cpu_feature_enabled(X86_FEATURE_SGX_LC))
 154                return -ENODEV;
 155
 156        cpuid_count(SGX_CPUID, 0, &eax, &ebx, &ecx, &edx);
 157
 158        if (!(eax & 1))  {
 159                pr_err("SGX disabled: SGX1 instruction support not available.\n");
 160                return -ENODEV;
 161        }
 162
 163        sgx_misc_reserved_mask = ~ebx | SGX_MISC_RESERVED_MASK;
 164
 165        cpuid_count(SGX_CPUID, 1, &eax, &ebx, &ecx, &edx);
 166
 167        attr_mask = (((u64)ebx) << 32) + (u64)eax;
 168        sgx_attributes_reserved_mask = ~attr_mask | SGX_ATTR_RESERVED_MASK;
 169
 170        if (cpu_feature_enabled(X86_FEATURE_OSXSAVE)) {
 171                xfrm_mask = (((u64)edx) << 32) + (u64)ecx;
 172                sgx_xfrm_reserved_mask = ~xfrm_mask;
 173        }
 174
 175        ret = misc_register(&sgx_dev_enclave);
 176        if (ret)
 177                return ret;
 178
 179        return 0;
 180}
 181