| blob | 279148e7245965dc59198fa3c2705b26aff23f92 |
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright(c) 2016-20 Intel Corporation. */
4 #include <linux/lockdep.h>
5 #include <linux/mm.h>
6 #include <linux/mman.h>
7 #include <linux/shmem_fs.h>
8 #include <linux/suspend.h>
9 #include <linux/sched/mm.h>
10 #include <asm/sgx.h>
18 #define PCMDS_PER_PAGE (PAGE_SIZE / sizeof(struct sgx_pcmd))
19 /*
20 * 32 PCMD entries share a PCMD page. PCMD_FIRST_MASK is used to
21 * determine the page index associated with the first PCMD entry
22 * within a PCMD page.
23 */
24 #define PCMD_FIRST_MASK GENMASK(4, 0)
26 /**
27 * reclaimer_writing_to_pcmd() - Query if any enclave page associated with
28 * a PCMD page is in process of being reclaimed.
29 * @encl: Enclave to which PCMD page belongs
30 * @start_addr: Address of enclave page using first entry within the PCMD page
31 *
32 * When an enclave page is reclaimed some Paging Crypto MetaData (PCMD) is
33 * stored. The PCMD data of a reclaimed enclave page contains enough
34 * information for the processor to verify the page at the time
35 * it is loaded back into the Enclave Page Cache (EPC).
36 *
37 * The backing storage to which enclave pages are reclaimed is laid out as
38 * follows:
39 * Encrypted enclave pages:SECS page:PCMD pages
40 *
41 * Each PCMD page contains the PCMD metadata of
42 * PAGE_SIZE/sizeof(struct sgx_pcmd) enclave pages.
43 *
44 * A PCMD page can only be truncated if it is (a) empty, and (b) not in the
45 * process of getting data (and thus soon being non-empty). (b) is tested with
46 * a check if an enclave page sharing the PCMD page is in the process of being
47 * reclaimed.
48 *
49 * The reclaimer sets the SGX_ENCL_PAGE_BEING_RECLAIMED flag when it
50 * intends to reclaim that enclave page - it means that the PCMD page
51 * associated with that enclave page is about to get some data and thus
52 * even if the PCMD page is empty, it should not be truncated.
53 *
54 * Context: Enclave mutex (&sgx_encl->lock) must be held.
55 * Return: 1 if the reclaimer is about to write to the PCMD page
56 * 0 if the reclaimer has no intention to write to the PCMD page
57 */
60 {
64 /*
65 * PCMD_FIRST_MASK is based on number of PCMD entries within
66 * PCMD page being 32.
67 */
76 /*
77 * Stop when reaching the SECS page - it does not
78 * have a page_array entry and its reclaim is
79 * started and completed with enclave mutex held so
80 * it does not use the SGX_ENCL_PAGE_BEING_RECLAIMED
81 * flag.
82 */
90 /*
91 * VA page slot ID uses same bit as the flag so it is important
92 * to ensure that the page is not already in backing store.
93 */
98 }
99 }
102 }
104 /*
105 * Calculate byte offset of a PCMD struct associated with an enclave page. PCMD's
106 * follow right after the EPC data in the backing storage. In addition to the
107 * visible enclave pages, there's one extra page slot for SECS, before PCMD
108 * structs.
109 */
112 {
116 }
118 /*
119 * Free a page from the backing storage in the given page index.
120 */
121 static inline void sgx_encl_truncate_backing_page(struct sgx_encl *encl, unsigned long page_index)
122 {
126 }
128 /*
129 * ELDU: Load an EPC page as unblocked. For more info, see "OS Management of EPC
130 * Pages" in the SDM.
131 */
135 {
148 else
151 /*
152 * Address of enclave page using the first entry within the PCMD page.
153 */
169 else
179 }
184 /*
185 * The area for the PCMD in the page was zeroed above. Check if the
186 * whole page is now empty meaning that all PCMD's have been zeroed:
187 */
204 }
209 }
213 {
228 }
236 }
238 /*
239 * Ensure the SECS page is not swapped out. Must be called with encl->lock
240 * to protect the enclave states including SECS and ensure the SECS page is
241 * not swapped out again while being used.
242 */
244 {
251 }
255 {
258 /* Entry successfully located. */
264 }
278 }
283 {
291 /*
292 * Verify that the page has equal or higher build time
293 * permissions than the VMA permissions (i.e. the subset of {VM_READ,
294 * VM_WRITE, VM_EXECUTE} in vma->vm_flags).
295 */
300 }
304 {
312 }
314 /**
315 * sgx_encl_eaug_page() - Dynamically add page to initialized enclave
316 * @vma: VMA obtained from fault info from where page is accessed
317 * @encl: enclave accessing the page
318 * @addr: address that triggered the page fault
319 *
320 * When an initialized enclave accesses a page with no backing EPC page
321 * on a SGX2 system then the EPC can be added dynamically via the SGX2
322 * ENCLS[EAUG] instruction.
323 *
324 * Returns: Appropriate vm_fault_t: VM_FAULT_NOPAGE when PTE was installed
325 * successfully, VM_FAULT_SIGBUS or VM_FAULT_OOM as error otherwise.
326 */
329 {
336 u64 secinfo_flags;
342 /*
343 * Ignore internal permission checking for dynamically added pages.
344 * They matter only for data added during the pre-initialization
345 * phase. The enclave decides the permissions by the means of
346 * EACCEPT, EACCEPTCOPY and EMODPE.
347 */
360 }
367 }
374 }
381 /*
382 * If ret == -EBUSY then page was created in another flow while
383 * running without encl->lock
384 */
404 /*
405 * Do not undo everything when creating PTE entry fails - next #PF
406 * would find page ready for a PTE.
407 */
412 }
416 err_out:
419 err_out_shrink:
421 err_out_epc:
423 err_out_unlock:
428 }
431 {
437 vm_fault_t ret;
441 /*
442 * It's very unlikely but possible that allocating memory for the
443 * mm_list entry of a forked process failed in sgx_vma_open(). When
444 * this happens, vm_private_data is set to NULL.
445 */
449 /*
450 * The page_array keeps track of all enclave pages, whether they
451 * are swapped out or not. If there is no entry for this page and
452 * the system supports SGX2 then it is possible to dynamically add
453 * a new enclave page. This is only possible for an initialized
454 * enclave that will be checked for right away.
455 */
470 }
479 }
485 }
488 {
491 /*
492 * It's possible but unlikely that vm_private_data is NULL. This can
493 * happen in a grandchild of a process, when sgx_encl_mm_add() had
494 * failed to allocate memory in this callback.
495 */
501 }
504 /**
505 * sgx_encl_may_map() - Check if a requested VMA mapping is allowed
506 * @encl: an enclave pointer
507 * @start: lower bound of the address range, inclusive
508 * @end: upper bound of the address range, exclusive
509 * @vm_flags: VMA flags
510 *
511 * Iterate through the enclave pages contained within [@start, @end) to verify
512 * that the permissions requested by a subset of {VM_READ, VM_WRITE, VM_EXEC}
513 * do not contain any permissions that are not contained in the build time
514 * permissions of any of the enclave pages within the given address range.
515 *
516 * An enclave creator must declare the strongest permissions that will be
517 * needed for each enclave page. This ensures that mappings have the identical
518 * or weaker permissions than the earlier declared permissions.
519 *
520 * Return: 0 on success, -EACCES otherwise
521 */
524 {
532 /* Disallow mapping outside enclave's address range. */
537 /*
538 * Disallow READ_IMPLIES_EXEC tasks as their VMA permissions might
539 * conflict with the enclave page permissions.
540 */
550 }
552 /* Reschedule on every XA_CHECK_SCHED iteration. */
562 }
563 }
568 }
572 {
574 }
578 {
588 }
592 {
601 }
603 /*
604 * Load an enclave page to EPC if required, and take encl->lock.
605 */
609 {
620 }
626 }
630 {
640 /*
641 * If process was forked, VMA is still there but vm_private_data is set
642 * to NULL.
643 */
656 }
674 }
676 out:
681 }
684 }
691 };
693 /**
694 * sgx_encl_release - Destroy an enclave instance
695 * @ref: address of a kref inside &sgx_encl
696 *
697 * Used together with kref_put(). Frees all the resources associated with the
698 * enclave and the instance itself.
699 */
701 {
713 /*
714 * The page and its radix tree entry cannot be freed
715 * if the page is being held by the reclaimer.
716 */
723 }
726 /*
727 * Invoke scheduler on every XA_CHECK_SCHED iteration
728 * to prevent soft lockups.
729 */
737 }
738 }
746 }
750 list);
754 }
763 /* Detect EPC page leak's. */
768 }
770 /*
771 * 'mm' is exiting and no longer needs mmu notifications.
772 */
775 {
780 /*
781 * The enclave itself can remove encl_mm. Note, objects can't be moved
782 * off an RCU protected list, but deletion is ok.
783 */
790 }
791 }
797 }
798 }
801 {
804 /* 'encl_mm' is going away, put encl_mm->encl reference: */
808 }
813 };
817 {
828 }
829 }
834 }
837 {
841 /*
842 * Even though a single enclave may be mapped into an mm more than once,
843 * each 'mm' only appears once on encl->mm_list. This is guaranteed by
844 * holding the mm's mmap lock for write before an mm can be added or
845 * remove to an encl->mm_list.
846 */
849 /*
850 * It's possible that an entry already exists in the mm_list, because it
851 * is removed only on VFS release or process exit.
852 */
860 /* Grab a refcount for the encl_mm->encl reference: */
870 }
874 /* Pairs with smp_rmb() in sgx_zap_enclave_ptes(). */
880 }
882 /**
883 * sgx_encl_cpumask() - Query which CPUs might be accessing the enclave
884 * @encl: the enclave
885 *
886 * Some SGX functions require that no cached linear-to-physical address
887 * mappings are present before they can succeed. For example, ENCLS[EWB]
888 * copies a page from the enclave page cache to regular main memory but
889 * it fails if it cannot ensure that there are no cached
890 * linear-to-physical address mappings referring to the page.
891 *
892 * SGX hardware flushes all cached linear-to-physical mappings on a CPU
893 * when an enclave is exited via ENCLU[EEXIT] or an Asynchronous Enclave
894 * Exit (AEX). Exiting an enclave will thus ensure cached linear-to-physical
895 * address mappings are cleared but coordination with the tracking done within
896 * the SGX hardware is needed to support the SGX functions that depend on this
897 * cache clearing.
898 *
899 * When the ENCLS[ETRACK] function is issued on an enclave the hardware
900 * tracks threads operating inside the enclave at that time. The SGX
901 * hardware tracking require that all the identified threads must have
902 * exited the enclave in order to flush the mappings before a function such
903 * as ENCLS[EWB] will be permitted
904 *
905 * The following flow is used to support SGX functions that require that
906 * no cached linear-to-physical address mappings are present:
907 * 1) Execute ENCLS[ETRACK] to initiate hardware tracking.
908 * 2) Use this function (sgx_encl_cpumask()) to query which CPUs might be
909 * accessing the enclave.
910 * 3) Send IPI to identified CPUs, kicking them out of the enclave and
911 * thus flushing all locally cached linear-to-physical address mappings.
912 * 4) Execute SGX function.
913 *
914 * Context: It is required to call this function after ENCLS[ETRACK].
915 * This will ensure that if any new mm appears (racing with
916 * sgx_encl_mm_add()) then the new mm will enter into the
917 * enclave with fresh linear-to-physical address mappings.
918 *
919 * It is required that all IPIs are completed before a new
920 * ENCLS[ETRACK] is issued so be sure to protect steps 1 to 3
921 * of the above flow with the enclave's mutex.
922 *
923 * Return: cpumask of CPUs that might be accessing @encl
924 */
926 {
942 }
947 }
950 pgoff_t index)
951 {
956 }
958 /**
959 * __sgx_encl_get_backing() - Pin the backing storage
960 * @encl: an enclave pointer
961 * @page_index: enclave page index
962 * @backing: data for accessing backing storage for the page
963 *
964 * Pin the backing storage pages for storing the encrypted contents and Paging
965 * Crypto MetaData (PCMD) of an enclave page.
966 *
967 * Return:
968 * 0 on success,
969 * -errno otherwise.
970 */
973 {
986 }
993 }
995 /*
996 * When called from ksgxd, returns the mem_cgroup of a struct mm stored
997 * in the enclave's mm_list. When not called from ksgxd, just returns
998 * the mem_cgroup of the current task.
999 */
1001 {
1006 /*
1007 * If called from normal task context, return the mem_cgroup
1008 * of the current task's mm. The remainder of the handling is for
1009 * ksgxd.
1010 */
1014 /*
1015 * Search the enclave's mm_list to find an mm associated with
1016 * this enclave to charge the allocation to.
1017 */
1029 }
1033 /*
1034 * In the rare case that there isn't an mm associated with
1035 * the enclave, set memcg to the current active mem_cgroup.
1036 * This will be the root mem_cgroup if there is no active
1037 * mem_cgroup.
1038 */
1043 }
1045 /**
1046 * sgx_encl_alloc_backing() - create a new backing storage page
1047 * @encl: an enclave pointer
1048 * @page_index: enclave page index
1049 * @backing: data for accessing backing storage for the page
1050 *
1051 * When called from ksgxd, sets the active memcg from one of the
1052 * mms in the enclave's mm_list prior to any backing page allocation,
1053 * in order to ensure that shmem page allocations are charged to the
1054 * enclave. Create a backing page for loading data back into an EPC page with
1055 * ELDU. This function takes a reference on a new backing page which
1056 * must be dropped with a corresponding call to sgx_encl_put_backing().
1057 *
1058 * Return:
1059 * 0 on success,
1060 * -errno otherwise.
1061 */
1064 {
1075 }
1077 /**
1078 * sgx_encl_lookup_backing() - retrieve an existing backing storage page
1079 * @encl: an enclave pointer
1080 * @page_index: enclave page index
1081 * @backing: data for accessing backing storage for the page
1082 *
1083 * Retrieve a backing page for loading data back into an EPC page with ELDU.
1084 * It is the caller's responsibility to ensure that it is appropriate to use
1085 * sgx_encl_lookup_backing() rather than sgx_encl_alloc_backing(). If lookup is
1086 * not used correctly, this will cause an allocation which is not accounted for.
1087 * This function takes a reference on an existing backing page which must be
1088 * dropped with a corresponding call to sgx_encl_put_backing().
1089 *
1090 * Return:
1091 * 0 on success,
1092 * -errno otherwise.
1093 */
1096 {
1098 }
1100 /**
1101 * sgx_encl_put_backing() - Unpin the backing storage
1102 * @backing: data for accessing backing storage for the page
1103 */
1105 {
1108 }
1112 {
1113 pte_t pte;
1120 }
1123 }
1125 /**
1126 * sgx_encl_test_and_clear_young() - Test and reset the accessed bit
1127 * @mm: mm_struct that is checked
1128 * @page: enclave page to be tested for recent access
1129 *
1130 * Checks the Access (A) bit from the PTE corresponding to the enclave page and
1131 * clears it.
1132 *
1133 * Return: 1 if the page has been recently accessed and 0 if not.
1134 */
1137 {
1156 }
1160 u64 secinfo_flags)
1161 {
1176 /*
1177 * TCS pages must always RW set for CPU access while the SECINFO
1178 * permissions are *always* zero - the CPU ignores the user provided
1179 * values and silently overwrites them with zero permissions.
1180 */
1184 /* Calculate maximum of the VM flags for the page. */
1188 }
1190 /**
1191 * sgx_zap_enclave_ptes() - remove PTEs mapping the address from enclave
1192 * @encl: the enclave
1193 * @addr: page aligned pointer to single page for which PTEs will be removed
1194 *
1195 * Multiple VMAs may have an enclave page mapped. Remove the PTE mapping
1196 * @addr from each VMA. Ensure that page fault handler is ready to handle
1197 * new mappings of @addr before calling this function.
1198 */
1200 {
1209 /* Pairs with smp_wmb() in sgx_encl_mm_add(). */
1227 }
1231 }
1233 /**
1234 * sgx_alloc_va_page() - Allocate a Version Array (VA) page
1235 * @reclaim: Reclaim EPC pages directly if none available. Enclave
1236 * mutex should not be held if this is set.
1237 *
1238 * Allocate a free EPC page and convert it to a Version Array (VA) page.
1239 *
1240 * Return:
1241 * a VA page,
1242 * -errno otherwise
1243 */
1245 {
1258 }
1261 }
1263 /**
1264 * sgx_alloc_va_slot - allocate a VA slot
1265 * @va_page: a &struct sgx_va_page instance
1266 *
1267 * Allocates a slot from a &struct sgx_va_page instance.
1268 *
1269 * Return: offset of the slot inside the VA page
1270 */
1272 {
1279 }
1281 /**
1282 * sgx_free_va_slot - free a VA slot
1283 * @va_page: a &struct sgx_va_page instance
1284 * @offset: offset of the slot inside the VA page
1285 *
1286 * Frees a slot from a &struct sgx_va_page instance.
1287 */
1289 {
1291 }
1293 /**
1294 * sgx_va_page_full - is the VA page full?
1295 * @va_page: a &struct sgx_va_page instance
1296 *
1297 * Return: true if all slots have been taken
1298 */
1300 {
1304 }
1306 /**
1307 * sgx_encl_free_epc_page - free an EPC page assigned to an enclave
1308 * @page: EPC page to be freed
1309 *
1310 * Free an EPC page assigned to an enclave. It does EREMOVE for the page, and
1311 * only upon success, it puts the page back to free page list. Otherwise, it
1312 * gives a WARNING to indicate page is leaked.
1313 */
1315 {
1325 }