[PATCH v34 11/24] x86/sgx: Add SGX enclave driver
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Tue Jul 7 04:11:51 UTC 2020
On Tue, Jul 07, 2020 at 04:36:17AM +0100, Matthew Wilcox wrote:
> On Tue, Jul 07, 2020 at 06:01:51AM +0300, Jarkko Sakkinen wrote:
> > Intel Software Guard eXtensions (SGX) is a set of CPU instructions that
> > can be used by applications to set aside private regions of code and
> > data. The code outside the SGX hosted software entity is disallowed to
>
> s/disallowed to/prevented from/
>
> > access the memory inside the enclave enforced by the CPU. We call these
>
> s/enforced//
>
> > entities enclaves.
> >
> > Add a driver that provides an ioctl API to construct and run enclaves.
> > Enclaves are constructed from pages residing in reserved physical memory
> > areas. The contents of these pages can only be accessed when they are
> > mapped as part of an enclave, by a hardware thread running inside the
> > enclave.
> >
> > The starting state of an enclave consists of a fixed measured set of
> > pages that are copied to the EPC during the construction process by
> > using ENCLS leaf functions and Software Enclave Control Structure (SECS)
> > that defines the enclave properties.
> >
> > Enclaves are constructed by using ENCLS leaf functions ECREATE, EADD and
> > EINIT. ECREATE initializes SECS, EADD copies pages from system memory to
> > the EPC and EINIT checks a given signed measurement and moves the enclave
> > into a state ready for execution.
>
> What's a leaf function? Is it like a CPU instruction?
Yeah, the opcode is ENCLS for ring-0 (enclave management and
construction) and ENCLU for ring-3 (entrance to the enclave etc).
The leaf function number goes to EAX.
>
> > The mmap() permissions are capped by the contained enclave page
> > permissions. The mapped areas must also be opaque, i.e. each page address
> > must contain a page. This logic is implemented in sgx_encl_may_map().
>
> do you mean "populated" instead of "opaque"?
Yes, that would be a better word to use. I'll change this.
>
> > + atomic_set(&encl->flags, 0);
> > + kref_init(&encl->refcount);
> > + INIT_RADIX_TREE(&encl->page_tree, GFP_KERNEL);
>
> Why are you using a radix tree instead of an xarray?
Because xarray did not exist in 2017 and nobody has pointed out to use
it. Now I know it exists (yet do not know what it is).
>
> > +int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start,
> > + unsigned long end, unsigned long vm_prot_bits)
> > +{
> > + unsigned long idx, idx_start, idx_end;
> > + struct sgx_encl_page *page;
> > +
> > + /*
> > + * Disallow RIE tasks as their VMA permissions might conflict with the
> > + * enclave page permissions.
> > + */
> > + if (!!(current->personality & READ_IMPLIES_EXEC))
> > + return -EACCES;
> > +
> > + idx_start = PFN_DOWN(start);
> > + idx_end = PFN_DOWN(end - 1);
> > +
> > + for (idx = idx_start; idx <= idx_end; ++idx) {
> > + mutex_lock(&encl->lock);
> > + page = radix_tree_lookup(&encl->page_tree, idx);
> > + mutex_unlock(&encl->lock);
> > +
> > + if (!page || (~page->vm_max_prot_bits & vm_prot_bits))
> > + return -EACCES;
>
> You should really use an iterator here instead of repeated lookups.
> xas_for_each() will probably be what you want.
Thank you for your remarks. I'll look into using xarray for this.
/Jarkko
More information about the Linux-security-module-archive
mailing list