2017-08-12 15:27:33 +00:00
|
|
|
/*
|
|
|
|
* This file is provided under a dual BSD/GPLv2 license. When using or
|
|
|
|
* redistributing this file, you may do so under either license.
|
|
|
|
*
|
|
|
|
* GPL LICENSE SUMMARY
|
|
|
|
*
|
2017-12-14 12:36:34 +00:00
|
|
|
* Copyright(c) 2016-2017 Intel Corporation.
|
2017-08-12 15:27:33 +00:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of version 2 of the GNU General Public License as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* General Public License for more details.
|
|
|
|
*
|
|
|
|
* Contact Information:
|
|
|
|
* Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
|
|
* Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
|
|
|
|
*
|
|
|
|
* BSD LICENSE
|
|
|
|
*
|
2017-12-14 12:36:34 +00:00
|
|
|
* Copyright(c) 2016-2017 Intel Corporation.
|
2017-08-12 15:27:33 +00:00
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
*
|
|
|
|
* * Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in
|
|
|
|
* the documentation and/or other materials provided with the
|
|
|
|
* distribution.
|
|
|
|
* * Neither the name of Intel Corporation nor the names of its
|
|
|
|
* contributors may be used to endorse or promote products derived
|
|
|
|
* from this software without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
|
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*
|
|
|
|
* Authors:
|
|
|
|
*
|
|
|
|
* Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
|
|
* Suresh Siddha <suresh.b.siddha@intel.com>
|
|
|
|
* Serge Ayoun <serge.ayoun@intel.com>
|
|
|
|
* Shay Katz-zamir <shay.katz-zamir@intel.com>
|
|
|
|
* Sean Christopherson <sean.j.christopherson@intel.com>
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "sgx.h"
|
|
|
|
#include <asm/mman.h>
|
|
|
|
#include <linux/delay.h>
|
|
|
|
#include <linux/file.h>
|
|
|
|
#include <linux/highmem.h>
|
|
|
|
#include <linux/ratelimit.h>
|
2017-12-14 12:36:34 +00:00
|
|
|
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0))
|
2017-08-12 15:27:33 +00:00
|
|
|
#include <linux/sched/signal.h>
|
|
|
|
#else
|
|
|
|
#include <linux/signal.h>
|
|
|
|
#endif
|
|
|
|
#include <linux/slab.h>
|
|
|
|
#include <linux/hashtable.h>
|
|
|
|
#include <linux/shmem_fs.h>
|
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
static int sgx_get_encl(unsigned long addr, struct sgx_encl **encl)
|
2017-08-12 15:27:33 +00:00
|
|
|
{
|
|
|
|
struct mm_struct *mm = current->mm;
|
|
|
|
struct vm_area_struct *vma;
|
|
|
|
int ret;
|
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
if (addr & (PAGE_SIZE - 1))
|
|
|
|
return -EINVAL;
|
|
|
|
|
2017-08-12 15:27:33 +00:00
|
|
|
down_read(&mm->mmap_sem);
|
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
ret = sgx_encl_find(mm, addr, &vma);
|
2017-08-12 15:27:33 +00:00
|
|
|
if (!ret) {
|
|
|
|
*encl = vma->vm_private_data;
|
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
if ((*encl)->flags & SGX_ENCL_SUSPEND)
|
|
|
|
ret = SGX_POWER_LOST_ENCLAVE;
|
|
|
|
else
|
|
|
|
kref_get(&(*encl)->refcount);
|
2017-08-12 15:27:33 +00:00
|
|
|
}
|
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
up_read(&mm->mmap_sem);
|
2017-08-12 15:27:33 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2017-12-14 12:36:34 +00:00
|
|
|
* sgx_ioc_enclave_create - handler for %SGX_IOC_ENCLAVE_CREATE
|
2017-08-12 15:27:33 +00:00
|
|
|
* @filep: open file to /dev/sgx
|
|
|
|
* @cmd: the command value
|
2017-12-14 12:36:34 +00:00
|
|
|
* @arg: pointer to the &struct sgx_enclave_create
|
|
|
|
*
|
|
|
|
* Validates SECS attributes, allocates an EPC page for the SECS and performs
|
|
|
|
* ECREATE.
|
2017-08-12 15:27:33 +00:00
|
|
|
*
|
2017-12-14 12:36:34 +00:00
|
|
|
* Return:
|
|
|
|
* 0 on success,
|
|
|
|
* system error on failure
|
2017-08-12 15:27:33 +00:00
|
|
|
*/
|
|
|
|
static long sgx_ioc_enclave_create(struct file *filep, unsigned int cmd,
|
|
|
|
unsigned long arg)
|
|
|
|
{
|
|
|
|
struct sgx_enclave_create *createp = (struct sgx_enclave_create *)arg;
|
2017-12-14 12:36:34 +00:00
|
|
|
void __user *src = (void __user *)createp->src;
|
|
|
|
struct sgx_secs *secs;
|
|
|
|
int ret;
|
2017-08-12 15:27:33 +00:00
|
|
|
|
|
|
|
secs = kzalloc(sizeof(*secs), GFP_KERNEL);
|
|
|
|
if (!secs)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
ret = copy_from_user(secs, src, sizeof(*secs));
|
2017-08-12 15:27:33 +00:00
|
|
|
if (ret) {
|
|
|
|
kfree(secs);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
ret = sgx_encl_create(secs);
|
2017-08-12 15:27:33 +00:00
|
|
|
|
|
|
|
kfree(secs);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2017-12-14 12:36:34 +00:00
|
|
|
* sgx_ioc_enclave_add_page - handler for %SGX_IOC_ENCLAVE_ADD_PAGE
|
2017-08-12 15:27:33 +00:00
|
|
|
*
|
|
|
|
* @filep: open file to /dev/sgx
|
|
|
|
* @cmd: the command value
|
2017-12-14 12:36:34 +00:00
|
|
|
* @arg: pointer to the &struct sgx_enclave_add_page
|
|
|
|
*
|
|
|
|
* Creates a new enclave page and enqueues an EADD operation that will be
|
|
|
|
* processed by a worker thread later on.
|
2017-08-12 15:27:33 +00:00
|
|
|
*
|
2017-12-14 12:36:34 +00:00
|
|
|
* Return:
|
|
|
|
* 0 on success,
|
|
|
|
* system error on failure
|
2017-08-12 15:27:33 +00:00
|
|
|
*/
|
|
|
|
static long sgx_ioc_enclave_add_page(struct file *filep, unsigned int cmd,
|
|
|
|
unsigned long arg)
|
|
|
|
{
|
|
|
|
struct sgx_enclave_add_page *addp = (void *)arg;
|
|
|
|
unsigned long secinfop = (unsigned long)addp->secinfo;
|
|
|
|
struct sgx_secinfo secinfo;
|
2017-12-14 12:36:34 +00:00
|
|
|
struct sgx_encl *encl;
|
|
|
|
struct page *data_page;
|
|
|
|
void *data;
|
2017-08-12 15:27:33 +00:00
|
|
|
int ret;
|
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
ret = sgx_get_encl(addp->addr, &encl);
|
2017-08-12 15:27:33 +00:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
if (copy_from_user(&secinfo, (void __user *)secinfop,
|
|
|
|
sizeof(secinfo))) {
|
2017-08-12 15:27:33 +00:00
|
|
|
kref_put(&encl->refcount, sgx_encl_release);
|
2017-12-14 12:36:34 +00:00
|
|
|
return -EFAULT;
|
2017-08-12 15:27:33 +00:00
|
|
|
}
|
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
data_page = alloc_page(GFP_HIGHUSER);
|
|
|
|
if (!data_page) {
|
2017-08-12 15:27:33 +00:00
|
|
|
kref_put(&encl->refcount, sgx_encl_release);
|
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
data = kmap(data_page);
|
2017-08-12 15:27:33 +00:00
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
ret = copy_from_user((void *)data, (void __user *)addp->src, PAGE_SIZE);
|
2017-08-12 15:27:33 +00:00
|
|
|
if (ret)
|
2017-12-14 12:36:34 +00:00
|
|
|
goto out;
|
2017-08-12 15:27:33 +00:00
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
ret = sgx_encl_add_page(encl, addp->addr, data, &secinfo, addp->mrmask);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
2017-08-12 15:27:33 +00:00
|
|
|
|
|
|
|
out:
|
2017-12-14 12:36:34 +00:00
|
|
|
kref_put(&encl->refcount, sgx_encl_release);
|
|
|
|
kunmap(data_page);
|
|
|
|
__free_page(data_page);
|
2017-08-12 15:27:33 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2017-12-14 12:36:34 +00:00
|
|
|
* sgx_ioc_enclave_init - handler for %SGX_IOC_ENCLAVE_INIT
|
2017-08-12 15:27:33 +00:00
|
|
|
*
|
|
|
|
* @filep: open file to /dev/sgx
|
|
|
|
* @cmd: the command value
|
2017-12-14 12:36:34 +00:00
|
|
|
* @arg: pointer to the &struct sgx_enclave_init
|
2017-08-12 15:27:33 +00:00
|
|
|
*
|
2017-12-14 12:36:34 +00:00
|
|
|
* Flushes the remaining enqueued EADD operations and performs EINIT.
|
|
|
|
*
|
|
|
|
* Return:
|
|
|
|
* 0 on success,
|
|
|
|
* system error on failure
|
2017-08-12 15:27:33 +00:00
|
|
|
*/
|
|
|
|
static long sgx_ioc_enclave_init(struct file *filep, unsigned int cmd,
|
|
|
|
unsigned long arg)
|
|
|
|
{
|
|
|
|
struct sgx_enclave_init *initp = (struct sgx_enclave_init *)arg;
|
|
|
|
unsigned long sigstructp = (unsigned long)initp->sigstruct;
|
|
|
|
unsigned long einittokenp = (unsigned long)initp->einittoken;
|
|
|
|
unsigned long encl_id = initp->addr;
|
2017-12-14 12:36:34 +00:00
|
|
|
struct sgx_sigstruct *sigstruct;
|
2017-08-12 15:27:33 +00:00
|
|
|
struct sgx_einittoken *einittoken;
|
|
|
|
struct sgx_encl *encl;
|
|
|
|
struct page *initp_page;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
initp_page = alloc_page(GFP_HIGHUSER);
|
|
|
|
if (!initp_page)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
sigstruct = kmap(initp_page);
|
|
|
|
einittoken = (struct sgx_einittoken *)
|
|
|
|
((unsigned long)sigstruct + PAGE_SIZE / 2);
|
|
|
|
|
|
|
|
ret = copy_from_user(sigstruct, (void __user *)sigstructp,
|
2017-12-14 12:36:34 +00:00
|
|
|
sizeof(*sigstruct));
|
2017-08-12 15:27:33 +00:00
|
|
|
if (ret)
|
2017-12-14 12:36:34 +00:00
|
|
|
goto out;
|
2017-08-12 15:27:33 +00:00
|
|
|
|
|
|
|
ret = copy_from_user(einittoken, (void __user *)einittokenp,
|
2017-12-14 12:36:34 +00:00
|
|
|
sizeof(*einittoken));
|
2017-08-12 15:27:33 +00:00
|
|
|
if (ret)
|
2017-12-14 12:36:34 +00:00
|
|
|
goto out;
|
2017-08-12 15:27:33 +00:00
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
ret = sgx_get_encl(encl_id, &encl);
|
2017-08-12 15:27:33 +00:00
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
|
2017-12-14 12:36:34 +00:00
|
|
|
ret = sgx_encl_init(encl, sigstruct, einittoken);
|
2017-08-12 15:27:33 +00:00
|
|
|
|
|
|
|
kref_put(&encl->refcount, sgx_encl_release);
|
2017-12-14 12:36:34 +00:00
|
|
|
|
|
|
|
out:
|
2017-08-12 15:27:33 +00:00
|
|
|
kunmap(initp_page);
|
|
|
|
__free_page(initp_page);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
typedef long (*sgx_ioc_t)(struct file *filep, unsigned int cmd,
|
|
|
|
unsigned long arg);
|
|
|
|
|
|
|
|
long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg)
|
|
|
|
{
|
|
|
|
char data[256];
|
|
|
|
sgx_ioc_t handler = NULL;
|
|
|
|
long ret;
|
|
|
|
|
|
|
|
switch (cmd) {
|
|
|
|
case SGX_IOC_ENCLAVE_CREATE:
|
|
|
|
handler = sgx_ioc_enclave_create;
|
|
|
|
break;
|
|
|
|
case SGX_IOC_ENCLAVE_ADD_PAGE:
|
|
|
|
handler = sgx_ioc_enclave_add_page;
|
|
|
|
break;
|
|
|
|
case SGX_IOC_ENCLAVE_INIT:
|
|
|
|
handler = sgx_ioc_enclave_init;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return -ENOIOCTLCMD;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (copy_from_user(data, (void __user *)arg, _IOC_SIZE(cmd)))
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
ret = handler(filep, cmd, (unsigned long)((void *)data));
|
|
|
|
if (!ret && (cmd & IOC_OUT)) {
|
|
|
|
if (copy_to_user((void __user *)arg, data, _IOC_SIZE(cmd)))
|
|
|
|
return -EFAULT;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|