@@ -1,7 +1,6 @@
obj-y += \
driver.o \
encl.o \
- encls.o \
ioctl.o \
main.o \
reclaim.o
deleted file mode 100644
@@ -1,57 +0,0 @@
-// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
-// Copyright(c) 2016-19 Intel Corporation.
-
-#include <asm/cpufeature.h>
-#include <asm/traps.h>
-#include "encls.h"
-#include "sgx.h"
-
-/* A per-cpu cache for the last known values of IA32_SGXLEPUBKEYHASHx MSRs. */
-static DEFINE_PER_CPU(u64 [4], sgx_lepubkeyhash_cache);
-
-static void sgx_update_lepubkeyhash_msrs(u64 *lepubkeyhash, bool enforce)
-{
- u64 *cache;
- int i;
-
- cache = per_cpu(sgx_lepubkeyhash_cache, smp_processor_id());
- for (i = 0; i < 4; i++) {
- if (enforce || (lepubkeyhash[i] != cache[i])) {
- wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + i, lepubkeyhash[i]);
- cache[i] = lepubkeyhash[i];
- }
- }
-}
-
-/**
- * sgx_einit - initialize an enclave
- * @sigstruct: a pointer a SIGSTRUCT
- * @token: a pointer an EINITTOKEN (optional)
- * @secs: a pointer a SECS
- * @lepubkeyhash: the desired value for IA32_SGXLEPUBKEYHASHx MSRs
- *
- * Execute ENCLS[EINIT], writing the IA32_SGXLEPUBKEYHASHx MSRs according
- * to @lepubkeyhash (if possible and necessary).
- *
- * Return:
- * 0 on success,
- * -errno or SGX error on failure
- */
-int sgx_einit(struct sgx_sigstruct *sigstruct, struct sgx_einittoken *token,
- struct sgx_epc_page *secs, u64 *lepubkeyhash)
-{
- int ret;
-
- if (!boot_cpu_has(X86_FEATURE_SGX_LC))
- return __einit(sigstruct, token, sgx_epc_addr(secs));
-
- preempt_disable();
- sgx_update_lepubkeyhash_msrs(lepubkeyhash, false);
- ret = __einit(sigstruct, token, sgx_epc_addr(secs));
- if (ret == SGX_INVALID_EINITTOKEN) {
- sgx_update_lepubkeyhash_msrs(lepubkeyhash, true);
- ret = __einit(sigstruct, token, sgx_epc_addr(secs));
- }
- preempt_enable();
- return ret;
-}
@@ -248,7 +248,4 @@ static inline int __ewb(struct sgx_pageinfo *pginfo, void *addr,
return __encls_ret_3(EWB, pginfo, addr, va);
}
-int sgx_einit(struct sgx_sigstruct *sigstruct, struct sgx_einittoken *token,
- struct sgx_epc_page *secs, u64 *lepubkeyhash);
-
#endif /* _X86_ENCLS_H */
@@ -16,6 +16,9 @@
#include "encl.h"
#include "encls.h"
+/* A per-cpu cache for the last known values of IA32_SGXLEPUBKEYHASHx MSRs. */
+static DEFINE_PER_CPU(u64 [4], sgx_lepubkeyhash_cache);
+
static struct sgx_va_page *sgx_encl_grow(struct sgx_encl *encl)
{
struct sgx_va_page *va_page = NULL;
@@ -578,6 +581,40 @@ static int sgx_get_key_hash(const void *modulus, void *hash)
return ret;
}
+static void sgx_update_lepubkeyhash_msrs(u64 *lepubkeyhash, bool enforce)
+{
+ u64 *cache;
+ int i;
+
+ cache = per_cpu(sgx_lepubkeyhash_cache, smp_processor_id());
+ for (i = 0; i < 4; i++) {
+ if (enforce || (lepubkeyhash[i] != cache[i])) {
+ wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + i, lepubkeyhash[i]);
+ cache[i] = lepubkeyhash[i];
+ }
+ }
+}
+
+static int sgx_einit(struct sgx_sigstruct *sigstruct,
+ struct sgx_einittoken *token,
+ struct sgx_epc_page *secs, u64 *lepubkeyhash)
+{
+ int ret;
+
+ if (!boot_cpu_has(X86_FEATURE_SGX_LC))
+ return __einit(sigstruct, token, sgx_epc_addr(secs));
+
+ preempt_disable();
+ sgx_update_lepubkeyhash_msrs(lepubkeyhash, false);
+ ret = __einit(sigstruct, token, sgx_epc_addr(secs));
+ if (ret == SGX_INVALID_EINITTOKEN) {
+ sgx_update_lepubkeyhash_msrs(lepubkeyhash, true);
+ ret = __einit(sigstruct, token, sgx_epc_addr(secs));
+ }
+ preempt_enable();
+ return ret;
+}
+
static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct,
struct sgx_einittoken *token)
{
Move sgx_einit() into the driver code, along with the LE hash MSR management. Providing sgx_einit() in the common SGX code was a bit premature. The thought was that the native SGX driver and KVM would be able to use a common EINIT helper, but that may or may not hold true depending on how KVM's implementation shakes out. For example, KVM may want to pass user pointers directly to EINIT in order to avoid copying large amounts of data to in-kernel temp structures. Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> --- I hedged a bit in the changelog, but I'm 99% confident KVM support will use a different implementation for EINIT. Figure moving the code is worth doing in the initial series since it eliminates encls.c. My thought is that the KVM series can move just the sgx_lepubkeyhash_cache code into main.c so it can be shared with virtual EPC code. arch/x86/kernel/cpu/sgx/Makefile | 1 - arch/x86/kernel/cpu/sgx/encls.c | 57 -------------------------------- arch/x86/kernel/cpu/sgx/encls.h | 3 -- arch/x86/kernel/cpu/sgx/ioctl.c | 37 +++++++++++++++++++++ 4 files changed, 37 insertions(+), 61 deletions(-) delete mode 100644 arch/x86/kernel/cpu/sgx/encls.c