From patchwork Mon Jan 30 19:57:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 9546069 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E308960417 for ; Mon, 30 Jan 2017 19:57:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E757C2818B for ; Mon, 30 Jan 2017 19:57:41 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DC51C281C3; Mon, 30 Jan 2017 19:57:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 61CC92818B for ; Mon, 30 Jan 2017 19:57:41 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 492AF81F77 for ; Mon, 30 Jan 2017 11:57:41 -0800 (PST) X-Original-To: intel-sgx-kernel-dev@lists.01.org Delivered-To: intel-sgx-kernel-dev@lists.01.org Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 33F7881F77 for ; Mon, 30 Jan 2017 11:57:40 -0800 (PST) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Jan 2017 11:57:39 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos; i="5.33,312,1477983600"; d="scan'208"; a="1119866518" Received: from mbrennan-mobl3.ger.corp.intel.com (HELO localhost) ([10.252.3.129]) by fmsmga002.fm.intel.com with ESMTP; 30 Jan 2017 11:57:38 -0800 From: Jarkko Sakkinen To: intel-sgx-kernel-dev@lists.01.org Date: Mon, 30 Jan 2017 21:57:30 +0200 Message-Id: <20170130195730.14975-3-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170130195730.14975-1-jarkko.sakkinen@linux.intel.com> References: <20170130195730.14975-1-jarkko.sakkinen@linux.intel.com> Subject: [intel-sgx-kernel-dev] [PATCH v3 2/2] intel_sgx: backing storage file for PCMD X-BeenThere: intel-sgx-kernel-dev@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Project: Intel® Software Guard Extensions for Linux*: https://01.org/intel-software-guard-extensions" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: intel-sgx-kernel-dev-bounces@lists.01.org Sender: "intel-sgx-kernel-dev" X-Virus-Scanned: ClamAV using ClamSMTP Move PCMD's to a backing storage file in order to give more control to do swapping and discarding. Signed-off-by: Jarkko Sakkinen --- drivers/platform/x86/intel_sgx.h | 5 +++-- drivers/platform/x86/intel_sgx_ioctl.c | 16 +++++++++++-- drivers/platform/x86/intel_sgx_page_cache.c | 21 ++++++++++++++--- drivers/platform/x86/intel_sgx_util.c | 21 ++++++++++++----- drivers/platform/x86/intel_sgx_vma.c | 35 ++++++++++++++++++++--------- 5 files changed, 74 insertions(+), 24 deletions(-) diff --git a/drivers/platform/x86/intel_sgx.h b/drivers/platform/x86/intel_sgx.h index ed9e8e6..fb58d60 100644 --- a/drivers/platform/x86/intel_sgx.h +++ b/drivers/platform/x86/intel_sgx.h @@ -115,7 +115,6 @@ struct sgx_encl_page { struct list_head load_list; struct sgx_va_page *va_page; unsigned int va_offset; - struct sgx_pcmd pcmd; }; struct sgx_tgid_ctx { @@ -141,6 +140,7 @@ struct sgx_encl { struct task_struct *owner; struct mm_struct *mm; struct file *backing; + struct file *pcmd; struct list_head load_list; struct kref refcount; unsigned long base; @@ -196,7 +196,8 @@ int sgx_test_and_clear_young(struct sgx_encl_page *page, struct sgx_encl *encl); void *sgx_get_epc_page(struct sgx_epc_page *entry); void sgx_put_epc_page(void *epc_page_vaddr); struct page *sgx_get_backing(struct sgx_encl *encl, - struct sgx_encl_page *entry); + struct sgx_encl_page *entry, + bool pcmd); void sgx_put_backing(struct page *backing, bool write); void sgx_insert_pte(struct sgx_encl *encl, struct sgx_encl_page *encl_page, diff --git a/drivers/platform/x86/intel_sgx_ioctl.c b/drivers/platform/x86/intel_sgx_ioctl.c index f2cc2c1..b480187 100644 --- a/drivers/platform/x86/intel_sgx_ioctl.c +++ b/drivers/platform/x86/intel_sgx_ioctl.c @@ -234,7 +234,7 @@ static bool sgx_process_add_page_req(struct sgx_add_page_req *req) if (sgx_find_encl(encl->mm, encl_page->addr, &vma)) goto out; - backing = sgx_get_backing(encl, encl_page); + backing = sgx_get_backing(encl, encl_page, false); if (IS_ERR(backing)) goto out; @@ -484,6 +484,7 @@ static long sgx_ioc_enclave_create(struct file *filep, unsigned int cmd, struct vm_area_struct *vma; void *secs_vaddr = NULL; struct file *backing; + struct file *pcmd; long ret; secs = kzalloc(sizeof(*secs), GFP_KERNEL); @@ -508,9 +509,19 @@ static long sgx_ioc_enclave_create(struct file *filep, unsigned int cmd, goto out; } + pcmd = shmem_file_setup("dev/sgx", + (secs->size + PAGE_SIZE) >> 5, + VM_NORESERVE); + if (IS_ERR(pcmd)) { + fput(backing); + ret = PTR_ERR(pcmd); + goto out; + } + encl = kzalloc(sizeof(*encl), GFP_KERNEL); if (!encl) { fput(backing); + fput(pcmd); ret = -ENOMEM; goto out; } @@ -529,6 +540,7 @@ static long sgx_ioc_enclave_create(struct file *filep, unsigned int cmd, encl->base = secs->base; encl->size = secs->size; encl->backing = backing; + encl->pcmd = pcmd; secs_epc = sgx_alloc_page(encl->tgid_ctx, 0); if (IS_ERR(secs_epc)) { @@ -706,7 +718,7 @@ static int __encl_add_page(struct sgx_encl *encl, goto out; } - backing = sgx_get_backing(encl, encl_page); + backing = sgx_get_backing(encl, encl_page, false); if (IS_ERR((void *)backing)) { ret = PTR_ERR((void *)backing); goto out; diff --git a/drivers/platform/x86/intel_sgx_page_cache.c b/drivers/platform/x86/intel_sgx_page_cache.c index d073057..8e8f6eb 100644 --- a/drivers/platform/x86/intel_sgx_page_cache.c +++ b/drivers/platform/x86/intel_sgx_page_cache.c @@ -237,11 +237,15 @@ static int __sgx_ewb(struct sgx_encl *encl, { struct sgx_page_info pginfo; struct page *backing; + struct page *pcmd; + unsigned long pcmd_offset; void *epc; void *va; int ret; - backing = sgx_get_backing(encl, encl_page); + pcmd_offset = ((encl_page->addr >> PAGE_SHIFT) & 31) * 128; + + backing = sgx_get_backing(encl, encl_page, false); if (IS_ERR(backing)) { ret = PTR_ERR(backing); sgx_warn(encl, "pinning the backing page for EWB failed with %d\n", @@ -249,21 +253,32 @@ static int __sgx_ewb(struct sgx_encl *encl, return ret; } + pcmd = sgx_get_backing(encl, encl_page, true); + if (IS_ERR(pcmd)) { + ret = PTR_ERR(pcmd); + sgx_warn(encl, "pinning the pcmd page for EWB failed with %d\n", + ret); + goto out; + } + epc = sgx_get_epc_page(encl_page->epc_page); va = sgx_get_epc_page(encl_page->va_page->epc_page); pginfo.srcpge = (unsigned long)kmap_atomic(backing); - pginfo.pcmd = (unsigned long)&encl_page->pcmd; + pginfo.pcmd = (unsigned long)kmap_atomic(pcmd) + pcmd_offset; pginfo.linaddr = 0; pginfo.secs = 0; ret = __ewb(&pginfo, epc, (void *)((unsigned long)va + encl_page->va_offset)); + kunmap_atomic((void *)(unsigned long)(pginfo.pcmd - pcmd_offset)); kunmap_atomic((void *)(unsigned long)pginfo.srcpge); sgx_put_epc_page(va); sgx_put_epc_page(epc); - sgx_put_backing(backing, true); + sgx_put_backing(pcmd, true); +out: + sgx_put_backing(backing, true); return ret; } diff --git a/drivers/platform/x86/intel_sgx_util.c b/drivers/platform/x86/intel_sgx_util.c index 2c390c5..c8d788a 100644 --- a/drivers/platform/x86/intel_sgx_util.c +++ b/drivers/platform/x86/intel_sgx_util.c @@ -79,22 +79,28 @@ void sgx_put_epc_page(void *epc_page_vaddr) } struct page *sgx_get_backing(struct sgx_encl *encl, - struct sgx_encl_page *entry) + struct sgx_encl_page *entry, + bool pcmd) { - struct page *backing; struct inode *inode; struct address_space *mapping; gfp_t gfpmask; pgoff_t index; - inode = encl->backing->f_path.dentry->d_inode; + if (pcmd) + inode = encl->pcmd->f_path.dentry->d_inode; + else + inode = encl->backing->f_path.dentry->d_inode; + mapping = inode->i_mapping; gfpmask = mapping_gfp_mask(mapping); - index = (entry->addr - encl->base) >> PAGE_SHIFT; - backing = shmem_read_mapping_page_gfp(mapping, index, gfpmask); + if (pcmd) + index = (entry->addr - encl->base) >> (PAGE_SHIFT + 5); + else + index = (entry->addr - encl->base) >> PAGE_SHIFT; - return backing; + return shmem_read_mapping_page_gfp(mapping, index, gfpmask); } void sgx_put_backing(struct page *backing_page, bool write) @@ -245,5 +251,8 @@ void sgx_encl_release(struct kref *ref) if (encl->backing) fput(encl->backing); + if (encl->pcmd) + fput(encl->pcmd); + kfree(encl); } diff --git a/drivers/platform/x86/intel_sgx_vma.c b/drivers/platform/x86/intel_sgx_vma.c index 9cc8e83..8541369 100644 --- a/drivers/platform/x86/intel_sgx_vma.c +++ b/drivers/platform/x86/intel_sgx_vma.c @@ -99,13 +99,17 @@ static int sgx_eldu(struct sgx_encl *encl, bool is_secs) { struct page *backing; + struct page *pcmd; + unsigned long pcmd_offset; struct sgx_page_info pginfo; void *secs_ptr = NULL; void *epc_ptr; void *va_ptr; int ret; - backing = sgx_get_backing(encl, encl_page); + pcmd_offset = ((encl_page->addr >> PAGE_SHIFT) & 31) * 128; + + backing = sgx_get_backing(encl, encl_page, false); if (IS_ERR(backing)) { ret = PTR_ERR(backing); sgx_warn(encl, "pinning the backing page for ELDU failed with %d\n", @@ -113,22 +117,34 @@ static int sgx_eldu(struct sgx_encl *encl, return ret; } + pcmd = sgx_get_backing(encl, encl_page, true); + if (IS_ERR(pcmd)) { + ret = PTR_ERR(pcmd); + sgx_warn(encl, "pinning the pcmd page for EWB failed with %d\n", + ret); + goto out; + } + if (!is_secs) secs_ptr = sgx_get_epc_page(encl->secs_page.epc_page); - pginfo.secs = (unsigned long)secs_ptr; epc_ptr = sgx_get_epc_page(epc_page); va_ptr = sgx_get_epc_page(encl_page->va_page->epc_page); pginfo.srcpge = (unsigned long)kmap_atomic(backing); - + pginfo.pcmd = (unsigned long)kmap_atomic(pcmd) + pcmd_offset; pginfo.linaddr = is_secs ? 0 : encl_page->addr; - pginfo.pcmd = (unsigned long)&encl_page->pcmd; + pginfo.secs = (unsigned long)secs_ptr; ret = __eldu((unsigned long)&pginfo, (unsigned long)epc_ptr, (unsigned long)va_ptr + encl_page->va_offset); + if (ret) { + sgx_err(encl, "ELDU returned %d\n", ret); + ret = -EFAULT; + } + kunmap_atomic((void *)(unsigned long)(pginfo.pcmd - pcmd_offset)); kunmap_atomic((void *)(unsigned long)pginfo.srcpge); sgx_put_epc_page(va_ptr); sgx_put_epc_page(epc_ptr); @@ -136,14 +152,11 @@ static int sgx_eldu(struct sgx_encl *encl, if (!is_secs) sgx_put_epc_page(secs_ptr); - sgx_put_backing(backing, false); + sgx_put_backing(pcmd, false); - if (ret) { - sgx_err(encl, "ELDU returned %d\n", ret); - return -EFAULT; - } - - return 0; +out: + sgx_put_backing(backing, false); + return ret; } static struct sgx_encl_page *sgx_vma_do_fault(struct vm_area_struct *vma,