[v1,11/15] nitro_enclaves: Add logic for enclave start

Message ID	20200421184150.68011-12-andraprs@amazon.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=bYh3=6F=vger.kernel.org=kvm-owner@kernel.org> IronPort-SDR: 1bfE/NL9nQ9wrCFDt9DoWxRX8LrzLfnEPlo1zt6gTs3ktQWjKCYzSxPuO4sTQK/UMHDp8d6JIH RnHSDQO0y6wQ== From: Andra Paraschiv <andraprs@amazon.com> To: <linux-kernel@vger.kernel.org> CC: Anthony Liguori <aliguori@amazon.com>, Benjamin Herrenschmidt <benh@amazon.com>, Colm MacCarthaigh <colmmacc@amazon.com>, Bjoern Doebel <doebel@amazon.de>, David Woodhouse <dwmw@amazon.co.uk>, Frank van der Linden <fllinden@amazon.com>, Alexander Graf <graf@amazon.de>, Martin Pohlack <mpohlack@amazon.de>, Matt Wilson <msw@amazon.com>, Paolo Bonzini <pbonzini@redhat.com>, Balbir Singh <sblbir@amazon.com>, Stewart Smith <trawets@amazon.com>, Uwe Dannowski <uwed@amazon.de>, <kvm@vger.kernel.org>, <ne-devel-upstream@amazon.com>, Andra Paraschiv <andraprs@amazon.com> Subject: [PATCH v1 11/15] nitro_enclaves: Add logic for enclave start Date: Tue, 21 Apr 2020 21:41:46 +0300 Message-ID: <20200421184150.68011-12-andraprs@amazon.com> In-Reply-To: <20200421184150.68011-1-andraprs@amazon.com> References: <20200421184150.68011-1-andraprs@amazon.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: kvm-owner@vger.kernel.org Precedence: bulk
Series	Add support for Nitro Enclaves \| expand [v1,00/15] Add support for Nitro Enclaves [v1,01/15] nitro_enclaves: Add ioctl interface definition [v1,02/15] nitro_enclaves: Define the PCI device interface [v1,03/15] nitro_enclaves: Define enclave info for internal bookkeeping [v1,04/15] nitro_enclaves: Init PCI device driver [v1,05/15] nitro_enclaves: Handle PCI device command requests [v1,06/15] nitro_enclaves: Handle out-of-band PCI device events [v1,07/15] nitro_enclaves: Init misc device providing the ioctl interface [v1,08/15] nitro_enclaves: Add logic for enclave vm creation [v1,09/15] nitro_enclaves: Add logic for enclave vcpu creation [v1,10/15] nitro_enclaves: Add logic for enclave memory region set [v1,11/15] nitro_enclaves: Add logic for enclave start [v1,12/15] nitro_enclaves: Add logic for enclave termination [v1,13/15] nitro_enclaves: Add Kconfig for the Nitro Enclaves driver [v1,14/15] nitro_enclaves: Add Makefile for the Nitro Enclaves driver [v1,15/15] MAINTAINERS: Add entry for the Nitro Enclaves driver

Message ID

20200421184150.68011-12-andraprs@amazon.com (mailing list archive)

State

New, archived

Headers

IronPort-SDR: 
 1bfE/NL9nQ9wrCFDt9DoWxRX8LrzLfnEPlo1zt6gTs3ktQWjKCYzSxPuO4sTQK/UMHDp8d6JIH
 RnHSDQO0y6wQ==
From: Andra Paraschiv <andraprs@amazon.com>
To: <linux-kernel@vger.kernel.org>
CC: Anthony Liguori <aliguori@amazon.com>,
        Benjamin Herrenschmidt <benh@amazon.com>,
        Colm MacCarthaigh <colmmacc@amazon.com>,
        Bjoern Doebel <doebel@amazon.de>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Frank van der Linden <fllinden@amazon.com>,
        Alexander Graf <graf@amazon.de>,
        Martin Pohlack <mpohlack@amazon.de>,
        Matt Wilson <msw@amazon.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Balbir Singh <sblbir@amazon.com>,
        Stewart Smith <trawets@amazon.com>,
        Uwe Dannowski <uwed@amazon.de>, <kvm@vger.kernel.org>,
        <ne-devel-upstream@amazon.com>,
        Andra Paraschiv <andraprs@amazon.com>
Subject: [PATCH v1 11/15] nitro_enclaves: Add logic for enclave start
Date: Tue, 21 Apr 2020 21:41:46 +0300
Message-ID: <20200421184150.68011-12-andraprs@amazon.com>
In-Reply-To: <20200421184150.68011-1-andraprs@amazon.com>
References: <20200421184150.68011-1-andraprs@amazon.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Series

Add support for Nitro Enclaves | expand

Commit Message

Paraschiv, Andra-Irina April 21, 2020, 6:41 p.m. UTC

After all the enclave resources are set, the enclave is ready for
beginning to run.

Add ioctl command logic for starting an enclave after all its resources,
memory regions and CPUs, have been set.

The enclave start information includes the local channel addressing -
vsock CID - and the flags associated with the enclave.

Signed-off-by: Alexandru Vasile <lexnv@amazon.com>
Signed-off-by: Andra Paraschiv <andraprs@amazon.com>
---
 .../virt/amazon/nitro_enclaves/ne_misc_dev.c  | 83 +++++++++++++++++++
 1 file changed, 83 insertions(+)

diff --git a/drivers/virt/amazon/nitro_enclaves/ne_misc_dev.c b/drivers/virt/amazon/nitro_enclaves/ne_misc_dev.c
index 0bd283f73a87..f07eb46f7995 100644
--- a/drivers/virt/amazon/nitro_enclaves/ne_misc_dev.c
+++ b/drivers/virt/amazon/nitro_enclaves/ne_misc_dev.c
@@ -455,6 +455,53 @@  static int ne_set_user_memory_region_ioctl(struct ne_enclave *ne_enclave,
 	return rc;
 }
 
+/**
+ * ne_enclave_start_ioctl - Trigger enclave start after the enclave resources,
+ * such as memory and CPU, have been set.
+ *
+ * This function gets called with the ne_enclave mutex held.
+ *
+ * @ne_enclave: private data associated with the current enclave.
+ * @enclave_start_metadata: enclave metadata that includes enclave cid and
+ *			    flags and the slot uid.
+ *
+ * @returns: 0 on success, negative return value on failure.
+ */
+static int ne_enclave_start_ioctl(struct ne_enclave *ne_enclave,
+	struct enclave_start_metadata *enclave_start_metadata)
+{
+	struct ne_pci_dev_cmd_reply cmd_reply = {};
+	struct enclave_start_req enclave_start_req = {};
+	int rc = -EINVAL;
+
+	BUG_ON(!ne_enclave);
+	BUG_ON(!ne_enclave->pdev);
+
+	if (WARN_ON(!enclave_start_metadata))
+		return -EINVAL;
+
+	enclave_start_metadata->slot_uid = ne_enclave->slot_uid;
+
+	enclave_start_req.enclave_cid = enclave_start_metadata->enclave_cid;
+	enclave_start_req.flags = enclave_start_metadata->flags;
+	enclave_start_req.slot_uid = enclave_start_metadata->slot_uid;
+
+	rc = ne_do_request(ne_enclave->pdev, ENCLAVE_START, &enclave_start_req,
+			   sizeof(enclave_start_req), &cmd_reply,
+			   sizeof(cmd_reply));
+	if (rc < 0) {
+		pr_err_ratelimited("Failure in enclave start [rc=%d]\n", rc);
+
+		return rc;
+	}
+
+	ne_enclave->state = NE_STATE_RUNNING;
+
+	enclave_start_metadata->enclave_cid = cmd_reply.enclave_cid;
+
+	return 0;
+}
+
 static int ne_enclave_open(struct inode *node, struct file *file)
 {
 	return 0;
@@ -521,6 +568,42 @@  static long ne_enclave_ioctl(struct file *file, unsigned int cmd,
 		return rc;
 	}
 
+	case NE_ENCLAVE_START: {
+		struct enclave_start_metadata enclave_start_metadata = {};
+		int rc = -EINVAL;
+
+		if (copy_from_user(&enclave_start_metadata, (void *)arg,
+				   sizeof(enclave_start_metadata))) {
+			pr_err_ratelimited("Failure in copy from user\n");
+
+			return -EFAULT;
+		}
+
+		mutex_lock(&ne_enclave->enclave_info_mutex);
+
+		if (!cpumask_empty(ne_enclave->cpu_siblings)) {
+			pr_err_ratelimited("Enclave has CPU siblings avail\n");
+
+			mutex_unlock(&ne_enclave->enclave_info_mutex);
+
+			return -EINVAL;
+		}
+
+		rc = ne_enclave_start_ioctl(ne_enclave,
+					    &enclave_start_metadata);
+
+		mutex_unlock(&ne_enclave->enclave_info_mutex);
+
+		if (copy_to_user((void *)arg, &enclave_start_metadata,
+				 sizeof(enclave_start_metadata))) {
+			pr_err_ratelimited("Failure in copy to user\n");
+
+			return -EFAULT;
+		}
+
+		return rc;
+	}
+
 	default:
 		return -ENOTTY;
 	}

[v1,11/15] nitro_enclaves: Add logic for enclave start

Commit Message

Patch