From nobody Fri Dec 19 16:07:21 2025 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B8059266B6A; Mon, 19 May 2025 07:26:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747639594; cv=none; b=JLSiO7EOSawIKIceUVoZHK0HX5rjE16MRuAgx7g0HiqtDFg/HDyYPLTFG3WgyGvX7A77L70vnjsoMfJjUMcDUwelhFoPpQ3v75tF4g0sTKYjeBhrqbRq0nmVC3S7IOV96RQQt32QextrNsq1h2/dofFW+b8EKEVgG6Md6zB1zzA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747639594; c=relaxed/simple; bh=m3Yfm7d4CuBcDXfqagsYSfXhRGtFaVlavC8qo14M5S8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iRzEx3LlSDemUwVVv7CPN4YTnPq697lvX2LOCP4wiBViPFUnESHlM4UlnCdUFibY8+rNbRyMMNTWGdnsp/B2nLgDR0T3ju1B4pknb7rIl53fH/Cymw8qpeByDvtgCM/yw+YX1ArSGpk+DAdpVcvMCJQZG52F0BtRIbBrTBtvoNQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=ZSKrforK; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="ZSKrforK" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1747639593; x=1779175593; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=m3Yfm7d4CuBcDXfqagsYSfXhRGtFaVlavC8qo14M5S8=; b=ZSKrforK5AfSJh7qj8aRkLafcvSMYB0m8tph8BWiPhzZyfInNSgPRJiO PQBCYsfaEOy+lKpHW5eGynVf8tvBzgL/4ENDWqC94EXor03LCw+/LSpC0 qZq4q+IONZ0CTUbtsi9kjOa2iyGd/X+mlnhd4epMKsJ5DrYlxTPd/LGaJ Rq80QoupAFVteReIDK+9UShDQGTnBh70F6ozvQGAliOv4wlNZODgemxd2 0EiumyKnmuk89m3iCjSHWA+aj08VuhxqZWFNVh455LabY8fQO2AVb5SS+ rN1AOa2//CziBtk82vYV5zU74f169nJAS8FK2fJt+buA+DwP4FJarqjVL A==; X-CSE-ConnectionGUID: LPejelZgRdOmd+1ZxaxuJA== X-CSE-MsgGUID: VNgKt0kmRS+FVT1EkHGOFg== X-IronPort-AV: E=McAfee;i="6700,10204,11437"; a="49591594" X-IronPort-AV: E=Sophos;i="6.15,300,1739865600"; d="scan'208";a="49591594" Received: from orviesa009.jf.intel.com ([10.64.159.149]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 May 2025 00:26:32 -0700 X-CSE-ConnectionGUID: M/htiRM6TpK3HcZqmhv8EQ== X-CSE-MsgGUID: d/aq45R3Q/SsMzrkMpzuNA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.15,300,1739865600"; d="scan'208";a="139029725" Received: from pgcooper-mobl3.ger.corp.intel.com (HELO eresheto-mobl3.ger.corp.intel.com) ([10.245.244.195]) by orviesa009-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 May 2025 00:26:27 -0700 From: Elena Reshetova To: dave.hansen@intel.com Cc: jarkko@kernel.org, seanjc@google.com, kai.huang@intel.com, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, asit.k.mallick@intel.com, vincent.r.scarlata@intel.com, chongc@google.com, erdemaktas@google.com, vannapurve@google.com, dionnaglaze@google.com, bondarn@google.com, scott.raynor@intel.com, Elena Reshetova Subject: [PATCH v5 1/5] x86/sgx: Introduce a counter to count the sgx_(vepc_)open() Date: Mon, 19 May 2025 10:24:27 +0300 Message-ID: <20250519072603.328429-2-elena.reshetova@intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20250519072603.328429-1-elena.reshetova@intel.com> References: <20250519072603.328429-1-elena.reshetova@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Currently SGX does not have a global counter to count the active users from userspace or hypervisor. Implement such a counter, sgx_usage_count. It will be used by the driver when attempting to call EUPDATESVN SGX instruction. Suggested-by: Sean Christopherson Signed-off-by: Elena Reshetova --- arch/x86/kernel/cpu/sgx/driver.c | 1 + arch/x86/kernel/cpu/sgx/encl.c | 1 + arch/x86/kernel/cpu/sgx/main.c | 14 ++++++++++++++ arch/x86/kernel/cpu/sgx/sgx.h | 3 +++ arch/x86/kernel/cpu/sgx/virt.c | 2 ++ 5 files changed, 21 insertions(+) diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/dri= ver.c index 7f8d1e11dbee..b5ffe104af4c 100644 --- a/arch/x86/kernel/cpu/sgx/driver.c +++ b/arch/x86/kernel/cpu/sgx/driver.c @@ -19,6 +19,7 @@ static int sgx_open(struct inode *inode, struct file *fil= e) struct sgx_encl *encl; int ret; =20 + sgx_inc_usage_count(); encl =3D kzalloc(sizeof(*encl), GFP_KERNEL); if (!encl) return -ENOMEM; diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 279148e72459..3b54889ae4a4 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -765,6 +765,7 @@ void sgx_encl_release(struct kref *ref) WARN_ON_ONCE(encl->secs.epc_page); =20 kfree(encl); + sgx_dec_usage_count(); } =20 /* diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 8ce352fc72ac..80d565e6f2ad 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -914,6 +914,20 @@ int sgx_set_attribute(unsigned long *allowed_attribute= s, } EXPORT_SYMBOL_GPL(sgx_set_attribute); =20 +/* Counter to count the active SGX users */ +static atomic64_t sgx_usage_count; + +int sgx_inc_usage_count(void) +{ + atomic64_inc(&sgx_usage_count); + return 0; +} + +void sgx_dec_usage_count(void) +{ + atomic64_dec(&sgx_usage_count); +} + static int __init sgx_init(void) { int ret; diff --git a/arch/x86/kernel/cpu/sgx/sgx.h b/arch/x86/kernel/cpu/sgx/sgx.h index d2dad21259a8..f5940393d9bd 100644 --- a/arch/x86/kernel/cpu/sgx/sgx.h +++ b/arch/x86/kernel/cpu/sgx/sgx.h @@ -102,6 +102,9 @@ static inline int __init sgx_vepc_init(void) } #endif =20 +int sgx_inc_usage_count(void); +void sgx_dec_usage_count(void); + void sgx_update_lepubkeyhash(u64 *lepubkeyhash); =20 #endif /* _X86_SGX_H */ diff --git a/arch/x86/kernel/cpu/sgx/virt.c b/arch/x86/kernel/cpu/sgx/virt.c index 7aaa3652e31d..83de0907f32c 100644 --- a/arch/x86/kernel/cpu/sgx/virt.c +++ b/arch/x86/kernel/cpu/sgx/virt.c @@ -255,6 +255,7 @@ static int sgx_vepc_release(struct inode *inode, struct= file *file) xa_destroy(&vepc->page_array); kfree(vepc); =20 + sgx_dec_usage_count(); return 0; } =20 @@ -262,6 +263,7 @@ static int sgx_vepc_open(struct inode *inode, struct fi= le *file) { struct sgx_vepc *vepc; =20 + sgx_inc_usage_count(); vepc =3D kzalloc(sizeof(struct sgx_vepc), GFP_KERNEL); if (!vepc) return -ENOMEM; --=20 2.45.2 From nobody Fri Dec 19 16:07:21 2025 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EBF00266565; Mon, 19 May 2025 07:26:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747639599; cv=none; b=HJYtHe41dsUZv//JBcdskpk+I24DXoik2cAssbnwuripI/2tcNhmVuQvxS9xxQXq+2US6/FJoLP0O+xNypH3XVvUgHlJU1ekbH9cnSO+hgCyUWUT+Ysfn2NBh3wK4NafW+1eZMY9MYt6xHADPRuvULgKvKvHl3VTiEQOXaK8Loo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747639599; c=relaxed/simple; bh=e29DaBHvhlmcsQr4r4BBWzMBguAyQbp5kFhjFcxhsGw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DocP/UtrCMCGrw7ORTJtk6lERCbWNAP0GZ8mFJCs12uTzFZZmnH6dGeI55JURFhUWWIXaqIp9x8gsnOduphhqMQTdFIwSO4n16ZwxWlIwA2KV6oD2Y23Im4mp0V0Qz65c4rTj1vMyT9qcnriNoN/peGQbRnHw1kF48f3wlcN+D8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=BWd+C56m; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="BWd+C56m" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1747639598; x=1779175598; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=e29DaBHvhlmcsQr4r4BBWzMBguAyQbp5kFhjFcxhsGw=; b=BWd+C56mMSAqJOH4T4XoXOOtPquajAGQ0EPKm+8AHAX6BVkxiijBMz4Y fS9fkV6pl8Gk6dy8CQnSp0AWGLD4pZrsf8uwY8LATHUUDCOCFkQkGTKiY BspHXj5MQGS6AIxDAXd72dBmvhA8Ue1PQ77HidESUFGAlAPyQma9+9S2F ZLuYNy2fWaHvdjbgcMBqk4iraCQgR+eVocggJCdPbM0cx86mQWS1xdWv0 vVMGjh4ZcksvHR8ncuXQKvfJDE9xyFjptwU74aCbXwyXRxgHZZD87F1Zq CVnK+6uTT1NB8+7kQuaXvFQtR2KOI3KngCkhVkXuO0Bj/H5VCh4rhNoOJ Q==; X-CSE-ConnectionGUID: MU6mUge6RBiFK9fBnNyi4Q== X-CSE-MsgGUID: gArviXkhTsS0e9Nj0UHvnA== X-IronPort-AV: E=McAfee;i="6700,10204,11437"; a="49591602" X-IronPort-AV: E=Sophos;i="6.15,300,1739865600"; d="scan'208";a="49591602" Received: from orviesa009.jf.intel.com ([10.64.159.149]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 May 2025 00:26:38 -0700 X-CSE-ConnectionGUID: uw5YTDOnRtCCaan21DcLeQ== X-CSE-MsgGUID: ulWvC3RvRoGavLJMAJLshw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.15,300,1739865600"; d="scan'208";a="139029731" Received: from pgcooper-mobl3.ger.corp.intel.com (HELO eresheto-mobl3.ger.corp.intel.com) ([10.245.244.195]) by orviesa009-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 May 2025 00:26:33 -0700 From: Elena Reshetova To: dave.hansen@intel.com Cc: jarkko@kernel.org, seanjc@google.com, kai.huang@intel.com, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, asit.k.mallick@intel.com, vincent.r.scarlata@intel.com, chongc@google.com, erdemaktas@google.com, vannapurve@google.com, dionnaglaze@google.com, bondarn@google.com, scott.raynor@intel.com, Elena Reshetova Subject: [PATCH v5 2/5] x86/cpufeatures: Add X86_FEATURE_SGX_EUPDATESVN feature flag Date: Mon, 19 May 2025 10:24:28 +0300 Message-ID: <20250519072603.328429-3-elena.reshetova@intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20250519072603.328429-1-elena.reshetova@intel.com> References: <20250519072603.328429-1-elena.reshetova@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a flag indicating whenever ENCLS[EUPDATESVN] SGX instruction is supported. This will be used by SGX driver to perform CPU SVN updates. Signed-off-by: Elena Reshetova --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/kernel/cpu/scattered.c | 1 + tools/arch/x86/include/asm/cpufeatures.h | 1 + 3 files changed, 3 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index 6c2c152d8a67..ed0c0fa5822a 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -481,6 +481,7 @@ #define X86_FEATURE_AMD_HETEROGENEOUS_CORES (21*32 + 6) /* Heterogeneous C= ore Topology */ #define X86_FEATURE_AMD_WORKLOAD_CLASS (21*32 + 7) /* Workload Classificat= ion */ #define X86_FEATURE_PREFER_YMM (21*32 + 8) /* Avoid ZMM registers due to = downclocking */ +#define X86_FEATURE_SGX_EUPDATESVN (21*32 + 9) /* Support for ENCLS[EUPDAT= ESVN] instruction */ =20 /* * BUG word(s) diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattere= d.c index 16f3ca30626a..a7e1fcedca3c 100644 --- a/arch/x86/kernel/cpu/scattered.c +++ b/arch/x86/kernel/cpu/scattered.c @@ -41,6 +41,7 @@ static const struct cpuid_bit cpuid_bits[] =3D { { X86_FEATURE_PER_THREAD_MBA, CPUID_ECX, 0, 0x00000010, 3 }, { X86_FEATURE_SGX1, CPUID_EAX, 0, 0x00000012, 0 }, { X86_FEATURE_SGX2, CPUID_EAX, 1, 0x00000012, 0 }, + { X86_FEATURE_SGX_EUPDATESVN, CPUID_EAX, 10, 0x00000012, 0 }, { X86_FEATURE_SGX_EDECCSSA, CPUID_EAX, 11, 0x00000012, 0 }, { X86_FEATURE_HW_PSTATE, CPUID_EDX, 7, 0x80000007, 0 }, { X86_FEATURE_CPB, CPUID_EDX, 9, 0x80000007, 0 }, diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/incl= ude/asm/cpufeatures.h index 6c2c152d8a67..ed0c0fa5822a 100644 --- a/tools/arch/x86/include/asm/cpufeatures.h +++ b/tools/arch/x86/include/asm/cpufeatures.h @@ -481,6 +481,7 @@ #define X86_FEATURE_AMD_HETEROGENEOUS_CORES (21*32 + 6) /* Heterogeneous C= ore Topology */ #define X86_FEATURE_AMD_WORKLOAD_CLASS (21*32 + 7) /* Workload Classificat= ion */ #define X86_FEATURE_PREFER_YMM (21*32 + 8) /* Avoid ZMM registers due to = downclocking */ +#define X86_FEATURE_SGX_EUPDATESVN (21*32 + 9) /* Support for ENCLS[EUPDAT= ESVN] instruction */ =20 /* * BUG word(s) --=20 2.45.2 From nobody Fri Dec 19 16:07:21 2025 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 15FDC266565; Mon, 19 May 2025 07:26:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747639604; cv=none; b=Gad0hUdqYiI4b6+9YtNIX4DktQn9dkpo8CLHsOhwbGbnbepdeayxHWm6qpsoYVtNO7CsBEsQIsnLi+1gnBeTE1WdFkLJ1OAOez9hUxi+zyp96gZmzDgI5GLPp5+K9/MArMG+Zl3ST89QA05oZo8Cf7uy1MjY/4CfAVspp56BrMY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747639604; c=relaxed/simple; bh=BIK0r4BaExouu0FiYPQHdUSzxmpZDIGwQoDlTSdUcRk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=I5yh0+sTRu9V/YV6I243JLatu59xhR2UIRSLodmIr5KkvxPv9WJ0VjxNV+yFbnHsqs2yPi/3RmTUDuZstdpE7xDqGd7tVhLnS+Tv3SaIEiNHQ+SABo3+BZ2DaHIrvQkGz4/B3035Gd/cTMg949tD8lQMtw4Nyam/P9To18qUmxc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=YS7x8vdz; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="YS7x8vdz" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1747639603; x=1779175603; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=BIK0r4BaExouu0FiYPQHdUSzxmpZDIGwQoDlTSdUcRk=; b=YS7x8vdz6HB2UJVT00Nux7ulz3LfK1cp+rbMZa0r24Y4ibT8NdYUoYdJ abGtSorscj/EVMZZ2OCIaR9lWTs9sEB94Ez94Kr/FViW3yBmQSXU5kZL2 FuQLZFGosYEbCnxHbUZ6YU7IO5vYTXGzXcbUglp/x8OSC2eDJx5u3xUu+ GyOaPCCtV6xTrq2857yzW0nT/PfrVISiriqZz6DSA+rJZc59QRTAT3zSd 3SZ5NXFOp+ycoEhiXuL0i+JJR3VMqzBguO+c/2v0xN6iLS0iq1FxqEfd4 3hl2Ekq8LLqGm924STkNHebXUVunePHfOppo3V496IVIUm+R2EdpyvpEP A==; X-CSE-ConnectionGUID: GKVK3hl/QjGcXN/Uuh3IxQ== X-CSE-MsgGUID: /g4l1y+aQxmJv4wg5LIltw== X-IronPort-AV: E=McAfee;i="6700,10204,11437"; a="49591605" X-IronPort-AV: E=Sophos;i="6.15,300,1739865600"; d="scan'208";a="49591605" Received: from orviesa009.jf.intel.com ([10.64.159.149]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 May 2025 00:26:43 -0700 X-CSE-ConnectionGUID: 5e50GbfXTOWNBTkdBmxc9Q== X-CSE-MsgGUID: 6KqnI+cqRnmh5SIQC9FQ+g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.15,300,1739865600"; d="scan'208";a="139029757" Received: from pgcooper-mobl3.ger.corp.intel.com (HELO eresheto-mobl3.ger.corp.intel.com) ([10.245.244.195]) by orviesa009-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 May 2025 00:26:38 -0700 From: Elena Reshetova To: dave.hansen@intel.com Cc: jarkko@kernel.org, seanjc@google.com, kai.huang@intel.com, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, asit.k.mallick@intel.com, vincent.r.scarlata@intel.com, chongc@google.com, erdemaktas@google.com, vannapurve@google.com, dionnaglaze@google.com, bondarn@google.com, scott.raynor@intel.com, Elena Reshetova Subject: [PATCH v5 3/5] x86/sgx: Define error codes for use by ENCLS[EUPDATESVN] Date: Mon, 19 May 2025 10:24:29 +0300 Message-ID: <20250519072603.328429-4-elena.reshetova@intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20250519072603.328429-1-elena.reshetova@intel.com> References: <20250519072603.328429-1-elena.reshetova@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add error codes for ENCLS[EUPDATESVN], then SGX CPUSVN update process can know the execution state of EUPDATESVN and notify userspace. Signed-off-by: Elena Reshetova --- arch/x86/include/asm/sgx.h | 39 +++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h index 6a0069761508..0361a6f91359 100644 --- a/arch/x86/include/asm/sgx.h +++ b/arch/x86/include/asm/sgx.h @@ -28,21 +28,22 @@ #define SGX_CPUID_EPC_MASK GENMASK(3, 0) =20 enum sgx_encls_function { - ECREATE =3D 0x00, - EADD =3D 0x01, - EINIT =3D 0x02, - EREMOVE =3D 0x03, - EDGBRD =3D 0x04, - EDGBWR =3D 0x05, - EEXTEND =3D 0x06, - ELDU =3D 0x08, - EBLOCK =3D 0x09, - EPA =3D 0x0A, - EWB =3D 0x0B, - ETRACK =3D 0x0C, - EAUG =3D 0x0D, - EMODPR =3D 0x0E, - EMODT =3D 0x0F, + ECREATE =3D 0x00, + EADD =3D 0x01, + EINIT =3D 0x02, + EREMOVE =3D 0x03, + EDGBRD =3D 0x04, + EDGBWR =3D 0x05, + EEXTEND =3D 0x06, + ELDU =3D 0x08, + EBLOCK =3D 0x09, + EPA =3D 0x0A, + EWB =3D 0x0B, + ETRACK =3D 0x0C, + EAUG =3D 0x0D, + EMODPR =3D 0x0E, + EMODT =3D 0x0F, + EUPDATESVN =3D 0x18, }; =20 /** @@ -73,6 +74,11 @@ enum sgx_encls_function { * public key does not match IA32_SGXLEPUBKEYHASH. * %SGX_PAGE_NOT_MODIFIABLE: The EPC page cannot be modified because it * is in the PENDING or MODIFIED state. + * %SGX_INSUFFICIENT_ENTROPY: Insufficient entropy in RNG. + * %SGX_EPC_NOT_READY: EPC is not ready for SVN update. + * %SGX_NO_UPDATE: EUPDATESVN was successful, but CPUSVN was not + * updated because current SVN was not newer than + * CPUSVN. * %SGX_UNMASKED_EVENT: An unmasked event, e.g. INTR, was received */ enum sgx_return_code { @@ -81,6 +87,9 @@ enum sgx_return_code { SGX_CHILD_PRESENT =3D 13, SGX_INVALID_EINITTOKEN =3D 16, SGX_PAGE_NOT_MODIFIABLE =3D 20, + SGX_INSUFFICIENT_ENTROPY =3D 29, + SGX_EPC_NOT_READY =3D 30, + SGX_NO_UPDATE =3D 31, SGX_UNMASKED_EVENT =3D 128, }; =20 --=20 2.45.2 From nobody Fri Dec 19 16:07:21 2025 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D5210266EE7; Mon, 19 May 2025 07:26:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747639610; cv=none; b=upcFAKyAG4Md9l1EGrHUep8a7dPL8t63uWyGUoBxtXYEo+igi3jg+FIlkFpy16XLF01o/nfiI6EWIKAj2OOo9HBhEnmEE8+m1zvsCPaWkYhFQCrDT7Oc3DhNfIZX1inuGxOsuJVJkC8kYFKDLGK+5kkwTt0elYMch3UzmadXJO0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747639610; c=relaxed/simple; bh=lzED5Ih60Wzv8GiZR2dSAkbu3wPek9HsYk24jN+A3jM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SEKDMlHxm0PnbcN7qjRVXUskiFmXgZ/+K9tTksVJNQk1k7qLtKEIqscgPOBZ2HIPgeyqeig3WPsJA6CgMqMVXWAaDZy1v81/BfCbf962ahv6VE4q48yHfOW/jIkNIuyYYQW0x8cl3by5iMbh1jDBTUyXN8Gi6lMIyVdWxYnLEmQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=jFZE0b0r; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="jFZE0b0r" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1747639609; x=1779175609; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=lzED5Ih60Wzv8GiZR2dSAkbu3wPek9HsYk24jN+A3jM=; b=jFZE0b0rIDkbnWBEW4s+lrpZIUxoWfeFs1ly4LkyTeFkY87pLJmUnYC9 SpP5FjCl/8YMe49cCvjSGr6vLTXHCPXYUS8XWmDd1DWfshlqR/o0KAqou jJUu1nGW9l2kSAoIwBe/aDe0U62Bd8St2GuIRn2ydmdiBG9JtY3NIx9IS y9u3TOf98Dc9zgag14opUZQG934cUxJZ5r4k2oBO+CnpklrHOo6TuK1Hs zH1b4KnPNVV820lcPRKzFZWWZatU7x1k5C+gps9k7gyB4BA6qY7dt5xi/ NVW3RnGsmQ++zG8XzeLvk3/9ElmzyXK/ee3xnakqW2aqyTA+ZpFgbxWlg g==; X-CSE-ConnectionGUID: eeoJcKBeSIKwajLMUbL2Mw== X-CSE-MsgGUID: MjrPFFLKTDapfEHRTX9JvA== X-IronPort-AV: E=McAfee;i="6700,10204,11437"; a="49591609" X-IronPort-AV: E=Sophos;i="6.15,300,1739865600"; d="scan'208";a="49591609" Received: from orviesa009.jf.intel.com ([10.64.159.149]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 May 2025 00:26:49 -0700 X-CSE-ConnectionGUID: R+qjLuctS8SqleSUK3v+MQ== X-CSE-MsgGUID: 7tWlja2SQy+4W+64HkCiyQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.15,300,1739865600"; d="scan'208";a="139029787" Received: from pgcooper-mobl3.ger.corp.intel.com (HELO eresheto-mobl3.ger.corp.intel.com) ([10.245.244.195]) by orviesa009-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 May 2025 00:26:43 -0700 From: Elena Reshetova To: dave.hansen@intel.com Cc: jarkko@kernel.org, seanjc@google.com, kai.huang@intel.com, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, asit.k.mallick@intel.com, vincent.r.scarlata@intel.com, chongc@google.com, erdemaktas@google.com, vannapurve@google.com, dionnaglaze@google.com, bondarn@google.com, scott.raynor@intel.com, Elena Reshetova Subject: [PATCH v5 4/5] x86/sgx: Implement ENCLS[EUPDATESVN] Date: Mon, 19 May 2025 10:24:30 +0300 Message-ID: <20250519072603.328429-5-elena.reshetova@intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20250519072603.328429-1-elena.reshetova@intel.com> References: <20250519072603.328429-1-elena.reshetova@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The SGX attestation architecture assumes a compromise of all running enclaves and cryptographic assets (like internal SGX encryption keys) whenever a microcode update affects SGX. To mitigate the impact of this presumed compromise, a new supervisor SGX instruction: ENCLS[EUPDATESVN], is introduced to update SGX microcode version and generate new cryptographic assets in runtime after SGX microcode update. EUPDATESVN requires that SGX memory to be marked as "unused" before it will succeed. This ensures that no compromised enclave can survive the process and provides an opportunity to generate new cryptographic assets. Add the method to perform ENCLS[EUPDATESVN]. Signed-off-by: Elena Reshetova --- arch/x86/kernel/cpu/sgx/encls.h | 5 +++ arch/x86/kernel/cpu/sgx/main.c | 57 +++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/arch/x86/kernel/cpu/sgx/encls.h b/arch/x86/kernel/cpu/sgx/encl= s.h index 99004b02e2ed..d9160c89a93d 100644 --- a/arch/x86/kernel/cpu/sgx/encls.h +++ b/arch/x86/kernel/cpu/sgx/encls.h @@ -233,4 +233,9 @@ static inline int __eaug(struct sgx_pageinfo *pginfo, v= oid *addr) return __encls_2(EAUG, pginfo, addr); } =20 +/* Attempt to update CPUSVN at runtime. */ +static inline int __eupdatesvn(void) +{ + return __encls_ret_1(EUPDATESVN, ""); +} #endif /* _X86_ENCLS_H */ diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 80d565e6f2ad..fd71e2ddca59 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -15,6 +15,7 @@ #include #include #include +#include #include "driver.h" #include "encl.h" #include "encls.h" @@ -917,6 +918,62 @@ EXPORT_SYMBOL_GPL(sgx_set_attribute); /* Counter to count the active SGX users */ static atomic64_t sgx_usage_count; =20 +/** + * sgx_updatesvn() - Attempt to call ENCLS[EUPDATESVN] + * If EPC is empty, this instruction attempts to update CPUSVN to the + * currently loaded microcode update SVN and generate new + * cryptographic assets.sgx_updatesvn() Most of the time, there will + * be no update and that's OK. + * + * Return: + * 0: Success, not supported or run out of entropy + */ +static int sgx_update_svn(void) +{ + int ret; + + /* + * If EUPDATESVN is not available, it is ok to + * silently skip it to comply with legacy behavior. + */ + if (!X86_FEATURE_SGX_EUPDATESVN) + return 0; + + for (int i =3D 0; i < RDRAND_RETRY_LOOPS; i++) { + ret =3D __eupdatesvn(); + + /* Stop on success or unexpected errors: */ + if (ret !=3D SGX_INSUFFICIENT_ENTROPY) + break; + } + + /* + * SVN either was up-to-date or SVN update failed due + * to lack of entropy. In both cases, we want to return + * 0 in order not to break sgx_(vepc_)open. We dont expect + * SGX_INSUFFICIENT_ENTROPY error unless underlying RDSEED + * is under heavy pressure. + */ + if ((ret =3D=3D SGX_NO_UPDATE) || (ret =3D=3D SGX_INSUFFICIENT_ENTROPY)) + return 0; + + if (!ret) { + /* + * SVN successfully updated. + * Let users know when the update was successful. + */ + pr_info("SVN updated successfully\n"); + return 0; + } + + /* + * EUPDATESVN was called when EPC is empty, all other error + * codes are unexpected. + */ + ENCLS_WARN(ret, "EUPDATESVN"); + return ret; +} + int sgx_inc_usage_count(void) { atomic64_inc(&sgx_usage_count); --=20 2.45.2 From nobody Fri Dec 19 16:07:21 2025 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 42AFB267391; Mon, 19 May 2025 07:26:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747639615; cv=none; b=oYQ2LEMndiezdjPByFSvmb/dX8tO2DWh5zVjiF2NRPuYnOQjmBfYMItHpZaqblZQwMaLcD5Zw20JHttz7Kq7d0z6EFQ6grn+cXRtWh62D9k1bjS1t4BqG5/c1Oh+bbEatjWcZnussL7TnDMd7taT/dQSKElEj2m1MoF7yI/R8zg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747639615; c=relaxed/simple; bh=jBDQDjF2WV16Je5dIF0ttMaK0Ais3hiuqsAK13xa99E=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=YVFRH+6MvzyMzTCV+7zz8soAQE/9NaFvVfaVpKuAuOi/0Axa46MYCc0bfrWT6xyy3Huh0hpTQJm6QVs1fBVQHRpmjnhrghYGU4+gPJmee5hDGvUOSVCqJSE1D8VtAvCw82cTm+UfqauvaygHMpVAz6nEAeubNJyyy8XO02x6teg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=f87s1JCP; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="f87s1JCP" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1747639614; x=1779175614; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=jBDQDjF2WV16Je5dIF0ttMaK0Ais3hiuqsAK13xa99E=; b=f87s1JCPJInDShPQjH4gAtpIAKdu5q5SgAidjYEm9JzZnp+Csgo+O7Ti No+akwT0cWhcp+oI5MID2XdnYTaQilLyR3ZlsFkIa93Z98D6YqZ9fPpg3 CmRY6U+8iW2CXjW9qtuJ6SSmz3UQWsLk9m4JoOBTDgEBraY+sJUGxBYkc 30HueOs8hOJ4g16kCz8GRl7pnmCE29YShxmkmsHnfN2zdiak0D+CUAh+D BmxeGp4i3dbpXEIjwISXnejSXUA6EHBHtyISv7W4xEOs5KouZyLT8v/QH CubaHA79fnMlbAYd5tNsdaX3AREgcujdvI2FQbtSqlcmKos91TK+Y20Dj g==; X-CSE-ConnectionGUID: LyL0Cs9gQrm6aM8rJtB6oQ== X-CSE-MsgGUID: gTuFG634TKSSijb0sE6eng== X-IronPort-AV: E=McAfee;i="6700,10204,11437"; a="49591616" X-IronPort-AV: E=Sophos;i="6.15,300,1739865600"; d="scan'208";a="49591616" Received: from orviesa009.jf.intel.com ([10.64.159.149]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 May 2025 00:26:54 -0700 X-CSE-ConnectionGUID: o3QhuCBrTW+lkmXrGrpwmg== X-CSE-MsgGUID: yDl+W5hCQwSUwYl7jpCqPA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.15,300,1739865600"; d="scan'208";a="139029803" Received: from pgcooper-mobl3.ger.corp.intel.com (HELO eresheto-mobl3.ger.corp.intel.com) ([10.245.244.195]) by orviesa009-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 May 2025 00:26:49 -0700 From: Elena Reshetova To: dave.hansen@intel.com Cc: jarkko@kernel.org, seanjc@google.com, kai.huang@intel.com, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, asit.k.mallick@intel.com, vincent.r.scarlata@intel.com, chongc@google.com, erdemaktas@google.com, vannapurve@google.com, dionnaglaze@google.com, bondarn@google.com, scott.raynor@intel.com, Elena Reshetova Subject: [PATCH v5 5/5] x86/sgx: Enable automatic SVN updates for SGX enclaves Date: Mon, 19 May 2025 10:24:31 +0300 Message-ID: <20250519072603.328429-6-elena.reshetova@intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20250519072603.328429-1-elena.reshetova@intel.com> References: <20250519072603.328429-1-elena.reshetova@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable SGX enclaves have an attestation mechanism. An enclave might, for instance, need to attest to its state before it is given a special decryption key. Since SGX must trust the CPU microcode, attestation incorporates the microcode versions of all processors on the system and is affected by microcode updates. This enables deployment decisions based on the microcode version. For example, an enclave might be denied a decryption key if it runs on a system that has old microcode without a specific mitigation. Unfortunately, this attestation metric (called CPUSVN) is only a snapshot. When the kernel first uses SGX (successfully executes any ENCLS instruction= ), SGX inspects all CPUs in the system and incorporates a record of their microcode versions into CPUSVN. CPUSVN is only automatically updated at reb= oot. This means that, although the microcode has been updated, enclaves can never attest to this fact. Enclaves are stuck attesting to the old version until a reboot. The SGX architecture has an alternative to these reboots: the ENCLS[EUPDATE= SVN] instruction [1]. It allows another snapshot to be taken to update CPUSVN after a runtime microcode update without a reboot. Whenever a microcode update affects SGX, the SGX attestation architecture assumes that all running enclaves and cryptographic assets (like internal SGX encryption keys) have been compromised. To mitigate the impact of this presumed compromise, EUPDATESVN success requires that all SGX memory to be marked as =E2=80=9Cunused=E2=80=9D and its contents destroyed. This require= ment ensures that no compromised enclave can survive the EUPDATESVN procedure and provid= es an opportunity to generate new cryptographic assets. Attempt to execute EUPDATESVN on the first open of sgx_(vepc)open(). If EUPDATESVN fails with any other error code than SGX_INSUFFICIENT_ENTROPY, this is considered unexpected and the open() returns an error. This should not happen in practice. On contrary SGX_INSUFFICIENT_ENTROPY might happen due to a pressure on the system DRNG (RDSEED) and therefore the open() is not blocked to allow normal enclave operation. [1] Runtime Microcode Updates with Intel Software Guard Extensions, https://cdrdv2.intel.com/v1/dl/getContent/648682 Signed-off-by: Elena Reshetova --- arch/x86/kernel/cpu/sgx/driver.c | 23 +++++++++++++------- arch/x86/kernel/cpu/sgx/main.c | 36 ++++++++++++++++++++++++++++++-- arch/x86/kernel/cpu/sgx/virt.c | 16 +++++++++++--- 3 files changed, 63 insertions(+), 12 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/dri= ver.c index b5ffe104af4c..bde06b6755f2 100644 --- a/arch/x86/kernel/cpu/sgx/driver.c +++ b/arch/x86/kernel/cpu/sgx/driver.c @@ -19,10 +19,15 @@ static int sgx_open(struct inode *inode, struct file *f= ile) struct sgx_encl *encl; int ret; =20 - sgx_inc_usage_count(); + ret =3D sgx_inc_usage_count(); + if (ret) + return -EBUSY; + encl =3D kzalloc(sizeof(*encl), GFP_KERNEL); - if (!encl) - return -ENOMEM; + if (!encl) { + ret =3D -ENOMEM; + goto err_usage_count; + } =20 kref_init(&encl->refcount); xa_init(&encl->page_array); @@ -32,14 +37,18 @@ static int sgx_open(struct inode *inode, struct file *f= ile) spin_lock_init(&encl->mm_lock); =20 ret =3D init_srcu_struct(&encl->srcu); - if (ret) { - kfree(encl); - return ret; - } + if (ret) + goto err_encl; =20 file->private_data =3D encl; =20 return 0; + +err_encl: + kfree(encl); +err_usage_count: + sgx_dec_usage_count(); + return ret; } =20 static int sgx_release(struct inode *inode, struct file *file) diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index fd71e2ddca59..d58e0c46cbf9 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -917,6 +917,8 @@ EXPORT_SYMBOL_GPL(sgx_set_attribute); =20 /* Counter to count the active SGX users */ static atomic64_t sgx_usage_count; +/* Mutex to ensure EUPDATESVN is called when EPC is empty */ +static DEFINE_MUTEX(sgx_svn_lock); =20 /** * sgx_updatesvn() - Attempt to call ENCLS[EUPDATESVN] @@ -976,8 +978,38 @@ static int sgx_update_svn(void) =20 int sgx_inc_usage_count(void) { - atomic64_inc(&sgx_usage_count); - return 0; + int ret; + + /* + * Increments from non-zero indicate EPC other + * active EPC users and EUPDATESVN is not attempted. + */ + if (atomic64_inc_not_zero(&sgx_usage_count)) + return 0; + + /* + * Ensure no other concurrent threads can start + * touching EPC while EUPDATESVN is running. + */ + guard(mutex)(&sgx_svn_lock); + + if (atomic64_inc_not_zero(&sgx_usage_count)) + return 0; + + /* + * Attempt to call EUPDATESVN since EPC must be + * empty at this point. + */ + ret =3D sgx_update_svn(); + + /* + * If EUPDATESVN failed with a non-expected error + * code, return failure to sgx_(vepc_)open and + * do not increment the sgx_usage_count. + */ + if (!ret) + atomic64_inc(&sgx_usage_count); + return ret; } =20 void sgx_dec_usage_count(void) diff --git a/arch/x86/kernel/cpu/sgx/virt.c b/arch/x86/kernel/cpu/sgx/virt.c index 83de0907f32c..e6e29c09c3b9 100644 --- a/arch/x86/kernel/cpu/sgx/virt.c +++ b/arch/x86/kernel/cpu/sgx/virt.c @@ -262,17 +262,27 @@ static int sgx_vepc_release(struct inode *inode, stru= ct file *file) static int sgx_vepc_open(struct inode *inode, struct file *file) { struct sgx_vepc *vepc; + int ret; + + ret =3D sgx_inc_usage_count(); + if (ret) + return -EBUSY; =20 - sgx_inc_usage_count(); vepc =3D kzalloc(sizeof(struct sgx_vepc), GFP_KERNEL); - if (!vepc) - return -ENOMEM; + if (!vepc) { + ret =3D -ENOMEM; + goto err_usage_count; + } mutex_init(&vepc->lock); xa_init(&vepc->page_array); =20 file->private_data =3D vepc; =20 return 0; + +err_usage_count: + sgx_dec_usage_count(); + return ret; } =20 static long sgx_vepc_ioctl(struct file *file, --=20 2.45.2