From nobody Sun Oct 5 16:18:51 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE0A1239E69; Fri, 1 Aug 2025 11:26:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754047603; cv=none; b=fv77WkrvHBpy9cbbJ3sq0bO5a8LFEopg41tMZ25gAlcARJ6v5J2v/rEvXdr/bB/54zxVNpYPTilbfkgKUpnT0aeOoE6KKp0E8fpH1akz649AFS94u9FwkS7NZHljfEXyCwfBw4op3C7Nv7q93vzRBYLt7MzoqCCzpO3NMJoWXEA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754047603; c=relaxed/simple; bh=wdt6Kwvm2hqddw/1GaZbZ5bzXAIOICs3gTIo1FllAXw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JJ3neQMF/sE6t3EyX1HeghTlDeTE1cLLmqXq6SwOFZ5LJ5dHziKa7fg/nGSbnPkON2RyKXZe+t+ZQdN9o8mC9inmAAG3NsgakWLs2gIQB965GlR7BeoLieQVYp+jixsYK+mRzQUlgveja2+9JjLKThqJHKIFTWKiNwWB+t7scbg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=VGx3N9Ej; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="VGx3N9Ej" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1754047602; x=1785583602; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=wdt6Kwvm2hqddw/1GaZbZ5bzXAIOICs3gTIo1FllAXw=; b=VGx3N9EjxI5znjOelLG0STme32Gu1l0Am73tLrsXHYbM0hugukQkJAOH OEkpc3aAxJusencOmUeZWJVUPhqV02DJCM7QpkZFNxB5d6Naqy0HSw5q9 juincEN0waM8EiBD18SMs+iR3QNyQJMVH5gIio3vv8iiGNiI2nj2Ezczt E5VspCeKFaf6DjGwAHwn0q3TN0i7FsO25O5gQseocUpMX/LjyYK+C/vlB fgczmPsaX/kOWIjkbeXVmHYm2jF1fYecB8UJwjMSghzEpgPpwYe+RDRkZ gZWRcyS47SCzZbaXJgNB6cCyPgN20TT1Dl+JAVEiwURMzZKrY97y07wRL A==; X-CSE-ConnectionGUID: vMvImARfRBukgN85yt0rsw== X-CSE-MsgGUID: 10Rz/vCxTZ+8TgLDWVV/1A== X-IronPort-AV: E=McAfee;i="6800,10657,11508"; a="59014761" X-IronPort-AV: E=Sophos;i="6.17,255,1747724400"; d="scan'208";a="59014761" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Aug 2025 04:26:42 -0700 X-CSE-ConnectionGUID: nNffPxKnRWqM7y4eEv9rUw== X-CSE-MsgGUID: +/NctWkXTPuaYdG57Wzc/Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.17,255,1747724400"; d="scan'208";a="167727067" Received: from sschumil-mobl2.ger.corp.intel.com (HELO eresheto-mobl3.ger.corp.intel.com) ([10.245.244.159]) by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Aug 2025 04:26:37 -0700 From: Elena Reshetova To: dave.hansen@intel.com Cc: jarkko@kernel.org, seanjc@google.com, kai.huang@intel.com, mingo@kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, asit.k.mallick@intel.com, vincent.r.scarlata@intel.com, chongc@google.com, erdemaktas@google.com, vannapurve@google.com, bondarn@google.com, scott.raynor@intel.com, Elena Reshetova Subject: [PATCH v10 1/6] x86/sgx: Convert sgx_(vepc_)open to __sgx_(vepc_)open Date: Fri, 1 Aug 2025 14:25:16 +0300 Message-ID: <20250801112619.1117549-2-elena.reshetova@intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20250801112619.1117549-1-elena.reshetova@intel.com> References: <20250801112619.1117549-1-elena.reshetova@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In order to introduce the counting of active sgx users on top of clean functions that allocate vepc structures, covert existing sgx_(vepc_)open to __sgx_(vepc_)open. Later patch will introduce the top level wrappers that manage the usage count. No functional change intended in this patch. Signed-off-by: Elena Reshetova --- arch/x86/kernel/cpu/sgx/driver.c | 4 ++-- arch/x86/kernel/cpu/sgx/virt.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/dri= ver.c index 7f8d1e11dbee..9aa48f455c54 100644 --- a/arch/x86/kernel/cpu/sgx/driver.c +++ b/arch/x86/kernel/cpu/sgx/driver.c @@ -14,7 +14,7 @@ u64 sgx_attributes_reserved_mask; u64 sgx_xfrm_reserved_mask =3D ~0x3; u32 sgx_misc_reserved_mask; =20 -static int sgx_open(struct inode *inode, struct file *file) +static int __sgx_open(struct inode *inode, struct file *file) { struct sgx_encl *encl; int ret; @@ -126,7 +126,7 @@ static long sgx_compat_ioctl(struct file *filep, unsign= ed int cmd, =20 static const struct file_operations sgx_encl_fops =3D { .owner =3D THIS_MODULE, - .open =3D sgx_open, + .open =3D __sgx_open, .release =3D sgx_release, .unlocked_ioctl =3D sgx_ioctl, #ifdef CONFIG_COMPAT diff --git a/arch/x86/kernel/cpu/sgx/virt.c b/arch/x86/kernel/cpu/sgx/virt.c index 7aaa3652e31d..d8fdf7f39215 100644 --- a/arch/x86/kernel/cpu/sgx/virt.c +++ b/arch/x86/kernel/cpu/sgx/virt.c @@ -258,7 +258,7 @@ static int sgx_vepc_release(struct inode *inode, struct= file *file) return 0; } =20 -static int sgx_vepc_open(struct inode *inode, struct file *file) +static int __sgx_vepc_open(struct inode *inode, struct file *file) { struct sgx_vepc *vepc; =20 @@ -291,7 +291,7 @@ static long sgx_vepc_ioctl(struct file *file, =20 static const struct file_operations sgx_vepc_fops =3D { .owner =3D THIS_MODULE, - .open =3D sgx_vepc_open, + .open =3D __sgx_vepc_open, .unlocked_ioctl =3D sgx_vepc_ioctl, .compat_ioctl =3D sgx_vepc_ioctl, .release =3D sgx_vepc_release, --=20 2.45.2 From nobody Sun Oct 5 16:18:51 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2EFD0247284; Fri, 1 Aug 2025 11:26:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754047607; cv=none; b=uXie1xdLzaIvZ8YrSNopREemR9Cs3I6SU1+wLWsbEKl8kO2JwntgSN6YEzo77oqsTwJH7GE0k2UnIpV7JR+xJZeMp69AClNSyBSByO5qa0mmJziKSptCJH7LopqNkL+C5gNTdSjZgbvwQRIl4RaBi187tSLHaLDgCQIKZha0hKM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754047607; c=relaxed/simple; bh=6ux6r9Jb73C0F6i2a4AA6aMrix7MkXzGYxiWJ2H8wrQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=f0TrNj/27XwvXI9SVw4Unm/52sOjxvFd/awkfOyIYroA0PoT28IwFS5nE9195Fk70UNk820iCTWF5X/N62QDDZkLKlJIwn4xlGXO8Gi1w/IRMXB5/HulDl5LeN5zEAXix01UbQzrqI6px3JUTDMfJEkf3C3ST7N+kuzXKzCW3n0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=PPPTj2MA; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="PPPTj2MA" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1754047606; x=1785583606; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=6ux6r9Jb73C0F6i2a4AA6aMrix7MkXzGYxiWJ2H8wrQ=; b=PPPTj2MAwbJPai5Mt6yRmMF4/ij2gtzFQ3wg2J9Nhgg0VVNMzRXebsar 6Gk1FgQ1Euq/+jJ6m89+JYhBp+QX8Tcil03S7YUnSNKm9C9q8t7oyeSFy rQd/qLFUWseF96gRKyw/q93FW3bNiT3XRZfnWljDbVoNPyAN4IRxoVNt4 8bV7xh3yVv9MK9TolUS0Aob4FQPFwSTOSggL9r5T2eqe6LzlOPhWUHIlJ BvS3FLmEoic4RLqm8ZecU2n9bMawcJP6CZjHoINaYaz10JS/e1t3AMIOb yKrS/CIUu3VTHzzh+JbYhKkKDiL1UM28l1koVO8uzkwAOfphwVeVQkv9x w==; X-CSE-ConnectionGUID: wK4+vKgLQHqJFTjipkMyfw== X-CSE-MsgGUID: Z3w782rIQ3K80JIXtiXr3w== X-IronPort-AV: E=McAfee;i="6800,10657,11508"; a="59014770" X-IronPort-AV: E=Sophos;i="6.17,255,1747724400"; d="scan'208";a="59014770" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Aug 2025 04:26:46 -0700 X-CSE-ConnectionGUID: GEFEW/23QnawindgU4pkLA== X-CSE-MsgGUID: +QTx+dImR4KB/gnTyMVz7w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.17,255,1747724400"; d="scan'208";a="167727090" Received: from sschumil-mobl2.ger.corp.intel.com (HELO eresheto-mobl3.ger.corp.intel.com) ([10.245.244.159]) by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Aug 2025 04:26:42 -0700 From: Elena Reshetova To: dave.hansen@intel.com Cc: jarkko@kernel.org, seanjc@google.com, kai.huang@intel.com, mingo@kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, asit.k.mallick@intel.com, vincent.r.scarlata@intel.com, chongc@google.com, erdemaktas@google.com, vannapurve@google.com, bondarn@google.com, scott.raynor@intel.com, Elena Reshetova Subject: [PATCH v10 2/6] x86/sgx: Introduce functions to count the sgx_(vepc_)open() Date: Fri, 1 Aug 2025 14:25:17 +0300 Message-ID: <20250801112619.1117549-3-elena.reshetova@intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20250801112619.1117549-1-elena.reshetova@intel.com> References: <20250801112619.1117549-1-elena.reshetova@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Currently SGX does not have a global counter to count the active users from userspace or hypervisor. Define placeholder functions sgx_inc/dec_usage_count that are used to increment and decrement such a counter. Also, wire the call sites for these functions. The definition of the counter itself and the actual implementation of these two functions comes next. The counter will be used by the driver that would be attempting to call EUPDATESVN SGX instruction only when incrementing from zero. Note: the sgx_inc_usage_count prototype is defined to return int for the cleanliness of the follow-up patches. When the EUPDATESVN SGX instruction will be enabled in the follow-up patch, the sgx_inc_usage_count will start to return int. Suggested-by: Sean Christopherson Signed-off-by: Elena Reshetova --- arch/x86/kernel/cpu/sgx/driver.c | 19 ++++++++++++++++++- arch/x86/kernel/cpu/sgx/encl.c | 1 + arch/x86/kernel/cpu/sgx/main.c | 10 ++++++++++ arch/x86/kernel/cpu/sgx/sgx.h | 3 +++ arch/x86/kernel/cpu/sgx/virt.c | 20 +++++++++++++++++++- 5 files changed, 51 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/dri= ver.c index 9aa48f455c54..79d6020dfe9c 100644 --- a/arch/x86/kernel/cpu/sgx/driver.c +++ b/arch/x86/kernel/cpu/sgx/driver.c @@ -41,6 +41,23 @@ static int __sgx_open(struct inode *inode, struct file *= file) return 0; } =20 +static int sgx_open(struct inode *inode, struct file *file) +{ + int ret; + + ret =3D sgx_inc_usage_count(); + if (ret) + return ret; + + ret =3D __sgx_open(inode, file); + if (ret) { + sgx_dec_usage_count(); + return ret; + } + + return 0; +} + static int sgx_release(struct inode *inode, struct file *file) { struct sgx_encl *encl =3D file->private_data; @@ -126,7 +143,7 @@ static long sgx_compat_ioctl(struct file *filep, unsign= ed int cmd, =20 static const struct file_operations sgx_encl_fops =3D { .owner =3D THIS_MODULE, - .open =3D __sgx_open, + .open =3D sgx_open, .release =3D sgx_release, .unlocked_ioctl =3D sgx_ioctl, #ifdef CONFIG_COMPAT diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 279148e72459..3b54889ae4a4 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -765,6 +765,7 @@ void sgx_encl_release(struct kref *ref) WARN_ON_ONCE(encl->secs.epc_page); =20 kfree(encl); + sgx_dec_usage_count(); } =20 /* diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 2de01b379aa3..3a5cbd1c170e 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -917,6 +917,16 @@ int sgx_set_attribute(unsigned long *allowed_attribute= s, } EXPORT_SYMBOL_GPL(sgx_set_attribute); =20 +int sgx_inc_usage_count(void) +{ + return 0; +} + +void sgx_dec_usage_count(void) +{ + return; +} + static int __init sgx_init(void) { int ret; diff --git a/arch/x86/kernel/cpu/sgx/sgx.h b/arch/x86/kernel/cpu/sgx/sgx.h index d2dad21259a8..f5940393d9bd 100644 --- a/arch/x86/kernel/cpu/sgx/sgx.h +++ b/arch/x86/kernel/cpu/sgx/sgx.h @@ -102,6 +102,9 @@ static inline int __init sgx_vepc_init(void) } #endif =20 +int sgx_inc_usage_count(void); +void sgx_dec_usage_count(void); + void sgx_update_lepubkeyhash(u64 *lepubkeyhash); =20 #endif /* _X86_SGX_H */ diff --git a/arch/x86/kernel/cpu/sgx/virt.c b/arch/x86/kernel/cpu/sgx/virt.c index d8fdf7f39215..b649c0610019 100644 --- a/arch/x86/kernel/cpu/sgx/virt.c +++ b/arch/x86/kernel/cpu/sgx/virt.c @@ -255,6 +255,7 @@ static int sgx_vepc_release(struct inode *inode, struct= file *file) xa_destroy(&vepc->page_array); kfree(vepc); =20 + sgx_dec_usage_count(); return 0; } =20 @@ -273,6 +274,23 @@ static int __sgx_vepc_open(struct inode *inode, struct= file *file) return 0; } =20 +static int sgx_vepc_open(struct inode *inode, struct file *file) +{ + int ret; + + ret =3D sgx_inc_usage_count(); + if (ret) + return ret; + + ret =3D __sgx_vepc_open(inode, file); + if (ret) { + sgx_dec_usage_count(); + return ret; + } + + return 0; +} + static long sgx_vepc_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { @@ -291,7 +309,7 @@ static long sgx_vepc_ioctl(struct file *file, =20 static const struct file_operations sgx_vepc_fops =3D { .owner =3D THIS_MODULE, - .open =3D __sgx_vepc_open, + .open =3D sgx_vepc_open, .unlocked_ioctl =3D sgx_vepc_ioctl, .compat_ioctl =3D sgx_vepc_ioctl, .release =3D sgx_vepc_release, --=20 2.45.2 From nobody Sun Oct 5 16:18:51 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A9F72459EA; Fri, 1 Aug 2025 11:26:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754047613; cv=none; b=irmc1g/3TKwtxJQNTI+32M5fTbGiGrXK/U1obeUnsvt8Q2UtAHGh8PzuQ08b9hRY52QAav5B6lks5Wzbf01SmKnROBHnv48bB6hew6PkBVc666cXFoX1T8sibNcsX75dm3KxxFIx9Z9hWtu2uzhJBtHSJZh8ImDLxBJdQ998hVQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754047613; c=relaxed/simple; bh=p3OfQo+a9uQB6l65p1mAORFqE3su7GRtll6CjNHX3NQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uDLdgUWbOf6ALTCk0f/CnYSMXfTVTXZEwXZS3JVvqg7DvQXhSLIhbwkQ+oxERiUyh6/iZLXFaWKpxbpqwop/pL6alyhWOg5V8QVF1ZgvpEAhlkZdBQBSS2LTJdrWjaG1tmKpPxXidjHXLmZs2k12SsMK4+uTQoLgCoZn5V1VscY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=EgApgbzu; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="EgApgbzu" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1754047612; x=1785583612; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=p3OfQo+a9uQB6l65p1mAORFqE3su7GRtll6CjNHX3NQ=; b=EgApgbzuqDcMeV8tGv9WZYs8m5oPHI25OktbuPsmnWsErjiI95u+zJTX J9ksxvphYctm9BK7hC1S1UV++/7N8yL/Br1QglLxrujFRxJz274BDB9uM WxevEFNqL8EWNrb0imYOb0U0jPKeRPd9XfaG+rFDkBFgZaoFFGTPViq4v 1UEV0yt3BnBfqkY+iM8U4MlfRMIWi/Qrg6CxYx5QDRgxaisSwjeCtmsA9 E7wGidrDuIYugVrO1B7iLca2oJebMpHzXgWovFeVq9a6AbyFpwXfREidC VTf8r14DzG21IHiTR7xOBDi5TUHnu6CnkFGN/KI9RqtLqwNW0F4JGS9Rc g==; X-CSE-ConnectionGUID: UJYMuC1RQQm8nfo0PYEfrQ== X-CSE-MsgGUID: FCdEJ5AEQnu/std+SWAyGg== X-IronPort-AV: E=McAfee;i="6800,10657,11508"; a="59014780" X-IronPort-AV: E=Sophos;i="6.17,255,1747724400"; d="scan'208";a="59014780" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Aug 2025 04:26:51 -0700 X-CSE-ConnectionGUID: I4lC5i/oRcO3oBRqNNoBlg== X-CSE-MsgGUID: +gsR9cUzRpODlUK7WuTxJA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.17,255,1747724400"; d="scan'208";a="167727121" Received: from sschumil-mobl2.ger.corp.intel.com (HELO eresheto-mobl3.ger.corp.intel.com) ([10.245.244.159]) by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Aug 2025 04:26:46 -0700 From: Elena Reshetova To: dave.hansen@intel.com Cc: jarkko@kernel.org, seanjc@google.com, kai.huang@intel.com, mingo@kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, asit.k.mallick@intel.com, vincent.r.scarlata@intel.com, chongc@google.com, erdemaktas@google.com, vannapurve@google.com, bondarn@google.com, scott.raynor@intel.com, Elena Reshetova Subject: [PATCH v10 3/6] x86/cpufeatures: Add X86_FEATURE_SGX_EUPDATESVN feature flag Date: Fri, 1 Aug 2025 14:25:18 +0300 Message-ID: <20250801112619.1117549-4-elena.reshetova@intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20250801112619.1117549-1-elena.reshetova@intel.com> References: <20250801112619.1117549-1-elena.reshetova@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a flag indicating whenever ENCLS[EUPDATESVN] SGX instruction is supported. This will be used by SGX driver to perform CPU SVN updates. Signed-off-by: Elena Reshetova --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/kernel/cpu/cpuid-deps.c | 1 + arch/x86/kernel/cpu/scattered.c | 1 + tools/arch/x86/include/asm/cpufeatures.h | 1 + 4 files changed, 4 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index 602957dd2609..830d24ff1ada 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -494,6 +494,7 @@ #define X86_FEATURE_TSA_SQ_NO (21*32+11) /* AMD CPU not vulnerable to TSA= -SQ */ #define X86_FEATURE_TSA_L1_NO (21*32+12) /* AMD CPU not vulnerable to TSA= -L1 */ #define X86_FEATURE_CLEAR_CPU_BUF_VM (21*32+13) /* Clear CPU buffers using= VERW before VMRUN */ +#define X86_FEATURE_SGX_EUPDATESVN (21*32+14) /* Support for ENCLS[EUPDATE= SVN] instruction */ =20 /* * BUG word(s) diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-d= eps.c index 46efcbd6afa4..3d9f49ad0efd 100644 --- a/arch/x86/kernel/cpu/cpuid-deps.c +++ b/arch/x86/kernel/cpu/cpuid-deps.c @@ -79,6 +79,7 @@ static const struct cpuid_dep cpuid_deps[] =3D { { X86_FEATURE_SGX_LC, X86_FEATURE_SGX }, { X86_FEATURE_SGX1, X86_FEATURE_SGX }, { X86_FEATURE_SGX2, X86_FEATURE_SGX1 }, + { X86_FEATURE_SGX_EUPDATESVN, X86_FEATURE_SGX1 }, { X86_FEATURE_SGX_EDECCSSA, X86_FEATURE_SGX1 }, { X86_FEATURE_XFD, X86_FEATURE_XSAVES }, { X86_FEATURE_XFD, X86_FEATURE_XGETBV1 }, diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattere= d.c index b4a1f6732a3a..d13444d11ba0 100644 --- a/arch/x86/kernel/cpu/scattered.c +++ b/arch/x86/kernel/cpu/scattered.c @@ -42,6 +42,7 @@ static const struct cpuid_bit cpuid_bits[] =3D { { X86_FEATURE_PER_THREAD_MBA, CPUID_ECX, 0, 0x00000010, 3 }, { X86_FEATURE_SGX1, CPUID_EAX, 0, 0x00000012, 0 }, { X86_FEATURE_SGX2, CPUID_EAX, 1, 0x00000012, 0 }, + { X86_FEATURE_SGX_EUPDATESVN, CPUID_EAX, 10, 0x00000012, 0 }, { X86_FEATURE_SGX_EDECCSSA, CPUID_EAX, 11, 0x00000012, 0 }, { X86_FEATURE_HW_PSTATE, CPUID_EDX, 7, 0x80000007, 0 }, { X86_FEATURE_CPB, CPUID_EDX, 9, 0x80000007, 0 }, diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/incl= ude/asm/cpufeatures.h index ee176236c2be..78c3894c17c1 100644 --- a/tools/arch/x86/include/asm/cpufeatures.h +++ b/tools/arch/x86/include/asm/cpufeatures.h @@ -487,6 +487,7 @@ #define X86_FEATURE_PREFER_YMM (21*32+ 8) /* Avoid ZMM registers due to d= ownclocking */ #define X86_FEATURE_APX (21*32+ 9) /* Advanced Performance Extensions */ #define X86_FEATURE_INDIRECT_THUNK_ITS (21*32+10) /* Use thunk for indirec= t branches in lower half of cacheline */ +#define X86_FEATURE_SGX_EUPDATESVN (21*32+14) /* Support for ENCLS[EUPDATE= SVN] instruction */ =20 /* * BUG word(s) --=20 2.45.2 From nobody Sun Oct 5 16:18:51 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 387CE24FC09; Fri, 1 Aug 2025 11:26:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754047617; cv=none; b=m8lXucTxc7OdF/v5kdcaOHPVaMwQV+m0RHPkiIHMPO03s/LtwmDK2TfBG2xpjHSZSBhku9Joejvd1k/zyoYyS/XRnz92lM35QYjeydsb7odXwsFRl6C0kKjgwaYFxd+8uCGSZENybqD5olg/1tovpzgo3FrHooxQudFFaY+TDMo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754047617; c=relaxed/simple; bh=5tn1s0xpEgieBaW2rEVLCUgMZNIIbtgh5f8AiANQjxI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uefgWAnZCL6PkiM4L5kMN7x5ZJUkkRNi2qx6O64AMKlRD3SxSOtJECP5ZYkLK5QcG7A/9p4HfeMSj0QTPO7TsqOBca++gQdao86rB8Iovp9RQ3saPHRrB2XM9slLTqa0hAu/rqic26NEwt+KWKS/8/MgwFMla9H5x9c6a1CVa3k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Ot7stSWa; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Ot7stSWa" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1754047616; x=1785583616; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=5tn1s0xpEgieBaW2rEVLCUgMZNIIbtgh5f8AiANQjxI=; b=Ot7stSWaS/pxQVUgNMh6bMqL6Kv8U6PZK1e+stLZj7V9au401nvSb814 URrIWjXpTuRkmzkpLvwmm6iDK7xqCYYnTy3ctX5pOy0Dy+MO9AVta71sN EtCpqA+VUpdhMNGwOv0hlKViR2dhXDA5yjTVGmfMFbQIJyiFNAVT6wVAU 6A26JfGv3nVs83JX4ogcL/Y5Z/5i0HKLntwVbKNQhAaAhXZwWzwD7+piK qrlc8jFbXlQhbrDksjhdKYkK1HbDpy5+n2ZMbofnsDft0JoY9SYhL/Msr fXqKc9aO5zn6VIS1TDhsNY/VWG46PLGW9w6f1h0CzHV7PvVg92VYw+u++ A==; X-CSE-ConnectionGUID: kPgB80l5Toi5rMlrEnfrAw== X-CSE-MsgGUID: M/bWmChgT22RosT3Q65RCQ== X-IronPort-AV: E=McAfee;i="6800,10657,11508"; a="59014790" X-IronPort-AV: E=Sophos;i="6.17,255,1747724400"; d="scan'208";a="59014790" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Aug 2025 04:26:56 -0700 X-CSE-ConnectionGUID: WkDXbp40TpWjxn6aOgi5Wg== X-CSE-MsgGUID: ifQ/OmVlSm+BdvTrH8HIlQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.17,255,1747724400"; d="scan'208";a="167727137" Received: from sschumil-mobl2.ger.corp.intel.com (HELO eresheto-mobl3.ger.corp.intel.com) ([10.245.244.159]) by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Aug 2025 04:26:51 -0700 From: Elena Reshetova To: dave.hansen@intel.com Cc: jarkko@kernel.org, seanjc@google.com, kai.huang@intel.com, mingo@kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, asit.k.mallick@intel.com, vincent.r.scarlata@intel.com, chongc@google.com, erdemaktas@google.com, vannapurve@google.com, bondarn@google.com, scott.raynor@intel.com, Elena Reshetova Subject: [PATCH v10 4/6] x86/sgx: Define error codes for use by ENCLS[EUPDATESVN] Date: Fri, 1 Aug 2025 14:25:19 +0300 Message-ID: <20250801112619.1117549-5-elena.reshetova@intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20250801112619.1117549-1-elena.reshetova@intel.com> References: <20250801112619.1117549-1-elena.reshetova@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add error codes for ENCLS[EUPDATESVN], then SGX CPUSVN update process can know the execution state of EUPDATESVN and notify userspace. Signed-off-by: Elena Reshetova --- arch/x86/include/asm/sgx.h | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h index 6a0069761508..1abf1461fab6 100644 --- a/arch/x86/include/asm/sgx.h +++ b/arch/x86/include/asm/sgx.h @@ -28,21 +28,22 @@ #define SGX_CPUID_EPC_MASK GENMASK(3, 0) =20 enum sgx_encls_function { - ECREATE =3D 0x00, - EADD =3D 0x01, - EINIT =3D 0x02, - EREMOVE =3D 0x03, - EDGBRD =3D 0x04, - EDGBWR =3D 0x05, - EEXTEND =3D 0x06, - ELDU =3D 0x08, - EBLOCK =3D 0x09, - EPA =3D 0x0A, - EWB =3D 0x0B, - ETRACK =3D 0x0C, - EAUG =3D 0x0D, - EMODPR =3D 0x0E, - EMODT =3D 0x0F, + ECREATE =3D 0x00, + EADD =3D 0x01, + EINIT =3D 0x02, + EREMOVE =3D 0x03, + EDGBRD =3D 0x04, + EDGBWR =3D 0x05, + EEXTEND =3D 0x06, + ELDU =3D 0x08, + EBLOCK =3D 0x09, + EPA =3D 0x0A, + EWB =3D 0x0B, + ETRACK =3D 0x0C, + EAUG =3D 0x0D, + EMODPR =3D 0x0E, + EMODT =3D 0x0F, + EUPDATESVN =3D 0x18, }; =20 /** @@ -73,6 +74,10 @@ enum sgx_encls_function { * public key does not match IA32_SGXLEPUBKEYHASH. * %SGX_PAGE_NOT_MODIFIABLE: The EPC page cannot be modified because it * is in the PENDING or MODIFIED state. + * %SGX_INSUFFICIENT_ENTROPY: Insufficient entropy in RNG. + * %SGX_NO_UPDATE: EUPDATESVN was successful, but CPUSVN was not + * updated because current SVN was not newer than + * CPUSVN. * %SGX_UNMASKED_EVENT: An unmasked event, e.g. INTR, was received */ enum sgx_return_code { @@ -81,6 +86,8 @@ enum sgx_return_code { SGX_CHILD_PRESENT =3D 13, SGX_INVALID_EINITTOKEN =3D 16, SGX_PAGE_NOT_MODIFIABLE =3D 20, + SGX_INSUFFICIENT_ENTROPY =3D 29, + SGX_NO_UPDATE =3D 31, SGX_UNMASKED_EVENT =3D 128, }; =20 --=20 2.45.2 From nobody Sun Oct 5 16:18:51 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E90F256C9E; Fri, 1 Aug 2025 11:27:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754047622; cv=none; b=hmO0tsf8nxTwAr0HDcpne1o9A8xqwzUyMJcyiCl22+9altf1ChtVw/pjE6mpySGa/6n8WcTt1eEhL+EiDqybcMTQLJSBSs69MO2uHUKv/S7CbqTK6rlbUvL674tw1HQoVvf8TFRL0ExptPwE2a23ubox3r+pkwz+NY6n5RorF8A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754047622; c=relaxed/simple; bh=waQSS8lQtqKDF5mbBlxrqVPnZyho6V6cX5HgIOr7jEs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lpTsKDy96/N3HiTP51ER+PJtrAJiOWUmMg5te/Jy0uOja8q0uV+RM+2ux7FZJWhIXspEXl32s3JqrvBAM8n3Jo8U4N91Iu2bF4JhaD4Ma8WbWUMMCp1Aoc3Kij8imwXwd4Rb1po6KczL60KkrNWM3+BKttGrmn/GpfeF0B9ZV0E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=QAek5OLr; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="QAek5OLr" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1754047621; x=1785583621; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=waQSS8lQtqKDF5mbBlxrqVPnZyho6V6cX5HgIOr7jEs=; b=QAek5OLr+MKr6i354yKP3X84+4odI8oJwhCEzcijVqMQ7LgHGclYHl6g IuQ/mF+N/9o4EKRd81/EWiNjiXNcvJxXr3V1THaTOrvSkC/Qv8WVhGm6p 32lalNkxMhXy0VGV+YzjpWhzdGA2g1YnJ5gkC+CAC+iJQ3B0DyKV0xY6I zLLjxm72btW82FmyLKLqcJvxbtR2eDFfCWGQyNury+3s+eJMRCpvxT5tE vzuUIfZ9mCuIQTTh0LIS2j6BZVtKopcKROunKx4PipubYDGQahfcSug8C eEUDfoxqMcT+vNHgxIbbtVLbykqmr5ehUJxWwLLuxh/KI+NmcUvUMmn/x A==; X-CSE-ConnectionGUID: 1WK4RQu/Rseivi5mVEcOSg== X-CSE-MsgGUID: TCyIao6UT3Gb7kOYUXZmVw== X-IronPort-AV: E=McAfee;i="6800,10657,11508"; a="59014798" X-IronPort-AV: E=Sophos;i="6.17,255,1747724400"; d="scan'208";a="59014798" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Aug 2025 04:27:01 -0700 X-CSE-ConnectionGUID: A1NT59jfS/uqF0/Q0kYoSg== X-CSE-MsgGUID: m0vogk60R0SAAyHpMCWyWg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.17,255,1747724400"; d="scan'208";a="167727154" Received: from sschumil-mobl2.ger.corp.intel.com (HELO eresheto-mobl3.ger.corp.intel.com) ([10.245.244.159]) by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Aug 2025 04:26:56 -0700 From: Elena Reshetova To: dave.hansen@intel.com Cc: jarkko@kernel.org, seanjc@google.com, kai.huang@intel.com, mingo@kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, asit.k.mallick@intel.com, vincent.r.scarlata@intel.com, chongc@google.com, erdemaktas@google.com, vannapurve@google.com, bondarn@google.com, scott.raynor@intel.com, Elena Reshetova Subject: [PATCH v10 5/6] x86/sgx: Implement ENCLS[EUPDATESVN] Date: Fri, 1 Aug 2025 14:25:20 +0300 Message-ID: <20250801112619.1117549-6-elena.reshetova@intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20250801112619.1117549-1-elena.reshetova@intel.com> References: <20250801112619.1117549-1-elena.reshetova@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" All running enclaves and cryptographic assets (such as internal SGX encryption keys) are assumed to be compromised whenever an SGX-related microcode update occurs. To mitigate this assumed compromise the new supervisor SGX instruction ENCLS[EUPDATESVN] can generate fresh cryptographic assets. Before executing EUPDATESVN, all SGX memory must be marked as unused. This requirement ensures that no potentially compromised enclave survives the update and allows the system to safely regenerate cryptographic assets. Add the method to perform ENCLS[EUPDATESVN]. Signed-off-by: Elena Reshetova --- arch/x86/kernel/cpu/sgx/encls.h | 5 +++ arch/x86/kernel/cpu/sgx/main.c | 61 +++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/arch/x86/kernel/cpu/sgx/encls.h b/arch/x86/kernel/cpu/sgx/encl= s.h index 99004b02e2ed..d9160c89a93d 100644 --- a/arch/x86/kernel/cpu/sgx/encls.h +++ b/arch/x86/kernel/cpu/sgx/encls.h @@ -233,4 +233,9 @@ static inline int __eaug(struct sgx_pageinfo *pginfo, v= oid *addr) return __encls_2(EAUG, pginfo, addr); } =20 +/* Attempt to update CPUSVN at runtime. */ +static inline int __eupdatesvn(void) +{ + return __encls_ret_1(EUPDATESVN, ""); +} #endif /* _X86_ENCLS_H */ diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 3a5cbd1c170e..5aae0c881963 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "driver.h" #include "encl.h" #include "encls.h" @@ -917,6 +918,66 @@ int sgx_set_attribute(unsigned long *allowed_attribute= s, } EXPORT_SYMBOL_GPL(sgx_set_attribute); =20 +/** + * sgx_update_svn() - Attempt to call ENCLS[EUPDATESVN]. + * This instruction attempts to update CPUSVN to the + * currently loaded microcode update SVN and generate new + * cryptographic assets. Must be called when EPC is empty. + * Most of the time, there will be no update and that's OK. + * If the failure is due to SGX_INSUFFICIENT_ENTROPY, the + * operation can be safely retried. In other failure cases, + * the retry should not be attempted. + * + * Return: + * 0: Success or not supported + * -EAGAIN: Can be safely retried, failure is due to lack of + * entropy in RNG. + * -EIO: Unexpected error, retries are not advisable. + */ +static int __maybe_unused sgx_update_svn(void) +{ + int ret; + + /* + * If EUPDATESVN is not available, it is ok to + * silently skip it to comply with legacy behavior. + */ + if (!cpu_feature_enabled(X86_FEATURE_SGX_EUPDATESVN)) + return 0; + + for (int i =3D 0; i < RDRAND_RETRY_LOOPS; i++) { + ret =3D __eupdatesvn(); + + /* Stop on success or unexpected errors: */ + if (ret !=3D SGX_INSUFFICIENT_ENTROPY) + break; + } + + /* + * SVN successfully updated. + * Let users know when the update was successful. + */ + if (!ret) + pr_info("SVN updated successfully\n"); + + if (!ret || ret =3D=3D SGX_NO_UPDATE) + return 0; + + /* + * SVN update failed due to lack of entropy in DRNG. + * Indicate to userspace that it should retry. + */ + if (ret =3D=3D SGX_INSUFFICIENT_ENTROPY) + return -EAGAIN; + + /* + * EUPDATESVN was called when EPC is empty, all other error + * codes are unexpected. + */ + ENCLS_WARN(ret, "EUPDATESVN"); + return -EIO; +} + int sgx_inc_usage_count(void) { return 0; --=20 2.45.2 From nobody Sun Oct 5 16:18:51 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F3CD25FA0E; Fri, 1 Aug 2025 11:27:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754047626; cv=none; b=Es3yX37czaaWctFfihiqE/kiOhjAkc3U91l8fVgz4chyn4TbRxVOSb/s8TGSnVKou35I+s61YGGrqKnxMtVw54BaG99wGneNu3+pui235VS1WaLT6JBDrzQJPMPqr0T//pHB5Z3K6BB5HRtqpTPrDy1SmAoIEmU2MSA+OhCs+UI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754047626; c=relaxed/simple; bh=EqzZR6x+jlTAFlsZNXoNtgbomi6NZavFwSY55lkKRek=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=hYYYaA3IT235YHvXricyosuhGrtveiovWczfhkC9pWiAnlyYzQUuOu3Eq3ugjg6KyFZDPvTx6xNFah8/KffwzeieVn3G3fcYVvfZdM0/p/R/dbxLxu6pFhkMyQ74Z3uEV6oiA9cIvbwWuRdCztDSgIypU4A2Jv8Sq8uqmjOIdwM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=mDOiapPm; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="mDOiapPm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1754047625; x=1785583625; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=EqzZR6x+jlTAFlsZNXoNtgbomi6NZavFwSY55lkKRek=; b=mDOiapPmDic3Kf8Xo7aj7odPYce5KMArTp1UToSRtXca0qXwgZAi6Fzd 4vJT1Lc1N85YK0c17EWy+ZyQiz8leAcPcoj0x36FnVADPbm7w33gJtt8b rZXXcC7SsrBZ6KbeEe+gM2Cz415DFPhKTfvAxeZxIfJouB2yFNZe7EXMU qOoFHw1LYksDaEww+WPeoAvliQF+8Xz+90uK2EP6myBt9XoM3K2uQDBdm lFuV6lp1ZXJ44MFIClzBi6SHk0TGIfU+NkZ57RpBJNZcdaf26HrLB6+5O RZDphxHaytEAsDLboEQzFSOdzioCSY/jZino3Dr4dUJjZ6ZQBF2x9g3AJ Q==; X-CSE-ConnectionGUID: 7OpwAb9QSH+5AEcoPrT30w== X-CSE-MsgGUID: ZBFLU9ckQdSiTNWoxtNIow== X-IronPort-AV: E=McAfee;i="6800,10657,11508"; a="59014812" X-IronPort-AV: E=Sophos;i="6.17,255,1747724400"; d="scan'208";a="59014812" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Aug 2025 04:27:05 -0700 X-CSE-ConnectionGUID: MBSxvSPrRl+qcyuhEXYxuw== X-CSE-MsgGUID: uUyBRwnHQYiexbMolYIusw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.17,255,1747724400"; d="scan'208";a="167727170" Received: from sschumil-mobl2.ger.corp.intel.com (HELO eresheto-mobl3.ger.corp.intel.com) ([10.245.244.159]) by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Aug 2025 04:27:01 -0700 From: Elena Reshetova To: dave.hansen@intel.com Cc: jarkko@kernel.org, seanjc@google.com, kai.huang@intel.com, mingo@kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, asit.k.mallick@intel.com, vincent.r.scarlata@intel.com, chongc@google.com, erdemaktas@google.com, vannapurve@google.com, bondarn@google.com, scott.raynor@intel.com, Elena Reshetova Subject: [PATCH v10 6/6] x86/sgx: Enable automatic SVN updates for SGX enclaves Date: Fri, 1 Aug 2025 14:25:21 +0300 Message-ID: <20250801112619.1117549-7-elena.reshetova@intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20250801112619.1117549-1-elena.reshetova@intel.com> References: <20250801112619.1117549-1-elena.reshetova@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable =3D=3D Background =3D=3D ENCLS[EUPDATESVN] is a new SGX instruction [1] which allows enclave attestation to include information about updated microcode SVN without a reboot. Before an EUPDATESVN operation can be successful, all SGX memory (aka. EPC) must be marked as =E2=80=9Cunused=E2=80=9D in the SGX hardware m= etadata (aka.EPCM). This requirement ensures that no compromised enclave can survive the EUPDATESVN procedure and provides an opportunity to generate new cryptographic assets. =3D=3D Solution =3D=3D Attempt to execute ENCLS[EUPDATESVN] every time the first file descriptor is obtained via sgx_(vepc_)open(). In the most common case the microcode SVN is already up-to-date, and the operation succeeds without updating SVN. Note: while in such cases the underlying CR_BASE_KEY is regenrated, it does not affect enclaves' visible keys obtained via EGETKEY instruction. If it fails with any other error code than SGX_INSUFFICIENT_ENTROPY, this is considered unexpected and the *open() returns an error. This should not happen in practice. On contrary, SGX_INSUFFICIENT_ENTROPY might happen due to a pressure on the system's DRNG (RDSEED) and therefore the *open() can be safely retried to allow normal enclave operation. [1] Runtime Microcode Updates with Intel Software Guard Extensions, https://cdrdv2.intel.com/v1/dl/getContent/648682 Signed-off-by: Elena Reshetova --- arch/x86/kernel/cpu/sgx/main.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 5aae0c881963..6a5d5cd726f6 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -934,7 +934,7 @@ EXPORT_SYMBOL_GPL(sgx_set_attribute); * entropy in RNG. * -EIO: Unexpected error, retries are not advisable. */ -static int __maybe_unused sgx_update_svn(void) +static int sgx_update_svn(void) { int ret; =20 @@ -978,14 +978,25 @@ static int __maybe_unused sgx_update_svn(void) return -EIO; } =20 +/* Counter to count the active SGX users */ +static int sgx_usage_count; + +/* Mutex to ensure no concurrent EPC accesses during EUPDATESVN */ +static DEFINE_MUTEX(sgx_svn_lock); + int sgx_inc_usage_count(void) { + guard(mutex)(&sgx_svn_lock); + + if (sgx_usage_count++ =3D=3D 0) + return sgx_update_svn(); + return 0; } =20 void sgx_dec_usage_count(void) { - return; + sgx_usage_count--; } =20 static int __init sgx_init(void) --=20 2.45.2