// SPDX-License-Identifier: GPL-2.0 /* * Device driver to expose SGX enclave memory to KVM guests. * * Copyright(c) 2021 Intel Corporation. */ #include <linux/miscdevice.h> #include <linux/mm.h> #include <linux/mman.h> #include <linux/sched/mm.h> #include <linux/sched/signal.h> #include <linux/slab.h> #include <linux/xarray.h> #include <asm/sgx.h> #include <uapi/asm/sgx.h> #include "encls.h" #include "sgx.h" struct sgx_vepc { … }; /* * Temporary SECS pages that cannot be EREMOVE'd due to having child in other * virtual EPC instances, and the lock to protect it. */ static struct mutex zombie_secs_pages_lock; static struct list_head zombie_secs_pages; static int __sgx_vepc_fault(struct sgx_vepc *vepc, struct vm_area_struct *vma, unsigned long addr) { … } static vm_fault_t sgx_vepc_fault(struct vm_fault *vmf) { … } static const struct vm_operations_struct sgx_vepc_vm_ops = …; static int sgx_vepc_mmap(struct file *file, struct vm_area_struct *vma) { … } static int sgx_vepc_remove_page(struct sgx_epc_page *epc_page) { … } static int sgx_vepc_free_page(struct sgx_epc_page *epc_page) { … } static long sgx_vepc_remove_all(struct sgx_vepc *vepc) { … } static int sgx_vepc_release(struct inode *inode, struct file *file) { … } static int sgx_vepc_open(struct inode *inode, struct file *file) { … } static long sgx_vepc_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { … } static const struct file_operations sgx_vepc_fops = …; static struct miscdevice sgx_vepc_dev = …; int __init sgx_vepc_init(void) { … } /** * sgx_virt_ecreate() - Run ECREATE on behalf of guest * @pageinfo: Pointer to PAGEINFO structure * @secs: Userspace pointer to SECS page * @trapnr: trap number injected to guest in case of ECREATE error * * Run ECREATE on behalf of guest after KVM traps ECREATE for the purpose * of enforcing policies of guest's enclaves, and return the trap number * which should be injected to guest in case of any ECREATE error. * * Return: * - 0: ECREATE was successful. * - <0: on error. */ int sgx_virt_ecreate(struct sgx_pageinfo *pageinfo, void __user *secs, int *trapnr) { … } EXPORT_SYMBOL_GPL(…); static int __sgx_virt_einit(void __user *sigstruct, void __user *token, void __user *secs) { … } /** * sgx_virt_einit() - Run EINIT on behalf of guest * @sigstruct: Userspace pointer to SIGSTRUCT structure * @token: Userspace pointer to EINITTOKEN structure * @secs: Userspace pointer to SECS page * @lepubkeyhash: Pointer to guest's *virtual* SGX_LEPUBKEYHASH MSR values * @trapnr: trap number injected to guest in case of EINIT error * * Run EINIT on behalf of guest after KVM traps EINIT. If SGX_LC is available * in host, SGX driver may rewrite the hardware values at wish, therefore KVM * needs to update hardware values to guest's virtual MSR values in order to * ensure EINIT is executed with expected hardware values. * * Return: * - 0: EINIT was successful. * - <0: on error. */ int sgx_virt_einit(void __user *sigstruct, void __user *token, void __user *secs, u64 *lepubkeyhash, int *trapnr) { … } EXPORT_SYMBOL_GPL(…);
Codebase Browser
linux