Commit 888d2491 authored by Jarkko Sakkinen's avatar Jarkko Sakkinen Committed by Borislav Petkov
Browse files

x86/sgx: Add SGX_IOC_ENCLAVE_CREATE 



Add an ioctl() that performs the ECREATE function of the ENCLS
instruction, which creates an SGX Enclave Control Structure (SECS).

Although the SECS is an in-memory data structure, it is present in
enclave memory and is not directly accessible by software.

Co-developed-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Tested-by: default avatarJethro Beekman <jethro@fortanix.com>
Link: https://lkml.kernel.org/r/20201112220135.165028-13-jarkko@kernel.org
parent 3fe0778e

Documentation/userspace-api/ioctl/ioctl-number.rst

+1 −0
Original line number Diff line number Diff line
@@ -323,6 +323,7 @@ Code Seq# Include File Comments 
                                                                     <mailto:tlewis@mindspring.com>

0xA3  90-9F  linux/dtlk.h

0xA4  00-1F  uapi/linux/tee.h                                        Generic TEE subsystem

0xA4  00-1F  uapi/asm/sgx.h                                          <mailto:linux-sgx@vger.kernel.org>

0xAA  00-3F  linux/uapi/linux/userfaultfd.h

0xAB  00-1F  linux/nbd.h

0xAC  00-1F  linux/raw.h

arch/x86/include/uapi/asm/sgx.h

0 → 100644
+25 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */

/*

 * Copyright(c) 2016-20 Intel Corporation.

 */

#ifndef _UAPI_ASM_X86_SGX_H

#define _UAPI_ASM_X86_SGX_H



#include <linux/types.h>

#include <linux/ioctl.h>



#define SGX_MAGIC 0xA4



#define SGX_IOC_ENCLAVE_CREATE \

	_IOW(SGX_MAGIC, 0x00, struct sgx_enclave_create)



/**

 * struct sgx_enclave_create - parameter structure for the

 *                             %SGX_IOC_ENCLAVE_CREATE ioctl

 * @src:	address for the SECS page data

 */

struct sgx_enclave_create  {

	__u64	src;

};



#endif /* _UAPI_ASM_X86_SGX_H */

arch/x86/kernel/cpu/sgx/Makefile

+1 −0
Original line number Diff line number Diff line 
obj-y += \

	driver.o \

	encl.o \

	ioctl.o \

	main.o

arch/x86/kernel/cpu/sgx/driver.c

+12 −0
Original line number Diff line number Diff line
@@ -88,10 +88,22 @@ static unsigned long sgx_get_unmapped_area(struct file *file, 
	return current->mm->get_unmapped_area(file, addr, len, pgoff, flags);

}



#ifdef CONFIG_COMPAT

static long sgx_compat_ioctl(struct file *filep, unsigned int cmd,

			      unsigned long arg)

{

	return sgx_ioctl(filep, cmd, arg);

}

#endif



static const struct file_operations sgx_encl_fops = {

	.owner			= THIS_MODULE,

	.open			= sgx_open,

	.release		= sgx_release,

	.unlocked_ioctl		= sgx_ioctl,

#ifdef CONFIG_COMPAT

	.compat_ioctl		= sgx_compat_ioctl,

#endif

	.mmap			= sgx_mmap,

	.get_unmapped_area	= sgx_get_unmapped_area,

};

arch/x86/kernel/cpu/sgx/driver.h

+3 −0
Original line number Diff line number Diff line
@@ -9,8 +9,11 @@ 
#include <linux/rwsem.h>

#include <linux/sched.h>

#include <linux/workqueue.h>

#include <uapi/asm/sgx.h>

#include "sgx.h"



long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg);



int sgx_drv_init(void);



#endif /* __ARCH_X86_SGX_DRIVER_H__ */