git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Reinette Chatre <reinette.chatre@intel.com>
	Tue, 10 May 2022 18:08:41 +0000 (11:08 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 13 Mar 2025 11:51:06 +0000 (12:51 +0100)
commit	110a40c5141547dcf239764bf93e1a0c1dddb085
tree	9aa69f343a176733ee4b5cfd92b067320d4548a6	tree
parent	0fb7aa04c19eac4417f360a9f7611a60637bdacc	commit \| diff

x86/sgx: Support loading enclave page without VMA permissions check

[ Upstream commit b3fb517dc6020fec85c82171a909da10c6a6f90a ]

sgx_encl_load_page() is used to find and load an enclave page into
enclave (EPC) memory, potentially loading it from the backing storage.
Both usages of sgx_encl_load_page() are during an access to the
enclave page from a VMA and thus the permissions of the VMA are
considered before the enclave page is loaded.

SGX2 functions operating on enclave pages belonging to an initialized
enclave requiring the page to be in EPC. It is thus required to
support loading enclave pages into the EPC independent from a VMA.

Split the current sgx_encl_load_page() to support the two usages:
A new call, sgx_encl_load_page_in_vma(), behaves exactly like the
current sgx_encl_load_page() that takes VMA permissions into account,
while sgx_encl_load_page() just loads an enclave page into EPC.

VMA, PTE, and EPCM permissions continue to dictate whether
the pages can be accessed from within an enclave.

Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Link: https://lkml.kernel.org/r/d4393513c1f18987c14a490bcf133bfb71a5dc43.1652137848.git.reinette.chatre@intel.com
Stable-dep-of: 0d3e0dfd68fb ("x86/sgx: Fix size overflows in sgx_encl_create()")
Signed-off-by: Sasha Levin <sashal@kernel.org>

arch/x86/kernel/cpu/sgx/encl.c		diff \| blob \| blame \| history
arch/x86/kernel/cpu/sgx/encl.h		diff \| blob \| blame \| history