Index: sys/amd64/include/cpufunc.h =================================================================== --- sys/amd64/include/cpufunc.h +++ sys/amd64/include/cpufunc.h @@ -802,6 +802,97 @@ write_rflags(rflags); } +enum { + SGX_ECREATE = 0x0, + SGX_EADD = 0x1, + SGX_EINIT = 0x2, + SGX_EREMOVE = 0x3, + SGX_EDGBRD = 0x4, + SGX_EDGBWR = 0x5, + SGX_EEXTEND = 0x6, + SGX_ELDU = 0x8, + SGX_EBLOCK = 0x9, + SGX_EPA = 0xA, + SGX_EWB = 0xB, + SGX_ETRACK = 0xC, +}; + +enum { + SGX_PT_SECS = 0x00, + SGX_PT_TCS = 0x01, + SGX_PT_REG = 0x02, + SGX_PT_VA = 0x03, + SGX_PT_TRIM = 0x04, +}; + +static __inline int +sgx_encls(uint64_t rax, uint64_t rbx, uint64_t rcx, uint64_t rdx) +{ + int oeax; + + __asm __volatile( + ".byte 0x0f, 0x01, 0xcf" + :"=a"(oeax) + :"a"((uint32_t)rax), + "b"(rbx), + "c"(rcx), + "d"(rdx) + :"memory"); + + return (oeax); +} + +static __inline void +sgx_ecreate(void *pginfo, void *secs) +{ + + sgx_encls(SGX_ECREATE, (uint64_t)pginfo, (uint64_t)secs, 0); +} + +static __inline void +sgx_eadd(void *pginfo, void *epc) +{ + + sgx_encls(SGX_EADD, (uint64_t)pginfo, (uint64_t)epc, 0); +} + +static __inline int +sgx_einit(void *sigstruct, void *secs, void *einittoken) +{ + + return (sgx_encls(SGX_EINIT, (uint64_t)sigstruct, + (uint64_t)secs, (uint64_t)einittoken)); +} + +static __inline void +sgx_eextend(void *secs, void *epc) +{ + + sgx_encls(SGX_EEXTEND, (uint64_t)secs, (uint64_t)epc, 0); +} + +static __inline void +sgx_epa(void *epc) +{ + + sgx_encls(SGX_EPA, SGX_PT_VA, (uint64_t)epc, 0); +} + +static __inline int +sgx_eldu(uint64_t rbx, uint64_t rcx, + uint64_t rdx) +{ + + return (sgx_encls(SGX_ELDU, rbx, rcx, rdx)); +} + +static __inline void +sgx_eremove(void *epc) +{ + + sgx_encls(SGX_EREMOVE, 0, (uint64_t)epc, 0); +} + #else /* !(__GNUCLIKE_ASM && __CC_SUPPORTS___INLINE) */ int breakpoint(void); Index: sys/amd64/include/sgx.h =================================================================== --- /dev/null +++ sys/amd64/include/sgx.h @@ -0,0 +1,64 @@ +/*- + * Copyright (c) 2017 Ruslan Bukin + * All rights reserved. + * + * This software was developed by BAE Systems, the University of Cambridge + * Computer Laboratory, and Memorial University under DARPA/AFRL contract + * FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent Computing + * (TC) research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +/* User-visible header. */ + +#ifndef _MACHINE_SGX_H_ +#define _MACHINE_SGX_H_ + +#define SGX_MAGIC 0xA4 +#define SGX_IOC_ENCLAVE_CREATE \ + _IOW(SGX_MAGIC, 0x00, struct sgx_enclave_create) +#define SGX_IOC_ENCLAVE_ADD_PAGE \ + _IOW(SGX_MAGIC, 0x01, struct sgx_enclave_add_page) +#define SGX_IOC_ENCLAVE_INIT \ + _IOW(SGX_MAGIC, 0x02, struct sgx_enclave_init) + +struct sgx_enclave_create { + uint64_t src; +} __packed; + +struct sgx_enclave_add_page { + uint64_t addr; + uint64_t src; + uint64_t secinfo; + uint16_t mrmask; +} __packed; + +struct sgx_enclave_init { + uint64_t addr; + uint64_t sigstruct; + uint64_t einittoken; +} __packed; + +#endif /* !_MACHINE_SGX_H_ */ Index: sys/amd64/include/sgxreg.h =================================================================== --- /dev/null +++ sys/amd64/include/sgxreg.h @@ -0,0 +1,155 @@ +/*- + * Copyright (c) 2017 Ruslan Bukin + * All rights reserved. + * + * This software was developed by BAE Systems, the University of Cambridge + * Computer Laboratory, and Memorial University under DARPA/AFRL contract + * FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent Computing + * (TC) research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +/* Machine-defined variables. */ + +#ifndef _MACHINE_SGXREG_H_ +#define _MACHINE_SGXREG_H_ + +/* Error codes. */ +#define SGX_SUCCESS 0 +#define SGX_INVALID_SIG_STRUCT 1 /* EINIT */ +#define SGX_INVALID_ATTRIBUTE 2 /* EINIT, EGETKEY */ +#define SGX_BLSTATE 3 /* EBLOCK */ +#define SGX_INVALID_MEASUREMENT 4 /* EINIT */ +#define SGX_NOTBLOCKABLE 5 /* EBLOCK */ +#define SGX_PG_INVLD 6 /* EBLOCK */ +#define SGX_LOCKFAIL 7 /* EBLOCK, EMODPR, EMODT */ +#define SGX_INVALID_SIGNATURE 8 /* EINIT */ +#define SGX_MAC_COMPARE_FAIL 9 /* ELDB, ELDU */ +#define SGX_PAGE_NOT_BLOCKED 10 /* EWB */ +#define SGX_NOT_TRACKED 11 /* EWB, EACCEPT */ +#define SGX_VA_SLOT_OCCUPIED 12 /* EWB */ +#define SGX_CHILD_PRESENT 13 /* EWB, EREMOVE */ +#define SGX_ENCLAVE_ACT 14 /* EREMOVE */ +#define SGX_ENTRYEPOCH_LOCKED 15 /* EBLOCK */ +#define SGX_INVALID_EINIT_TOKEN 16 /* EINIT */ +#define SGX_PREV_TRK_INCMPL 17 /* ETRACK */ +#define SGX_PG_IS_SECS 18 /* EBLOCK */ +#define SGX_PAGE_ATTRIBUTES_MISMATCH 19 /* EACCEPT, EACCEPTCOPY */ +#define SGX_PAGE_NOT_MODIFIABLE 20 /* EMODPR, EMODT */ +#define SGX_INVALID_CPUSVN 32 /* EINIT, EGETKEY */ +#define SGX_INVALID_ISVSVN 64 /* EGETKEY */ +#define SGX_UNMASKED_EVENT 128 /* EINIT */ +#define SGX_INVALID_KEYNAME 256 /* EGETKEY */ + +/* + * 2.10 Page Information (PAGEINFO) + * PAGEINFO is an architectural data structure that is used as a parameter + * to the EPC-management instructions. It requires 32-Byte alignment. + */ +struct page_info { + uint64_t linaddr; + uint64_t srcpge; + union { + struct secinfo *secinfo; + uint64_t pcmd; + }; + uint64_t secs; +} __aligned(32); + +/* + * 2.11 Security Information (SECINFO) + * The SECINFO data structure holds meta-data about an enclave page. + */ +struct secinfo { + uint64_t flags; +#define SECINFO_FLAGS_PT_S 8 /* Page type shift */ +#define SECINFO_FLAGS_PT_M (0xff << SECINFO_FLAGS_PT_S) + uint64_t reserved[7]; +} __aligned(128); + +/* + * 2.7.1 ATTRIBUTES + * The ATTRIBUTES data structure is comprised of bit-granular fields that + * are used in the SECS, CPUID enumeration, the REPORT and the KEYREQUEST + * structures. + */ +struct secs_attr { + uint8_t reserved1: 1; + uint8_t debug: 1; + uint8_t mode64bit: 1; + uint8_t reserved2: 1; + uint8_t provisionkey: 1; + uint8_t einittokenkey: 1; + uint8_t reserved3: 2; +#define SECS_ATTR_RSV4_SIZE 7 + uint8_t reserved4[SECS_ATTR_RSV4_SIZE]; + uint64_t xfrm; /* X-Feature Request Mask */ +}; + +/* + * 2.7 SGX Enclave Control Structure (SECS) + * The SECS data structure requires 4K-Bytes alignment. + */ +struct secs { + uint64_t size; + uint64_t base; + uint32_t ssa_frame_size; + uint32_t misc_select; +#define SECS_RSV1_SIZE 24 + uint8_t reserved1[SECS_RSV1_SIZE]; + struct secs_attr attributes; + uint8_t mr_enclave[32]; +#define SECS_RSV2_SIZE 32 + uint8_t reserved2[SECS_RSV2_SIZE]; + uint8_t mr_signer[32]; +#define SECS_RSV3_SIZE 96 + uint8_t reserved3[SECS_RSV3_SIZE]; + uint16_t isv_prod_id; + uint16_t isv_svn; +#define SECS_RSV4_SIZE 3836 + uint8_t reserved4[SECS_RSV4_SIZE]; +}; + +/* + * 2.8 Thread Control Structure (TCS) + * Each executing thread in the enclave is associated with a + * Thread Control Structure. It requires 4K-Bytes alignment. + */ +struct tcs { + uint64_t reserved1; + uint64_t flags; + uint64_t ossa; + uint32_t cssa; + uint32_t nssa; + uint64_t oentry; + uint64_t reserved2; + uint64_t ofsbasgx; + uint64_t ogsbasgx; + uint32_t fslimit; + uint32_t gslimit; + uint64_t reserved3[503]; +}; + +#endif /* !_MACHINE_SGXREG_H_ */ Index: sys/amd64/sgx/sgx.c =================================================================== --- /dev/null +++ sys/amd64/sgx/sgx.c @@ -0,0 +1,1057 @@ +/*- + * Copyright (c) 2017 Ruslan Bukin + * All rights reserved. + * + * This software was developed by BAE Systems, the University of Cambridge + * Computer Laboratory, and Memorial University under DARPA/AFRL contract + * FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent Computing + * (TC) research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include + +#define DEBUG +#undef DEBUG + +#ifdef DEBUG +#define dprintf(fmt, ...) printf(fmt, ##__VA_ARGS__) +#else +#define dprintf(fmt, ...) +#endif + +struct sgx_softc sgx_sc; + +#ifdef DEBUG +static int +sgx_count_epc_pages(struct sgx_softc *sc) +{ + struct epc_page *epc; + int cnt; + int i; + + cnt = 0; + + for (i = 0; i < sc->npages; i++) { + epc = &sc->epc_pages[i]; + if (epc->used == 0) + cnt++; + } + + return (cnt); +} +#endif + +static int +sgx_get_epc_page(struct sgx_softc *sc, struct epc_page **epc0) +{ + struct epc_page *epc; + int i; + + mtx_lock(&sc->mtx_epc); + + for (i = 0; i < sc->npages; i++) { + epc = &sc->epc_pages[i]; + if (epc->used == 0) { + epc->used = 1; + mtx_unlock(&sc->mtx_epc); + *epc0 = epc; + return (0); + } + } + + mtx_unlock(&sc->mtx_epc); + + return (ENOMEM); +} + +static void +sgx_put_epc_page(struct sgx_softc *sc, struct epc_page *epc) +{ + + if (epc == NULL) + return; + + KASSERT(epc->used == 1, ("Freeing unused page.")); + epc->used = 0; +} + +static int +sgx_va_slot_init(struct sgx_softc *sc, + struct sgx_enclave *enclave, + uint64_t addr) +{ + struct epc_page *epc; + vm_pindex_t pidx; + vm_page_t page; + vm_page_t p; + uint64_t va_page_idx; + uint64_t idx; + vm_object_t obj; + int va_slot; + int ret; + + obj = enclave->obj; + + VM_OBJECT_ASSERT_WLOCKED(obj); + + pidx = OFF_TO_IDX(addr); + + va_slot = pidx % SGX_VA_PAGE_SLOTS; + va_page_idx = pidx / SGX_VA_PAGE_SLOTS; + idx = - SGX_VA_PAGES_OFFS - va_page_idx; + + p = vm_page_lookup(obj, idx); + if (p == NULL) { + ret = sgx_get_epc_page(sc, &epc); + if (ret) { + dprintf("%s: No free EPC pages available.\n", + __func__); + return (ret); + } + + mtx_lock(&sc->mtx); + sgx_epa((void *)epc->base); + mtx_unlock(&sc->mtx); + + page = PHYS_TO_VM_PAGE(epc->phys); + + vm_page_insert(page, obj, idx); + page->valid = VM_PAGE_BITS_ALL; + } + + return (0); +} + +static int +sgx_mem_find(struct sgx_softc *sc, uint64_t addr, + vm_map_entry_t *entry0, vm_object_t *mem0) +{ + vm_map_t map; + vm_map_entry_t entry; + + map = &curproc->p_vmspace->vm_map; + + vm_map_lock_read(map); + if (!vm_map_lookup_entry(map, addr, &entry)) { + vm_map_unlock_read(map); + dprintf("%s: Can't find enclave.\n", __func__); + return (EINVAL); + } + + if (entry->object.vm_object == NULL) { + vm_map_unlock_read(map); + return (EINVAL); + } + + *mem0 = entry->object.vm_object; + *entry0 = entry; + vm_map_unlock_read(map); + + return (0); +} + +static int +sgx_enclave_find(struct sgx_softc *sc, uint64_t addr, + struct sgx_enclave **encl) +{ + struct sgx_vm_handle *vmh; + struct sgx_enclave *enclave; + vm_map_entry_t entry; + vm_object_t mem; + int ret; + + ret = sgx_mem_find(sc, addr, &entry, &mem); + if (ret) + return (ret); + vm_object_reference(entry->object.vm_object); + + KASSERT(mem != NULL, ("mem is NULL\n")); + KASSERT(mem->handle != NULL, ("mem->handle is NULL\n")); + + vmh = mem->handle; + + enclave = vmh->enclave; + enclave->obj = mem; + + *encl = enclave; + + return (0); +} + +static int +sgx_enclave_alloc(struct sgx_softc *sc, struct secs *secs, + struct sgx_enclave **enclave0) +{ + struct sgx_enclave *enclave; + + enclave = malloc(sizeof(struct sgx_enclave), + M_SGX, M_WAITOK | M_ZERO); + + enclave->base = secs->base; + enclave->size = secs->size; + + *enclave0 = enclave; + + return (0); +} + +static void +sgx_epc_page_remove(struct sgx_softc *sc, + struct epc_page *epc) +{ + + mtx_lock(&sc->mtx); + sgx_eremove((void *)epc->base); + mtx_unlock(&sc->mtx); + sgx_put_epc_page(sc, epc); +} + +static void +sgx_page_remove(struct sgx_softc *sc, vm_page_t p) +{ + struct epc_page *epc; + vm_paddr_t pa; + uint64_t offs; + + pa = VM_PAGE_TO_PHYS(p); + epc = &sc->epc_pages[0]; + offs = (pa - epc->phys) / PAGE_SIZE; + epc = &sc->epc_pages[offs]; + + sgx_epc_page_remove(sc, epc); +} + +static void +sgx_enclave_remove(struct sgx_softc *sc, + struct sgx_enclave *enclave) +{ + vm_object_t object; + vm_page_t p, p0; + + mtx_lock(&sc->mtx); + TAILQ_REMOVE(&sc->enclaves, enclave, next); + mtx_unlock(&sc->mtx); + + object = enclave->obj; + + VM_OBJECT_WLOCK(enclave->obj); + + /* + * First remove all the pages except SECS, + * then remove SECS page. + */ + p0 = vm_page_lookup(enclave->obj, 0); + p = TAILQ_NEXT(p0, listq); + + while (p) { + sgx_page_remove(sc, p); + p = TAILQ_NEXT(p, listq); + } + + /* Now remove SECS page */ + sgx_page_remove(sc, p0); + + /* Clean up vm object */ + vm_radix_reclaim_allnodes(&object->rtree); + TAILQ_INIT(&object->memq); + object->resident_page_count = 0; + if (object->type == OBJT_VNODE) + vdrop(object->handle); + + VM_OBJECT_WUNLOCK(enclave->obj); +} + +static void +sgx_measure_page(struct sgx_softc *sc, struct epc_page *secs, + struct epc_page *epc, uint16_t mrmask) +{ + int i, j; + + mtx_lock(&sc->mtx); + + for (i = 0, j = 1; i < PAGE_SIZE; i += 0x100, j <<= 1) { + if (!(j & mrmask)) + continue; + + sgx_eextend((void *)secs->base, + (void *)(epc->base + i)); + } + + mtx_unlock(&sc->mtx); +} + +static int +sgx_secs_validate(struct sgx_softc *sc, struct secs *secs) +{ + struct secs_attr *attr; + int i; + + if (secs->size == 0) + return (EINVAL); + + if ((secs->size & (secs->size - 1)) != 0) + return (EINVAL); + + attr = &secs->attributes; + + if (attr->reserved1 != 0 || + attr->reserved2 != 0 || + attr->reserved3 != 0) + return (EINVAL); + + for (i = 0; i < SECS_ATTR_RSV4_SIZE; i++) + if (attr->reserved4[i]) + return (EINVAL); + + /* + * IntelĀ® Software Guard Extensions Programming Reference + * 6.7.2 Relevant Fields in Various Data Structures + * 6.7.2.1 SECS.ATTRIBUTES.XFRM + * XFRM[1:0] must be set to 0x3. + */ + if ((attr->xfrm & 0x3) != 0x3) + return (EINVAL); + + if (!attr->mode64bit) + return (EINVAL); + + if (secs->size > sc->enclave_size_max) + return (EINVAL); + + for (i = 0; i < SECS_RSV1_SIZE; i++) + if (secs->reserved1[i]) + return (EINVAL); + + for (i = 0; i < SECS_RSV2_SIZE; i++) + if (secs->reserved2[i]) + return (EINVAL); + + for (i = 0; i < SECS_RSV3_SIZE; i++) + if (secs->reserved3[i]) + return (EINVAL); + + for (i = 0; i < SECS_RSV4_SIZE; i++) + if (secs->reserved4[i]) + return (EINVAL); + + return (0); +} + +static int +sgx_tcs_validate(struct tcs *tcs) +{ + int i; + + if ((tcs->flags) || + (tcs->ossa & (PAGE_SIZE - 1)) || + (tcs->ofsbasgx & (PAGE_SIZE - 1)) || + (tcs->ogsbasgx & (PAGE_SIZE - 1)) || + ((tcs->fslimit & 0xfff) != 0xfff) || + ((tcs->gslimit & 0xfff) != 0xfff)) + return (EINVAL); + + for (i = 0; i < nitems(tcs->reserved3); i++) + if (tcs->reserved3[i]) + return (EINVAL); + + return (0); +} + +static void +sgx_tcs_dump(struct sgx_softc *sc, struct tcs *t) +{ + + dprintf("t->flags %lx\n", t->flags); + dprintf("t->ossa %lx\n", t->ossa); + dprintf("t->cssa %x\n", t->cssa); + dprintf("t->nssa %x\n", t->nssa); + dprintf("t->oentry %lx\n", t->oentry); + dprintf("t->ofsbasgx %lx\n", t->ofsbasgx); + dprintf("t->ogsbasgx %lx\n", t->ogsbasgx); + dprintf("t->fslimit %x\n", t->fslimit); + dprintf("t->gslimit %x\n", t->gslimit); +} + +static int +sgx_pg_ctor(void *handle, vm_ooffset_t size, vm_prot_t prot, + vm_ooffset_t foff, struct ucred *cred, u_short *color) +{ + struct sgx_vm_handle *vmh; + + vmh = handle; + if (vmh == NULL) { + dprintf("%s: vmh not found.\n", __func__); + return (0); + } + + dprintf("%s: vmh->base %lx foff 0x%lx size 0x%lx\n", + __func__, vmh->base, foff, size); + + return (0); +} + +static void +sgx_pg_dtor(void *handle) +{ + struct sgx_vm_handle *vmh; + struct sgx_softc *sc; + + vmh = handle; + if (vmh == NULL) { + dprintf("%s: vmh not found.\n", __func__); + return; + } + + sc = vmh->sc; + if (sc == NULL) { + dprintf("%s: sc is NULL\n", __func__); + return; + } + + if (vmh->enclave == NULL) { + dprintf("%s: Enclave not found.\n", __func__); + return; + } + + sgx_enclave_remove(sc, vmh->enclave); + + free(vmh->enclave, M_SGX); + free(vmh, M_SGX); + + dprintf("%s: Free epc pages: %d\n", + __func__, sgx_count_epc_pages(sc)); +} + +static int +sgx_pg_fault(vm_object_t object, vm_ooffset_t offset, + int prot, vm_page_t *mres) +{ + + printf("%s: offset 0x%lx\n", __func__, offset); + + return (VM_PAGER_FAIL); +} + +static struct cdev_pager_ops sgx_pg_ops = { + .cdev_pg_ctor = sgx_pg_ctor, + .cdev_pg_dtor = sgx_pg_dtor, + .cdev_pg_fault = sgx_pg_fault, +}; + +static void +sgx_insert_epc_page(struct sgx_enclave *enclave, + struct epc_page *epc, uint64_t addr) +{ + vm_pindex_t pidx; + vm_page_t page; + + VM_OBJECT_ASSERT_WLOCKED(enclave->obj); + + pidx = OFF_TO_IDX(addr); + page = PHYS_TO_VM_PAGE(epc->phys); + vm_page_insert(page, enclave->obj, pidx); + page->valid = VM_PAGE_BITS_ALL; +} + +static int +sgx_ioctl_create(struct sgx_softc *sc, struct sgx_enclave_create *param) +{ + struct sgx_vm_handle *vmh; + vm_map_entry_t entry; + vm_object_t mem; + vm_page_t p; + struct page_info pginfo; + struct secinfo secinfo; + struct sgx_enclave *enclave; + struct epc_page *epc; + struct secs *secs; + vm_object_t obj; + int ret; + + epc = NULL; + secs = NULL; + enclave = NULL; + obj = NULL; + + /* SGX Enclave Control Structure (SECS) */ + secs = malloc(PAGE_SIZE, M_SGX, M_WAITOK | M_ZERO); + ret = copyin((void *)param->src, secs, sizeof(struct secs)); + if (ret) { + dprintf("%s: Can't copy SECS.\n", __func__); + goto error; + } + + ret = sgx_secs_validate(sc, secs); + if (ret) { + dprintf("%s: SECS validation failed.\n", __func__); + goto error; + } + + ret = sgx_mem_find(sc, secs->base, &entry, &mem); + if (ret) { + dprintf("%s: Can't find vm_map.\n", __func__); + goto error; + } + vm_object_reference(entry->object.vm_object); + obj = entry->object.vm_object; + + vmh = mem->handle; + if (!vmh) { + dprintf("%s: Can't find vmh.\n", __func__); + ret = ENXIO; + goto error; + } + + dprintf("%s: entry start %lx offset %lx\n", + __func__, entry->start, entry->offset); + vmh->base = (entry->start - entry->offset); + + ret = sgx_enclave_alloc(sc, secs, &enclave); + if (ret) { + dprintf("%s: Can't alloc enclave.\n", __func__); + goto error; + } + enclave->obj = obj; + enclave->vmh = vmh; + + memset(&secinfo, 0, sizeof(struct secinfo)); + memset(&pginfo, 0, sizeof(struct page_info)); + pginfo.linaddr = 0; + pginfo.srcpge = (uint64_t)secs; + pginfo.secinfo = &secinfo; + pginfo.secs = 0; + + ret = sgx_get_epc_page(sc, &epc); + if (ret) { + dprintf("%s: Failed to get free epc page.\n", __func__); + goto error; + } + enclave->secs_epc_page = epc; + + VM_OBJECT_WLOCK(obj); + p = vm_page_lookup(obj, 0); + if (p) { + VM_OBJECT_WUNLOCK(obj); + /* SECS page already added. */ + ret = ENXIO; + goto error; + } + + ret = sgx_va_slot_init(sc, enclave, 0); + if (ret) { + VM_OBJECT_WUNLOCK(obj); + dprintf("%s: Can't init va slot.\n", __func__); + goto error; + } + + mtx_lock(&sc->mtx); + if ((sc->state & SGX_STATE_RUNNING) == 0) { + mtx_unlock(&sc->mtx); + /* Remove VA page that was just created for SECS page. */ + p = vm_page_lookup(enclave->obj, -SGX_VA_PAGES_OFFS); + sgx_page_remove(sc, p); + VM_OBJECT_WUNLOCK(obj); + + sgx_epc_page_remove(sc, epc); + goto error; + } + sgx_ecreate(&pginfo, (void *)epc->base); + TAILQ_INSERT_TAIL(&sc->enclaves, enclave, next); + mtx_unlock(&sc->mtx); + + free(secs, M_SGX); + vmh->enclave = enclave; + sgx_insert_epc_page(enclave, epc, 0); + VM_OBJECT_WUNLOCK(obj); + + /* Release the reference. */ + vm_object_deallocate(obj); + + return (0); + +error: + free(secs, M_SGX); + sgx_put_epc_page(sc, epc); + free(enclave, M_SGX); + vm_object_deallocate(obj); + + return (ret); +} + +static int +sgx_ioctl_add_page(struct sgx_softc *sc, + struct sgx_enclave_add_page *addp) +{ + struct epc_page *secs_epc_page; + struct sgx_enclave *enclave; + struct sgx_vm_handle *vmh; + struct epc_page *epc; + struct page_info pginfo; + struct secinfo secinfo; + vm_object_t obj; + void *tmp_vaddr; + uint64_t page_type; + struct tcs *t; + uint64_t addr; + uint64_t pidx; + vm_page_t p; + int ret; + + tmp_vaddr = NULL; + epc = NULL; + obj = NULL; + + /* Find and get reference to VM object. */ + ret = sgx_enclave_find(sc, addp->addr, &enclave); + if (ret) { + dprintf("%s: Failed to find enclave.\n", __func__); + goto error; + } + + obj = enclave->obj; + KASSERT(obj != NULL, ("vm object is NULL\n")); + vmh = obj->handle; + + ret = sgx_get_epc_page(sc, &epc); + if (ret) { + dprintf("%s: Failed to get free epc page.\n", __func__); + goto error; + } + + memset(&secinfo, 0, sizeof(struct secinfo)); + ret = copyin((void *)addp->secinfo, &secinfo, + sizeof(struct secinfo)); + if (ret) { + dprintf("%s: Failed to copy secinfo.\n", __func__); + goto error; + } + + tmp_vaddr = malloc(PAGE_SIZE, M_SGX, M_WAITOK | M_ZERO); + ret = copyin((void *)addp->src, tmp_vaddr, PAGE_SIZE); + if (ret) { + dprintf("%s: Failed to copy page.\n", __func__); + goto error; + } + + page_type = (secinfo.flags & SECINFO_FLAGS_PT_M) >> + SECINFO_FLAGS_PT_S; + if (page_type == SGX_PT_TCS) { + t = (struct tcs *)tmp_vaddr; + ret = sgx_tcs_validate(t); + if (ret) { + dprintf("%s: TCS page validation failed.\n", + __func__); + goto error; + } + sgx_tcs_dump(sc, t); + } + + addr = (addp->addr - vmh->base); + pidx = OFF_TO_IDX(addr); + + VM_OBJECT_WLOCK(obj); + p = vm_page_lookup(obj, pidx); + if (p) { + VM_OBJECT_WUNLOCK(obj); + /* Page already added. */ + ret = ENXIO; + goto error; + } + + ret = sgx_va_slot_init(sc, enclave, addr); + if (ret) { + VM_OBJECT_WUNLOCK(obj); + dprintf("%s: Can't init va slot.\n", __func__); + goto error; + } + + secs_epc_page = enclave->secs_epc_page; + memset(&pginfo, 0, sizeof(struct page_info)); + pginfo.linaddr = (uint64_t)addp->addr; + pginfo.srcpge = (uint64_t)tmp_vaddr; + pginfo.secinfo = &secinfo; + pginfo.secs = (uint64_t)secs_epc_page->base; + + mtx_lock(&sc->mtx); + sgx_eadd(&pginfo, (void *)epc->base); + mtx_unlock(&sc->mtx); + + free(tmp_vaddr, M_SGX); + + sgx_measure_page(sc, enclave->secs_epc_page, epc, addp->mrmask); + + sgx_insert_epc_page(enclave, epc, addr); + + VM_OBJECT_WUNLOCK(obj); + + /* Release the reference. */ + vm_object_deallocate(obj); + + return (0); + +error: + free(tmp_vaddr, M_SGX); + sgx_put_epc_page(sc, epc); + vm_object_deallocate(obj); + + return (ret); +} + +static int +sgx_ioctl_init(struct sgx_softc *sc, struct sgx_enclave_init *initp) +{ + struct epc_page *secs_epc_page; + struct sgx_enclave *enclave; + struct thread *td; + void *tmp_vaddr; + void *einittoken; + void *sigstruct; + vm_object_t obj; + int retry; + int ret; + + td = curthread; + tmp_vaddr = NULL; + obj = NULL; + + dprintf("%s: addr %lx, sigstruct %lx, einittoken %lx\n", + __func__, initp->addr, initp->sigstruct, initp->einittoken); + + /* Find and get reference to VM object. */ + ret = sgx_enclave_find(sc, initp->addr, &enclave); + if (ret) { + dprintf("%s: Failed to find enclave.\n", __func__); + goto error; + } + + obj = enclave->obj; + + tmp_vaddr = malloc(PAGE_SIZE, M_SGX, M_WAITOK | M_ZERO); + sigstruct = tmp_vaddr; + einittoken = (void *)((uint64_t)sigstruct + PAGE_SIZE / 2); + + ret = copyin((void *)initp->sigstruct, sigstruct, + SGX_SIGSTRUCT_SIZE); + if (ret) { + dprintf("%s: Failed to copy SIGSTRUCT page.\n", __func__); + goto error; + } + + ret = copyin((void *)initp->einittoken, einittoken, + SGX_EINITTOKEN_SIZE); + if (ret) { + dprintf("%s: Failed to copy EINITTOKEN page.\n", __func__); + goto error; + } + + secs_epc_page = enclave->secs_epc_page; + retry = 16; + do { + mtx_lock(&sc->mtx); + ret = sgx_einit(sigstruct, (void *)secs_epc_page->base, + einittoken); + mtx_unlock(&sc->mtx); + dprintf("%s: sgx_einit returned %d\n", __func__, ret); + } while (ret == SGX_UNMASKED_EVENT && retry--); + + if (ret) { + dprintf("%s: Failed init enclave: %d\n", __func__, ret); + td->td_retval[0] = ret; + ret = 0; + } + +error: + free(tmp_vaddr, M_SGX); + + /* Release the reference. */ + vm_object_deallocate(obj); + + return (ret); +} + +static int +sgx_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, + struct thread *td) +{ + struct sgx_enclave_add_page *addp; + struct sgx_enclave_create *param; + struct sgx_enclave_init *initp; + struct sgx_softc *sc; + int ret; + int len; + + sc = &sgx_sc; + + len = IOCPARM_LEN(cmd); + + dprintf("%s: cmd %lx, addr %lx, len %d\n", + __func__, cmd, (uint64_t)addr, len); + + if (len > SGX_IOCTL_MAX_DATA_LEN) + return (EINVAL); + + switch (cmd) { + case SGX_IOC_ENCLAVE_CREATE: + param = (struct sgx_enclave_create *)addr; + ret = sgx_ioctl_create(sc, param); + break; + case SGX_IOC_ENCLAVE_ADD_PAGE: + addp = (struct sgx_enclave_add_page *)addr; + ret = sgx_ioctl_add_page(sc, addp); + break; + case SGX_IOC_ENCLAVE_INIT: + initp = (struct sgx_enclave_init *)addr; + ret = sgx_ioctl_init(sc, initp); + break; + default: + return (EINVAL); + } + + return (ret); +} + +static int +sgx_mmap_single(struct cdev *cdev, vm_ooffset_t *offset, + vm_size_t mapsize, struct vm_object **objp, int nprot) +{ + struct sgx_vm_handle *vmh; + struct sgx_softc *sc; + vm_object_t obj; + + sc = &sgx_sc; + + dprintf("%s: mapsize 0x%lx, offset %lx\n", + __func__, mapsize, *offset); + + vmh = malloc(sizeof(struct sgx_vm_handle), + M_SGX, M_WAITOK | M_ZERO); + vmh->sc = sc; + vmh->size = mapsize; + vmh->mem = cdev_pager_allocate(vmh, OBJT_MGTDEVICE, &sgx_pg_ops, + mapsize, nprot, *offset, NULL); + if (vmh->mem == NULL) { + free(vmh, M_SGX); + return (ENOMEM); + } + + obj = vmh->mem; + obj->flags |= OBJ_PG_DTOR; + *objp = obj; + + return (0); +} + +static struct cdevsw sgx_cdevsw = { + .d_version = D_VERSION, + .d_ioctl = sgx_ioctl, + .d_mmap_single = sgx_mmap_single, + .d_name = "Intel SGX", +}; + +static int +sgx_get_epc_area(struct sgx_softc *sc) +{ + vm_offset_t epc_base_vaddr; + u_int cp[4]; + int error; + int i; + + cpuid_count(SGX_CPUID, 0x2, cp); + + sc->epc_base = ((uint64_t)(cp[1] & 0xfffff) << 32) + + (cp[0] & 0xfffff000); + sc->epc_size = ((uint64_t)(cp[3] & 0xfffff) << 32) + + (cp[2] & 0xfffff000); + sc->npages = sc->epc_size / SGX_PAGE_SIZE; + + if (cp[3] & 0xffff) { + sc->enclave_size_max = (1 << ((cp[3] >> 8) & 0xff)); + } else { + sc->enclave_size_max = SGX_ENCL_SIZE_MAX_DEF; + } + + epc_base_vaddr = (vm_offset_t)pmap_mapdev_attr(sc->epc_base, + sc->epc_size, VM_MEMATTR_DEFAULT); + + sc->epc_pages = malloc(sizeof(struct epc_page) * sc->npages, + M_DEVBUF, M_NOWAIT | M_ZERO); + if (sc->epc_pages == NULL) { + dprintf("%s: Can't alloc memory.\n", __func__); + return (ENOMEM); + } + + for (i = 0; i < sc->npages; i++) { + sc->epc_pages[i].base = epc_base_vaddr + SGX_PAGE_SIZE * i; + sc->epc_pages[i].phys = sc->epc_base + SGX_PAGE_SIZE * i; + sc->epc_pages[i].used = 0; + } + + error = vm_phys_fictitious_reg_range(sc->epc_base, + sc->epc_base + sc->epc_size, VM_MEMATTR_DEFAULT); + if (error) { + printf("%s: Can't register fictitious space.\n", __func__); + free(sc->epc_pages, M_SGX); + return (EINVAL); + } + + return (0); +} + +static void +sgx_put_epc_area(struct sgx_softc *sc) +{ + + vm_phys_fictitious_unreg_range(sc->epc_base, + sc->epc_base + sc->epc_size); + + free(sc->epc_pages, M_SGX); +} + +static int +sgx_load(void) +{ + struct sgx_softc *sc; + int error; + + sc = &sgx_sc; + + if ((cpu_stdext_feature & CPUID_STDEXT_SGX) == 0) + return (ENXIO); + + mtx_init(&sc->mtx, "SGX", NULL, MTX_DEF); + mtx_init(&sc->mtx_epc, "SGX EPC area", NULL, MTX_DEF); + + error = sgx_get_epc_area(sc); + if (error) { + printf("%s: Failed to get Processor Reserved Memory area.\n", + __func__); + return (ENXIO); + } + + TAILQ_INIT(&sc->enclaves); + + sc->sgx_cdev = make_dev(&sgx_cdevsw, 0, UID_ROOT, GID_WHEEL, + 0600, "isgx"); + if (sc->sgx_cdev == NULL) { + printf("%s: Failed to create character device.\n", + __func__); + sgx_put_epc_area(sc); + return (ENXIO); + } + sc->state |= SGX_STATE_RUNNING; + + printf("SGX initialized: EPC base 0x%lx size %ld (%d pages)\n", + sc->epc_base, sc->epc_size, sc->npages); + + return (0); +} + +static int +sgx_unload(void) +{ + struct sgx_softc *sc; + + sc = &sgx_sc; + + mtx_lock(&sc->mtx); + if (!TAILQ_EMPTY(&sc->enclaves)) { + mtx_unlock(&sc->mtx); + return (EBUSY); + } + sc->state &= ~SGX_STATE_RUNNING; + mtx_unlock(&sc->mtx); + + destroy_dev(sc->sgx_cdev); + + sgx_put_epc_area(sc); + + mtx_destroy(&sc->mtx); + mtx_destroy(&sc->mtx_epc); + + return (0); +} + +static int +sgx_handler(module_t mod, int what, void *arg) +{ + int error; + + switch (what) { + case MOD_LOAD: + error = sgx_load(); + break; + case MOD_UNLOAD: + error = sgx_unload(); + break; + default: + error = 0; + break; + } + + return (error); +} + +static moduledata_t sgx_kmod = { + "sgx", + sgx_handler, + NULL +}; + +DECLARE_MODULE(sgx, sgx_kmod, SI_SUB_LAST, SI_ORDER_ANY); +MODULE_VERSION(sgx, 1); Index: sys/amd64/sgx/sgx_linux.c =================================================================== --- /dev/null +++ sys/amd64/sgx/sgx_linux.c @@ -0,0 +1,119 @@ +/*- + * Copyright (c) 2017 Ruslan Bukin + * All rights reserved. + * + * This software was developed by BAE Systems, the University of Cambridge + * Computer Laboratory, and Memorial University under DARPA/AFRL contract + * FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent Computing + * (TC) research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include + +#include + +#define SGX_LINUX_IOCTL_MIN (SGX_IOC_ENCLAVE_CREATE & 0xffff) +#define SGX_LINUX_IOCTL_MAX (SGX_IOC_ENCLAVE_INIT & 0xffff) + +static int +sgx_linux_ioctl(struct thread *td, struct linux_ioctl_args *args) +{ + uint8_t data[SGX_IOCTL_MAX_DATA_LEN]; + cap_rights_t rights; + struct file *fp; + u_long cmd; + int error; + int len; + + error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), &fp); + if (error != 0) + return (error); + + cmd = args->cmd; + + args->cmd &= ~(LINUX_IOC_IN | LINUX_IOC_OUT); + if (cmd & LINUX_IOC_IN) + args->cmd |= IOC_IN; + if (cmd & LINUX_IOC_OUT) + args->cmd |= IOC_OUT; + + len = IOCPARM_LEN(cmd); + if (len > SGX_IOCTL_MAX_DATA_LEN) { + printf("%s: Can't copy data: cmd len is too big %d\n", + __func__, len); + return (EINVAL); + } + + if (cmd & LINUX_IOC_IN) { + error = copyin((void *)args->arg, data, len); + if (error) { + printf("%s: Can't copy data, error %d\n", + __func__, error); + return (EINVAL); + } + } + + error = (fo_ioctl(fp, args->cmd, (caddr_t)data, td->td_ucred, td)); + fdrop(fp, td); + + return (error); +} + +static struct linux_ioctl_handler sgx_linux_handler = { + sgx_linux_ioctl, + SGX_LINUX_IOCTL_MIN, + SGX_LINUX_IOCTL_MAX, +}; + +SYSINIT(sgx_linux_register, SI_SUB_KLD, SI_ORDER_MIDDLE, + linux_ioctl_register_handler, &sgx_linux_handler); +SYSUNINIT(sgx_linux_unregister, SI_SUB_KLD, SI_ORDER_MIDDLE, + linux_ioctl_unregister_handler, &sgx_linux_handler); + +static int +sgx_linux_modevent(module_t mod, int type, void *data) +{ + + return (0); +} + +DEV_MODULE(sgx_linux, sgx_linux_modevent, NULL); +MODULE_DEPEND(sgx_linux, linux64, 1, 1, 1); Index: sys/amd64/sgx/sgxvar.h =================================================================== --- /dev/null +++ sys/amd64/sgx/sgxvar.h @@ -0,0 +1,88 @@ +/*- + * Copyright (c) 2017 Ruslan Bukin + * All rights reserved. + * + * This software was developed by BAE Systems, the University of Cambridge + * Computer Laboratory, and Memorial University under DARPA/AFRL contract + * FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent Computing + * (TC) research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _AMD64_SGX_SGXVAR_H_ +#define _AMD64_SGX_SGXVAR_H_ + +#define SGX_CPUID 0x12 +#define SGX_PAGE_SIZE 4096 +#define SGX_VA_PAGE_SLOTS 512 +#define SGX_VA_PAGES_OFFS 512 +#define SGX_SIGSTRUCT_SIZE 1808 +#define SGX_EINITTOKEN_SIZE 304 +#define SGX_IOCTL_MAX_DATA_LEN 26 +#define SGX_ENCL_SIZE_MAX_DEF 0x1000000000ULL + +static MALLOC_DEFINE(M_SGX, "sgx", "SGX driver"); + +struct sgx_vm_handle { + struct sgx_softc *sc; + vm_object_t mem; + uint64_t base; + vm_size_t size; + struct sgx_enclave *enclave; +}; + +/* EPC (Enclave Page Cache) page. */ +struct epc_page { + uint64_t base; + uint64_t phys; + uint8_t used; +}; + +struct sgx_enclave { + uint64_t base; + uint64_t size; + struct sgx_vm_handle *vmh; + struct mtx mtx; + TAILQ_ENTRY(sgx_enclave) next; + vm_object_t obj; + struct epc_page *secs_epc_page; +}; + +struct sgx_softc { + struct cdev *sgx_cdev; + device_t dev; + struct mtx mtx_epc; + struct mtx mtx; + uint64_t epc_base; + uint64_t epc_size; + struct epc_page *epc_pages; + uint32_t npages; + TAILQ_HEAD(, sgx_enclave) enclaves; + uint64_t enclave_size_max; + uint8_t state; +#define SGX_STATE_RUNNING (1 << 0) +}; + +#endif /* !_AMD64_SGX_SGXVAR_H_ */ Index: sys/modules/Makefile =================================================================== --- sys/modules/Makefile +++ sys/modules/Makefile @@ -346,6 +346,8 @@ ${_sf} \ ${_sfxge} \ sge \ + ${_sgx} \ + ${_sgx_linux} \ siba_bwn \ siftr \ siis \ @@ -709,6 +711,8 @@ _qlxgbe= qlxgbe _qlnx= qlnx _sfxge= sfxge +_sgx= sgx +_sgx_linux= sgx_linux .if ${MK_BHYVE} != "no" || defined(ALL_MODULES) _vmm= vmm Index: sys/modules/sgx/Makefile =================================================================== --- /dev/null +++ sys/modules/sgx/Makefile @@ -0,0 +1,8 @@ +# $FreeBSD$ + +.PATH: ${SRCTOP}/sys/amd64/sgx + +KMOD= sgx +SRCS= sgx.c sgxvar.h + +.include Index: sys/modules/sgx_linux/Makefile =================================================================== --- /dev/null +++ sys/modules/sgx_linux/Makefile @@ -0,0 +1,8 @@ +# $FreeBSD$ + +.PATH: ${SRCTOP}/sys/amd64/sgx + +KMOD= sgx_linux +SRCS= sgx_linux.c + +.include Index: sys/vm/vm_object.h =================================================================== --- sys/vm/vm_object.h +++ sys/vm/vm_object.h @@ -171,11 +171,12 @@ #define OBJ_FICTITIOUS 0x0001 /* (c) contains fictitious pages */ #define OBJ_UNMANAGED 0x0002 /* (c) contains unmanaged pages */ #define OBJ_POPULATE 0x0004 /* pager implements populate() */ -#define OBJ_DEAD 0x0008 /* dead objects (during rundown) */ +#define OBJ_DEAD 0x0008 /* dead objects (during rundown) */ #define OBJ_NOSPLIT 0x0010 /* dont split this object */ #define OBJ_UMTXDEAD 0x0020 /* umtx pshared was terminated */ -#define OBJ_PIPWNT 0x0040 /* paging in progress wanted */ -#define OBJ_MIGHTBEDIRTY 0x0100 /* object might be dirty, only for vnode */ +#define OBJ_PIPWNT 0x0040 /* paging in progress wanted */ +#define OBJ_PG_DTOR 0x0080 /* dont reset object, leave that for dtor */ +#define OBJ_MIGHTBEDIRTY 0x0100 /* object might be dirty, only for vnode */ #define OBJ_TMPFS_NODE 0x0200 /* object belongs to tmpfs VREG node */ #define OBJ_TMPFS_DIRTY 0x0400 /* dirty tmpfs obj */ #define OBJ_COLORED 0x1000 /* pg_color is defined */ Index: sys/vm/vm_object.c =================================================================== --- sys/vm/vm_object.c +++ sys/vm/vm_object.c @@ -774,7 +774,8 @@ * None of the object's fields, including "resident_page_count", were * modified by the preceding loop. */ - if (object->resident_page_count != 0) { + if (object->resident_page_count != 0 && + (object->flags & OBJ_PG_DTOR) == 0) { vm_radix_reclaim_allnodes(&object->rtree); TAILQ_INIT(&object->memq); object->resident_page_count = 0; Index: sys/vm/vm_page.c =================================================================== --- sys/vm/vm_page.c +++ sys/vm/vm_page.c @@ -1210,7 +1210,7 @@ VM_OBJECT_ASSERT_WLOCKED(object); KASSERT(m->object == NULL, - ("vm_page_insert_after: page already inserted")); + ("vm_page_insert_after: page already inserted, idx %ld", pindex)); if (mpred != NULL) { KASSERT(mpred->object == object, ("vm_page_insert_after: object doesn't contain mpred"));