Remove from sgx_validate_secs():
if (secs->miscselect & sgx_misc_reserved_mask ||
secs->attributes & sgx_attributes_reserved_mask ||
secs->xfrm & sgx_xfrm_reserved_mask)
return -EINVAL;
SECS can surpass the platform limits because it's the SIGSTRUCT that
defines the limits that are used at run-time.
What SECS does is that it defines the overall limits that must apply for
any platform, i.e. SECS limits and platform limits are orthogonal. They are
not dependent.
Rename sgx_*_reserved_mask as sgx_cpu_* in order to bring some clarity
and separate them from SIGSTRUCT limits.
Cc: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Cc: Jethro Beekman <jethro@xxxxxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Suggested-by: Haitao Huang <haitao.huang@xxxxxxxxxxxxxxx>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
---
v2: Rename sgx_*_reserved_mask as sgx_cpu_*.
arch/x86/kernel/cpu/sgx/driver.c | 12 ++++++------
arch/x86/kernel/cpu/sgx/driver.h | 6 +++---
arch/x86/kernel/cpu/sgx/ioctl.c | 11 +++--------
3 files changed, 12 insertions(+), 17 deletions(-)
diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/driver.c
index e8b6da3d8f58..181c4b5c402c 100644
--- a/arch/x86/kernel/cpu/sgx/driver.c
+++ b/arch/x86/kernel/cpu/sgx/driver.c
@@ -12,9 +12,9 @@
u64 sgx_encl_size_max_32;
u64 sgx_encl_size_max_64;
-u32 sgx_misc_reserved_mask;
-u64 sgx_attributes_reserved_mask;
-u64 sgx_xfrm_reserved_mask = ~0x3;
+u32 sgx_cpu_misc;
+u64 sgx_cpu_attributes;
+u64 sgx_cpu_xfrm = ~0x3;
u32 sgx_xsave_size_tbl[64];
static int sgx_open(struct inode *inode, struct file *file)
@@ -166,14 +166,14 @@ int __init sgx_drv_init(void)
}
cpuid_count(SGX_CPUID, 0, &eax, &ebx, &ecx, &edx);
- sgx_misc_reserved_mask = ~ebx | SGX_MISC_RESERVED_MASK;
+ sgx_cpu_misc = ~ebx | SGX_MISC_RESERVED_MASK;
sgx_encl_size_max_64 = 1ULL << ((edx >> 8) & 0xFF);
sgx_encl_size_max_32 = 1ULL << (edx & 0xFF);
cpuid_count(SGX_CPUID, 1, &eax, &ebx, &ecx, &edx);
attr_mask = (((u64)ebx) << 32) + (u64)eax;
- sgx_attributes_reserved_mask = ~attr_mask | SGX_ATTR_RESERVED_MASK;
+ sgx_cpu_attributes = ~attr_mask | SGX_ATTR_RESERVED_MASK;
if (boot_cpu_has(X86_FEATURE_OSXSAVE)) {
xfrm_mask = (((u64)edx) << 32) + (u64)ecx;
@@ -184,7 +184,7 @@ int __init sgx_drv_init(void)
sgx_xsave_size_tbl[i] = eax + ebx;
}
- sgx_xfrm_reserved_mask = ~xfrm_mask;
+ sgx_cpu_xfrm = ~xfrm_mask;
}
ret = misc_register(&sgx_dev_enclave);
diff --git a/arch/x86/kernel/cpu/sgx/driver.h b/arch/x86/kernel/cpu/sgx/driver.h
index fd81b8818600..204866065c2f 100644
--- a/arch/x86/kernel/cpu/sgx/driver.h
+++ b/arch/x86/kernel/cpu/sgx/driver.h
@@ -18,9 +18,9 @@
extern u64 sgx_encl_size_max_32;
extern u64 sgx_encl_size_max_64;
-extern u32 sgx_misc_reserved_mask;
-extern u64 sgx_attributes_reserved_mask;
-extern u64 sgx_xfrm_reserved_mask;
+extern u32 sgx_cpu_misc;
+extern u64 sgx_cpu_attributes;
+extern u64 sgx_cpu_xfrm;
extern u32 sgx_xsave_size_tbl[64];
extern const struct file_operations sgx_provision_fops;
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index 6b3cc8483008..373ffde3f8c5 100644
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -86,11 +86,6 @@ static int sgx_validate_secs(const struct sgx_secs *secs)
if (secs->base & (secs->size - 1))
return -EINVAL;
- if (secs->miscselect & sgx_misc_reserved_mask ||
- secs->attributes & sgx_attributes_reserved_mask ||
- secs->xfrm & sgx_xfrm_reserved_mask)
- return -EINVAL;
-
if (secs->size > max_size)
return -EINVAL;
@@ -611,15 +606,15 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct,
* bit on.
*/
if (sigstruct->body.attributes & sigstruct->body.attributes_mask &
- sgx_attributes_reserved_mask)
+ sgx_cpu_attributes)
return -EINVAL;
if (sigstruct->body.miscselect & sigstruct->body.misc_mask &
- sgx_misc_reserved_mask)
+ sgx_cpu_misc)
return -EINVAL;
if (sigstruct->body.xfrm & sigstruct->body.xfrm_mask &
- sgx_xfrm_reserved_mask)
+ sgx_cpu_xfrm)
return -EINVAL;
ret = sgx_get_key_hash(sigstruct->modulus, mrsigner);
--
2.25.1
