Implements a simple framework for hosting in-kernel LE by using the user space helper framework. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> --- drivers/platform/x86/intel_sgx/Kconfig | 2 + drivers/platform/x86/intel_sgx/Makefile | 1 + drivers/platform/x86/intel_sgx/sgx.h | 17 ++ drivers/platform/x86/intel_sgx/sgx_ioctl.c | 13 +- drivers/platform/x86/intel_sgx/sgx_le.c | 313 +++++++++++++++++++++++++++++ drivers/platform/x86/intel_sgx/sgx_main.c | 43 +++- drivers/platform/x86/intel_sgx/sgx_util.c | 25 +++ 7 files changed, 408 insertions(+), 6 deletions(-) create mode 100644 drivers/platform/x86/intel_sgx/sgx_le.c diff --git a/drivers/platform/x86/intel_sgx/Kconfig b/drivers/platform/x86/intel_sgx/Kconfig index 9c445e9f89fa..1a80ca0ddca3 100644 --- a/drivers/platform/x86/intel_sgx/Kconfig +++ b/drivers/platform/x86/intel_sgx/Kconfig @@ -9,6 +9,8 @@ config INTEL_SGX default n depends on X86_64 && CPU_SUP_INTEL select MMU_NOTIFIER + select CRYPTO + select CRYPTO_SHA256 ---help--- Intel(R) SGX is a set of CPU instructions that can be used by applications to set aside private regions of code and data. The code diff --git a/drivers/platform/x86/intel_sgx/Makefile b/drivers/platform/x86/intel_sgx/Makefile index 39c0a5ad242c..34abcdd8eb72 100644 --- a/drivers/platform/x86/intel_sgx/Makefile +++ b/drivers/platform/x86/intel_sgx/Makefile @@ -11,6 +11,7 @@ intel_sgx-$(CONFIG_INTEL_SGX) += \ sgx_page_cache.o \ sgx_util.o \ sgx_vma.o \ + sgx_le.o \ sgx_le_proxy_piggy.o $(eval $(call config_filename,INTEL_SGX_SIGNING_KEY)) diff --git a/drivers/platform/x86/intel_sgx/sgx.h b/drivers/platform/x86/intel_sgx/sgx.h index 24140a32cbbc..9d3abbe96806 100644 --- a/drivers/platform/x86/intel_sgx/sgx.h +++ b/drivers/platform/x86/intel_sgx/sgx.h @@ -68,6 +68,7 @@ #include <linux/workqueue.h> #include <linux/mmu_notifier.h> #include <linux/radix-tree.h> +#include <crypto/hash.h> #include <asm/sgx.h> #define SGX_EINIT_SPIN_COUNT 20 @@ -177,6 +178,7 @@ extern u64 sgx_xfrm_mask; extern u32 sgx_misc_reserved; extern u32 sgx_xsave_size_tbl[64]; +extern const struct file_operations sgx_fops; extern const struct vm_operations_struct sgx_vm_ops; #define sgx_pr_ratelimited(level, encl, fmt, ...) \ @@ -235,6 +237,9 @@ struct sgx_encl_page *sgx_fault_page(struct vm_area_struct *vma, unsigned int flags); +int sgx_get_key_hash(struct crypto_shash *tfm, const void *modulus, void *hash); +int sgx_get_key_hash_simple(const void *modulus, void *hash); + extern struct mutex sgx_tgid_ctx_mutex; extern struct list_head sgx_tgid_ctx_list; extern atomic_t sgx_va_pages_cnt; @@ -249,4 +254,16 @@ void sgx_put_page(void *epc_page_vaddr); void sgx_eblock(struct sgx_encl *encl, struct sgx_epc_page *epc_page); void sgx_etrack(struct sgx_encl *encl); +extern struct sgx_le_ctx sgx_le_ctx; + +int sgx_le_init(struct sgx_le_ctx *ctx); +void sgx_le_exit(struct sgx_le_ctx *ctx); +void sgx_le_stop(struct sgx_le_ctx *ctx); +int sgx_le_start(struct sgx_le_ctx *ctx); + +int sgx_le_get_token(struct sgx_le_ctx *ctx, + const struct sgx_encl *encl, + const struct sgx_sigstruct *sigstruct, + struct sgx_einittoken *token); + #endif /* __ARCH_X86_INTEL_SGX_H__ */ diff --git a/drivers/platform/x86/intel_sgx/sgx_ioctl.c b/drivers/platform/x86/intel_sgx/sgx_ioctl.c index 3fcef914005f..9317b2603212 100644 --- a/drivers/platform/x86/intel_sgx/sgx_ioctl.c +++ b/drivers/platform/x86/intel_sgx/sgx_ioctl.c @@ -69,7 +69,7 @@ #include <linux/hashtable.h> #include <linux/shmem_fs.h> -static int sgx_get_encl(unsigned long addr, struct sgx_encl **encl) +static int sgx_encl_get(unsigned long addr, struct sgx_encl **encl) { struct mm_struct *mm = current->mm; struct vm_area_struct *vma; @@ -156,7 +156,7 @@ static long sgx_ioc_enclave_add_page(struct file *filep, unsigned int cmd, void *data; int ret; - ret = sgx_get_encl(addp->addr, &encl); + ret = sgx_encl_get(addp->addr, &encl); if (ret) return ret; @@ -227,11 +227,16 @@ static long sgx_ioc_enclave_init(struct file *filep, unsigned int cmd, if (ret) goto out; - ret = sgx_get_encl(encl_id, &encl); + ret = sgx_encl_get(encl_id, &encl); if (ret) goto out; - ret = sgx_encl_init(encl, sigstruct, einittoken); + if (!(initp->flags && SGX_ENCLAVE_INIT_ARCH)) + ret = sgx_le_get_token(&sgx_le_ctx, encl, sigstruct, + einittoken); + + if (!ret) + ret = sgx_encl_init(encl, sigstruct, einittoken); kref_put(&encl->refcount, sgx_encl_release); diff --git a/drivers/platform/x86/intel_sgx/sgx_le.c b/drivers/platform/x86/intel_sgx/sgx_le.c new file mode 100644 index 000000000000..68b18df59b0e --- /dev/null +++ b/drivers/platform/x86/intel_sgx/sgx_le.c @@ -0,0 +1,313 @@ +/* + * This file is provided under a dual BSD/GPLv2 license. When using or + * redistributing this file, you may do so under either license. + * + * GPL LICENSE SUMMARY + * + * Copyright(c) 2017 Intel Corporation. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * Contact Information: + * Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> + * Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo + * + * BSD LICENSE + * + * Copyright(c) 2016 Intel Corporation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Authors: + * + * Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> + */ + +#include <linux/file.h> +#include <linux/fs.h> +#include <linux/kmod.h> +#include <linux/mutex.h> +#include <linux/wait.h> +#include <linux/pipe_fs_i.h> +#include <linux/sched/signal.h> +#include <linux/shmem_fs.h> +#include <linux/anon_inodes.h> +#include "sgx.h" + +#define SGX_LE_PROXY_PATH "/proc/self/fd/3" +#define SGX_LE_PROXY_FD 3 +#define SGX_LE_DEV_FD 4 + +extern unsigned char sgx_le_proxy[]; +extern unsigned char sgx_le_proxy_end[]; + +struct sgx_le_ctx { + struct pid *tgid; + char *argv[2]; + struct file *pipes[2]; + struct crypto_shash *tfm; + struct mutex lock; +}; + +struct sgx_le_ctx sgx_le_ctx; + +static int sgx_le_create_pipe(struct sgx_le_ctx *ctx, + unsigned int fd) +{ + struct file *files[2]; + int ret; + + ret = create_pipe_files(files, 0); + if (ret) + goto out; + + ctx->pipes[fd] = files[fd ^ 1]; + ret = replace_fd(fd, files[fd], 0); + fput(files[fd]); + +out: + return ret; +} + +static int sgx_le_read(struct file *file, void *data, unsigned int len) +{ + ssize_t ret; + loff_t pos = 0; + + ret = kernel_read(file, data, len, &pos); + + if (ret != len && ret >= 0) + return -ENOMEM; + + if (ret < 0) + return ret; + + return 0; +} + +static int sgx_le_write(struct file *file, const void *data, + unsigned int len) +{ + ssize_t ret; + loff_t pos = 0; + + ret = kernel_write(file, data, len, &pos); + + if (ret != len && ret >= 0) + return -ENOMEM; + + if (ret < 0) + return ret; + + return 0; +} + +static int sgx_le_task_init(struct subprocess_info *subinfo, struct cred *new) +{ + struct sgx_le_ctx *ctx = + (struct sgx_le_ctx *)subinfo->data; + unsigned long len; + struct file *tmp_filp; + int ret; + + len = (unsigned long)&sgx_le_proxy_end - (unsigned long)&sgx_le_proxy; + + tmp_filp = shmem_file_setup("[sgx_le_proxy]", len, 0); + if (IS_ERR(tmp_filp)) { + ret = PTR_ERR(tmp_filp); + return ret; + } + ret = replace_fd(SGX_LE_PROXY_FD, tmp_filp, 0); + fput(tmp_filp); + if (ret < 0) + return ret; + + ret = sgx_le_write(tmp_filp, &sgx_le_proxy, len); + if (ret) + return ret; + + tmp_filp = anon_inode_getfile("[/dev/sgx]", &sgx_fops, NULL, O_RDWR); + if (IS_ERR(tmp_filp)) + return PTR_ERR(tmp_filp); + ret = replace_fd(SGX_LE_DEV_FD, tmp_filp, 0); + fput(tmp_filp); + if (ret < 0) + return ret; + + ret = sgx_le_create_pipe(ctx, 0); + if (ret < 0) + return ret; + + ret = sgx_le_create_pipe(ctx, 1); + if (ret < 0) + return ret; + + ctx->tgid = get_pid(task_tgid(current)); + + return 0; +} + +static void __sgx_le_stop(struct sgx_le_ctx *ctx) +{ + int i; + + if (ctx->tgid) + kill_pid(ctx->tgid, SIGKILL, 1); + + for (i = 0; i < ARRAY_SIZE(ctx->pipes); i++) { + if (ctx->pipes[i]) { + fput(ctx->pipes[i]); + ctx->pipes[i] = NULL; + } + } + + if (ctx->tgid) { + put_pid(ctx->tgid); + ctx->tgid = NULL; + } +} + + +void sgx_le_stop(struct sgx_le_ctx *ctx) +{ + mutex_lock(&ctx->lock); + __sgx_le_stop(ctx); + mutex_unlock(&ctx->lock); +} + +static int __sgx_le_start(struct sgx_le_ctx *ctx) +{ + struct subprocess_info *subinfo; + int ret; + + if (ctx->tgid) + return 0; + + ctx->argv[0] = SGX_LE_PROXY_PATH; + ctx->argv[1] = NULL; + + subinfo = call_usermodehelper_setup(ctx->argv[0], ctx->argv, + NULL, GFP_KERNEL, sgx_le_task_init, + NULL, &sgx_le_ctx); + if (!subinfo) + return -ENOMEM; + + ret = call_usermodehelper_exec(subinfo, UMH_WAIT_EXEC); + if (ret) { + __sgx_le_stop(ctx); + return ret; + } + + return 0; +} + +int sgx_le_start(struct sgx_le_ctx *ctx) +{ + int ret; + + mutex_lock(&ctx->lock); + ret = __sgx_le_start(ctx); + mutex_unlock(&ctx->lock); + + return ret; +} + +int sgx_le_init(struct sgx_le_ctx *ctx) +{ + struct crypto_shash *tfm; + + tfm = crypto_alloc_shash("sha256", 0, CRYPTO_ALG_ASYNC); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + ctx->tfm = tfm; + mutex_init(&ctx->lock); + + return 0; +} + +void sgx_le_exit(struct sgx_le_ctx *ctx) +{ + mutex_lock(&ctx->lock); + crypto_free_shash(ctx->tfm); + mutex_unlock(&ctx->lock); +} + +static int __sgx_le_get_token(struct sgx_le_ctx *ctx, + const struct sgx_encl *encl, + const struct sgx_sigstruct *sigstruct, + struct sgx_einittoken *token) +{ + u8 mrsigner[32]; + ssize_t ret; + + if (!ctx->tgid) + return -EIO; + + ret = sgx_get_key_hash(ctx->tfm, sigstruct->modulus, mrsigner); + if (ret) + return ret; + + ret = sgx_le_write(ctx->pipes[0], sigstruct->body.mrenclave, 32); + if (ret) + return ret; + + ret = sgx_le_write(ctx->pipes[0], mrsigner, 32); + if (ret) + return ret; + + ret = sgx_le_write(ctx->pipes[0], &encl->attributes, sizeof(uint64_t)); + if (ret) + return ret; + + ret = sgx_le_write(ctx->pipes[0], &encl->xfrm, sizeof(uint64_t)); + if (ret) + return ret; + + return sgx_le_read(ctx->pipes[1], token, sizeof(*token)); +} + +int sgx_le_get_token(struct sgx_le_ctx *ctx, + const struct sgx_encl *encl, + const struct sgx_sigstruct *sigstruct, + struct sgx_einittoken *token) +{ + int ret; + + mutex_lock(&ctx->lock); + ret = __sgx_le_get_token(ctx, encl, sigstruct, token); + mutex_unlock(&ctx->lock); + + return ret; +} diff --git a/drivers/platform/x86/intel_sgx/sgx_main.c b/drivers/platform/x86/intel_sgx/sgx_main.c index 1c42a0323a78..42fc9ecaf593 100644 --- a/drivers/platform/x86/intel_sgx/sgx_main.c +++ b/drivers/platform/x86/intel_sgx/sgx_main.c @@ -90,6 +90,35 @@ u64 sgx_xfrm_mask = 0x3; u32 sgx_misc_reserved; u32 sgx_xsave_size_tbl[64]; +static DECLARE_RWSEM(sgx_file_sem); + +static int sgx_open(struct inode *inode, struct file *file) +{ + int ret; + + down_read(&sgx_file_sem); + + ret = sgx_le_start(&sgx_le_ctx); + if (ret) { + up_read(&sgx_file_sem); + return ret; + } + + return 0; +} + +static int sgx_release(struct inode *inode, struct file *file) +{ + up_read(&sgx_file_sem); + + if (down_write_trylock(&sgx_file_sem)) { + sgx_le_stop(&sgx_le_ctx); + up_write(&sgx_file_sem); + } + + return 0; +} + #ifdef CONFIG_COMPAT long sgx_compat_ioctl(struct file *filep, unsigned int cmd, unsigned long arg) { @@ -142,8 +171,10 @@ static unsigned long sgx_get_unmapped_area(struct file *file, return addr; } -static const struct file_operations sgx_fops = { +const struct file_operations sgx_fops = { .owner = THIS_MODULE, + .open = sgx_open, + .release = sgx_release, .unlocked_ioctl = sgx_ioctl, #ifdef CONFIG_COMPAT .compat_ioctl = sgx_compat_ioctl, @@ -313,11 +344,17 @@ static int sgx_dev_init(struct device *parent) goto out_iounmap; } - ret = cdev_device_add(&sgx_dev->cdev, &sgx_dev->dev); + ret = sgx_le_init(&sgx_le_ctx); if (ret) goto out_workqueue; + ret = cdev_device_add(&sgx_dev->cdev, &sgx_dev->dev); + if (ret) + goto out_le; + return 0; +out_le: + sgx_le_exit(&sgx_le_ctx); out_workqueue: destroy_workqueue(sgx_add_page_wq); out_iounmap: @@ -381,6 +418,8 @@ static int sgx_drv_remove(struct platform_device *pdev) cdev_device_del(&ctx->cdev, &ctx->dev); + sgx_le_exit(&sgx_le_ctx); + destroy_workqueue(sgx_add_page_wq); #ifdef CONFIG_X86_64 for (i = 0; i < sgx_nr_epc_banks; i++) diff --git a/drivers/platform/x86/intel_sgx/sgx_util.c b/drivers/platform/x86/intel_sgx/sgx_util.c index 6ef79499100f..6c1f06d1978a 100644 --- a/drivers/platform/x86/intel_sgx/sgx_util.c +++ b/drivers/platform/x86/intel_sgx/sgx_util.c @@ -370,3 +370,28 @@ void sgx_etrack(struct sgx_encl *encl) sgx_invalidate(encl, true); } } + +int sgx_get_key_hash(struct crypto_shash *tfm, const void *modulus, void *hash) +{ + SHASH_DESC_ON_STACK(shash, tfm); + + shash->tfm = tfm; + shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP; + + return crypto_shash_digest(shash, modulus, SGX_MODULUS_SIZE, hash); +} + +int sgx_get_key_hash_simple(const void *modulus, void *hash) +{ + struct crypto_shash *tfm; + int ret; + + tfm = crypto_alloc_shash("sha256", 0, CRYPTO_ALG_ASYNC); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + ret = sgx_get_key_hash(tfm, modulus, hash); + + crypto_free_shash(tfm); + return ret; +} -- 2.14.1