1 // SPDX-License-Identifier: GPL-2.0
29 	/* Skip vmcs.GUEST_DS retrieval for 64-bit mode to avoid VMREADs. */  in sgx_get_encls_gva()
46 			(((u64)*gva + size - 1) > s.limit + 1));  in sgx_get_encls_gva()
50 	return fault ? -EINVAL : 0;  in sgx_get_encls_gva()
56 	vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;  in sgx_handle_emulation_failure()
57 	vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;  in sgx_handle_emulation_failure()
58 	vcpu->run->internal.ndata = 2;  in sgx_handle_emulation_failure()
59 	vcpu->run->internal.data[0] = addr;  in sgx_handle_emulation_failure()
60 	vcpu->run->internal.data[1] = size;  in sgx_handle_emulation_failure()
68 		return -EFAULT;  in sgx_read_hva()
86 		return -EFAULT;  in sgx_gva_to_gpa()
97 		return -EFAULT;  in sgx_gpa_to_hva()
110 	 * A non-EPCM #PF indicates a bad userspace HVA.  This *should* check  in sgx_inject_fault()
115 		vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;  in sgx_inject_fault()
116 		vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;  in sgx_inject_fault()
117 		vcpu->run->internal.ndata = 0;  in sgx_inject_fault()
148 	struct sgx_secs *contents = (struct sgx_secs *)pageinfo->contents;  in __handle_encls_ecreate()
158 		vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;  in __handle_encls_ecreate()
159 		vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;  in __handle_encls_ecreate()
160 		vcpu->run->internal.ndata = 0;  in __handle_encls_ecreate()
164 	miscselect = contents->miscselect;  in __handle_encls_ecreate()
165 	attributes = contents->attributes;  in __handle_encls_ecreate()
166 	xfrm = contents->xfrm;  in __handle_encls_ecreate()
167 	size = contents->size;  in __handle_encls_ecreate()
170 	if (!vcpu->kvm->arch.sgx_provisioning_allowed &&  in __handle_encls_ecreate()
172 		if (sgx_12_1->eax & SGX_ATTR_PROVISIONKEY)  in __handle_encls_ecreate()
179 	if ((u32)miscselect & ~sgx_12_0->ebx ||  in __handle_encls_ecreate()
180 	    (u32)attributes & ~sgx_12_1->eax ||  in __handle_encls_ecreate()
181 	    (u32)(attributes >> 32) & ~sgx_12_1->ebx ||  in __handle_encls_ecreate()
182 	    (u32)xfrm & ~sgx_12_1->ecx ||  in __handle_encls_ecreate()
183 	    (u32)(xfrm >> 32) & ~sgx_12_1->edx) {  in __handle_encls_ecreate()
189 	max_size_log2 = (attributes & SGX_ATTR_MODE64BIT) ? sgx_12_0->edx >> 8 :  in __handle_encls_ecreate()
190 							    sgx_12_0->edx;  in __handle_encls_ecreate()
197 	 *  2) -EFAULT:	ECREATE was run but faulted, and trapnr was set to the  in __handle_encls_ecreate()
199 	 *  3) -EINVAL:	access_ok() on @secs_hva failed. This should never  in __handle_encls_ecreate()
206 	if (ret == -EFAULT)  in __handle_encls_ecreate()
274 		return -ENOMEM;  in handle_encls_ecreate()
327 			     vmx->msr_ia32_sgxlepubkeyhash, &trapnr);  in handle_encls_einit()
329 	if (ret == -EFAULT)  in handle_encls_einit()
333 	 * sgx_virt_einit() returns -EINVAL when access_ok() fails on @sig_hva,  in handle_encls_einit()
372 	return (to_vmx(vcpu)->msr_ia32_feature_control & bits) == bits;  in sgx_enabled_in_guest_bios()
389 		vcpu->run->exit_reason = KVM_EXIT_UNKNOWN;  in handle_encls()
390 		vcpu->run->hw.hardware_exit_reason = EXIT_REASON_ENCLS;  in handle_encls()
399 	 * Use Intel's default value for Skylake hardware if Launch Control is  in setup_default_sgx_lepubkeyhash()
401 	 * Launch Control is supported and enabled, i.e. mimic the reset value  in setup_default_sgx_lepubkeyhash()
402 	 * and let the guest write the MSRs at will.  If Launch Control is  in setup_default_sgx_lepubkeyhash()
404 	 * MSRs exist but are read-only (locked and not writable).  in setup_default_sgx_lepubkeyhash()
424 	memcpy(vmx->msr_ia32_sgxlepubkeyhash, sgx_pubkey_hash,  in vcpu_setup_sgx_lepubkeyhash()
430  * restrictions if the guest's allowed-1 settings diverge from hardware.
437 	if (!vcpu->kvm->arch.sgx_provisioning_allowed)  in sgx_intercept_encls_ecreate()
445 	if (guest_cpuid->ebx != ebx || guest_cpuid->edx != edx)  in sgx_intercept_encls_ecreate()
453 	if (guest_cpuid->eax != eax || guest_cpuid->ebx != ebx ||  in sgx_intercept_encls_ecreate()
454 	    guest_cpuid->ecx != ecx || guest_cpuid->edx != edx)  in sgx_intercept_encls_ecreate()
469 	u64 bitmap = -1ull;  in vmx_write_encls_bitmap()
487 		 * Trap and execute EINIT if launch control is enabled in the  in vmx_write_encls_bitmap()
488 		 * host using the guest's values for launch control MSRs, even  in vmx_write_encls_bitmap()
490 		 * The MSRs are not loaded/saved on VM-Enter/VM-Exit as writing  in vmx_write_encls_bitmap()
499 			bitmap |= vmcs12->encls_exiting_bitmap;  in vmx_write_encls_bitmap()