1// SPDX-License-Identifier: GPL-2.0
  2/*  Copyright(c) 2016-20 Intel Corporation. */
  3
  4#include <asm/mman.h>
  5#include <asm/sgx.h>
  6#include <linux/mman.h>
  7#include <linux/delay.h>
  8#include <linux/file.h>
  9#include <linux/hashtable.h>
 10#include <linux/highmem.h>
 11#include <linux/ratelimit.h>
 12#include <linux/sched/signal.h>
 13#include <linux/shmem_fs.h>
 14#include <linux/slab.h>
 15#include <linux/suspend.h>
 16#include "driver.h"
 17#include "encl.h"
 18#include "encls.h"
 19
 20static struct sgx_va_page *sgx_encl_grow(struct sgx_encl *encl)
 21{
 22	struct sgx_va_page *va_page = NULL;
 23	void *err;
 24
 25	BUILD_BUG_ON(SGX_VA_SLOT_COUNT !=
 26		(SGX_ENCL_PAGE_VA_OFFSET_MASK >> 3) + 1);
 27
 28	if (!(encl->page_cnt % SGX_VA_SLOT_COUNT)) {
 29		va_page = kzalloc(sizeof(*va_page), GFP_KERNEL);
 30		if (!va_page)
 31			return ERR_PTR(-ENOMEM);
 32
 33		va_page->epc_page = sgx_alloc_va_page();
 34		if (IS_ERR(va_page->epc_page)) {
 35			err = ERR_CAST(va_page->epc_page);
 36			kfree(va_page);
 37			return err;
 38		}
 39
 40		WARN_ON_ONCE(encl->page_cnt % SGX_VA_SLOT_COUNT);
 41	}
 42	encl->page_cnt++;
 43	return va_page;
 44}
 45
 46static void sgx_encl_shrink(struct sgx_encl *encl, struct sgx_va_page *va_page)
 47{
 48	encl->page_cnt--;
 49
 50	if (va_page) {
 51		sgx_encl_free_epc_page(va_page->epc_page);
 52		list_del(&va_page->list);
 53		kfree(va_page);
 54	}
 55}
 56
 57static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
 58{
 59	struct sgx_epc_page *secs_epc;
 60	struct sgx_va_page *va_page;
 61	struct sgx_pageinfo pginfo;
 62	struct sgx_secinfo secinfo;
 63	unsigned long encl_size;
 64	struct file *backing;
 65	long ret;
 66
 67	va_page = sgx_encl_grow(encl);
 68	if (IS_ERR(va_page))
 69		return PTR_ERR(va_page);
 70	else if (va_page)
 71		list_add(&va_page->list, &encl->va_pages);
 72	/* else the tail page of the VA page list had free slots. */
 73
 74	/* The extra page goes to SECS. */
 75	encl_size = secs->size + PAGE_SIZE;
 76
 77	backing = shmem_file_setup("SGX backing", encl_size + (encl_size >> 5),
 78				   VM_NORESERVE);
 79	if (IS_ERR(backing)) {
 80		ret = PTR_ERR(backing);
 81		goto err_out_shrink;
 82	}
 83
 84	encl->backing = backing;
 85
 86	secs_epc = sgx_alloc_epc_page(&encl->secs, true);
 87	if (IS_ERR(secs_epc)) {
 88		ret = PTR_ERR(secs_epc);
 89		goto err_out_backing;
 90	}
 91
 92	encl->secs.epc_page = secs_epc;
 93
 94	pginfo.addr = 0;
 95	pginfo.contents = (unsigned long)secs;
 96	pginfo.metadata = (unsigned long)&secinfo;
 97	pginfo.secs = 0;
 98	memset(&secinfo, 0, sizeof(secinfo));
 99
100	ret = __ecreate((void *)&pginfo, sgx_get_epc_virt_addr(secs_epc));
101	if (ret) {
102		ret = -EIO;
103		goto err_out;
104	}
105
106	if (secs->attributes & SGX_ATTR_DEBUG)
107		set_bit(SGX_ENCL_DEBUG, &encl->flags);
108
109	encl->secs.encl = encl;
110	encl->base = secs->base;
111	encl->size = secs->size;
112	encl->attributes = secs->attributes;
113	encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
114
115	/* Set only after completion, as encl->lock has not been taken. */
116	set_bit(SGX_ENCL_CREATED, &encl->flags);
117
118	return 0;
119
120err_out:
121	sgx_encl_free_epc_page(encl->secs.epc_page);
122	encl->secs.epc_page = NULL;
123
124err_out_backing:
125	fput(encl->backing);
126	encl->backing = NULL;
127
128err_out_shrink:
129	sgx_encl_shrink(encl, va_page);
130
131	return ret;
132}
133
134/**
135 * sgx_ioc_enclave_create() - handler for %SGX_IOC_ENCLAVE_CREATE
136 * @encl:	An enclave pointer.
137 * @arg:	The ioctl argument.
138 *
139 * Allocate kernel data structures for the enclave and invoke ECREATE.
140 *
141 * Return:
142 * - 0:		Success.
143 * - -EIO:	ECREATE failed.
144 * - -errno:	POSIX error.
145 */
146static long sgx_ioc_enclave_create(struct sgx_encl *encl, void __user *arg)
147{
148	struct sgx_enclave_create create_arg;
149	void *secs;
150	int ret;
151
152	if (test_bit(SGX_ENCL_CREATED, &encl->flags))
153		return -EINVAL;
154
155	if (copy_from_user(&create_arg, arg, sizeof(create_arg)))
156		return -EFAULT;
157
158	secs = kmalloc(PAGE_SIZE, GFP_KERNEL);
159	if (!secs)
160		return -ENOMEM;
161
162	if (copy_from_user(secs, (void __user *)create_arg.src, PAGE_SIZE))
163		ret = -EFAULT;
164	else
165		ret = sgx_encl_create(encl, secs);
166
167	kfree(secs);
168	return ret;
169}
170
171static struct sgx_encl_page *sgx_encl_page_alloc(struct sgx_encl *encl,
172						 unsigned long offset,
173						 u64 secinfo_flags)
174{
175	struct sgx_encl_page *encl_page;
176	unsigned long prot;
177
178	encl_page = kzalloc(sizeof(*encl_page), GFP_KERNEL);
179	if (!encl_page)
180		return ERR_PTR(-ENOMEM);
181
182	encl_page->desc = encl->base + offset;
183	encl_page->encl = encl;
184
185	prot = _calc_vm_trans(secinfo_flags, SGX_SECINFO_R, PROT_READ)  |
186	       _calc_vm_trans(secinfo_flags, SGX_SECINFO_W, PROT_WRITE) |
187	       _calc_vm_trans(secinfo_flags, SGX_SECINFO_X, PROT_EXEC);
188
189	/*
190	 * TCS pages must always RW set for CPU access while the SECINFO
191	 * permissions are *always* zero - the CPU ignores the user provided
192	 * values and silently overwrites them with zero permissions.
193	 */
194	if ((secinfo_flags & SGX_SECINFO_PAGE_TYPE_MASK) == SGX_SECINFO_TCS)
195		prot |= PROT_READ | PROT_WRITE;
196
197	/* Calculate maximum of the VM flags for the page. */
198	encl_page->vm_max_prot_bits = calc_vm_prot_bits(prot, 0);
199
200	return encl_page;
201}
202
203static int sgx_validate_secinfo(struct sgx_secinfo *secinfo)
204{
205	u64 perm = secinfo->flags & SGX_SECINFO_PERMISSION_MASK;
206	u64 pt   = secinfo->flags & SGX_SECINFO_PAGE_TYPE_MASK;
207
208	if (pt != SGX_SECINFO_REG && pt != SGX_SECINFO_TCS)
209		return -EINVAL;
210
211	if ((perm & SGX_SECINFO_W) && !(perm & SGX_SECINFO_R))
212		return -EINVAL;
213
214	/*
215	 * CPU will silently overwrite the permissions as zero, which means
216	 * that we need to validate it ourselves.
217	 */
218	if (pt == SGX_SECINFO_TCS && perm)
219		return -EINVAL;
220
221	if (secinfo->flags & SGX_SECINFO_RESERVED_MASK)
222		return -EINVAL;
223
224	if (memchr_inv(secinfo->reserved, 0, sizeof(secinfo->reserved)))
225		return -EINVAL;
226
227	return 0;
228}
229
230static int __sgx_encl_add_page(struct sgx_encl *encl,
231			       struct sgx_encl_page *encl_page,
232			       struct sgx_epc_page *epc_page,
233			       struct sgx_secinfo *secinfo, unsigned long src)
234{
235	struct sgx_pageinfo pginfo;
236	struct vm_area_struct *vma;
237	struct page *src_page;
238	int ret;
239
240	/* Deny noexec. */
241	vma = find_vma(current->mm, src);
242	if (!vma)
243		return -EFAULT;
244
245	if (!(vma->vm_flags & VM_MAYEXEC))
246		return -EACCES;
247
248	ret = get_user_pages(src, 1, 0, &src_page, NULL);
249	if (ret < 1)
250		return -EFAULT;
251
252	pginfo.secs = (unsigned long)sgx_get_epc_virt_addr(encl->secs.epc_page);
253	pginfo.addr = encl_page->desc & PAGE_MASK;
254	pginfo.metadata = (unsigned long)secinfo;
255	pginfo.contents = (unsigned long)kmap_atomic(src_page);
256
257	ret = __eadd(&pginfo, sgx_get_epc_virt_addr(epc_page));
258
259	kunmap_atomic((void *)pginfo.contents);
260	put_page(src_page);
261
262	return ret ? -EIO : 0;
263}
264
265/*
266 * If the caller requires measurement of the page as a proof for the content,
267 * use EEXTEND to add a measurement for 256 bytes of the page. Repeat this
268 * operation until the entire page is measured."
269 */
270static int __sgx_encl_extend(struct sgx_encl *encl,
271			     struct sgx_epc_page *epc_page)
272{
273	unsigned long offset;
274	int ret;
275
276	for (offset = 0; offset < PAGE_SIZE; offset += SGX_EEXTEND_BLOCK_SIZE) {
277		ret = __eextend(sgx_get_epc_virt_addr(encl->secs.epc_page),
278				sgx_get_epc_virt_addr(epc_page) + offset);
279		if (ret) {
280			if (encls_failed(ret))
281				ENCLS_WARN(ret, "EEXTEND");
282
283			return -EIO;
284		}
285	}
286
287	return 0;
288}
289
290static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long src,
291			     unsigned long offset, struct sgx_secinfo *secinfo,
292			     unsigned long flags)
293{
294	struct sgx_encl_page *encl_page;
295	struct sgx_epc_page *epc_page;
296	struct sgx_va_page *va_page;
297	int ret;
298
299	encl_page = sgx_encl_page_alloc(encl, offset, secinfo->flags);
300	if (IS_ERR(encl_page))
301		return PTR_ERR(encl_page);
302
303	epc_page = sgx_alloc_epc_page(encl_page, true);
304	if (IS_ERR(epc_page)) {
305		kfree(encl_page);
306		return PTR_ERR(epc_page);
307	}
308
309	va_page = sgx_encl_grow(encl);
310	if (IS_ERR(va_page)) {
311		ret = PTR_ERR(va_page);
312		goto err_out_free;
313	}
314
315	mmap_read_lock(current->mm);
316	mutex_lock(&encl->lock);
317
318	/*
319	 * Adding to encl->va_pages must be done under encl->lock.  Ditto for
320	 * deleting (via sgx_encl_shrink()) in the error path.
321	 */
322	if (va_page)
323		list_add(&va_page->list, &encl->va_pages);
324
325	/*
326	 * Insert prior to EADD in case of OOM.  EADD modifies MRENCLAVE, i.e.
327	 * can't be gracefully unwound, while failure on EADD/EXTEND is limited
328	 * to userspace errors (or kernel/hardware bugs).
329	 */
330	ret = xa_insert(&encl->page_array, PFN_DOWN(encl_page->desc),
331			encl_page, GFP_KERNEL);
332	if (ret)
333		goto err_out_unlock;
334
335	ret = __sgx_encl_add_page(encl, encl_page, epc_page, secinfo,
336				  src);
337	if (ret)
338		goto err_out;
339
340	/*
341	 * Complete the "add" before doing the "extend" so that the "add"
342	 * isn't in a half-baked state in the extremely unlikely scenario
343	 * the enclave will be destroyed in response to EEXTEND failure.
344	 */
345	encl_page->encl = encl;
346	encl_page->epc_page = epc_page;
347	encl->secs_child_cnt++;
348
349	if (flags & SGX_PAGE_MEASURE) {
350		ret = __sgx_encl_extend(encl, epc_page);
351		if (ret)
352			goto err_out;
353	}
354
355	sgx_mark_page_reclaimable(encl_page->epc_page);
356	mutex_unlock(&encl->lock);
357	mmap_read_unlock(current->mm);
358	return ret;
359
360err_out:
361	xa_erase(&encl->page_array, PFN_DOWN(encl_page->desc));
362
363err_out_unlock:
364	sgx_encl_shrink(encl, va_page);
365	mutex_unlock(&encl->lock);
366	mmap_read_unlock(current->mm);
367
368err_out_free:
369	sgx_encl_free_epc_page(epc_page);
370	kfree(encl_page);
371
372	return ret;
373}
374
375/**
376 * sgx_ioc_enclave_add_pages() - The handler for %SGX_IOC_ENCLAVE_ADD_PAGES
377 * @encl:       an enclave pointer
378 * @arg:	a user pointer to a struct sgx_enclave_add_pages instance
379 *
380 * Add one or more pages to an uninitialized enclave, and optionally extend the
381 * measurement with the contents of the page. The SECINFO and measurement mask
382 * are applied to all pages.
383 *
384 * A SECINFO for a TCS is required to always contain zero permissions because
385 * CPU silently zeros them. Allowing anything else would cause a mismatch in
386 * the measurement.
387 *
388 * mmap()'s protection bits are capped by the page permissions. For each page
389 * address, the maximum protection bits are computed with the following
390 * heuristics:
391 *
392 * 1. A regular page: PROT_R, PROT_W and PROT_X match the SECINFO permissions.
393 * 2. A TCS page: PROT_R | PROT_W.
394 *
395 * mmap() is not allowed to surpass the minimum of the maximum protection bits
396 * within the given address range.
397 *
398 * The function deinitializes kernel data structures for enclave and returns
399 * -EIO in any of the following conditions:
400 *
401 * - Enclave Page Cache (EPC), the physical memory holding enclaves, has
402 *   been invalidated. This will cause EADD and EEXTEND to fail.
403 * - If the source address is corrupted somehow when executing EADD.
404 *
405 * Return:
406 * - 0:		Success.
407 * - -EACCES:	The source page is located in a noexec partition.
408 * - -ENOMEM:	Out of EPC pages.
409 * - -EINTR:	The call was interrupted before data was processed.
410 * - -EIO:	Either EADD or EEXTEND failed because invalid source address
411 *		or power cycle.
412 * - -errno:	POSIX error.
413 */
414static long sgx_ioc_enclave_add_pages(struct sgx_encl *encl, void __user *arg)
415{
416	struct sgx_enclave_add_pages add_arg;
417	struct sgx_secinfo secinfo;
418	unsigned long c;
419	int ret;
420
421	if (!test_bit(SGX_ENCL_CREATED, &encl->flags) ||
422	    test_bit(SGX_ENCL_INITIALIZED, &encl->flags))
423		return -EINVAL;
424
425	if (copy_from_user(&add_arg, arg, sizeof(add_arg)))
426		return -EFAULT;
427
428	if (!IS_ALIGNED(add_arg.offset, PAGE_SIZE) ||
429	    !IS_ALIGNED(add_arg.src, PAGE_SIZE))
430		return -EINVAL;
431
432	if (!add_arg.length || add_arg.length & (PAGE_SIZE - 1))
433		return -EINVAL;
434
435	if (add_arg.offset + add_arg.length - PAGE_SIZE >= encl->size)
436		return -EINVAL;
437
438	if (copy_from_user(&secinfo, (void __user *)add_arg.secinfo,
439			   sizeof(secinfo)))
440		return -EFAULT;
441
442	if (sgx_validate_secinfo(&secinfo))
443		return -EINVAL;
444
445	for (c = 0 ; c < add_arg.length; c += PAGE_SIZE) {
446		if (signal_pending(current)) {
447			if (!c)
448				ret = -ERESTARTSYS;
449
450			break;
451		}
452
453		if (need_resched())
454			cond_resched();
455
456		ret = sgx_encl_add_page(encl, add_arg.src + c, add_arg.offset + c,
457					&secinfo, add_arg.flags);
458		if (ret)
459			break;
460	}
461
462	add_arg.count = c;
463
464	if (copy_to_user(arg, &add_arg, sizeof(add_arg)))
465		return -EFAULT;
466
467	return ret;
468}
469
470static int __sgx_get_key_hash(struct crypto_shash *tfm, const void *modulus,
471			      void *hash)
472{
473	SHASH_DESC_ON_STACK(shash, tfm);
474
475	shash->tfm = tfm;
476
477	return crypto_shash_digest(shash, modulus, SGX_MODULUS_SIZE, hash);
478}
479
480static int sgx_get_key_hash(const void *modulus, void *hash)
481{
482	struct crypto_shash *tfm;
483	int ret;
484
485	tfm = crypto_alloc_shash("sha256", 0, CRYPTO_ALG_ASYNC);
486	if (IS_ERR(tfm))
487		return PTR_ERR(tfm);
488
489	ret = __sgx_get_key_hash(tfm, modulus, hash);
490
491	crypto_free_shash(tfm);
492	return ret;
493}
494
495static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct,
496			 void *token)
497{
498	u64 mrsigner[4];
499	int i, j;
500	void *addr;
501	int ret;
502
503	/*
504	 * Deny initializing enclaves with attributes (namely provisioning)
505	 * that have not been explicitly allowed.
506	 */
507	if (encl->attributes & ~encl->attributes_mask)
508		return -EACCES;
509
510	/*
511	 * Attributes should not be enforced *only* against what's available on
512	 * platform (done in sgx_encl_create) but checked and enforced against
513	 * the mask for enforcement in sigstruct. For example an enclave could
514	 * opt to sign with AVX bit in xfrm, but still be loadable on a platform
515	 * without it if the sigstruct->body.attributes_mask does not turn that
516	 * bit on.
517	 */
518	if (sigstruct->body.attributes & sigstruct->body.attributes_mask &
519	    sgx_attributes_reserved_mask)
520		return -EINVAL;
521
522	if (sigstruct->body.miscselect & sigstruct->body.misc_mask &
523	    sgx_misc_reserved_mask)
524		return -EINVAL;
525
526	if (sigstruct->body.xfrm & sigstruct->body.xfrm_mask &
527	    sgx_xfrm_reserved_mask)
528		return -EINVAL;
529
530	ret = sgx_get_key_hash(sigstruct->modulus, mrsigner);
531	if (ret)
532		return ret;
533
534	mutex_lock(&encl->lock);
535
536	/*
537	 * ENCLS[EINIT] is interruptible because it has such a high latency,
538	 * e.g. 50k+ cycles on success. If an IRQ/NMI/SMI becomes pending,
539	 * EINIT may fail with SGX_UNMASKED_EVENT so that the event can be
540	 * serviced.
541	 */
542	for (i = 0; i < SGX_EINIT_SLEEP_COUNT; i++) {
543		for (j = 0; j < SGX_EINIT_SPIN_COUNT; j++) {
544			addr = sgx_get_epc_virt_addr(encl->secs.epc_page);
545
546			preempt_disable();
547
548			sgx_update_lepubkeyhash(mrsigner);
549
550			ret = __einit(sigstruct, token, addr);
551
552			preempt_enable();
553
554			if (ret == SGX_UNMASKED_EVENT)
555				continue;
556			else
557				break;
558		}
559
560		if (ret != SGX_UNMASKED_EVENT)
561			break;
562
563		msleep_interruptible(SGX_EINIT_SLEEP_TIME);
564
565		if (signal_pending(current)) {
566			ret = -ERESTARTSYS;
567			goto err_out;
568		}
569	}
570
571	if (encls_faulted(ret)) {
572		if (encls_failed(ret))
573			ENCLS_WARN(ret, "EINIT");
574
575		ret = -EIO;
576	} else if (ret) {
577		pr_debug("EINIT returned %d\n", ret);
578		ret = -EPERM;
579	} else {
580		set_bit(SGX_ENCL_INITIALIZED, &encl->flags);
581	}
582
583err_out:
584	mutex_unlock(&encl->lock);
585	return ret;
586}
587
588/**
589 * sgx_ioc_enclave_init() - handler for %SGX_IOC_ENCLAVE_INIT
590 * @encl:	an enclave pointer
591 * @arg:	userspace pointer to a struct sgx_enclave_init instance
592 *
593 * Flush any outstanding enqueued EADD operations and perform EINIT.  The
594 * Launch Enclave Public Key Hash MSRs are rewritten as necessary to match
595 * the enclave's MRSIGNER, which is caculated from the provided sigstruct.
596 *
597 * Return:
598 * - 0:		Success.
599 * - -EPERM:	Invalid SIGSTRUCT.
600 * - -EIO:	EINIT failed because of a power cycle.
601 * - -errno:	POSIX error.
602 */
603static long sgx_ioc_enclave_init(struct sgx_encl *encl, void __user *arg)
604{
605	struct sgx_sigstruct *sigstruct;
606	struct sgx_enclave_init init_arg;
607	void *token;
608	int ret;
609
610	if (!test_bit(SGX_ENCL_CREATED, &encl->flags) ||
611	    test_bit(SGX_ENCL_INITIALIZED, &encl->flags))
612		return -EINVAL;
613
614	if (copy_from_user(&init_arg, arg, sizeof(init_arg)))
615		return -EFAULT;
616
617	/*
618	 * 'sigstruct' must be on a page boundary and 'token' on a 512 byte
619	 * boundary.  kmalloc() will give this alignment when allocating
620	 * PAGE_SIZE bytes.
621	 */
622	sigstruct = kmalloc(PAGE_SIZE, GFP_KERNEL);
623	if (!sigstruct)
624		return -ENOMEM;
625
626	token = (void *)((unsigned long)sigstruct + PAGE_SIZE / 2);
627	memset(token, 0, SGX_LAUNCH_TOKEN_SIZE);
628
629	if (copy_from_user(sigstruct, (void __user *)init_arg.sigstruct,
630			   sizeof(*sigstruct))) {
631		ret = -EFAULT;
632		goto out;
633	}
634
635	/*
636	 * A legacy field used with Intel signed enclaves. These used to mean
637	 * regular and architectural enclaves. The CPU only accepts these values
638	 * but they do not have any other meaning.
639	 *
640	 * Thus, reject any other values.
641	 */
642	if (sigstruct->header.vendor != 0x0000 &&
643	    sigstruct->header.vendor != 0x8086) {
644		ret = -EINVAL;
645		goto out;
646	}
647
648	ret = sgx_encl_init(encl, sigstruct, token);
649
650out:
651	kfree(sigstruct);
652	return ret;
653}
654
655/**
656 * sgx_ioc_enclave_provision() - handler for %SGX_IOC_ENCLAVE_PROVISION
657 * @encl:	an enclave pointer
658 * @arg:	userspace pointer to a struct sgx_enclave_provision instance
659 *
660 * Allow ATTRIBUTE.PROVISION_KEY for an enclave by providing a file handle to
661 * /dev/sgx_provision.
662 *
663 * Return:
664 * - 0:		Success.
665 * - -errno:	Otherwise.
666 */
667static long sgx_ioc_enclave_provision(struct sgx_encl *encl, void __user *arg)
668{
669	struct sgx_enclave_provision params;
670
671	if (copy_from_user(&params, arg, sizeof(params)))
672		return -EFAULT;
673
674	return sgx_set_attribute(&encl->attributes_mask, params.fd);
675}
676
677long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg)
678{
679	struct sgx_encl *encl = filep->private_data;
680	int ret;
681
682	if (test_and_set_bit(SGX_ENCL_IOCTL, &encl->flags))
683		return -EBUSY;
684
685	switch (cmd) {
686	case SGX_IOC_ENCLAVE_CREATE:
687		ret = sgx_ioc_enclave_create(encl, (void __user *)arg);
688		break;
689	case SGX_IOC_ENCLAVE_ADD_PAGES:
690		ret = sgx_ioc_enclave_add_pages(encl, (void __user *)arg);
691		break;
692	case SGX_IOC_ENCLAVE_INIT:
693		ret = sgx_ioc_enclave_init(encl, (void __user *)arg);
694		break;
695	case SGX_IOC_ENCLAVE_PROVISION:
696		ret = sgx_ioc_enclave_provision(encl, (void __user *)arg);
697		break;
698	default:
699		ret = -ENOIOCTLCMD;
700		break;
701	}
702
703	clear_bit(SGX_ENCL_IOCTL, &encl->flags);
704	return ret;
705}