| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Aug 2018 14:22:45 +0300
From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To: Sean Christopherson <sean.j.christopherson@...el.com>
Cc: Dave Hansen <dave.hansen@...el.com>, x86@...nel.org,
platform-driver-x86@...r.kernel.org, nhorman@...hat.com,
npmccallum@...hat.com, linux-sgx@...r.kernel.org,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>,
Suresh Siddha <suresh.b.siddha@...el.com>,
Serge Ayoun <serge.ayoun@...el.com>,
"open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v13 09/13] x86/sgx: Enclave Page Cache (EPC) memory
manager
On Tue, Aug 28, 2018 at 02:22:44PM -0700, Sean Christopherson wrote:
> On Tue, Aug 28, 2018 at 07:07:33AM -0700, Dave Hansen wrote:
> > On 08/28/2018 01:35 AM, Jarkko Sakkinen wrote:
> > > On Mon, Aug 27, 2018 at 02:15:34PM -0700, Dave Hansen wrote:
> > >> On 08/27/2018 11:53 AM, Jarkko Sakkinen wrote:
> > >>> +struct sgx_epc_page_ops {
> > >>> + bool (*get)(struct sgx_epc_page *epc_page);
> > >>> + void (*put)(struct sgx_epc_page *epc_page);
> > >>> + bool (*reclaim)(struct sgx_epc_page *epc_page);
> > >>> + void (*block)(struct sgx_epc_page *epc_page);
> > >>> + void (*write)(struct sgx_epc_page *epc_page);
> > >>> +};
> > >> Why do we need a fancy, slow (retpoline'd) set of function pointers when
> > >> we only have one user of these (the SGX driver)?
> > > KVM has its own implementation for these operations.
> >
> > That belongs in the changelog.
> >
> > Also, where is the implementation? How can we assess this code that was
> > built to create an abstraction without both of the users?
>
> I can provide an early preview of the KVM reclaim code, but honestly
> I think that would do more harm than good. The VMX architecture for
> EPC reclaim is complex, even for SGX standards. Opening that can of
> worms would likely derail this discussion. That being said, this
> abstraction isn't exactly what KVM will need, but it's pretty close
> and gives us something to build on.
>
> Regardless, this layer of indirection is justifiable even with a
> single implementation. Reclaiming an EPC page is not a simple matter
> of copying the data somewhere else and marking the page not present.
> Actual eviction requires a reference to the Secure Enclave Control
> Structure (SECS) of the enclave that owns the page. Software needs
> to ensure it doesn't violate the hardware-enforced access rules, e.g.
> most reclaim activites need to be done under a per-enclave lock.
> Not all pages have the same reclaim rules, e.g. an SECS can only
> be reclaimed after all its child pages have reclaimed, a VA page
> doesn't need to be blocked, etc... And the list goes on...
To simplify a bit what Sean said about the key difference to a standard
page is that in SGX a page is part of a hierarchical structure. EPC
pages have hardware enforced dependencies to each other.
Examples:
1. You cannot delete or swap SECS before its children have been deleted or
swapped. You get SGX_CHILD_PRESENT erro from EREMOVE.
2. In order to swap or fault a page you need to have an EPC page that
holds a version number for the page you want to swap. These are
called Version Array (VA) pages.
/Jarkko
Powered by blists - more mailing lists