| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200526125207.GE28228@zn.tnic>
Date: Tue, 26 May 2020 14:52:08 +0200
From: Borislav Petkov <bp@...en8.de>
To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org,
linux-sgx@...r.kernel.org, akpm@...ux-foundation.org,
dave.hansen@...el.com, sean.j.christopherson@...el.com,
nhorman@...hat.com, npmccallum@...hat.com, haitao.huang@...el.com,
andriy.shevchenko@...ux.intel.com, tglx@...utronix.de,
kai.svahn@...el.com, josh@...htriplett.org, luto@...nel.org,
kai.huang@...el.com, rientjes@...gle.com, cedric.xing@...el.com,
puiterwijk@...hat.com, Jethro Beekman <jethro@...tanix.com>
Subject: Re: [PATCH v30 08/20] x86/sgx: Add functions to allocate and free
EPC pages
On Fri, May 15, 2020 at 03:43:58AM +0300, Jarkko Sakkinen wrote:
> Add functions for allocating page from Enclave Page Cache (EPC). A page is
pages
> allocated by going through the EPC sections and returning the first free
> page.
>
> When a page is freed, it might have a valid state, which means that the
> callee has assigned it to an enclave, which are protected memory ares used
areas
although explaining what enclaves are has already happened so probably
not needed here too.
> to run code protected from outside access. The page is returned back to the
> invalid state with ENCLS[EREMOVE] [1].
>
> [1] Intel SDM: 40.3 INTELĀ® SGX SYSTEM LEAF FUNCTION REFERENCE
>
> Co-developed-by: Sean Christopherson <sean.j.christopherson@...el.com>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@...el.com>
> Acked-by: Jethro Beekman <jethro@...tanix.com>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
> ---
> arch/x86/kernel/cpu/sgx/main.c | 60 ++++++++++++++++++++++++++++++++++
> arch/x86/kernel/cpu/sgx/sgx.h | 3 ++
> 2 files changed, 63 insertions(+)
>
> diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
> index 38424c1e8341..60d82e7537c8 100644
> --- a/arch/x86/kernel/cpu/sgx/main.c
> +++ b/arch/x86/kernel/cpu/sgx/main.c
> @@ -13,6 +13,66 @@
> struct sgx_epc_section sgx_epc_sections[SGX_MAX_EPC_SECTIONS];
> int sgx_nr_epc_sections;
>
> +static struct sgx_epc_page *__sgx_try_alloc_page(struct sgx_epc_section *section)
> +{
> + struct sgx_epc_page *page;
> +
> + if (list_empty(§ion->page_list))
> + return NULL;
> +
> + page = list_first_entry(§ion->page_list, struct sgx_epc_page, list);
> + list_del_init(&page->list);
> + return page;
> +}
> +
> +/**
> + * sgx_try_alloc_page() - Allocate an EPC page
Uuh, this is confusing. Looking forward into the patchset, you guys have
sgx_alloc_page()
sgx_alloc_va_page()
and this here
sgx_try_alloc_page()
So this one here should be called sgx_alloc_epc_page() if we're going to
differentiate *what* it is allocating.
But then looking at sgx_alloc_page():
+ * sgx_alloc_page() - Allocate an EPC page
...
+ struct sgx_epc_page *sgx_alloc_page(void *owner, bool reclaim)
this one returns a struct sgx_epc_page * too.
The former "allocates" from the EPC cache so I'm thinking former should
not have "alloc" in its name at all. It should be called something like
sgx_get_epc_page()
or so.
Now, looking at sgx_alloc_page(), it does call this one -
sgx_try_alloc_page() to get a page from the page list but it
does not allocate anything. The actual allocation happens in
sgx_alloc_epc_section() which actually does the k*alloc().
Which sounds to me like those functions should not use "alloc" and
"free" in their names but "get" and "put" to denote that they're simply
getting pages from lists and returning them back to those lists.
IMNSVHO.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists