| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200922162437.GA30827@linux.intel.com>
Date: Tue, 22 Sep 2020 09:24:38 -0700
From: Sean Christopherson <sean.j.christopherson@...el.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>, x86@...nel.org,
linux-sgx@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-mm@...ck.org, Jethro Beekman <jethro@...tanix.com>,
Jordan Hand <jorhand@...ux.microsoft.com>,
Nathaniel McCallum <npmccallum@...hat.com>,
Chunyang Hui <sanqian.hcy@...fin.com>,
Seth Moore <sethmo@...gle.com>, akpm@...ux-foundation.org,
andriy.shevchenko@...ux.intel.com, asapek@...gle.com,
cedric.xing@...el.com, chenalexchen@...gle.com,
conradparker@...gle.com, cyhanish@...gle.com,
dave.hansen@...el.com, haitao.huang@...el.com,
josh@...htriplett.org, kai.huang@...el.com, kai.svahn@...el.com,
kmoy@...gle.com, ludloff@...gle.com, luto@...nel.org,
nhorman@...hat.com, puiterwijk@...hat.com, rientjes@...gle.com,
tglx@...utronix.de, yaozhangx@...gle.com
Subject: Re: [PATCH v38 16/24] x86/sgx: Add a page reclaimer
On Tue, Sep 22, 2020 at 12:45:38PM +0200, Borislav Petkov wrote:
> On Tue, Sep 15, 2020 at 02:28:34PM +0300, Jarkko Sakkinen wrote:
> > + * %SGX_ENCL_PAGE_VA_OFFSET_MASK: Holds the offset in the Version Array
> > + * (VA) page for a swapped page.
> > * %SGX_ENCL_PAGE_ADDR_MASK: Holds the virtual address of the page.
> > *
> > * The page address for SECS is zero and is used by the subsystem to recognize
>
> ...
>
> > @@ -86,24 +123,34 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
> > {
> > unsigned long encl_size = secs->size + PAGE_SIZE;
> > struct sgx_epc_page *secs_epc;
> > + struct sgx_va_page *va_page;
> > struct sgx_pageinfo pginfo;
> > struct sgx_secinfo secinfo;
> > struct file *backing;
> > long ret;
> >
> > + va_page = sgx_encl_grow(encl);
> > + if (IS_ERR(va_page))
> > + return PTR_ERR(va_page);
> > + else if (va_page)
>
> Not "else" simply?
>
> AFAICT, sgx_encl_grow() would either return an ERR_PTR or the actual
> page...
>
The "else if" is correct. Version Array (VA) pages have 512 slots that hold
metadata for evicted EPC pages, i.e. swapping a page out of the EPC requires
a VA slot. For simplicity (LOL), the approach we are taking for initial
support is to reserve a VA slot when adding a page to the enclave[*]. In most
cases, reserving a slot does not require allocating a new VA page, e.g. to
reserve slots 1-511 of the "current" VA page. The if-elif is handling the
case where the current VA page is fully reserved and a new one needs to be
allocated. The if handles the error, the elif handles success, i.e.
if (IS_ERR(va_page)) <- needed a new VA page, allocation failed
return PTR_ERR(va_page);
else if (va_page) <- needed a new VA page, allocation succeeded
list_add(&va_page->list, &encl->va_pages);
else
<- reused the current VA page
When reusing a VA page, we obviously don't want to readd the page to the list
of va_pages, and the error handling path also shouldn't free the VA page.
> Also, should the growing happen *after* the SECS validation?
>
> > + list_add(&va_page->list, &encl->va_pages);
> > +
> > if (sgx_validate_secs(secs)) {
> > pr_debug("invalid SECS\n");
> > - return -EINVAL;
> > + ret = -EINVAL;
> > + goto err_out_shrink;
> > }
Powered by blists - more mailing lists