| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <0dd24e5549bbdee8580c2495f1df93798aadfd11.1664834225.git.kai.huang@intel.com>
Date: Tue, 4 Oct 2022 11:04:28 +1300
From: Kai Huang <kai.huang@...el.com>
To: linux-sgx@...r.kernel.org
Cc: dave.hansen@...ux.intel.com, jarkko@...nel.org,
tony.luck@...el.com, linux-kernel@...r.kernel.org
Subject: [PATCH 2/3] x86/sgx: Only run the reclaimer when the native SGX driver is enabled
Currently the EPC pages assigned to KVM guests cannot be reclaimed, so
there's no point to run the reclaimer when the native SGX driver is not
enabled.
Add a function to indicate whether the native SGX driver has been
initialized, and in ksgxd(), avoid running the reclaimer when it is
false.
In sgx_drv_init(), move the register of "/dev/sgx_enclave" misc device
before initializing sgx_attributes_reserved_mask (and the other two
masks) so that the new function can just use it to determine whether the
SGX driver has been initialized w/o introducing a new boolean.
Signed-off-by: Kai Huang <kai.huang@...el.com>
---
arch/x86/kernel/cpu/sgx/driver.c | 13 +++++++++----
arch/x86/kernel/cpu/sgx/driver.h | 1 +
arch/x86/kernel/cpu/sgx/main.c | 11 ++++++++++-
3 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/driver.c
index aa9b8b868867..b5e754632eed 100644
--- a/arch/x86/kernel/cpu/sgx/driver.c
+++ b/arch/x86/kernel/cpu/sgx/driver.c
@@ -160,6 +160,10 @@ int __init sgx_drv_init(void)
return -ENODEV;
}
+ ret = misc_register(&sgx_dev_enclave);
+ if (ret)
+ return ret;
+
sgx_misc_reserved_mask = ~ebx | SGX_MISC_RESERVED_MASK;
cpuid_count(SGX_CPUID, 1, &eax, &ebx, &ecx, &edx);
@@ -172,9 +176,10 @@ int __init sgx_drv_init(void)
sgx_xfrm_reserved_mask = ~xfrm_mask;
}
- ret = misc_register(&sgx_dev_enclave);
- if (ret)
- return ret;
-
return 0;
}
+
+bool sgx_drv_inited(void)
+{
+ return !!sgx_attributes_reserved_mask;
+}
diff --git a/arch/x86/kernel/cpu/sgx/driver.h b/arch/x86/kernel/cpu/sgx/driver.h
index 4eddb4d571ef..159cc066e9cb 100644
--- a/arch/x86/kernel/cpu/sgx/driver.h
+++ b/arch/x86/kernel/cpu/sgx/driver.h
@@ -25,5 +25,6 @@ extern const struct file_operations sgx_provision_fops;
long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg);
int sgx_drv_init(void);
+bool sgx_drv_inited(void);
#endif /* __ARCH_X86_SGX_DRIVER_H__ */
diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
index 713ca09f6d6e..0fdbc490b0f8 100644
--- a/arch/x86/kernel/cpu/sgx/main.c
+++ b/arch/x86/kernel/cpu/sgx/main.c
@@ -403,6 +403,14 @@ static int ksgxd(void *p)
__sgx_sanitize_pages(&sgx_dirty_page_list);
WARN_ON(__sgx_sanitize_pages(&sgx_dirty_page_list));
+ /*
+ * EPC pages assigned to KVM guests cannot be reclaimed. There's
+ * no reason to run the reclaimer if the native SGX driver isn't
+ * initialized successfully (i.e. on the machines w/o SGX_LC).
+ */
+ if (!sgx_drv_inited())
+ return 0;
+
while (!kthread_should_stop()) {
if (try_to_freeze())
continue;
@@ -940,7 +948,8 @@ static int __init sgx_init(void)
ksgxd_tsk = NULL;
__sgx_sanitize_pages(&sgx_dirty_page_list);
WARN_ON(__sgx_sanitize_pages(&sgx_dirty_page_list));
- pr_info("Running SGX w/o EPC page reclaimer.\n");
+ if (sgx_drv_inited())
+ pr_info("Running native SGX driver w/o EPC page reclaimer.\n");
}
return 0;
--
2.37.1
Powered by blists - more mailing lists