[v5,2/9] x86/sgx: Save enclave pointer for VA page

Message ID	20220520103904.1216-3-cathy.zhang@intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-sgx-owner@kernel.org> From: Cathy Zhang <cathy.zhang@intel.com> To: linux-sgx@vger.kernel.org, x86@kernel.org Cc: jarkko@kernel.org, reinette.chatre@intel.com, dave.hansen@intel.com, ashok.raj@intel.com, cathy.zhang@intel.com, chao.p.peng@linux.intel.com, yang.zhong@intel.com Subject: [PATCH v5 2/9] x86/sgx: Save enclave pointer for VA page Date: Fri, 20 May 2022 18:38:57 +0800 Message-Id: <20220520103904.1216-3-cathy.zhang@intel.com> In-Reply-To: <20220520103904.1216-1-cathy.zhang@intel.com> References: <20220520103904.1216-1-cathy.zhang@intel.com> Precedence: bulk
Series	Support microcode updates affecting SGX \| expand [v5,0/9] Support microcode updates affecting SGX [v5,1/9] x86/sgx: Introduce mechanism to prevent new initializations of EPC pages [v5,2/9] x86/sgx: Save enclave pointer for VA page [v5,3/9] x86/sgx: Keep record for SGX VA and Guest page type [v5,4/9] x86/sgx: Save the size of each EPC section [v5,5/9] x86/sgx: Forced EPC page zapping for EUPDATESVN [v5,6/9] x86/sgx: Define error codes for ENCLS[EUPDATESVN] [v5,7/9] x86/sgx: Implement ENCLS[EUPDATESVN] [v5,8/9] x86/cpu: Call ENCLS[EUPDATESVN] procedure in microcode update [v5,9/9] x86/sgx: Call ENCLS[EUPDATESVN] during SGX initialization

Message ID

20220520103904.1216-3-cathy.zhang@intel.com (mailing list archive)

State

New, archived

Headers

From: Cathy Zhang <cathy.zhang@intel.com>
To: linux-sgx@vger.kernel.org, x86@kernel.org
Cc: jarkko@kernel.org, reinette.chatre@intel.com,
        dave.hansen@intel.com, ashok.raj@intel.com, cathy.zhang@intel.com,
        chao.p.peng@linux.intel.com, yang.zhong@intel.com
Subject: [PATCH v5 2/9] x86/sgx: Save enclave pointer for VA page
Date: Fri, 20 May 2022 18:38:57 +0800
Message-Id: <20220520103904.1216-3-cathy.zhang@intel.com>
In-Reply-To: <20220520103904.1216-1-cathy.zhang@intel.com>
References: <20220520103904.1216-1-cathy.zhang@intel.com>
Precedence: bulk

Series

Support microcode updates affecting SGX | expand

Commit Message

Zhang, Cathy May 20, 2022, 10:38 a.m. UTC

Tearing down all enclaves is required by SGX SVN update, which
involves running the ENCLS[EREMOVE] instruction on every EPC
page. This (tearing down all enclaves) should be coordinated
with any enclaves that may be in the process of existing and thus
already be running ENCLS[EREMOVE] as part of enclave release.

In support of this coordination, it is required to know which enclave
owns each in-use EPC page. It is already possible to locate the
owning enclave of SECS and regular pages but not for VA pages.

Make the following changes for VA pages' location:
1) Make epc->owner type-agnostic by changing its type to 'void *'. So,
   besides "struct sgx_encl_page", it can have other types, like
   "struct sgx_va_page".
2) Save the enclave pointer for each VA page to support locating its
   owning enclave.

Note: to track 2T EPC memory, this scheme of tracking will use
additional 8M memory.

Signed-off-by: Cathy Zhang <cathy.zhang@intel.com>

---
Changes since v4:
 - Add back the blank line removed unintenitonally in encl.h.
   (Jarkko Sakkinen)

Changes since v3:
 - Squash patch "x86/sgx: Provide VA page non-NULL owner" and
   "x86/sgx: Save enclave pointer for VA page". Update commit log.
   (Suggested by Jarkko Sakkinen)
---
 arch/x86/kernel/cpu/sgx/encl.h  | 3 ++-
 arch/x86/kernel/cpu/sgx/sgx.h   | 2 +-
 arch/x86/kernel/cpu/sgx/encl.c  | 5 +++--
 arch/x86/kernel/cpu/sgx/ioctl.c | 3 ++-
 4 files changed, 8 insertions(+), 5 deletions(-)

Comments

Jarkko Sakkinen May 20, 2022, 7:07 p.m. UTC | #1

On Fri, May 20, 2022 at 06:38:57PM +0800, Cathy Zhang wrote:
> Tearing down all enclaves is required by SGX SVN update, which
> involves running the ENCLS[EREMOVE] instruction on every EPC
> page. This (tearing down all enclaves) should be coordinated
> with any enclaves that may be in the process of existing and thus
> already be running ENCLS[EREMOVE] as part of enclave release.
> 
> In support of this coordination, it is required to know which enclave
> owns each in-use EPC page. It is already possible to locate the
> owning enclave of SECS and regular pages but not for VA pages.
> 
> Make the following changes for VA pages' location:
> 1) Make epc->owner type-agnostic by changing its type to 'void *'. So,
>    besides "struct sgx_encl_page", it can have other types, like
>    "struct sgx_va_page".
> 2) Save the enclave pointer for each VA page to support locating its
>    owning enclave.

Enumeration lists imply that you would better to split this into 
two patches.

BR, Jarkko

diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h
index 7311bc40bd1b..52e0a3e52598 100644
--- a/arch/x86/kernel/cpu/sgx/encl.h
+++ b/arch/x86/kernel/cpu/sgx/encl.h
@@ -76,6 +76,7 @@  struct sgx_va_page {
 	struct sgx_epc_page *epc_page;
 	DECLARE_BITMAP(slots, SGX_VA_SLOT_COUNT);
 	struct list_head list;
+	struct sgx_encl *encl;
 };
 
 struct sgx_backing {
@@ -113,7 +114,7 @@  void sgx_encl_put_backing(struct sgx_backing *backing);
 int sgx_encl_test_and_clear_young(struct mm_struct *mm,
 				  struct sgx_encl_page *page);
 
-struct sgx_epc_page *sgx_alloc_va_page(void);
+struct sgx_epc_page *sgx_alloc_va_page(struct sgx_va_page *va_page);
 unsigned int sgx_alloc_va_slot(struct sgx_va_page *va_page);
 void sgx_free_va_slot(struct sgx_va_page *va_page, unsigned int offset);
 bool sgx_va_page_full(struct sgx_va_page *va_page);
diff --git a/arch/x86/kernel/cpu/sgx/sgx.h b/arch/x86/kernel/cpu/sgx/sgx.h
index d7a1490d90bb..f8ed9deac18b 100644
--- a/arch/x86/kernel/cpu/sgx/sgx.h
+++ b/arch/x86/kernel/cpu/sgx/sgx.h
@@ -33,7 +33,7 @@  struct sgx_epc_page {
 	unsigned int section;
 	u16 flags;
 	u16 poison;
-	struct sgx_encl_page *owner;
+	void *owner;
 	struct list_head list;
 };
 
diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c
index 39f7f5dc09fd..08f39fa03a39 100644
--- a/arch/x86/kernel/cpu/sgx/encl.c
+++ b/arch/x86/kernel/cpu/sgx/encl.c
@@ -888,6 +888,7 @@  int sgx_encl_test_and_clear_young(struct mm_struct *mm,
 
 /**
  * sgx_alloc_va_page() - Allocate a Version Array (VA) page
+ * @va_page:	struct sgx_va_page connected to this VA page
  *
  * Allocate a free EPC page and convert it to a Version Array (VA) page.
  *
@@ -895,12 +896,12 @@  int sgx_encl_test_and_clear_young(struct mm_struct *mm,
  *   a VA page,
  *   -errno otherwise
  */
-struct sgx_epc_page *sgx_alloc_va_page(void)
+struct sgx_epc_page *sgx_alloc_va_page(struct sgx_va_page *va_page)
 {
 	struct sgx_epc_page *epc_page;
 	int ret;
 
-	epc_page = sgx_alloc_epc_page(NULL, true);
+	epc_page = sgx_alloc_epc_page(va_page, true);
 	if (IS_ERR(epc_page))
 		return ERR_CAST(epc_page);
 
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index d62720ed1728..939008c63a84 100644
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -30,7 +30,8 @@  static struct sgx_va_page *sgx_encl_grow(struct sgx_encl *encl)
 		if (!va_page)
 			return ERR_PTR(-ENOMEM);
 
-		va_page->epc_page = sgx_alloc_va_page();
+		va_page->encl = encl;
+		va_page->epc_page = sgx_alloc_va_page(va_page);
 		if (IS_ERR(va_page->epc_page)) {
 			err = ERR_CAST(va_page->epc_page);
 			kfree(va_page);

[v5,2/9] x86/sgx: Save enclave pointer for VA page

Commit Message

Comments

Patch