From patchwork Tue Jan  3 21:07:26 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Christopherson <sean.j.christopherson@intel.com>
X-Patchwork-Id: 9495687
Return-Path: <intel-sgx-kernel-dev-bounces@lists.01.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	BF79F606B4 for <patchwork-intel-sgx@patchwork.kernel.org>;
	Tue,  3 Jan 2017 21:08:08 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B303A27CF9
	for <patchwork-intel-sgx@patchwork.kernel.org>;
	Tue,  3 Jan 2017 21:08:08 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id A7F2A27D0E; Tue,  3 Jan 2017 21:08:08 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE
	autolearn=ham version=3.3.1
Received: from ml01.01.org (ml01.01.org [198.145.21.10])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 298FB27D13
	for <patchwork-intel-sgx@patchwork.kernel.org>;
	Tue,  3 Jan 2017 21:08:07 +0000 (UTC)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 9A1B081918
	for <patchwork-intel-sgx@patchwork.kernel.org>;
	Tue,  3 Jan 2017 13:08:07 -0800 (PST)
X-Original-To: intel-sgx-kernel-dev@lists.01.org
Delivered-To: intel-sgx-kernel-dev@lists.01.org
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ml01.01.org (Postfix) with ESMTPS id 9987581912
	for <intel-sgx-kernel-dev@lists.01.org>;
	Tue,  3 Jan 2017 13:08:06 -0800 (PST)
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
	by orsmga102.jf.intel.com with ESMTP; 03 Jan 2017 13:08:06 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos; i="5.33,456,1477983600"; d="scan'208";
	a="1089507204"
Received: from sjchrist-ts.jf.intel.com ([10.54.74.20])
	by fmsmga001.fm.intel.com with ESMTP; 03 Jan 2017 13:08:06 -0800
From: Sean Christopherson <sean.j.christopherson@intel.com>
To: intel-sgx-kernel-dev@lists.01.org
Date: Tue,  3 Jan 2017 13:07:26 -0800
Message-Id: 
 <1483477647-12054-3-git-send-email-sean.j.christopherson@intel.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: 
 <1483477647-12054-1-git-send-email-sean.j.christopherson@intel.com>
References: 
 <1483477647-12054-1-git-send-email-sean.j.christopherson@intel.com>
Subject: [intel-sgx-kernel-dev] [PATCH 2/3] intel_sgx: bug fixes for
	vm_insert_pfn in fault
X-BeenThere: intel-sgx-kernel-dev@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Project: Intel&reg; Software Guard Extensions for Linux*:
	https://01.org/intel-software-guard-extensions"
	<intel-sgx-kernel-dev.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/intel-sgx-kernel-dev>,
	<mailto:intel-sgx-kernel-dev-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/intel-sgx-kernel-dev/>
List-Post: <mailto:intel-sgx-kernel-dev@lists.01.org>
List-Help: <mailto:intel-sgx-kernel-dev-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/intel-sgx-kernel-dev>,
	<mailto:intel-sgx-kernel-dev-request@lists.01.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: intel-sgx-kernel-dev-bounces@lists.01.org
Sender: "intel-sgx-kernel-dev" <intel-sgx-kernel-dev-bounces@lists.01.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Swap the order of the calls to vm_insert_pfn and do_eldu to make ELDU
the last action in the fault handling sequence, which eleminates the
need to do EREMOVE of the page if vm_insert_pfn fails.  EREMOVE fails
if there are active threads in the enclave, i.e. the previous code
could result in kernel panics due to EREMOVE failure.

Update the return value if vm_insert_pfn fails in order to capture
vm_insert_pfn's error code.

Inserting the page before ELDU does not create a race condition
as accesses to the page will still #PF due to failing the EPCM
checks, i.e. user-visible behavior is identical whether an access
faults due to an invalid PTE or an invalid EPCM entry.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 drivers/platform/x86/intel_sgx_vma.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/platform/x86/intel_sgx_vma.c b/drivers/platform/x86/intel_sgx_vma.c
index e8a67b6..f356eed 100644
--- a/drivers/platform/x86/intel_sgx_vma.c
+++ b/drivers/platform/x86/intel_sgx_vma.c
@@ -160,7 +160,6 @@ static struct sgx_encl_page *sgx_vma_do_fault(struct vm_area_struct *vma,
 	struct sgx_epc_page *epc_page = NULL;
 	struct sgx_epc_page *secs_epc_page = NULL;
 	struct page *backing;
-	unsigned int free_flags = SGX_FREE_SKIP_EREMOVE;
 	int rc;
 
 	/* If process was forked, VMA is still there but vm_private_data is set
@@ -243,18 +242,19 @@ static struct sgx_encl_page *sgx_vma_do_fault(struct vm_area_struct *vma,
 		goto out;
 	}
 
-	rc = do_eldu(encl, entry, epc_page, backing, false /* is_secs */);
+	rc = vm_insert_pfn(vma, entry->addr, PFN_DOWN(epc_page->pa));
 	if (rc) {
 		sgx_put_backing(backing, 0);
 		entry = ERR_PTR(rc);
 		goto out;
 	}
 
-	rc = vm_insert_pfn(vma, entry->addr, PFN_DOWN(epc_page->pa));
+	rc = do_eldu(encl, entry, epc_page, backing, false /* is_secs */);
 	sgx_put_backing(backing, 0);
 
 	if (rc) {
-		free_flags = 0;
+		zap_vma_ptes(vma, entry->addr, PAGE_SIZE);
+		entry = ERR_PTR(rc);
 		goto out;
 	}
 
@@ -273,7 +273,7 @@ static struct sgx_encl_page *sgx_vma_do_fault(struct vm_area_struct *vma,
 out:
 	mutex_unlock(&encl->lock);
 	if (epc_page)
-		sgx_free_page(epc_page, encl, free_flags);
+		sgx_free_page(epc_page, encl, SGX_FREE_SKIP_EREMOVE);
 	if (secs_epc_page)
 		sgx_free_page(secs_epc_page, encl, SGX_FREE_SKIP_EREMOVE);
 	return entry;