From patchwork Wed Mar 22 20:07:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 9639935 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9C196601E9 for ; Wed, 22 Mar 2017 20:07:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 883832841F for ; Wed, 22 Mar 2017 20:07:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7970028471; Wed, 22 Mar 2017 20:07:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_NONE,T_DKIM_INVALID autolearn=no version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1586B2841F for ; Wed, 22 Mar 2017 20:07:28 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 98C1C80331; Wed, 22 Mar 2017 13:07:28 -0700 (PDT) X-Original-To: intel-sgx-kernel-dev@lists.01.org Delivered-To: intel-sgx-kernel-dev@lists.01.org Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 9C98780331 for ; Wed, 22 Mar 2017 13:07:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=intel; t=1490213247; x=1521749247; h=from:to:cc:subject:date:message-id; bh=SMoZzJrAVCxb7PKkO/GdQ0GhVuB++B2EJQG4NV/5Kw0=; b=sAVln5HrT4M+38w0Oon9YUdr7cmSPqbEUHaKghApzhRWBBOZsnnpL6FN uFejmkTOD7Znt7mFM3u+aSpO938Xiw==; Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Mar 2017 13:07:27 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.36,206,1486454400"; d="scan'208";a="79546564" Received: from sjchrist-ts.jf.intel.com ([10.54.74.20]) by fmsmga005.fm.intel.com with ESMTP; 22 Mar 2017 13:07:26 -0700 From: Sean Christopherson To: intel-sgx-kernel-dev@lists.01.org Date: Wed, 22 Mar 2017 13:07:21 -0700 Message-Id: <1490213241-8017-1-git-send-email-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.7.4 Subject: [intel-sgx-kernel-dev] [PATCH] intel_sgx: correctly handle vm_insert_pfn failure X-BeenThere: intel-sgx-kernel-dev@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Project: Intel® Software Guard Extensions for Linux*: https://01.org/intel-software-guard-extensions" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: intel-sgx-kernel-dev-bounces@lists.01.org Sender: "intel-sgx-kernel-dev" X-Virus-Scanned: ClamAV using ClamSMTP Update the EPC page tracking immediately after sgx_eldu, and retry vm_insert_pfn on a future fault if vm_insert_pfn fails. Previously we tried to EREMOVE the EPC page if vm_insert_pfn return an error, but EREMOVE fails if there are active cpus in the enclave, in which case the driver would effectively lose track of the EPC page. Signed-off-by: Sean Christopherson --- drivers/platform/x86/intel_sgx.h | 1 + drivers/platform/x86/intel_sgx_util.c | 25 +++++++++++++++++-------- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/drivers/platform/x86/intel_sgx.h b/drivers/platform/x86/intel_sgx.h index adb5b17..8b14b1f 100644 --- a/drivers/platform/x86/intel_sgx.h +++ b/drivers/platform/x86/intel_sgx.h @@ -106,6 +106,7 @@ static inline void sgx_free_va_slot(struct sgx_va_page *page, enum sgx_encl_page_flags { SGX_ENCL_PAGE_TCS = BIT(0), SGX_ENCL_PAGE_RESERVED = BIT(1), + SGX_ENCL_PAGE_PTE_VALID = BIT(2), }; struct sgx_encl_page { diff --git a/drivers/platform/x86/intel_sgx_util.c b/drivers/platform/x86/intel_sgx_util.c index 234a5fb..096d33c 100644 --- a/drivers/platform/x86/intel_sgx_util.c +++ b/drivers/platform/x86/intel_sgx_util.c @@ -340,6 +340,8 @@ static struct sgx_encl_page *sgx_do_fault(struct vm_area_struct *vma, /* Legal race condition, page is already faulted. */ if (entry->epc_page) { + if (!(entry->flags & SGX_ENCL_PAGE_PTE_VALID)) + goto insert_pfn; if (reserve) entry->flags |= SGX_ENCL_PAGE_RESERVED; goto out; @@ -369,22 +371,29 @@ static struct sgx_encl_page *sgx_do_fault(struct vm_area_struct *vma, if (rc) goto out; - rc = vm_insert_pfn(vma, entry->addr, PFN_DOWN(epc_page->pa)); - if (rc) - goto out; - + /* Track the page, even if vm_insert_pfn fails. We can't EREMOVE + * the page because EREMOVE may fail due to an active cpu in the + * enclave. We can't call vm_insert_pfn before sgx_eldu because + * SKL platforms signal #GP instead of #PF if the EPC page is invalid. + */ encl->secs_child_cnt++; entry->epc_page = epc_page; - - if (reserve) - entry->flags |= SGX_ENCL_PAGE_RESERVED; + entry->flags &= ~SGX_ENCL_PAGE_PTE_VALID; /* Do not free */ epc_page = NULL; + list_add_tail(&entry->load_list, &encl->load_list); +insert_pfn: + rc = vm_insert_pfn(vma, entry->addr, PFN_DOWN(entry->epc_page->pa)); + if (rc) + goto out; + + entry->flags |= SGX_ENCL_PAGE_PTE_VALID; + if (reserve) + entry->flags |= SGX_ENCL_PAGE_RESERVED; sgx_test_and_clear_young(entry, encl); - list_add_tail(&entry->load_list, &encl->load_list); out: mutex_unlock(&encl->lock); if (epc_page)