From patchwork Fri Dec  2 23:15:59 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
X-Patchwork-Id: 9459377
Return-Path: <intel-sgx-kernel-dev-bounces@lists.01.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	D179660515 for <patchwork-intel-sgx@patchwork.kernel.org>;
	Fri,  2 Dec 2016 23:16:07 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C92AD2858D
	for <patchwork-intel-sgx@patchwork.kernel.org>;
	Fri,  2 Dec 2016 23:16:07 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id BB7C528586; Fri,  2 Dec 2016 23:16:07 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE
	autolearn=ham version=3.3.1
Received: from ml01.01.org (ml01.01.org [198.145.21.10])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 615B028586
	for <patchwork-intel-sgx@patchwork.kernel.org>;
	Fri,  2 Dec 2016 23:16:07 +0000 (UTC)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 6949681F64
	for <patchwork-intel-sgx@patchwork.kernel.org>;
	Fri,  2 Dec 2016 15:16:07 -0800 (PST)
X-Original-To: intel-sgx-kernel-dev@lists.01.org
Delivered-To: intel-sgx-kernel-dev@lists.01.org
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ml01.01.org (Postfix) with ESMTPS id 7789181F64
	for <intel-sgx-kernel-dev@lists.01.org>;
	Fri,  2 Dec 2016 15:16:06 -0800 (PST)
Received: from orsmga004.jf.intel.com ([10.7.209.38])
	by orsmga102.jf.intel.com with ESMTP; 02 Dec 2016 15:16:05 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.33,289,1477983600"; d="scan'208";a="36630486"
Received: from rmullen-mobl.amr.corp.intel.com (HELO localhost)
	([10.252.2.199])
	by orsmga004.jf.intel.com with ESMTP; 02 Dec 2016 15:16:04 -0800
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: intel-sgx-kernel-dev@lists.01.org
Date: Sat,  3 Dec 2016 01:15:59 +0200
Message-Id: <20161202231559.19667-1-jarkko.sakkinen@linux.intel.com>
X-Mailer: git-send-email 2.9.3
Subject: [intel-sgx-kernel-dev] [PATCH RFC] intel_sgx: recover from EWB
	failure
X-BeenThere: intel-sgx-kernel-dev@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Project: Intel&reg; Software Guard Extensions for Linux*:
	https://01.org/intel-software-guard-extensions"
	<intel-sgx-kernel-dev.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/intel-sgx-kernel-dev>,
	<mailto:intel-sgx-kernel-dev-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/intel-sgx-kernel-dev/>
List-Post: <mailto:intel-sgx-kernel-dev@lists.01.org>
List-Help: <mailto:intel-sgx-kernel-dev-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/intel-sgx-kernel-dev>,
	<mailto:intel-sgx-kernel-dev-request@lists.01.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: intel-sgx-kernel-dev-bounces@lists.01.org
Sender: "intel-sgx-kernel-dev" <intel-sgx-kernel-dev-bounces@lists.01.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Recover from EWB failure by killing the enclave in this enclave. This
aids the debugging by not crashing the kernel in this case. The only
reason how this should ever happen would be caused by a driver bug.
This kind of resistance is also required by the mainline as BUG_ON()
macros are stictly forbidden these days for new code.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 drivers/platform/x86/intel_sgx_page_cache.c | 44 +++++++++++++++++------------
 1 file changed, 26 insertions(+), 18 deletions(-)

diff --git a/drivers/platform/x86/intel_sgx_page_cache.c b/drivers/platform/x86/intel_sgx_page_cache.c
index 8b1cc82..ef96dbb 100644
--- a/drivers/platform/x86/intel_sgx_page_cache.c
+++ b/drivers/platform/x86/intel_sgx_page_cache.c
@@ -195,9 +195,9 @@ static void sgx_etrack(struct sgx_epc_page *epc_page)
 	sgx_put_epc_page(epc);
 }
 
-static int sgx_ewb(struct sgx_encl *encl,
-		   struct sgx_encl_page *encl_page,
-		   struct page *backing)
+static int __sgx_ewb(struct sgx_encl *encl,
+		     struct sgx_encl_page *encl_page,
+		     struct page *backing)
 {
 	struct sgx_page_info pginfo;
 	void *epc;
@@ -218,12 +218,29 @@ static int sgx_ewb(struct sgx_encl *encl,
 	sgx_put_epc_page(epc);
 	kunmap_atomic((void *)(unsigned long)pginfo.srcpge);
 
-	if (ret != 0 && ret != SGX_NOT_TRACKED)
-		sgx_err(encl, "EWB returned %d\n", ret);
-
 	return ret;
 }
 
+static void sgx_ewb(struct sgx_encl *encl,
+		    struct sgx_encl_page *entry,
+		    struct page *backing)
+{
+	int ret = __sgx_ewb(encl, entry, backing);
+
+	/* Only kick out threads with an IPI if needed. */
+	if (ret == SGX_NOT_TRACKED) {
+		smp_call_function(sgx_ipi_cb, NULL, 1);
+		ret = __sgx_ewb(encl, entry, backing);
+	}
+
+	if (ret) {
+		/* Make enclave inaccessible. */
+		sgx_invalidate(encl);
+		smp_call_function(sgx_ipi_cb, NULL, 1);
+		sgx_err(encl, "EWB returned %d\n", ret);
+	}
+}
+
 void sgx_free_encl_page(struct sgx_encl_page *entry,
 		    struct sgx_encl *encl,
 		    unsigned int flags)
@@ -241,7 +258,6 @@ static void sgx_write_pages(struct sgx_encl *encl, struct list_head *src)
 	struct vm_area_struct *evma;
 	int cnt = 0;
 	int i = 0;
-	int ret;
 
 	if (list_empty(src))
 		return;
@@ -306,13 +322,7 @@ static void sgx_write_pages(struct sgx_encl *encl, struct list_head *src)
 
 		evma = sgx_find_vma(encl, entry->addr);
 		if (evma) {
-			ret = sgx_ewb(encl, entry, pages[i]);
-			BUG_ON(ret != 0 && ret != SGX_NOT_TRACKED);
-			/* Only kick out threads with an IPI if needed. */
-			if (ret) {
-				smp_call_function(sgx_ipi_cb, NULL, 1);
-				BUG_ON(sgx_ewb(encl, entry, pages[i]));
-			}
+			sgx_ewb(encl, entry, pages[i]);
 			encl->secs_child_cnt--;
 		}
 
@@ -326,13 +336,11 @@ static void sgx_write_pages(struct sgx_encl *encl, struct list_head *src)
 	    (encl->flags & SGX_ENCL_INITIALIZED)) {
 		pages[cnt] = sgx_get_backing(encl, &encl->secs_page);
 		if (!IS_ERR(pages[cnt])) {
-			ret = sgx_ewb(encl, &encl->secs_page,
-				      pages[cnt]);
-			BUG_ON(ret);
+			sgx_ewb(encl, &encl->secs_page, pages[cnt]);
 			encl->flags |= SGX_ENCL_SECS_EVICTED;
 
 			sgx_free_encl_page(&encl->secs_page, encl,
-					      SGX_FREE_SKIP_EREMOVE);
+					   SGX_FREE_SKIP_EREMOVE);
 			sgx_put_backing(pages[cnt], true);
 		}
 	}