[PATCH 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()

From: Kai Huang
Date: Mon Mar 01 2021 - 04:48:12 EST

Next message: Arnd Bergmann: "Re: [PATCH 0/2] add ripple counter dt binding and driver"
Previous message: Kai Huang: "[PATCH 02/25] x86/cpufeatures: Add SGX1 and SGX2 sub-features"
In reply to: Kai Huang: "Re: [PATCH 02/25] x86/cpufeatures: Add SGX1 and SGX2 sub-features"
Next in thread: Sean Christopherson: "Re: [PATCH 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jarkko Sakkinen <jarkko@xxxxxxxxxx>

EREMOVE takes a pages and removes any association between that page and
an enclave. It must be run on a page before it can be added into
another enclave. Currently, EREMOVE is run as part of pages being freed
into the SGX page allocator. It is not expected to fail.

KVM does not track how guest pages are used, which means that SGX
virtualization use of EREMOVE might fail.

Break out the EREMOVE call from the SGX page allocator. This will allow
the SGX virtualization code to use the allocator directly. (SGX/KVM
will also introduce a more permissive EREMOVE helper).

Implement original sgx_free_epc_page() as sgx_encl_free_epc_page() to be
more specific that it is used to free EPC page assigned to one enclave.
Print an error message when EREMOVE fails to explicitly call out EPC
page is leaked, and requires machine reboot to get leaked pages back.

Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
Co-developed-by: Kai Huang <kai.huang@xxxxxxxxx>
Signed-off-by: Kai Huang <kai.huang@xxxxxxxxx>
---
RFC v6->v1:

- Removed sgx_reset_epc_page() since with it, I found it is hard to find
a place to print the msg saying EPC page is leaked.
- Implemented original sgx_free_epc_page() as sgx_encl_free_epc_page(),
and add pr_err_once() to print EPC page is leaked when EREMOVE failed.

---
arch/x86/kernel/cpu/sgx/encl.c | 26 +++++++++++++++++++++++---
arch/x86/kernel/cpu/sgx/main.c | 12 ++++--------
2 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c
index 7449ef33f081..a7dc86e87a09 100644
--- a/arch/x86/kernel/cpu/sgx/encl.c
+++ b/arch/x86/kernel/cpu/sgx/encl.c
@@ -381,6 +381,26 @@ const struct vm_operations_struct sgx_vm_ops = {
.access = sgx_vma_access,
};

+static void sgx_encl_free_epc_page(struct sgx_epc_page *epc_page)
+{
+ int ret;
+
+ WARN_ON_ONCE(epc_page->flags & SGX_EPC_PAGE_RECLAIMER_TRACKED);
+
+ ret = __eremove(sgx_get_epc_virt_addr(epc_page));
+ if (WARN_ONCE(ret, "EREMOVE returned %d (0x%x)", ret, ret)) {
+ /*
+ * Give a message to remind EPC page is leaked, and requires
+ * machine reboot to get leaked pages back. This can be improved
+ * in the future by adding stats of leaked pages, etc.
+ */
+ pr_err_once("EPC page is leaked. Require machine reboot to get leaked pages back.\n");
+ return;
+ }
+
+ sgx_free_epc_page(epc_page);
+}
+
/**
* sgx_encl_release - Destroy an enclave instance
* @kref: address of a kref inside &sgx_encl
@@ -404,7 +424,7 @@ void sgx_encl_release(struct kref *ref)
if (sgx_unmark_page_reclaimable(entry->epc_page))
continue;

- sgx_free_epc_page(entry->epc_page);
+ sgx_encl_free_epc_page(entry->epc_page);
encl->secs_child_cnt--;
entry->epc_page = NULL;
}
@@ -415,7 +435,7 @@ void sgx_encl_release(struct kref *ref)
xa_destroy(&encl->page_array);

if (!encl->secs_child_cnt && encl->secs.epc_page) {
- sgx_free_epc_page(encl->secs.epc_page);
+ sgx_encl_free_epc_page(entry->epc_page);
encl->secs.epc_page = NULL;
}

@@ -423,7 +443,7 @@ void sgx_encl_release(struct kref *ref)
va_page = list_first_entry(&encl->va_pages, struct sgx_va_page,
list);
list_del(&va_page->list);
- sgx_free_epc_page(va_page->epc_page);
+ sgx_encl_free_epc_page(entry->epc_page);
kfree(va_page);
}

diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
index 8df81a3ed945..44fe91a5bfb3 100644
--- a/arch/x86/kernel/cpu/sgx/main.c
+++ b/arch/x86/kernel/cpu/sgx/main.c
@@ -598,18 +598,14 @@ struct sgx_epc_page *sgx_alloc_epc_page(void *owner, bool reclaim)
* sgx_free_epc_page() - Free an EPC page
* @page: an EPC page
*
- * Call EREMOVE for an EPC page and insert it back to the list of free pages.
+ * Put the EPC page back to the list of free pages. It's the caller's
+ * responsibility to make sure that the page is in uninitialized state. In other
+ * words, do EREMOVE, EWB or whatever operation is necessary before calling
+ * this function.
*/
void sgx_free_epc_page(struct sgx_epc_page *page)
{
struct sgx_epc_section *section = &sgx_epc_sections[page->section];
- int ret;
-
- WARN_ON_ONCE(page->flags & SGX_EPC_PAGE_RECLAIMER_TRACKED);
-
- ret = __eremove(sgx_get_epc_virt_addr(page));
- if (WARN_ONCE(ret, "EREMOVE returned %d (0x%x)", ret, ret))
- return;

spin_lock(&section->lock);
list_add_tail(&page->list, &section->page_list);
--
2.29.2

Next message: Arnd Bergmann: "Re: [PATCH 0/2] add ripple counter dt binding and driver"
Previous message: Kai Huang: "[PATCH 02/25] x86/cpufeatures: Add SGX1 and SGX2 sub-features"
In reply to: Kai Huang: "Re: [PATCH 02/25] x86/cpufeatures: Add SGX1 and SGX2 sub-features"
Next in thread: Sean Christopherson: "Re: [PATCH 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]