From: "Huang, Kai" <kai.huang@intel.com>
To: "linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
"Luck, Tony" <tony.luck@intel.com>,
"Li, Zhiquan1" <zhiquan1.li@intel.com>,
"Hansen, Dave" <dave.hansen@intel.com>,
"jarkko@kernel.org" <jarkko@kernel.org>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>
Cc: "tglx@linutronix.de" <tglx@linutronix.de>,
"Du, Fan" <fan.du@intel.com>, "Christopherson,,
Sean" <seanjc@google.com>, "Zhang, Cathy" <cathy.zhang@intel.com>,
"bp@suse.de" <bp@suse.de>
Subject: Re: [PATCH v9 3/3] x86/sgx: Fine grained SGX MCA behavior for virtualization
Date: Thu, 13 Oct 2022 21:49:28 +0000 [thread overview]
Message-ID: <42470b9c41adefd2d4b4c79a3b7b2963cd24f423.camel@intel.com> (raw)
In-Reply-To: <fc9ed3e0-94f1-0bbc-06db-fd14d41b7c21@intel.com>
On Thu, 2022-10-13 at 08:44 -0700, Dave Hansen wrote:
> On 10/13/22 07:40, Zhiquan Li wrote:
> > > > > What happens if a hypervisor *DOES* fork()? What's the fallout?
> > > > This part originates from below discussion:
> > > >
> > > > https://lore.kernel.org/linux-sgx/52dc7f50b68c99cecb9e1c3383d9c6d88734cd67.camel@intel.com/#t
> > > >
> > > > It intents to answer the question:
> > > >
> > > > Do you think the processes sharing the same enclave need to be
> > > > killed, even they had not touched the EPC page with hardware error?
> > > >
> > > > Dave, do you mean it's not appropriate to be put here?
> > > It's actually a pretty important point, but it's still out of the blue.
> > >
> > > You also didn't answer my question.
> > Oh, sorry, I focused on answering "Why is this here?" but forgot to
> > answer "What's the fallout?"
> >
> > It's a very good question.
> >
> > Looks like Kai had answered it before:
> >
> > For instance, an application can open /dev/sgx_vepc, mmap(), and
> > fork(). Then if the child does mmap() against the fd opened by
> > the parent, the child will share the same vepc with the parent.
> >
> > ...
> >
> > Sharing virtual EPC instance will very likely unexpectedly break
> > enclaves in all VMs.
>
> How, though? This basically says, "I think things will break." I want
> to know a few more specifics than that before we merge this. There are
> ABI implications.
This is because virtual EPC is just a raw resource to guest, and how guest uses
virtual EPC to run enclaves is completely controlled by the guest. When virtual
EPC is shared among VMs, it can happen that one guest _thinks_ one EPC page is
still free but in fact it has been already used by another VM as a valid enclave
page. Also, one VM can just unconditionally sanitize all EPC pages before using
any of them (just like Linux does). All of those can cause unexpected SGX
error, which can lead to failing to create enclave, and/or breaking existing
enclaves running in all VMs.
>
> > https://lore.kernel.org/linux-sgx/52dc7f50b68c99cecb9e1c3383d9c6d88734cd67.camel@intel.com/#t
> >
> > Moreover, I checked the code in below scenario while child sharing the
> > virtual EPC instance with parent:
> > - child closes /dev/sgx_vepc earlier than parent.
> > - child re-mmap() /dev/sgx_vepc to the same memory region as parent.
> > - child mmap() /dev/sgx_vepc to different memory region.
> > - child accesses the memory region of mmap() inherited from parent.
> >
> > It's just that the app messes itself up, the vepc instance is protected
> > very well.
> > Maybe there are other corner cases I've not considered?
>
> ... and what happens when *THIS* patch is in play? What if there is a
> machine check in SGX memory?
With this patch, when #MC happens on one virtual EPC page, it will be send to
the VM, and the behaviour inside a VM depends on guest's implementation. But
anyway based on Tony's reply, the enclave will be marked as "bad" by hardware
and it will eventually be killed:
https://lore.kernel.org/linux-sgx/55ffd9475f5d46f68dd06c4323bec871@intel.com/
https://lore.kernel.org/linux-sgx/5b6ad3e2af614caf9b41092797ffcd86@intel.com/
If the virtual EPC is shared by other VMs, the worst case is when other VMs use
this bad EPC page (as we cannot take the bad EPC page out of VM for now), some
SGX error (ENCLS/ENCLU error) or #MC could happen again. But this doesn't make
things worse, as when sharing virtual EPC page among VMs you are likely to break
enclaves in VMs anyway (as mentioned above).
next prev parent reply other threads:[~2022-10-13 21:51 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-20 6:39 [PATCH v9 0/3] x86/sgx: fine grained SGX MCA behavior Zhiquan Li
2022-09-20 6:39 ` [PATCH v9 1/3] x86/sgx: Rename the owner field of struct sgx_epc_page as encl_owner Zhiquan Li
2022-09-20 6:39 ` [PATCH v9 2/3] x86/sgx: Introduce union with vepc_vaddr field for virtualization case Zhiquan Li
2022-10-10 23:10 ` Dave Hansen
2022-10-11 5:49 ` Zhiquan Li
2022-10-11 13:57 ` Dave Hansen
2022-10-12 4:42 ` Zhiquan Li
2022-10-12 11:17 ` Huang, Kai
2022-09-20 6:39 ` [PATCH v9 3/3] x86/sgx: Fine grained SGX MCA behavior for virtualization Zhiquan Li
2022-10-10 23:20 ` Dave Hansen
2022-10-11 4:44 ` Zhiquan Li
2022-10-11 14:04 ` Dave Hansen
2022-10-12 5:09 ` Zhiquan Li
2022-10-12 11:01 ` Huang, Kai
2022-10-12 11:54 ` jarkko
2022-10-12 20:56 ` Huang, Kai
2022-10-13 2:05 ` Zhiquan Li
2022-10-12 14:36 ` Dave Hansen
2022-10-13 14:40 ` Zhiquan Li
2022-10-13 15:39 ` Dave Hansen
2022-10-14 5:42 ` Zhiquan Li
2022-10-14 5:41 ` Dave Hansen
2022-10-13 15:44 ` Dave Hansen
2022-10-13 21:49 ` Huang, Kai [this message]
2022-10-13 22:02 ` Dave Hansen
2022-10-13 22:15 ` Huang, Kai
2022-10-13 22:28 ` Dave Hansen
2022-10-13 23:40 ` Huang, Kai
2022-10-13 23:57 ` Dave Hansen
2022-10-14 0:19 ` Huang, Kai
2022-10-19 10:59 ` Huang, Kai
2022-10-23 20:39 ` jarkko
2022-10-24 1:32 ` Zhiquan Li
2022-11-01 0:46 ` jarkko
2022-11-02 1:38 ` Zhiquan Li
2022-11-07 11:36 ` jarkko
2022-11-07 12:19 ` Zhiquan Li
2022-11-04 10:17 ` Huang, Kai
2022-11-04 16:26 ` Sean Christopherson
2022-11-04 16:34 ` Dave Hansen
2022-11-07 8:55 ` Huang, Kai
2022-11-07 8:54 ` Huang, Kai
2022-10-24 22:23 ` Huang, Kai
2022-11-01 0:53 ` jarkko
2022-09-29 8:05 ` [PATCH v9 0/3] x86/sgx: fine grained SGX MCA behavior Zhiquan Li
2022-10-08 2:29 ` Zhiquan Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42470b9c41adefd2d4b4c79a3b7b2963cd24f423.camel@intel.com \
--to=kai.huang@intel.com \
--cc=bp@suse.de \
--cc=cathy.zhang@intel.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=fan.du@intel.com \
--cc=jarkko@kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=zhiquan1.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.