From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Borislav Petkov <bp@alien8.de>,
x86@kernel.org, linux-sgx@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Jethro Beekman <jethro@fortanix.com>,
Haitao Huang <haitao.huang@linux.intel.com>,
Chunyang Hui <sanqian.hcy@antfin.com>,
Jordan Hand <jorhand@linux.microsoft.com>,
Nathaniel McCallum <npmccallum@redhat.com>,
Seth Moore <sethmo@google.com>,
Suresh Siddha <suresh.b.siddha@intel.com>,
akpm@linux-foundation.org, andriy.shevchenko@linux.intel.com,
asapek@google.com, cedric.xing@intel.com,
chenalexchen@google.com, conradparker@google.com,
cyhanish@google.com, dave.hansen@intel.com,
haitao.huang@intel.com, josh@joshtriplett.org,
kai.huang@intel.com, kai.svahn@intel.com, kmoy@google.com,
ludloff@google.com, luto@kernel.org, nhorman@redhat.com,
puiterwijk@redhat.com, rientjes@google.com, tglx@linutronix.de,
yaozhangx@google.com
Subject: Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver
Date: Mon, 6 Jul 2020 18:38:47 -0700 [thread overview]
Message-ID: <20200707013847.GA5208@linux.intel.com> (raw)
In-Reply-To: <20200704014349.GB129411@linux.intel.com>
On Sat, Jul 04, 2020 at 04:43:49AM +0300, Jarkko Sakkinen wrote:
> On Mon, Jun 29, 2020 at 08:27:19AM -0700, Sean Christopherson wrote:
> > On Sat, Jun 27, 2020 at 07:43:35PM +0200, Borislav Petkov wrote:
> > > And you could do similar sanity checks in the other ioctl functions.
> >
> > Ya, as above, SGX_ENCL_INITIALIZED can be checked here.
> >
> > SGX_ENCL_DEAD is actually already checked in in the top level sgx_ioctl(),
> > i.e. the check in sgx_encl_add_page() can technically be flat out dropped.
> >
> > I say "technically" because I'm a bit torn over SGX_ENCL_DEAD; encl->lock
> > must be held to SGX_ENCL_DEAD (the page fault and reclaim flows rely on
> > this), but as it stands today only ioctl() paths (guarded by SGX_ENCL_IOCTL)
> > and sgx_release() (makes the ioctls() unreachable) set SGX_ENCL_DEAD.
> >
> > So it's safe to check SGX_ENCL_DEAD from ioctl() context without holding
> > encl->lock, at least in the current code base, but it feels weird/sketchy.
> >
> > In the end I don't think I have a strong opinion. Removing the technically
> > unnecessary DEAD check in sgx_encl_add_page() is the simplest change, so it
> > may make sense to do that and nothing more for initial upstreaming. Long
> > term, I fully expect we'll add paths that set SGX_ENCL_DEAD outside of
> > ioctl() context, e.g. to handle EPC OOM, but it wouldn't be a bad thing to
> > have a standalone commit in a future series to add DEAD checks (under
> > encl->lock) in the ADD and INIT flows.
>
> AFAIK nonne of th ioctl's should not need SGX_ENCL_DEAD check.
I can't tell if the double negative was intended, but I took a peek at your
current master and see that you removed the SGX_ENCL_DEAD check in
sgx_ioctl(). That check needs to stay, e.g. if EEXTEND fails we absolutely
need to prevent any further operations on the enclave.
The above was calling out that additional checks on SGX_ENCL_DEAD after
acquiring encl->lock are not necessary because SGX_ENCL_DEAD can only be
set when the ioctls() are no longer reachable or from within an ioctl(),
which provides exclusivity via SGX_ENCL_IOCTL.
next prev parent reply other threads:[~2020-07-07 1:38 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-17 22:08 [PATCH v33 00/21] Intel SGX foundations Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 01/21] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits Jarkko Sakkinen
2020-06-22 17:37 ` Borislav Petkov
2020-06-25 1:25 ` Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 02/21] x86/cpufeatures: x86/msr: Add Intel SGX Launch Control " Jarkko Sakkinen
2020-06-24 13:04 ` Borislav Petkov
2020-06-24 14:34 ` Sean Christopherson
2020-06-25 1:28 ` Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 03/21] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX Jarkko Sakkinen
2020-06-25 8:59 ` Borislav Petkov
2020-06-25 15:34 ` Sean Christopherson
2020-06-25 16:49 ` Borislav Petkov
2020-06-25 20:52 ` Jarkko Sakkinen
2020-06-25 21:11 ` Borislav Petkov
2020-06-26 13:34 ` Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 04/21] x86/sgx: Add SGX microarchitectural data structures Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 05/21] x86/sgx: Add wrappers for ENCLS leaf functions Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 06/21] x86/cpu/intel: Detect SGX support Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 07/21] x86/cpu/intel: Add nosgx kernel parameter Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 08/21] x86/sgx: Initialize metadata for Enclave Page Cache (EPC) sections Jarkko Sakkinen
2020-06-25 10:14 ` Borislav Petkov
2020-06-25 20:11 ` Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 09/21] x86/sgx: Add __sgx_alloc_epc_page() and sgx_free_epc_page() Jarkko Sakkinen
2020-06-25 17:06 ` Borislav Petkov
2020-06-25 20:55 ` Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 10/21] mm: Introduce vm_ops->may_mprotect() Jarkko Sakkinen
2020-06-25 17:14 ` Borislav Petkov
2020-06-25 17:30 ` Matthew Wilcox
2020-06-25 18:06 ` Sean Christopherson
2020-06-25 22:40 ` Jarkko Sakkinen
2020-06-25 22:26 ` Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 11/21] x86/sgx: Linux Enclave Driver Jarkko Sakkinen
2020-06-25 17:23 ` Borislav Petkov
2020-06-25 18:34 ` Sean Christopherson
2020-06-25 18:45 ` Borislav Petkov
2020-06-26 14:19 ` Jarkko Sakkinen
2020-06-25 20:21 ` Jarkko Sakkinen
2020-06-25 20:25 ` Borislav Petkov
2020-06-26 13:40 ` Jarkko Sakkinen
2020-06-25 18:53 ` Borislav Petkov
2020-06-26 14:17 ` Jarkko Sakkinen
2020-06-26 9:14 ` Borislav Petkov
2020-06-26 14:16 ` Sean Christopherson
2020-06-26 14:20 ` Borislav Petkov
2020-07-03 23:04 ` Jarkko Sakkinen
2020-07-03 3:09 ` Jarkko Sakkinen
2020-06-26 15:34 ` Borislav Petkov
2020-07-04 0:13 ` Jarkko Sakkinen
2020-10-26 21:26 ` Dave Hansen
2020-10-27 1:52 ` Jarkko Sakkinen
2020-10-27 10:05 ` Borislav Petkov
2020-10-27 15:20 ` Dave Hansen
2020-10-27 15:37 ` Borislav Petkov
2020-06-27 17:43 ` Borislav Petkov
2020-06-29 15:27 ` Sean Christopherson
2020-06-29 15:37 ` Borislav Petkov
2020-07-04 1:43 ` Jarkko Sakkinen
2020-07-07 1:38 ` Sean Christopherson [this message]
2020-07-07 3:29 ` Jarkko Sakkinen
2020-07-04 1:42 ` Jarkko Sakkinen
2020-07-02 3:59 ` Sean Christopherson
2020-07-04 3:31 ` Jarkko Sakkinen
2020-09-02 3:06 ` Haitao Huang
2020-09-02 16:10 ` Sean Christopherson
2020-09-02 18:40 ` Haitao Huang
2020-09-04 12:01 ` Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 12/21] x86/sgx: Allow a limited use of ATTRIBUTE.PROVISIONKEY for attestation Jarkko Sakkinen
2020-06-29 16:02 ` Borislav Petkov
2020-06-29 22:04 ` Sean Christopherson
2020-06-30 8:49 ` Borislav Petkov
2020-06-30 14:20 ` Sean Christopherson
2020-06-30 17:13 ` Andy Lutomirski
2020-07-02 20:47 ` Dr. Greg
2020-07-03 2:43 ` Jarkko Sakkinen
2020-07-03 2:38 ` Jarkko Sakkinen
2020-07-03 2:32 ` Jarkko Sakkinen
2020-07-03 2:55 ` Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 13/21] x86/sgx: Add a page reclaimer Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 14/21] x86/sgx: ptrace() support for the SGX driver Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 15/21] x86/vdso: Add support for exception fixup in vDSO functions Jarkko Sakkinen
2020-06-29 17:10 ` Borislav Petkov
2020-06-30 6:00 ` Sean Christopherson
2020-06-30 8:41 ` Borislav Petkov
2020-06-30 14:55 ` Sean Christopherson
2020-06-30 16:48 ` Andy Lutomirski
2020-06-30 17:23 ` Sean Christopherson
2020-07-02 12:52 ` Thomas Gleixner
2020-06-17 22:08 ` [PATCH v33 16/21] x86/fault: Add helper function to sanitize error code Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 17/21] x86/traps: Attempt to fixup exceptions in vDSO before signaling Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 18/21] x86/vdso: Implement a vDSO for Intel SGX enclave call Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 19/21] selftests/x86: Add a selftest for SGX Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 20/21] docs: x86/sgx: Document SGX micro architecture and kernel internals Jarkko Sakkinen
2020-06-17 22:08 ` [PATCH v33 21/21] x86/sgx: Update MAINTAINERS Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200707013847.GA5208@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=asapek@google.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=chenalexchen@google.com \
--cc=conradparker@google.com \
--cc=cyhanish@google.com \
--cc=dave.hansen@intel.com \
--cc=haitao.huang@intel.com \
--cc=haitao.huang@linux.intel.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jethro@fortanix.com \
--cc=jorhand@linux.microsoft.com \
--cc=josh@joshtriplett.org \
--cc=kai.huang@intel.com \
--cc=kai.svahn@intel.com \
--cc=kmoy@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=ludloff@google.com \
--cc=luto@kernel.org \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=puiterwijk@redhat.com \
--cc=rientjes@google.com \
--cc=sanqian.hcy@antfin.com \
--cc=sethmo@google.com \
--cc=suresh.b.siddha@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=yaozhangx@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.