* [PATCH v2 0/2] x86/sgx: Critical fixes for v6.0
@ 2022-09-05 23:54 Jarkko Sakkinen
2022-09-05 23:54 ` [PATCH v2 1/2] x86/sgx: Do not fail on incomplete sanitization on premature stop of ksgxd Jarkko Sakkinen
2022-09-05 23:54 ` [PATCH v2 2/2] x86/sgx: Handle VA page allocation failure for EAUG on PF Jarkko Sakkinen
0 siblings, 2 replies; 3+ messages in thread
From: Jarkko Sakkinen @ 2022-09-05 23:54 UTC (permalink / raw)
To: linux-sgx
Cc: Haitao Huang, Vijay Dhanraj, Reinette Chatre, Dave Hansen,
Jarkko Sakkinen
Two critical fixes for v6.0.
Haitao Huang (1):
x86/sgx: Handle VA page allocation failure for EAUG on PF.
Jarkko Sakkinen (1):
x86/sgx: Do not fail on incomplete sanitization on premature stop of
ksgxd
arch/x86/kernel/cpu/sgx/encl.c | 5 ++++-
arch/x86/kernel/cpu/sgx/main.c | 17 +++++++++++------
2 files changed, 15 insertions(+), 7 deletions(-)
--
2.37.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH v2 1/2] x86/sgx: Do not fail on incomplete sanitization on premature stop of ksgxd
2022-09-05 23:54 [PATCH v2 0/2] x86/sgx: Critical fixes for v6.0 Jarkko Sakkinen
@ 2022-09-05 23:54 ` Jarkko Sakkinen
2022-09-05 23:54 ` [PATCH v2 2/2] x86/sgx: Handle VA page allocation failure for EAUG on PF Jarkko Sakkinen
1 sibling, 0 replies; 3+ messages in thread
From: Jarkko Sakkinen @ 2022-09-05 23:54 UTC (permalink / raw)
To: linux-sgx
Cc: Haitao Huang, Vijay Dhanraj, Reinette Chatre, Dave Hansen,
Jarkko Sakkinen, stable, Paul Menzel, Thomas Gleixner,
Ingo Molnar, Borislav Petkov,
maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
H. Peter Anvin, open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)
Unsanitized pages trigger WARN_ON() unconditionally, which can panic the
whole computer, if /proc/sys/kernel/panic_on_warn is set.
In sgx_init(), if misc_register() fails or misc_register() succeeds but
neither sgx_drv_init() nor sgx_vepc_init() succeeds, then ksgxd will be
prematurely stopped. This may leave unsanitized pages, which will result a
false warning.
Refine __sgx_sanitize_pages() to return:
1. Zero when the sanitization process is complete or ksgxd has been
requested to stop.
2. The number of unsanitized pages otherwise.
Use the return value as the criteria for triggering output, and tone down
the output to pr_err() to prevent the whole system to be taken down if for
some reason sanitization process does not complete.
Link: https://lore.kernel.org/linux-sgx/20220825051827.246698-1-jarkko@kernel.org/T/#u
Fixes: 51ab30eb2ad4 ("x86/sgx: Replace section->init_laundry_list with sgx_dirty_page_list")
Cc: stable@vger.kernel.org # v5.13+
Reported-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
v8:
- Discard changes that are not relevant for the stable fix. This
does absolutely minimum to address the bug:
https://lore.kernel.org/linux-sgx/a5fa56bdc57d6472a306bd8d795afc674b724538.camel@intel.com/
v7:
- Rewrote commit message.
- Do not return -ECANCELED on premature stop. Instead use zero both
premature stop and complete sanitization.
v6:
- Address Reinette's feedback:
https://lore.kernel.org/linux-sgx/Yw6%2FiTzSdSw%2FY%2FVO@kernel.org/
v5:
- Add the klog dump and sysctl option to the commit message.
v4:
- Explain expectations for dirty_page_list in the function header, instead
of an inline comment.
- Improve commit message to explain the conditions better.
- Return the number of pages left dirty to ksgxd() and print warning after
the 2nd call, if there are any.
v3:
- Remove WARN_ON().
- Tuned comments and the commit message a bit.
v2:
- Replaced WARN_ON() with optional pr_info() inside
__sgx_sanitize_pages().
- Rewrote the commit message.
- Added the fixes tag.
---
arch/x86/kernel/cpu/sgx/main.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
index 515e2a5f25bb..2ec2d7b7da54 100644
--- a/arch/x86/kernel/cpu/sgx/main.c
+++ b/arch/x86/kernel/cpu/sgx/main.c
@@ -49,9 +49,13 @@ static LIST_HEAD(sgx_dirty_page_list);
* Reset post-kexec EPC pages to the uninitialized state. The pages are removed
* from the input list, and made available for the page allocator. SECS pages
* prepending their children in the input list are left intact.
+ *
+ * Return 0 when sanitization was successful or kthread was stopped, and the
+ * number of unsanitized pages otherwise.
*/
-static void __sgx_sanitize_pages(struct list_head *dirty_page_list)
+static unsigned long __sgx_sanitize_pages(struct list_head *dirty_page_list)
{
+ unsigned long left_dirty = 0;
struct sgx_epc_page *page;
LIST_HEAD(dirty);
int ret;
@@ -59,7 +63,7 @@ static void __sgx_sanitize_pages(struct list_head *dirty_page_list)
/* dirty_page_list is thread-local, no need for a lock: */
while (!list_empty(dirty_page_list)) {
if (kthread_should_stop())
- return;
+ return 0;
page = list_first_entry(dirty_page_list, struct sgx_epc_page, list);
@@ -92,12 +96,14 @@ static void __sgx_sanitize_pages(struct list_head *dirty_page_list)
} else {
/* The page is not yet clean - move to the dirty list. */
list_move_tail(&page->list, &dirty);
+ left_dirty++;
}
cond_resched();
}
list_splice(&dirty, dirty_page_list);
+ return left_dirty;
}
static bool sgx_reclaimer_age(struct sgx_epc_page *epc_page)
@@ -388,6 +394,8 @@ void sgx_reclaim_direct(void)
static int ksgxd(void *p)
{
+ unsigned long left_dirty;
+
set_freezable();
/*
@@ -395,10 +403,7 @@ static int ksgxd(void *p)
* required for SECS pages, whose child pages blocked EREMOVE.
*/
__sgx_sanitize_pages(&sgx_dirty_page_list);
- __sgx_sanitize_pages(&sgx_dirty_page_list);
-
- /* sanity check: */
- WARN_ON(!list_empty(&sgx_dirty_page_list));
+ WARN_ON(__sgx_sanitize_pages(&sgx_dirty_page_list));
while (!kthread_should_stop()) {
if (try_to_freeze())
--
2.37.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH v2 2/2] x86/sgx: Handle VA page allocation failure for EAUG on PF.
2022-09-05 23:54 [PATCH v2 0/2] x86/sgx: Critical fixes for v6.0 Jarkko Sakkinen
2022-09-05 23:54 ` [PATCH v2 1/2] x86/sgx: Do not fail on incomplete sanitization on premature stop of ksgxd Jarkko Sakkinen
@ 2022-09-05 23:54 ` Jarkko Sakkinen
1 sibling, 0 replies; 3+ messages in thread
From: Jarkko Sakkinen @ 2022-09-05 23:54 UTC (permalink / raw)
To: linux-sgx
Cc: Haitao Huang, Vijay Dhanraj, Reinette Chatre, Dave Hansen,
Jarkko Sakkinen, Thomas Gleixner, Ingo Molnar, Borislav Petkov,
maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
H. Peter Anvin, open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)
From: Haitao Huang <haitao.huang@linux.intel.com>
VM_FAULT_NOPAGE is expected behaviour for -EBUSY failure path, when
augmenting a page, as this means that the reclaimer thread has been
triggered, and the intention is just to round-trip in ring-3, and
retry with a new page fault.
Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave")
Signed-off-by: Haitao Huang <haitao.huang@linux.intel.com>
Tested-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
Reviewed-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
v4:
* Remove extra white space.
v3:
* Added Reinette's ack.
v2:
* Removed reviewed-by, no other changes.
---
arch/x86/kernel/cpu/sgx/encl.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c
index f40d64206ded..9f13d724172e 100644
--- a/arch/x86/kernel/cpu/sgx/encl.c
+++ b/arch/x86/kernel/cpu/sgx/encl.c
@@ -347,8 +347,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma,
}
va_page = sgx_encl_grow(encl, false);
- if (IS_ERR(va_page))
+ if (IS_ERR(va_page)) {
+ if (PTR_ERR(va_page) == -EBUSY)
+ vmret = VM_FAULT_NOPAGE;
goto err_out_epc;
+ }
if (va_page)
list_add(&va_page->list, &encl->va_pages);
--
2.37.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-09-05 23:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-05 23:54 [PATCH v2 0/2] x86/sgx: Critical fixes for v6.0 Jarkko Sakkinen
2022-09-05 23:54 ` [PATCH v2 1/2] x86/sgx: Do not fail on incomplete sanitization on premature stop of ksgxd Jarkko Sakkinen
2022-09-05 23:54 ` [PATCH v2 2/2] x86/sgx: Handle VA page allocation failure for EAUG on PF Jarkko Sakkinen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).