From: Dave Hansen <dave.hansen@intel.com>
To: Zhiquan Li <zhiquan1.li@intel.com>,
linux-sgx@vger.kernel.org, tony.luck@intel.com,
jarkko@kernel.org, dave.hansen@linux.intel.com,
kai.huang@intel.com
Cc: seanjc@google.com, fan.du@intel.com, cathy.zhang@intel.com,
bp@suse.de, tglx@linutronix.de
Subject: Re: [PATCH v9 3/3] x86/sgx: Fine grained SGX MCA behavior for virtualization
Date: Thu, 13 Oct 2022 08:44:39 -0700 [thread overview]
Message-ID: <fc9ed3e0-94f1-0bbc-06db-fd14d41b7c21@intel.com> (raw)
In-Reply-To: <fb885d7f-388c-6a53-798b-06805fefca3d@intel.com>
On 10/13/22 07:40, Zhiquan Li wrote:
>>>> What happens if a hypervisor *DOES* fork()? What's the fallout?
>>> This part originates from below discussion:
>>>
>>> https://lore.kernel.org/linux-sgx/52dc7f50b68c99cecb9e1c3383d9c6d88734cd67.camel@intel.com/#t
>>>
>>> It intents to answer the question:
>>>
>>> Do you think the processes sharing the same enclave need to be
>>> killed, even they had not touched the EPC page with hardware error?
>>>
>>> Dave, do you mean it's not appropriate to be put here?
>> It's actually a pretty important point, but it's still out of the blue.
>>
>> You also didn't answer my question.
> Oh, sorry, I focused on answering "Why is this here?" but forgot to
> answer "What's the fallout?"
>
> It's a very good question.
>
> Looks like Kai had answered it before:
>
> For instance, an application can open /dev/sgx_vepc, mmap(), and
> fork(). Then if the child does mmap() against the fd opened by
> the parent, the child will share the same vepc with the parent.
>
> ...
>
> Sharing virtual EPC instance will very likely unexpectedly break
> enclaves in all VMs.
How, though? This basically says, "I think things will break." I want
to know a few more specifics than that before we merge this. There are
ABI implications.
> https://lore.kernel.org/linux-sgx/52dc7f50b68c99cecb9e1c3383d9c6d88734cd67.camel@intel.com/#t
>
> Moreover, I checked the code in below scenario while child sharing the
> virtual EPC instance with parent:
> - child closes /dev/sgx_vepc earlier than parent.
> - child re-mmap() /dev/sgx_vepc to the same memory region as parent.
> - child mmap() /dev/sgx_vepc to different memory region.
> - child accesses the memory region of mmap() inherited from parent.
>
> It's just that the app messes itself up, the vepc instance is protected
> very well.
> Maybe there are other corner cases I've not considered?
... and what happens when *THIS* patch is in play? What if there is a
machine check in SGX memory?
next prev parent reply other threads:[~2022-10-13 15:45 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-20 6:39 [PATCH v9 0/3] x86/sgx: fine grained SGX MCA behavior Zhiquan Li
2022-09-20 6:39 ` [PATCH v9 1/3] x86/sgx: Rename the owner field of struct sgx_epc_page as encl_owner Zhiquan Li
2022-09-20 6:39 ` [PATCH v9 2/3] x86/sgx: Introduce union with vepc_vaddr field for virtualization case Zhiquan Li
2022-10-10 23:10 ` Dave Hansen
2022-10-11 5:49 ` Zhiquan Li
2022-10-11 13:57 ` Dave Hansen
2022-10-12 4:42 ` Zhiquan Li
2022-10-12 11:17 ` Huang, Kai
2022-09-20 6:39 ` [PATCH v9 3/3] x86/sgx: Fine grained SGX MCA behavior for virtualization Zhiquan Li
2022-10-10 23:20 ` Dave Hansen
2022-10-11 4:44 ` Zhiquan Li
2022-10-11 14:04 ` Dave Hansen
2022-10-12 5:09 ` Zhiquan Li
2022-10-12 11:01 ` Huang, Kai
2022-10-12 11:54 ` jarkko
2022-10-12 20:56 ` Huang, Kai
2022-10-13 2:05 ` Zhiquan Li
2022-10-12 14:36 ` Dave Hansen
2022-10-13 14:40 ` Zhiquan Li
2022-10-13 15:39 ` Dave Hansen
2022-10-14 5:42 ` Zhiquan Li
2022-10-14 5:41 ` Dave Hansen
2022-10-13 15:44 ` Dave Hansen [this message]
2022-10-13 21:49 ` Huang, Kai
2022-10-13 22:02 ` Dave Hansen
2022-10-13 22:15 ` Huang, Kai
2022-10-13 22:28 ` Dave Hansen
2022-10-13 23:40 ` Huang, Kai
2022-10-13 23:57 ` Dave Hansen
2022-10-14 0:19 ` Huang, Kai
2022-10-19 10:59 ` Huang, Kai
2022-10-23 20:39 ` jarkko
2022-10-24 1:32 ` Zhiquan Li
2022-11-01 0:46 ` jarkko
2022-11-02 1:38 ` Zhiquan Li
2022-11-07 11:36 ` jarkko
2022-11-07 12:19 ` Zhiquan Li
2022-11-04 10:17 ` Huang, Kai
2022-11-04 16:26 ` Sean Christopherson
2022-11-04 16:34 ` Dave Hansen
2022-11-07 8:55 ` Huang, Kai
2022-11-07 8:54 ` Huang, Kai
2022-10-24 22:23 ` Huang, Kai
2022-11-01 0:53 ` jarkko
2022-09-29 8:05 ` [PATCH v9 0/3] x86/sgx: fine grained SGX MCA behavior Zhiquan Li
2022-10-08 2:29 ` Zhiquan Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fc9ed3e0-94f1-0bbc-06db-fd14d41b7c21@intel.com \
--to=dave.hansen@intel.com \
--cc=bp@suse.de \
--cc=cathy.zhang@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=fan.du@intel.com \
--cc=jarkko@kernel.org \
--cc=kai.huang@intel.com \
--cc=linux-sgx@vger.kernel.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=zhiquan1.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).