From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-sgx@vger.kernel.org, akpm@linux-foundation.org,
dave.hansen@intel.com, nhorman@redhat.com, npmccallum@redhat.com,
haitao.huang@intel.com, andriy.shevchenko@linux.intel.com,
tglx@linutronix.de, kai.svahn@intel.com, bp@alien8.de,
josh@joshtriplett.org, luto@kernel.org, kai.huang@intel.com,
rientjes@google.com, cedric.xing@intel.com,
puiterwijk@redhat.com, linux-security-module@vger.kernel.org,
Suresh Siddha <suresh.b.siddha@intel.com>,
Jethro Beekman <jethro@fortanix.com>,
Haitao Huang <haitao.huang@linux.intel.com>,
Chunyang Hui <sanqian.hcy@antfin.com>,
Jordan Hand <jorhand@linux.microsoft.com>,
Seth Moore <sethmo@google.com>
Subject: Re: [PATCH v30 10/20] x86/sgx: Linux Enclave Driver
Date: Thu, 21 May 2020 20:33:40 -0700 [thread overview]
Message-ID: <20200522033340.GB23459@linux.intel.com> (raw)
In-Reply-To: <20200515004410.723949-11-jarkko.sakkinen@linux.intel.com>
On Fri, May 15, 2020 at 03:44:00AM +0300, Jarkko Sakkinen wrote:
> +static int sgx_open(struct inode *inode, struct file *file)
> +{
> + struct sgx_encl *encl;
> + int ret;
> +
> + encl = kzalloc(sizeof(*encl), GFP_KERNEL);
> + if (!encl)
> + return -ENOMEM;
> +
> + atomic_set(&encl->flags, 0);
> + kref_init(&encl->refcount);
> + INIT_RADIX_TREE(&encl->page_tree, GFP_KERNEL);
> + mutex_init(&encl->lock);
> + INIT_LIST_HEAD(&encl->mm_list);
> + spin_lock_init(&encl->mm_lock);
> +
> + ret = init_srcu_struct(&encl->srcu);
We're leaking a wee bit of memory here; enough to burn through 14gb in a few
minutes with my newly resurrected EPC cgroup test. The possibility for
failure should have been a dead giveaway that this allocates memory, but the
"init" name threw me off. :-/
> + if (ret) {
> + kfree(encl);
> + return ret;
> + }
> +
> + file->private_data = encl;
> +
> + return 0;
> +}
...
> +/**
> + * sgx_encl_release - Destroy an enclave instance
> + * @kref: address of a kref inside &sgx_encl
> + *
> + * Used together with kref_put(). Frees all the resources associated with the
> + * enclave and the instance itself.
> + */
> +void sgx_encl_release(struct kref *ref)
> +{
> + struct sgx_encl *encl = container_of(ref, struct sgx_encl, refcount);
> +
> + sgx_encl_destroy(encl);
> +
> + if (encl->backing)
> + fput(encl->backing);
The above mem leak can be fixed by adding
cleanup_srcu_struct(&encl->srcu);
> +
> + WARN_ON_ONCE(!list_empty(&encl->mm_list));
> +
> + /* Detect EPC page leak's. */
> + WARN_ON_ONCE(encl->secs_child_cnt);
> + WARN_ON_ONCE(encl->secs.epc_page);
> +
> + kfree(encl);
> +}
...
> +static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long src,
> + unsigned long offset, unsigned long length,
> + struct sgx_secinfo *secinfo, unsigned long flags)
> +{
...
> +err_out:
> + radix_tree_delete(&encl_page->encl->page_tree,
> + PFN_DOWN(encl_page->desc));
> +
> +err_out_unlock:
> + mutex_unlock(&encl->lock);
> + up_read(¤t->mm->mmap_sem);
> +
> +err_out_free:
> + sgx_free_page(epc_page);
> + kfree(encl_page);
> +
> + /*
> + * Destroy enclave on ENCLS failure as this means that EPC has been
> + * invalidated.
> + */
> + if (ret == -EIO)
> + sgx_encl_destroy(encl);
This needs to be called with encl->lock held to prevent racing with the
reclaimer, e.g. sgx_encl_destroy() and sgx_reclaimer_write() can combine to
corrupt secs_child_cnt, among other badness.
It's probably worth adding a lockdep assert in sgx_encl_destroy() as well.
We can either keep the lock across the above frees or retake the lock. I
like retaking the lock to avoid inverting the ordering between encl->lock
and mmap_sem (even though it's benign). This is an extremely rare path,
no need to shave cycles.
> +
> + return ret;
> +}
next prev parent reply other threads:[~2020-05-22 3:33 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-15 0:43 [PATCH v30 00/20] Intel SGX foundations Jarkko Sakkinen
2020-05-15 0:43 ` [PATCH v30 01/20] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits Jarkko Sakkinen
2020-05-20 12:16 ` Borislav Petkov
2020-05-20 14:00 ` Jarkko Sakkinen
2020-05-15 0:43 ` [PATCH v30 02/20] x86/cpufeatures: x86/msr: Intel SGX Launch Control " Jarkko Sakkinen
2020-05-20 12:23 ` Borislav Petkov
2020-05-20 14:04 ` Jarkko Sakkinen
2020-05-15 0:43 ` [PATCH v30 03/20] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX Jarkko Sakkinen
2020-05-15 0:43 ` [PATCH v30 04/20] x86/sgx: Add SGX microarchitectural data structures Jarkko Sakkinen
2020-05-20 18:47 ` Borislav Petkov
2020-05-20 21:04 ` Sean Christopherson
2020-05-22 15:54 ` Jarkko Sakkinen
2020-05-22 16:13 ` Sean Christopherson
2020-05-22 19:50 ` Jarkko Sakkinen
2020-05-25 8:20 ` Borislav Petkov
2020-05-27 19:43 ` Jarkko Sakkinen
2020-05-15 0:43 ` [PATCH v30 05/20] x86/sgx: Add wrappers for ENCLS leaf functions Jarkko Sakkinen
2020-05-15 0:43 ` [PATCH v30 06/20] x86/cpu/intel: Detect SGX support Jarkko Sakkinen
2020-05-15 0:43 ` [PATCH v30 07/20] x86/sgx: Enumerate and track EPC sections Jarkko Sakkinen
2020-05-25 9:23 ` Borislav Petkov
2020-05-27 3:56 ` Sean Christopherson
2020-05-27 20:35 ` Borislav Petkov
2020-05-28 7:36 ` Jarkko Sakkinen
2020-05-28 5:25 ` Jarkko Sakkinen
2020-05-28 5:35 ` Jarkko Sakkinen
2020-05-28 6:14 ` Jarkko Sakkinen
2020-05-28 6:16 ` Jarkko Sakkinen
2020-05-28 5:13 ` Jarkko Sakkinen
2020-05-15 0:43 ` [PATCH v30 08/20] x86/sgx: Add functions to allocate and free EPC pages Jarkko Sakkinen
2020-05-26 12:52 ` Borislav Petkov
2020-05-27 4:21 ` Sean Christopherson
2020-05-27 20:46 ` Borislav Petkov
2020-05-28 0:52 ` Sean Christopherson
2020-05-28 6:51 ` Jarkko Sakkinen
2020-05-28 1:23 ` Jarkko Sakkinen
2020-05-28 1:36 ` Sean Christopherson
2020-05-28 6:52 ` Jarkko Sakkinen
2020-05-28 17:16 ` Borislav Petkov
2020-05-28 17:19 ` Sean Christopherson
2020-05-28 17:27 ` Borislav Petkov
2020-05-28 17:34 ` Sean Christopherson
2020-05-28 19:07 ` Jarkko Sakkinen
2020-05-28 19:59 ` Sean Christopherson
2020-05-29 3:28 ` Jarkko Sakkinen
2020-05-29 3:37 ` Sean Christopherson
2020-05-29 5:07 ` Jarkko Sakkinen
2020-05-29 8:12 ` Jarkko Sakkinen
2020-05-29 8:13 ` Jarkko Sakkinen
2020-05-29 3:38 ` Jarkko Sakkinen
2020-05-15 0:43 ` [PATCH v30 09/20] mm: Introduce vm_ops->may_mprotect() Jarkko Sakkinen
2020-05-29 12:10 ` Borislav Petkov
2020-05-29 18:18 ` Jarkko Sakkinen
2020-05-29 18:28 ` Dave Hansen
2020-05-31 23:12 ` Jarkko Sakkinen
2020-05-15 0:44 ` [PATCH v30 10/20] x86/sgx: Linux Enclave Driver Jarkko Sakkinen
2020-05-21 19:12 ` Sean Christopherson
2020-05-22 19:26 ` Jarkko Sakkinen
2020-05-22 19:39 ` Jarkko Sakkinen
2020-05-22 3:33 ` Sean Christopherson [this message]
2020-05-15 0:44 ` [PATCH v30 11/20] x86/sgx: Add provisioning Jarkko Sakkinen
2020-05-15 0:44 ` [PATCH v30 12/20] x86/sgx: Add a page reclaimer Jarkko Sakkinen
2020-05-22 6:58 ` Sean Christopherson
2020-05-22 19:57 ` Jarkko Sakkinen
2020-05-22 21:52 ` Sean Christopherson
2020-05-22 7:15 ` Sean Christopherson
2020-05-22 19:47 ` Jarkko Sakkinen
2020-05-15 0:44 ` [PATCH v30 13/20] x86/sgx: ptrace() support for the SGX driver Jarkko Sakkinen
2020-05-15 0:44 ` [PATCH v30 14/20] x86/vdso: Add support for exception fixup in vDSO functions Jarkko Sakkinen
2020-05-15 0:44 ` [PATCH v30 15/20] x86/fault: Add helper function to sanitize error code Jarkko Sakkinen
2020-05-15 0:44 ` [PATCH v30 16/20] x86/traps: Attempt to fixup exceptions in vDSO before signaling Jarkko Sakkinen
2020-05-15 0:44 ` [PATCH v30 17/20] x86/vdso: Implement a vDSO for Intel SGX enclave call Jarkko Sakkinen
2020-05-15 0:44 ` [PATCH v30 18/20] selftests/x86: Add a selftest for SGX Jarkko Sakkinen
2020-05-15 0:44 ` [PATCH v30 19/20] docs: x86/sgx: Document SGX micro architecture and kernel internals Jarkko Sakkinen
2020-05-15 0:44 ` [PATCH v30 20/20] x86/sgx: Update MAINTAINERS Jarkko Sakkinen
2020-05-16 8:57 ` [PATCH] x86/cpu/intel: Add nosgx kernel parameter Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200522033340.GB23459@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=dave.hansen@intel.com \
--cc=haitao.huang@intel.com \
--cc=haitao.huang@linux.intel.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jethro@fortanix.com \
--cc=jorhand@linux.microsoft.com \
--cc=josh@joshtriplett.org \
--cc=kai.huang@intel.com \
--cc=kai.svahn@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=luto@kernel.org \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=puiterwijk@redhat.com \
--cc=rientjes@google.com \
--cc=sanqian.hcy@antfin.com \
--cc=sethmo@google.com \
--cc=suresh.b.siddha@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).