From patchwork Wed Jan 4 15:33:43 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 9497039 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E5A9E60237 for ; Wed, 4 Jan 2017 15:33:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D891427D13 for ; Wed, 4 Jan 2017 15:33:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CD8B327FAE; Wed, 4 Jan 2017 15:33:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 528DB28068 for ; Wed, 4 Jan 2017 15:33:53 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 4900981949 for ; Wed, 4 Jan 2017 07:33:53 -0800 (PST) X-Original-To: intel-sgx-kernel-dev@lists.01.org Delivered-To: intel-sgx-kernel-dev@lists.01.org Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 56058817B9 for ; Wed, 4 Jan 2017 07:33:52 -0800 (PST) Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga104.fm.intel.com with ESMTP; 04 Jan 2017 07:33:52 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,459,1477983600"; d="scan'208";a="50022880" Received: from sjchrist-ts.jf.intel.com ([10.54.74.20]) by fmsmga006.fm.intel.com with ESMTP; 04 Jan 2017 07:33:51 -0800 From: Sean Christopherson To: intel-sgx-kernel-dev@lists.01.org Date: Wed, 4 Jan 2017 07:33:43 -0800 Message-Id: <1483544024-6154-4-git-send-email-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1483544024-6154-1-git-send-email-sean.j.christopherson@intel.com> References: <1483544024-6154-1-git-send-email-sean.j.christopherson@intel.com> Subject: [intel-sgx-kernel-dev] [PATCH 3/4] intel_sgx: Avoid EREMOVE in fail path during fault X-BeenThere: intel-sgx-kernel-dev@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Project: Intel® Software Guard Extensions for Linux*: https://01.org/intel-software-guard-extensions" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: intel-sgx-kernel-dev-bounces@lists.01.org Sender: "intel-sgx-kernel-dev" X-Virus-Scanned: ClamAV using ClamSMTP Swap the order of the calls to vm_insert_pfn and do_eldu to make ELDU the last action in the fault handling sequence, which eleminates the need to do EREMOVE of the page if vm_insert_pfn fails. EREMOVE fails if there are active threads in the enclave, i.e. the previous code could result in kernel panics due to EREMOVE failure. Inserting the page before ELDU does not create a race condition as accesses to the page will still #PF due to failing the EPCM checks, i.e. user-visible behavior is identical whether an access faults due to an invalid PTE or an invalid EPCM entry. Signed-off-by: Sean Christopherson Reviewed-by: Jarkko Sakkinen --- drivers/platform/x86/intel_sgx_vma.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/platform/x86/intel_sgx_vma.c b/drivers/platform/x86/intel_sgx_vma.c index e670405..f356eed 100644 --- a/drivers/platform/x86/intel_sgx_vma.c +++ b/drivers/platform/x86/intel_sgx_vma.c @@ -160,7 +160,6 @@ static struct sgx_encl_page *sgx_vma_do_fault(struct vm_area_struct *vma, struct sgx_epc_page *epc_page = NULL; struct sgx_epc_page *secs_epc_page = NULL; struct page *backing; - unsigned int free_flags = SGX_FREE_SKIP_EREMOVE; int rc; /* If process was forked, VMA is still there but vm_private_data is set @@ -243,18 +242,18 @@ static struct sgx_encl_page *sgx_vma_do_fault(struct vm_area_struct *vma, goto out; } - rc = do_eldu(encl, entry, epc_page, backing, false /* is_secs */); + rc = vm_insert_pfn(vma, entry->addr, PFN_DOWN(epc_page->pa)); if (rc) { sgx_put_backing(backing, 0); entry = ERR_PTR(rc); goto out; } - rc = vm_insert_pfn(vma, entry->addr, PFN_DOWN(epc_page->pa)); + rc = do_eldu(encl, entry, epc_page, backing, false /* is_secs */); sgx_put_backing(backing, 0); if (rc) { - free_flags = 0; + zap_vma_ptes(vma, entry->addr, PAGE_SIZE); entry = ERR_PTR(rc); goto out; } @@ -274,7 +273,7 @@ static struct sgx_encl_page *sgx_vma_do_fault(struct vm_area_struct *vma, out: mutex_unlock(&encl->lock); if (epc_page) - sgx_free_page(epc_page, encl, free_flags); + sgx_free_page(epc_page, encl, SGX_FREE_SKIP_EREMOVE); if (secs_epc_page) sgx_free_page(secs_epc_page, encl, SGX_FREE_SKIP_EREMOVE); return entry;