From patchwork Thu Dec 15 14:49:50 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
X-Patchwork-Id: 9476359
Return-Path: <intel-sgx-kernel-dev-bounces@lists.01.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	0AACA60825 for <patchwork-intel-sgx@patchwork.kernel.org>;
	Thu, 15 Dec 2016 14:50:12 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 046D12877D
	for <patchwork-intel-sgx@patchwork.kernel.org>;
	Thu, 15 Dec 2016 14:50:12 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id ED0C7287B7; Thu, 15 Dec 2016 14:50:11 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE
	autolearn=ham version=3.3.1
Received: from ml01.01.org (ml01.01.org [198.145.21.10])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 96D552877D
	for <patchwork-intel-sgx@patchwork.kernel.org>;
	Thu, 15 Dec 2016 14:50:11 +0000 (UTC)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 5E26A81FB1
	for <patchwork-intel-sgx@patchwork.kernel.org>;
	Thu, 15 Dec 2016 06:50:11 -0800 (PST)
X-Original-To: intel-sgx-kernel-dev@lists.01.org
Delivered-To: intel-sgx-kernel-dev@lists.01.org
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ml01.01.org (Postfix) with ESMTPS id 152DC81FB1
	for <intel-sgx-kernel-dev@lists.01.org>;
	Thu, 15 Dec 2016 06:50:10 -0800 (PST)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
	by fmsmga105.fm.intel.com with ESMTP; 15 Dec 2016 06:50:09 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos; i="5.33,352,1477983600"; d="scan'208";
	a="1072421232"
Received: from gstoettn-mobl2.ger.corp.intel.com (HELO localhost)
	([10.252.55.163])
	by orsmga001.jf.intel.com with ESMTP; 15 Dec 2016 06:50:07 -0800
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: intel-sgx-kernel-dev@lists.01.org
Date: Thu, 15 Dec 2016 16:49:50 +0200
Message-Id: <20161215144959.31245-2-jarkko.sakkinen@linux.intel.com>
X-Mailer: git-send-email 2.9.3
In-Reply-To: <20161215144959.31245-1-jarkko.sakkinen@linux.intel.com>
References: <20161215144959.31245-1-jarkko.sakkinen@linux.intel.com>
Subject: [intel-sgx-kernel-dev] [PATCH v9 01/10] intel_sgx: fallback more
	gracefully from EWB failure
X-BeenThere: intel-sgx-kernel-dev@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Project: Intel&reg; Software Guard Extensions for Linux*:
	https://01.org/intel-software-guard-extensions"
	<intel-sgx-kernel-dev.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/intel-sgx-kernel-dev>,
	<mailto:intel-sgx-kernel-dev-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/intel-sgx-kernel-dev/>
List-Post: <mailto:intel-sgx-kernel-dev@lists.01.org>
List-Help: <mailto:intel-sgx-kernel-dev-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/intel-sgx-kernel-dev>,
	<mailto:intel-sgx-kernel-dev-request@lists.01.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: intel-sgx-kernel-dev-bounces@lists.01.org
Sender: "intel-sgx-kernel-dev" <intel-sgx-kernel-dev-bounces@lists.01.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Fallback from EWB failure by killing the enclave by zeroing TCS PTEs
and kicking out threads instead of crashing the driver with BUG_ON().

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 drivers/platform/x86/intel_sgx_page_cache.c | 58 ++++++++++++++++++-----------
 1 file changed, 37 insertions(+), 21 deletions(-)

diff --git a/drivers/platform/x86/intel_sgx_page_cache.c b/drivers/platform/x86/intel_sgx_page_cache.c
index 8b1cc82..691c77a 100644
--- a/drivers/platform/x86/intel_sgx_page_cache.c
+++ b/drivers/platform/x86/intel_sgx_page_cache.c
@@ -195,9 +195,9 @@ static void sgx_etrack(struct sgx_epc_page *epc_page)
 	sgx_put_epc_page(epc);
 }
 
-static int sgx_ewb(struct sgx_encl *encl,
-		   struct sgx_encl_page *encl_page,
-		   struct page *backing)
+static int __sgx_ewb(struct sgx_encl *encl,
+		     struct sgx_encl_page *encl_page,
+		     struct page *backing)
 {
 	struct sgx_page_info pginfo;
 	void *epc;
@@ -218,12 +218,32 @@ static int sgx_ewb(struct sgx_encl *encl,
 	sgx_put_epc_page(epc);
 	kunmap_atomic((void *)(unsigned long)pginfo.srcpge);
 
-	if (ret != 0 && ret != SGX_NOT_TRACKED)
-		sgx_err(encl, "EWB returned %d\n", ret);
-
 	return ret;
 }
 
+static bool sgx_ewb(struct sgx_encl *encl,
+		    struct sgx_encl_page *entry,
+		    struct page *backing)
+{
+	int ret = __sgx_ewb(encl, entry, backing);
+
+	if (ret == SGX_NOT_TRACKED) {
+		/* slow path, IPI needed */
+		smp_call_function(sgx_ipi_cb, NULL, 1);
+		ret = __sgx_ewb(encl, entry, backing);
+	}
+
+	if (ret) {
+		/* make enclave inaccessible */
+		sgx_invalidate(encl);
+		smp_call_function(sgx_ipi_cb, NULL, 1);
+		sgx_err(encl, "EWB returned %d, enclave killed\n", ret);
+		return false;
+	}
+
+	return true;
+}
+
 void sgx_free_encl_page(struct sgx_encl_page *entry,
 		    struct sgx_encl *encl,
 		    unsigned int flags)
@@ -239,9 +259,9 @@ static void sgx_write_pages(struct sgx_encl *encl, struct list_head *src)
 	struct sgx_encl_page *tmp;
 	struct page *pages[SGX_NR_SWAP_CLUSTER_MAX + 1];
 	struct vm_area_struct *evma;
+	unsigned int free_flags;
 	int cnt = 0;
 	int i = 0;
-	int ret;
 
 	if (list_empty(src))
 		return;
@@ -304,20 +324,16 @@ static void sgx_write_pages(struct sgx_encl *encl, struct list_head *src)
 					 load_list);
 		list_del(&entry->load_list);
 
+		free_flags = 0;
+
 		evma = sgx_find_vma(encl, entry->addr);
 		if (evma) {
-			ret = sgx_ewb(encl, entry, pages[i]);
-			BUG_ON(ret != 0 && ret != SGX_NOT_TRACKED);
-			/* Only kick out threads with an IPI if needed. */
-			if (ret) {
-				smp_call_function(sgx_ipi_cb, NULL, 1);
-				BUG_ON(sgx_ewb(encl, entry, pages[i]));
-			}
+			if (sgx_ewb(encl, entry, pages[i]))
+				free_flags = SGX_FREE_SKIP_EREMOVE;
 			encl->secs_child_cnt--;
 		}
 
-		sgx_free_encl_page(entry, encl,
-				   evma ? SGX_FREE_SKIP_EREMOVE : 0);
+		sgx_free_encl_page(entry, encl, free_flags);
 		sgx_put_backing(pages[i++], evma);
 	}
 
@@ -326,13 +342,13 @@ static void sgx_write_pages(struct sgx_encl *encl, struct list_head *src)
 	    (encl->flags & SGX_ENCL_INITIALIZED)) {
 		pages[cnt] = sgx_get_backing(encl, &encl->secs_page);
 		if (!IS_ERR(pages[cnt])) {
-			ret = sgx_ewb(encl, &encl->secs_page,
-				      pages[cnt]);
-			BUG_ON(ret);
+			free_flags = 0;
+			if (sgx_ewb(encl, &encl->secs_page, pages[cnt]))
+				free_flags = SGX_FREE_SKIP_EREMOVE;
+
 			encl->flags |= SGX_ENCL_SECS_EVICTED;
 
-			sgx_free_encl_page(&encl->secs_page, encl,
-					      SGX_FREE_SKIP_EREMOVE);
+			sgx_free_encl_page(&encl->secs_page, encl, free_flags);
 			sgx_put_backing(pages[cnt], true);
 		}
 	}