| Message ID | 20190823020002.25550-1-sean.j.christopherson@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86/sgx: Fix ELDU MAC failures | expand |
On Thu, 2019-08-22 at 19:00 -0700, Sean Christopherson wrote: > Revert a change that directly propagates the page type from SECINFO into > encl_page->desc. encl_page->desc is a packed value, jamming the SECINFO > page_type sets bits that are intended for other uses. > > Specifically, bits 11:3 are used to store the VA offset when a page is > swapped out and are available for other uses when the page is resident > in the EPC. To allow overloading bits 11:3, the VA offset is cleared at > ELDU and so is not explicitly cleared at EWB, e.g. the VA offset is OR'd > into encl_page->desc. As a result, a subsequent ELDU gets a MAC failure > due to loading the wrong VA offset. > > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> > --- > arch/x86/kernel/cpu/sgx/driver/ioctl.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/cpu/sgx/driver/ioctl.c b/arch/x86/kernel/cpu/sgx/driver/ioctl.c > index 85e36e530baf..355ce967a77f 100644 > --- a/arch/x86/kernel/cpu/sgx/driver/ioctl.c > +++ b/arch/x86/kernel/cpu/sgx/driver/ioctl.c > @@ -140,7 +140,8 @@ static struct sgx_encl_page *sgx_encl_page_alloc(struct sgx_encl *encl, > return ERR_PTR(-ENOMEM); > > encl_page->desc = addr; > - encl_page->desc |= page_type; > + if (page_type == SGX_SECINFO_TCS) > + encl_page->desc |= SGX_ENCL_PAGE_TCS; > encl_page->encl = encl; Oops. How embrassing from my side. Please also ignore my original review comment about unreadability. The parameter type was right and everything was right. I was just blind for a while. This is exactly how it should be e.g. no boolean parameter. I think with most of this kind of APIs we should follow a patttern the API takes PT and the function does whatever encoding we have. /Jarkko
On Fri, 2019-08-23 at 16:35 +0300, Jarkko Sakkinen wrote: > On Thu, 2019-08-22 at 19:00 -0700, Sean Christopherson wrote: > > Revert a change that directly propagates the page type from SECINFO into > > encl_page->desc. encl_page->desc is a packed value, jamming the SECINFO > > page_type sets bits that are intended for other uses. > > > > Specifically, bits 11:3 are used to store the VA offset when a page is > > swapped out and are available for other uses when the page is resident > > in the EPC. To allow overloading bits 11:3, the VA offset is cleared at > > ELDU and so is not explicitly cleared at EWB, e.g. the VA offset is OR'd > > into encl_page->desc. As a result, a subsequent ELDU gets a MAC failure > > due to loading the wrong VA offset. > > > > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> > > --- > > arch/x86/kernel/cpu/sgx/driver/ioctl.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/arch/x86/kernel/cpu/sgx/driver/ioctl.c b/arch/x86/kernel/cpu/sgx/driver/ioctl.c > > index 85e36e530baf..355ce967a77f 100644 > > --- a/arch/x86/kernel/cpu/sgx/driver/ioctl.c > > +++ b/arch/x86/kernel/cpu/sgx/driver/ioctl.c > > @@ -140,7 +140,8 @@ static struct sgx_encl_page *sgx_encl_page_alloc(struct sgx_encl *encl, > > return ERR_PTR(-ENOMEM); > > > > encl_page->desc = addr; > > - encl_page->desc |= page_type; > > + if (page_type == SGX_SECINFO_TCS) > > + encl_page->desc |= SGX_ENCL_PAGE_TCS; > > encl_page->encl = encl; > > Oops. How embrassing from my side. Please also ignore my original review > comment about unreadability. The parameter type was right and everything > was right. I was just blind for a while. > > This is exactly how it should be e.g. no boolean parameter. I think with > most of this kind of APIs we should follow a patttern the API takes PT > and the function does whatever encoding we have. In any case the issue is fixed now on my tree and I also rewrote commit message for the driver. /Jarkko
On Fri, 2019-08-23 at 16:39 +0300, Jarkko Sakkinen wrote: > On Fri, 2019-08-23 at 16:35 +0300, Jarkko Sakkinen wrote: > > On Thu, 2019-08-22 at 19:00 -0700, Sean Christopherson wrote: > > > Revert a change that directly propagates the page type from SECINFO into > > > encl_page->desc. encl_page->desc is a packed value, jamming the SECINFO > > > page_type sets bits that are intended for other uses. > > > > > > Specifically, bits 11:3 are used to store the VA offset when a page is > > > swapped out and are available for other uses when the page is resident > > > in the EPC. To allow overloading bits 11:3, the VA offset is cleared at > > > ELDU and so is not explicitly cleared at EWB, e.g. the VA offset is OR'd > > > into encl_page->desc. As a result, a subsequent ELDU gets a MAC failure > > > due to loading the wrong VA offset. > > > > > > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> > > > --- > > > arch/x86/kernel/cpu/sgx/driver/ioctl.c | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/arch/x86/kernel/cpu/sgx/driver/ioctl.c b/arch/x86/kernel/cpu/sgx/driver/ioctl.c > > > index 85e36e530baf..355ce967a77f 100644 > > > --- a/arch/x86/kernel/cpu/sgx/driver/ioctl.c > > > +++ b/arch/x86/kernel/cpu/sgx/driver/ioctl.c > > > @@ -140,7 +140,8 @@ static struct sgx_encl_page *sgx_encl_page_alloc(struct sgx_encl *encl, > > > return ERR_PTR(-ENOMEM); > > > > > > encl_page->desc = addr; > > > - encl_page->desc |= page_type; > > > + if (page_type == SGX_SECINFO_TCS) > > > + encl_page->desc |= SGX_ENCL_PAGE_TCS; > > > encl_page->encl = encl; > > > > Oops. How embrassing from my side. Please also ignore my original review > > comment about unreadability. The parameter type was right and everything > > was right. I was just blind for a while. > > > > This is exactly how it should be e.g. no boolean parameter. I think with > > most of this kind of APIs we should follow a patttern the API takes PT > > and the function does whatever encoding we have. > > In any case the issue is fixed now on my tree and I also rewrote commit > message for the driver. The stress test that I've been using is temporarily broken ATM so could not exercise the code path. /Jarkko
diff --git a/arch/x86/kernel/cpu/sgx/driver/ioctl.c b/arch/x86/kernel/cpu/sgx/driver/ioctl.c index 85e36e530baf..355ce967a77f 100644 --- a/arch/x86/kernel/cpu/sgx/driver/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/driver/ioctl.c @@ -140,7 +140,8 @@ static struct sgx_encl_page *sgx_encl_page_alloc(struct sgx_encl *encl, return ERR_PTR(-ENOMEM); encl_page->desc = addr; - encl_page->desc |= page_type; + if (page_type == SGX_SECINFO_TCS) + encl_page->desc |= SGX_ENCL_PAGE_TCS; encl_page->encl = encl; /* Calculate maximum of the VM flags for the page. */
Revert a change that directly propagates the page type from SECINFO into encl_page->desc. encl_page->desc is a packed value, jamming the SECINFO page_type sets bits that are intended for other uses. Specifically, bits 11:3 are used to store the VA offset when a page is swapped out and are available for other uses when the page is resident in the EPC. To allow overloading bits 11:3, the VA offset is cleared at ELDU and so is not explicitly cleared at EWB, e.g. the VA offset is OR'd into encl_page->desc. As a result, a subsequent ELDU gets a MAC failure due to loading the wrong VA offset. Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> --- arch/x86/kernel/cpu/sgx/driver/ioctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)