From patchwork Mon Dec 5 17:46:16 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 9461255 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id ADFC26071F for ; Mon, 5 Dec 2016 17:46:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9920E27E78 for ; Mon, 5 Dec 2016 17:46:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8DF4827F10; Mon, 5 Dec 2016 17:46:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 29BEE27E78 for ; Mon, 5 Dec 2016 17:46:19 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 3CCBB81FDF for ; Mon, 5 Dec 2016 09:46:19 -0800 (PST) X-Original-To: intel-sgx-kernel-dev@lists.01.org Delivered-To: intel-sgx-kernel-dev@lists.01.org Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id F069481FDF for ; Mon, 5 Dec 2016 09:46:17 -0800 (PST) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP; 05 Dec 2016 09:46:17 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,305,1477983600"; d="scan'208";a="13900908" Received: from orsmsx109.amr.corp.intel.com ([10.22.240.7]) by orsmga002.jf.intel.com with ESMTP; 05 Dec 2016 09:46:17 -0800 Received: from orsmsx153.amr.corp.intel.com (10.22.226.247) by ORSMSX109.amr.corp.intel.com (10.22.240.7) with Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 5 Dec 2016 09:46:17 -0800 Received: from orsmsx108.amr.corp.intel.com ([169.254.2.107]) by ORSMSX153.amr.corp.intel.com ([10.22.226.247]) with mapi id 14.03.0248.002; Mon, 5 Dec 2016 09:46:16 -0800 From: "Christopherson, Sean J" To: 'Jarkko Sakkinen' , "intel-sgx-kernel-dev@lists.01.org" Thread-Topic: [intel-sgx-kernel-dev] [PATCH v6 6/8] intel_sgx: disallow VMA reconfiguration after EPC pages have been added Thread-Index: AQHSTl4C/z7VXKCe9UuzKLEx9e32qKD5n6Bw Date: Mon, 5 Dec 2016 17:46:16 +0000 Message-ID: <37306EFA9975BE469F115FDE982C075B9B69682D@ORSMSX108.amr.corp.intel.com> References: <20161204184044.21031-1-jarkko.sakkinen@linux.intel.com> <20161204184044.21031-7-jarkko.sakkinen@linux.intel.com> In-Reply-To: <20161204184044.21031-7-jarkko.sakkinen@linux.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_IC x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMjA0ZWVhNTEtYTkzYi00NzA1LWI0NTItN2VlODRkMmE5MjAwIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6ImtxRElnTU9Vb0xpSU4yYUNyeGVvdzJ2ZCsxRVFqbGtCdGQ2Mlc0ZmFhdjA9In0= x-originating-ip: [10.22.254.138] MIME-Version: 1.0 Subject: Re: [intel-sgx-kernel-dev] [PATCH v6 6/8] intel_sgx: disallow VMA reconfiguration after EPC pages have been added X-BeenThere: intel-sgx-kernel-dev@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Project: Intel® Software Guard Extensions for Linux*: https://01.org/intel-software-guard-extensions" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: intel-sgx-kernel-dev-bounces@lists.01.org Sender: "intel-sgx-kernel-dev" X-Virus-Scanned: ClamAV using ClamSMTP Jarkko Sakkinen wrote: >> Do not allow VMA reconfiguration after EPC pages are added because SGX1 >> permissions are static. The policy might be easened with SGX2 (EMODP) but it >> is better to start with this because in SGX1 the PTE permissions and EPCM >> permissions must be in-sync. This patch breaks user space. The SDK adds all pages via the SGX ioctl before calling mprotect to set its paging permissions. All code related to SGX_ENCL_PAGES_ADDED needs to be removed, the rest of the patch is good. The commit message also needs to be reworked since the resulting patch is basically just replacing vma_cnt with SGX_ENCL_INVALIDATED; or maybe just merge this patch with the next patch, "intel_sgx: invalidate enclave when the user threads cease to exist". e.g. apply this on top of the patch diff --git a/intel_sgx.h b/intel_sgx.h index 35c03fc..a891176 100644 --- a/intel_sgx.h +++ b/intel_sgx.h @@ -130,8 +130,7 @@ enum sgx_encl_flags { SGX_ENCL_DEBUG = BIT(1), SGX_ENCL_SECS_EVICTED = BIT(2), SGX_ENCL_SUSPEND = BIT(3), - SGX_ENCL_PAGES_ADDED = BIT(4), - SGX_ENCL_INVALIDATED = BIT(5), + SGX_ENCL_INVALIDATED = BIT(4), }; struct sgx_encl { diff --git a/intel_sgx_ioctl.c b/intel_sgx_ioctl.c index 0c3fd29..6ab67ea 100644 --- a/intel_sgx_ioctl.c +++ b/intel_sgx_ioctl.c @@ -736,7 +736,6 @@ out: } else { ret = encl_rb_insert(&encl->encl_rb, encl_page); WARN_ON(ret); - encl->flags |= SGX_ENCL_PAGES_ADDED; } mutex_unlock(&encl->lock); diff --git a/intel_sgx_vma.c b/intel_sgx_vma.c index 4515cc3..517085d 100644 --- a/intel_sgx_vma.c +++ b/intel_sgx_vma.c @@ -81,11 +81,10 @@ static void sgx_vma_open(struct vm_area_struct *vma) } /* Invalidate enclave when the process has been forked for the first - * time or pages have been added because PTEs must bee in sync with - * the EPCM entries. + * time. */ mutex_lock(&encl->lock); - if (encl->mm != vma->vm_mm || (encl->flags & SGX_ENCL_PAGES_ADDED)) { + if (encl->mm != vma->vm_mm) { encl->flags |= SGX_ENCL_INVALIDATED; zap_vma_ptes(vma, vma->vm_start, vma->vm_end - vma->vm_start); vma->vm_private_data = NULL;