Re: [PATCH v38 16/24] x86/sgx: Add a page reclaimer

Tue, 22 Sep 2020 09:25:26 -0700 

On Tue, Sep 22, 2020 at 12:45:38PM +0200, Borislav Petkov wrote:
> On Tue, Sep 15, 2020 at 02:28:34PM +0300, Jarkko Sakkinen wrote:
> > + * %SGX_ENCL_PAGE_VA_OFFSET_MASK:  Holds the offset in the Version Array
> > + *                                 (VA) page for a swapped page.
> >   * %SGX_ENCL_PAGE_ADDR_MASK:               Holds the virtual address of 
> > the page.
> >   *
> >   * The page address for SECS is zero and is used by the subsystem to 
> > recognize
> 
> ...
> 
> > @@ -86,24 +123,34 @@ static int sgx_encl_create(struct sgx_encl *encl, 
> > struct sgx_secs *secs)
> >  {
> >     unsigned long encl_size = secs->size + PAGE_SIZE;
> >     struct sgx_epc_page *secs_epc;
> > +   struct sgx_va_page *va_page;
> >     struct sgx_pageinfo pginfo;
> >     struct sgx_secinfo secinfo;
> >     struct file *backing;
> >     long ret;
> >  
> > +   va_page = sgx_encl_grow(encl);
> > +   if (IS_ERR(va_page))
> > +           return PTR_ERR(va_page);
> > +   else if (va_page)
> 
> Not "else" simply?
> 
> AFAICT, sgx_encl_grow() would either return an ERR_PTR or the actual
> page...
> 

The "else if" is correct.  Version Array (VA) pages have 512 slots that hold
metadata for evicted EPC pages, i.e. swapping a page out of the EPC requires
a VA slot.  For simplicity (LOL), the approach we are taking for initial
support is to reserve a VA slot when adding a page to the enclave[*].  In most
cases, reserving a slot does not require allocating a new VA page, e.g. to
reserve slots 1-511 of the "current" VA page.   The if-elif is handling the
case where the current VA page is fully reserved and a new one needs to be
allocated. The if handles the error, the elif handles success, i.e.

        if (IS_ERR(va_page)) <- needed a new VA page, allocation failed
                return PTR_ERR(va_page);
        else if (va_page)    <- needed a new VA page, allocation succeeded
                list_add(&va_page->list, &encl->va_pages);
        else
                             <- reused the current VA page

When reusing a VA page, we obviously don't want to readd the page to the list
of va_pages, and the error handling path also shouldn't free the VA page.

> Also, should the growing happen *after* the SECS validation?
> 
> > +           list_add(&va_page->list, &encl->va_pages);
> > +
> >     if (sgx_validate_secs(secs)) {
> >             pr_debug("invalid SECS\n");
> > -           return -EINVAL;
> > +           ret = -EINVAL;
> > +           goto err_out_shrink;
> >     }

Reply via email to