Re: [PATCH v38 16/24] x86/sgx: Add a page reclaimer

From: Jarkko Sakkinen
Date: Tue Sep 22 2020 - 10:03:40 EST


On Tue, Sep 22, 2020 at 12:45:38PM +0200, Borislav Petkov wrote:
> > + * %SGX_ENCL_PAGE_VA_OFFSET_MASK: Holds the offset in the Version Array
> > + * (VA) page for a swapped page.
> > * %SGX_ENCL_PAGE_ADDR_MASK: Holds the virtual address of the page.
> > *
> > * The page address for SECS is zero and is used by the subsystem to recognize
>
> ...

So what's wrong over here?

> > @@ -86,24 +123,34 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
> > {
> > unsigned long encl_size = secs->size + PAGE_SIZE;
> > struct sgx_epc_page *secs_epc;
> > + struct sgx_va_page *va_page;
> > struct sgx_pageinfo pginfo;
> > struct sgx_secinfo secinfo;
> > struct file *backing;
> > long ret;
> >
> > + va_page = sgx_encl_grow(encl);
> > + if (IS_ERR(va_page))
> > + return PTR_ERR(va_page);
> > + else if (va_page)
>
> Not "else" simply?
>
> AFAICT, sgx_encl_grow() would either return an ERR_PTR or the actual
> page...
>
> Also, should the growing happen *after* the SECS validation?

Yes, it would make sense. I'll move it.

> Let's add some comment blurb about "Write back/invalidate an EPC page"
> to at least start to explain what that "ewb" is.

OK, I'll try to write something understandable.

> > + spin_lock(&sgx_active_page_list_lock);
> > + for (i = 0; i < SGX_NR_TO_SCAN; i++) {
> > + if (list_empty(&sgx_active_page_list))
>
> Isn't it enough to do this once, i.e., not in the loop? You're holding
> sgx_active_page_list_lock...

I think that would make sense. Distantly analogous to the EINIT
discussion. Too complex code for yet to be known problem workloads I'd
say.


> > static void sgx_sanitize_section(struct sgx_epc_section *section)
>
> ...

Is this about documenting this function?

> --
> Regards/Gruss,
> Boris.
>
> https://people.kernel.org/tglx/notes-about-netiquette

Thanks, this was valuable feedback.

/Jarkko