Re: [PATCH v38 16/24] x86/sgx: Add a page reclaimer

From: Sean Christopherson
Date: Tue Sep 22 2020 - 12:24:44 EST


On Tue, Sep 22, 2020 at 12:45:38PM +0200, Borislav Petkov wrote:
> On Tue, Sep 15, 2020 at 02:28:34PM +0300, Jarkko Sakkinen wrote:
> > + * %SGX_ENCL_PAGE_VA_OFFSET_MASK: Holds the offset in the Version Array
> > + * (VA) page for a swapped page.
> > * %SGX_ENCL_PAGE_ADDR_MASK: Holds the virtual address of the page.
> > *
> > * The page address for SECS is zero and is used by the subsystem to recognize
>
> ...
>
> > @@ -86,24 +123,34 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
> > {
> > unsigned long encl_size = secs->size + PAGE_SIZE;
> > struct sgx_epc_page *secs_epc;
> > + struct sgx_va_page *va_page;
> > struct sgx_pageinfo pginfo;
> > struct sgx_secinfo secinfo;
> > struct file *backing;
> > long ret;
> >
> > + va_page = sgx_encl_grow(encl);
> > + if (IS_ERR(va_page))
> > + return PTR_ERR(va_page);
> > + else if (va_page)
>
> Not "else" simply?
>
> AFAICT, sgx_encl_grow() would either return an ERR_PTR or the actual
> page...
>

The "else if" is correct. Version Array (VA) pages have 512 slots that hold
metadata for evicted EPC pages, i.e. swapping a page out of the EPC requires
a VA slot. For simplicity (LOL), the approach we are taking for initial
support is to reserve a VA slot when adding a page to the enclave[*]. In most
cases, reserving a slot does not require allocating a new VA page, e.g. to
reserve slots 1-511 of the "current" VA page. The if-elif is handling the
case where the current VA page is fully reserved and a new one needs to be
allocated. The if handles the error, the elif handles success, i.e.

if (IS_ERR(va_page)) <- needed a new VA page, allocation failed
return PTR_ERR(va_page);
else if (va_page) <- needed a new VA page, allocation succeeded
list_add(&va_page->list, &encl->va_pages);
else
<- reused the current VA page

When reusing a VA page, we obviously don't want to readd the page to the list
of va_pages, and the error handling path also shouldn't free the VA page.

> Also, should the growing happen *after* the SECS validation?
>
> > + list_add(&va_page->list, &encl->va_pages);
> > +
> > if (sgx_validate_secs(secs)) {
> > pr_debug("invalid SECS\n");
> > - return -EINVAL;
> > + ret = -EINVAL;
> > + goto err_out_shrink;
> > }