Re: [PATCH] x86: sgx: Don't track poisoned pages for reclaiming
From: Huang, Kai
Date: Wed Feb 12 2025 - 05:38:45 EST
On 12/02/2025 12:31 pm, Dave Hansen wrote:
On 2/11/25 13:18, Huang, Kai wrote:
This requires low-level SGX implementation knowledge to fully
understand. Both what "ETRACK, EBLOCK and EWB" are in the first place,
how they are involved in reclaim and also why EREMOVE doesn't lead to
the same fate.
Does it? [I'll dig up Intel SDM to check this]
I just did. 🙂
It seems EREMOVE only reads and updates the EPCM entry for the target
EPC page but won't actually access that EPC page.
Actually, now that I think about it even more, why would ETRACK or
EBLOCK access the page itself? They seem superficially like they'd be
metadata-only too.
Looking at the pseudo code, AFAICT EBLOCK doesn't touch the EPC page
either, but ETRACK actually reads SECS (ETRACK must take SECS page as
input):
(* All processors must have completed the previous tracking cycle*)
IF ( (DS:RCX).TRACKING ≠ 0) )
......
Here the DS:RCX is the SECS page.
I think this also is consistent with what Andrew said:
"I haven't seen a crash in either of these (always in EWB), ..."
because a poisoned EPC page being regular enclave page has much higher
possibility. In fact, ETRACK only takes SECS page but I think the
chance that the kernel code can still reach ETRACK while SECS page is
poisoned should be just 0.