From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: "intel-sgx-kernel-dev@lists.01.org"
<intel-sgx-kernel-dev@lists.01.org>,
"platform-driver-x86@vger.kernel.org"
<platform-driver-x86@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Darren Hart <dvhart@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Andy Shevchenko <andy@infradead.org>
Subject: Re: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions
Date: Tue, 12 Dec 2017 13:46:48 -0800 [thread overview]
Message-ID: <1513115208.27842.18.camel@intel.com> (raw)
In-Reply-To: <37306EFA9975BE469F115FDE982C075BC6B39E1D@ORSMSX108.amr.corp.intel.com>
On Fri, 2017-12-08 at 07:31 -0800, Christopherson, Sean J wrote:
> Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> wrote:
> > On Thu, Dec 07, 2017 at 02:46:39PM +0000, Christopherson, Sean J wrote:
> > > > + for (i = 0; i < 2; i++) {
> > > > + va_page = list_first_entry(&encl->va_pages,
> > > > + struct sgx_va_page, list);
> > > > + va_offset = sgx_alloc_va_slot(va_page);
> > > > + if (va_offset < PAGE_SIZE)
> > > > + break;
> > > > +
> > > > + list_move_tail(&va_page->list, &encl->va_pages);
> > > > + }
> > >
> > > This is broken, there is no guarantee that the next VA page will have
> > > a free slot. You have to walk over all VA pages to guarantee a slot
> > > is found, e.g. this caused EWB and ELDU errors.
> >
> > I did run some extensive stress tests on this and did not experience any
> > issues. Full VA pages are always put to the end. Please point me to the
> > test where this breaks so that I can fix the issue if it persists.
>
> Three VA pages in the enclave: A, B and C. Evict all pages in the
> enclave, i.e. consume all slots in A, B and C. The list can be in
> any order at this point, but for the sake of argument let's say the
> order is C->A->B, i.e. C was originally the last VA page in the list.
> Fault in page X, whose VA is in B. Evict X. This code looks at C
> and A, and finds no available slot, but continues with VA page A and
> a va_offset of PAGE_SIZE.
So it looks like you avoid the described case by moving B to the head of
the list in sgx_eldu. The bug I am seeing is still straightforward to
theorize:
1. Three VA pages. List = A->B->C
2. Fill A and B, use one entry in C. List = C->B->A
3. ELDU, freeing a slot in B. List = B->C->A
4. EWB, consuming the last slot in B. List = B->C->A
5. ELDU, freeing a slot in A. List = A->B->C
6. EWB, consuming the last slot in A. List = A->B->C
7. ELDU, but both A and B are full
8. Explode
next prev parent reply other threads:[~2017-12-12 21:48 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-07 1:54 [PATCH v7 0/8] Intel SGX Driver Jarkko Sakkinen
2017-12-07 1:54 ` Jarkko Sakkinen
2017-12-07 1:54 ` [PATCH v7 1/8] intel_sgx: updated MAINTAINERS Jarkko Sakkinen
2017-12-07 1:54 ` [PATCH v7 2/8] x86: add SGX definitions to cpufeature Jarkko Sakkinen
2017-12-07 1:54 ` [PATCH v7 3/8] x86: add SGX definitions to msr-index.h Jarkko Sakkinen
2017-12-07 1:54 ` [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions Jarkko Sakkinen
2017-12-07 14:46 ` [intel-sgx-kernel-dev] " Christopherson, Sean J
2017-12-07 16:05 ` Jarkko Sakkinen
2017-12-07 16:12 ` Jarkko Sakkinen
2017-12-08 15:31 ` Christopherson, Sean J
2017-12-14 12:42 ` Jarkko Sakkinen
2017-12-12 21:32 ` Sean Christopherson
2017-12-14 13:03 ` Jarkko Sakkinen
[not found] ` <37306EFA9975BE469F115FDE982C075BC6B39E1D@ORSMSX108.amr.corp.intel.com>
2017-12-12 21:46 ` Sean Christopherson [this message]
2017-12-14 13:10 ` Jarkko Sakkinen
2017-12-14 21:36 ` Christopherson, Sean J
2017-12-15 15:02 ` Jarkko Sakkinen
2017-12-12 7:42 ` Ayoun, Serge
2017-12-07 1:54 ` [PATCH v7 5/8] intel_sgx: ptrace() support Jarkko Sakkinen
2017-12-07 1:54 ` [PATCH v7 6/8] intel_sgx: driver documentation Jarkko Sakkinen
2017-12-07 1:54 ` Jarkko Sakkinen
2017-12-07 1:54 ` [PATCH v7 7/8] fs/pipe.c: export create_pipe_files() Jarkko Sakkinen
2017-12-07 1:54 ` Jarkko Sakkinen
2017-12-07 1:54 ` [PATCH v7 8/8] intel_sgx: in-kernel launch enclave Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1513115208.27842.18.camel@intel.com \
--to=sean.j.christopherson@intel.com \
--cc=andy@infradead.org \
--cc=dvhart@infradead.org \
--cc=hpa@zytor.com \
--cc=intel-sgx-kernel-dev@lists.01.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=platform-driver-x86@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.