From: Jarkko Sakkinen <jarkko@kernel.org>
To: Dave Hansen <dave.hansen@intel.com>
Cc: linux-sgx@vger.kernel.org,
Dave Hansen <dave.hansen@linux.intel.com>,
stable@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Jethro Beekman <jethro@fortanix.com>,
Sean Christopherson <seanjc@google.com>
Subject: Re: [PATCH v3] x86/sgx: Free backing memory after faulting the enclave page
Date: Sun, 20 Feb 2022 19:52:40 +0100 [thread overview]
Message-ID: <YhKN+LRD2vuhWhqB@iki.fi> (raw)
In-Reply-To: <8afec431-4dfc-d8df-152b-76cca0e17ccb@intel.com>
On Mon, Jan 31, 2022 at 03:30:52PM -0800, Dave Hansen wrote:
> On 1/26/22 23:01, Jarkko Sakkinen wrote:
> > On Sat, Jan 08, 2022 at 04:05:10PM +0200, Jarkko Sakkinen wrote:
> >> +static inline pgoff_t sgx_encl_get_backing_pcmd_nr(struct sgx_encl *encl, pgoff_t index)
> >> +{
> >> + return PFN_DOWN(encl->size) + 1 + (index / sizeof(struct sgx_pcmd));
> >> +}
> > Found it.
> >
> > This should be
> >
> > static inline pgoff_t sgx_encl_get_backing_pcmd_nr(struct sgx_encl *encl, pgoff_t index)
> > {
> > return PFN_DOWN(encl->size) + 1 + (index * PAGE_SIZE) / sizeof(struct sgx_pcmd);
> > }
>
> I've looked at this for about 10 minutes and been simultaneously
> confused as to whether it is right or wrong. That makes it
> automatically wrong. :)
>
> First, this isn't calculating a "PCMD number". It's calculating backing
> offset. The "PCMD number" calculation is only a part of it. I think
> that makes the naming rather sloppy.
>
> Second, I think the typing is sloppy. page_index for example:
>
> > static int __sgx_encl_eldu(struct sgx_encl_page *encl_page,
> > struct sgx_epc_page *epc_page,
> > struct sgx_epc_page *secs_page)
> > {
> ...
> > pgoff_t page_index;
>
> It's storing a page number:
>
> page_index = PFN_DOWN(encl->size);
>
> not a real offset-into-a-file. That makes it even more confusing when
> 'page_index' crosses a function boundary, gets renamed to 'index' and
> then its units get confused.
>
> /*
> * Given a page number within an enclave (@epc_page_nr), calculate the
> * offset in bytes into the backing file where that page's PCMD is
> * located.
> */
> -static inline pgoff_t sgx_encl_get_backing_pcmd_nr(struct sgx_encl
> *encl, pgoff_t index)
> +static inline pgoff_t sgx_page_nr_to_pcmd_nr(struct sgx_encl *encl,
> unsigned long epc_page_nr)
> {
> pgoff_t last_epc_offset = PFN_DOWN(encl->size);
> pgoff_t pcmd_offset;
>
> // The SECS page is stashed in a slot after the
> // last normal EPC page. Leave space for it:
> last_epc_offset++;
>
> pcmd_offset = epc_page_nr / sizeof(struct sgx_pcmd);
>
> return last_epc_offset + pcmd_offset;
> }
>
> Looking at that, I still think your *original* version is correct.
>
> Am I just all twisted around from looking at this code too much? Could
> you please take another look and send a new version of the patch?
Yeah, I will. It took me two weeks to make full remote attestation
implementation for SGX in Rust but at least I can confirm that all
the kernel bits work on that (and this will also help me to finish
the man page because it is pretty nasty to document it if you haven't
gone to the rabbit hole yourself).
I'll prioritize now to get SGX2 patches tested with Enarx implementation
but this 2nd thing in my kernel queue.
/Jarkko
next prev parent reply other threads:[~2022-02-20 18:52 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-08 14:05 [PATCH v3] x86/sgx: Free backing memory after faulting the enclave page Jarkko Sakkinen
2022-01-13 6:08 ` Reinette Chatre
2022-01-14 21:25 ` Jarkko Sakkinen
2022-01-17 8:30 ` Jarkko Sakkinen
2022-01-24 17:17 ` Dave Hansen
2022-01-26 13:31 ` Jarkko Sakkinen
2022-01-27 7:01 ` Jarkko Sakkinen
2022-01-31 23:30 ` Dave Hansen
2022-02-20 18:52 ` Jarkko Sakkinen [this message]
2022-02-20 18:58 ` Dave Hansen
2022-02-20 20:09 ` Jarkko Sakkinen
2022-02-20 20:42 ` Jarkko Sakkinen
2022-02-22 0:15 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YhKN+LRD2vuhWhqB@iki.fi \
--to=jarkko@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jethro@fortanix.com \
--cc=linux-sgx@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=seanjc@google.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.