Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1683872imm; Mon, 3 Sep 2018 06:55:12 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdbc0XIVVf3ctos+MEehayBEyD7gqd/ZGiKsiPApZ2AWAgMFQUAVDbrhTBry5LIxzrIlSvsZ X-Received: by 2002:a63:2043:: with SMTP id r3-v6mr26431906pgm.105.1535982912557; Mon, 03 Sep 2018 06:55:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535982912; cv=none; d=google.com; s=arc-20160816; b=HK66xUrzkdduhk5bZupk25qFUYiqqXPJPNyf3X1186I75dU9u3w4svNe4Y/lW3VJV8 eR1v80T6F1EkqC2TDhqb8GGvg0zy5m6z1eyoT0PRVDbJT98UU67WfVzUL19qY6dwpK5V vH3yfRMUMoayXDKjo58/e0bn0sktCeXiTkseA3zlk4hRy+NYci21cI0lO/gpusICvY4I qKdocTYw/W5TWQ3wqruaMgjkoApZtLv68x7TQ2EFW7vswUJ2ivYhfLbnhTf9srzNCZuF Ru+wEelJro+9SEDaq1EFHpRAokuom/UkogKuIiQCXhECqZ0qED4tv+hBkypY/ITbWbES px7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=6xcTXqcMU+HhceDa3bRTyo6Qhz1Qk0LRrqzAUw1Yzlo=; b=f/+fsNN163CJUk2T4hez10o9/upgWOhnC5OU9bBZpXS/CEfuEXcsdSQyqYm8WAbrot nF3F5YO5s6FMXDjSSxKIjNsBQhoFomjsFrWtulb9g+m04bNoktzgDytKx1aK0ipsstM3 z6nAy9nXyGmOyWCI8k9nMzrDlajYO6tOtxhrEUMkzEG24L0g1c4coU/UvrsvFFJIkn3E IbXGpMY/BmoD4Q2dkNax/rIg38E7H6Vx2ngEkJpjNmNnqXyzhRLdEoTtJ42q86lnUttB 5aKVDiECiSVUspNGV5JyKzkSiPml7rVB+nxB0G67/93vrodHFkx4fkYZ+t0uRmKnZrm+ dU+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=c9l362xF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d92-v6si10964237pld.75.2018.09.03.06.54.57; Mon, 03 Sep 2018 06:55:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=c9l362xF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727522AbeICSOJ (ORCPT + 99 others); Mon, 3 Sep 2018 14:14:09 -0400 Received: from mail-oi0-f67.google.com ([209.85.218.67]:40573 "EHLO mail-oi0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727057AbeICSOI (ORCPT ); Mon, 3 Sep 2018 14:14:08 -0400 Received: by mail-oi0-f67.google.com with SMTP id l202-v6so1083680oig.7 for ; Mon, 03 Sep 2018 06:53:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6xcTXqcMU+HhceDa3bRTyo6Qhz1Qk0LRrqzAUw1Yzlo=; b=c9l362xFRM4hVRFS0zCaTBxKUBkASO5UGyj3ZlaB53F0aRZ+ajsl9vghD4romCf1Zk sPvUktca+8TUYWeVpT3kUixv3sWATbQf7QL68jxeH6vgGI7X37R0VTfpTL3fs4eZR4b4 p3lRHHUkt1kUGZs4lfJQKoyzTJoTMdSP2KI9h9UHQKNkusc3qRJr/fHlWS6nPeC8nQDm 9ygT2QI0TKM3W6OYSdUrT2NEtlBzQgz3q3Ql6kEpj7f3xtQuRHdxCDeitEIjRV136K0L tlTSAcPa0B1f6cMAOkgaYHLl85av4EF9uu731UPAQ3/dK803nh6u2+1rcCQ6KlaebU0u PzZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6xcTXqcMU+HhceDa3bRTyo6Qhz1Qk0LRrqzAUw1Yzlo=; b=pevoukIJlBwV+5bMSOZr8sGDpqL6xPkMTIqnblGPwZAiKlNkCUkMsXnjueJZyw2ErJ EP6mjR7kQ5YFR5c/2jAE05G5j5iPotqSSrRxwJ5WVhte+I9BLdWYuo7bD1klTP5Kk5td 0cFcNlJIOi3NMc06p5o/u4cmdPFM7VGNrGugXzxm0tVoEhqZEgpnmIqqd/r9P/v51PAx j82oaVdAWWPFtSryEkJFGZmVakZ4IBVO2FmMx0h/QMi27tCEz3MwQ1FkZiiOVmezZdlC af3PMeJXTKF+Fx8rGjMMwCdgQ/VABLst7G5wpzD2faFP9K5gG15mRFPjdg9/SqcXqbXL BwcA== X-Gm-Message-State: APzg51CdiVJPAhBlk0+lwFOKJgvktJTtC6D+u3xVgfdyz2SgLa2UITVE C/EddhnsFyzzdFFaGcV+8gkLFHXddhz/v3x4OKRLlw== X-Received: by 2002:aca:a94c:: with SMTP id s73-v6mr18958055oie.68.1535982830640; Mon, 03 Sep 2018 06:53:50 -0700 (PDT) MIME-Version: 1.0 References: <20180827185507.17087-1-jarkko.sakkinen@linux.intel.com> <20180827185507.17087-11-jarkko.sakkinen@linux.intel.com> In-Reply-To: <20180827185507.17087-11-jarkko.sakkinen@linux.intel.com> From: Jann Horn Date: Mon, 3 Sep 2018 15:53:24 +0200 Message-ID: Subject: Re: [PATCH v13 10/13] x86/sgx: Add sgx_einit() for initializing enclaves To: jarkko.sakkinen@linux.intel.com Cc: "the arch/x86 maintainers" , platform-driver-x86@vger.kernel.org, Dave Hansen , sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, linux-sgx@vger.kernel.org, Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , suresh.b.siddha@intel.com, serge.ayoun@intel.com, kernel list Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 3, 2018 at 3:33 PM Jarkko Sakkinen wrote: > > From: Sean Christopherson > > Add a function to perform ENCLS(EINIT), which initializes an enclave, > which can be used by a driver for running enclaves and VMMs. > > Writing the LE hash MSRs is extraordinarily expensive, e.g. 3-4x slower > than normal MSRs, so we use a per-cpu cache to track the last known value > of the MSRs to avoid unnecessarily writing the MSRs with the current value. > > Signed-off-by: Sean Christopherson > Co-developed-by: Jarkko Sakkinen > Signed-off-by: Jarkko Sakkinen [...] > +/** > + * sgx_einit - initialize an enclave > + * @sigstruct: a pointer to the SIGSTRUCT > + * @token: a pointer to the EINITTOKEN > + * @secs_page: a pointer to the SECS EPC page > + * @lepubkeyhash: the desired value for IA32_SGXLEPUBKEYHASHx MSRs > + * > + * Try to perform EINIT operation. If the MSRs are writable, they are updated > + * according to @lepubkeyhash. > + * > + * Return: > + * 0 on success, > + * -errno on failure > + * SGX error code if EINIT fails > + */ > +int sgx_einit(struct sgx_sigstruct *sigstruct, struct sgx_einittoken *token, > + struct sgx_epc_page *secs_page, u64 lepubkeyhash[4]) > +{ > + struct sgx_lepubkeyhash __percpu *cache; > + bool cache_valid; > + int i, ret; > + > + if (!sgx_lc_enabled) > + return __einit(sigstruct, token, sgx_epc_addr(secs_page)); > + > + cache = per_cpu(sgx_lepubkeyhash_cache, smp_processor_id()); At this point, preemption must be off, because smp_processor_id() is called; I don't think it is off here? If you have hardware/emulation on which you can test this, you may want to test your patches with DEBUG_PREEMPT enabled. > + if (!cache) { > + cache = kzalloc(sizeof(struct sgx_lepubkeyhash), GFP_KERNEL); But then here you do a GFP_KERNEL allocation, which can sleep. Also: After "cache" has been allocated in this branch, when do you store the reference to it? As far as I can tell, you never write to sgx_lepubkeyhash_cache, and the allocation just leaks. > + if (!cache) > + return -ENOMEM; > + } > + > + cache_valid = cache->pm_cnt == sgx_pm_cnt; The cache should probably not be treated as valid if it has just been created and only contains zeroes, right? > + cache->pm_cnt = sgx_pm_cnt; Can sgx_pm_cnt be modified concurrently? If so, please use at least READ_ONCE() to document that and prevent the compiler from doing weird stuff. > + preempt_disable(); And here you turn off preemption, but it should already have been off? > + for (i = 0; i < 4; i++) { > + if (cache_valid && lepubkeyhash[i] == cache->msrs[i]) > + continue; > + > + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + i, lepubkeyhash[i]); > + cache->msrs[i] = lepubkeyhash[i]; > + } > + ret = __einit(sigstruct, token, sgx_epc_addr(secs_page)); > + preempt_enable(); > + return ret; > +} > +EXPORT_SYMBOL(sgx_einit); > +