Received: by 2002:a05:6a10:6006:0:0:0:0 with SMTP id w6csp515131pxa; Thu, 27 Aug 2020 08:22:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxFRy7ZZC2bf63zgoDCizlD4KH3RhXaMwIQS/Fsi4UPujB7PrnnmghYT7UfvnrOLWO1ZiRL X-Received: by 2002:aa7:d4cb:: with SMTP id t11mr20035084edr.223.1598541731947; Thu, 27 Aug 2020 08:22:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598541731; cv=none; d=google.com; s=arc-20160816; b=tzXQVSSoXgODgXW8pJZKr2gbh6bvujaCkaSPlBbVDVP7tPWm0vP4n4jg3BYyYMbG3l mufGAbyZydJ/xV8uFFmXkLkLG7xpdWAxsZQ/Pxmgcf7XitNjsoTXE1Xqn0RSjX38ojU7 i7h3ceKg9lOj4J2pV6+yJyOuZjeXSXv7o3Kiqn9SgNS00Fc7twEYCptO5Wq2nKxfnPQ5 Y+aXJco/GgipB9Aba6g6/qcx/aXbDJ+qcIANpWP2q3BSeDIl4EcY8ptzcnpQOCacMcST g39VT9XEGQ4OB47FldaM40MdW+mSi+giTwZTpAMb6w+5yf1rm+cUj0I94sW7Ye5tlgYA rcMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:ironport-sdr :ironport-sdr; bh=fJz+6cU7GmFfNu55GKKfeIq3iDrILDYc+7yjJAydD1g=; b=YAOsKIMU0bGJcN5S/4VdOf3ImMMw74Iz5Ku+QvIWtmk31XH0AOordH9iyECVC3cTlK DcIlqQi6N8LDkFs3GHXWMKDaPLETisAPJz8f3E3colpef1VQ4j2UpPiC94Ao3VE/Be/b V57Ou9WnACrhQSaPBifAGhcHkq53eaH3Hw7jyALOmq7khl6KaY6N24amgd571x5QR58G iQGf6DowChoziZI3o0NbKtdcFJpyWCkeqC9pD2if7PJg5zEccEnwXgITjZe4dX2m7SPQ IWFL2wDHuZN+9seUsIqFDHOlmlHl+y7NbiFa7uHAK06g+UeJSrGmR3rxjuMkWFdqIRDL bZEw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o25si1738638edq.502.2020.08.27.08.21.49; Thu, 27 Aug 2020 08:22:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727997AbgH0PVH (ORCPT + 99 others); Thu, 27 Aug 2020 11:21:07 -0400 Received: from mga05.intel.com ([192.55.52.43]:16015 "EHLO mga05.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728234AbgH0PUz (ORCPT ); Thu, 27 Aug 2020 11:20:55 -0400 IronPort-SDR: 55Yqlb798kOgvMHQZhnXcBcTdeo+Xo1dt6DAcqiTTA9gJTKHgeL2bFtI+NYg5rfBB8jtOfPZiU TBxlyZhVzsTw== X-IronPort-AV: E=McAfee;i="6000,8403,9726"; a="241320086" X-IronPort-AV: E=Sophos;i="5.76,359,1592895600"; d="scan'208";a="241320086" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Aug 2020 08:20:53 -0700 IronPort-SDR: 2ftvRexz4LzBoob2AWoL+hj30qCYj3C4kUREAoXxllKNIiFmgRvAhAGhznSW/hfX99yOfY3vov 1w/1LiuwvBTg== X-IronPort-AV: E=Sophos;i="5.76,359,1592895600"; d="scan'208";a="337196893" Received: from sjchrist-ice.jf.intel.com (HELO sjchrist-ice) ([10.54.31.34]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Aug 2020 08:20:52 -0700 Date: Thu, 27 Aug 2020 08:20:51 -0700 From: Sean Christopherson To: Nathaniel McCallum Cc: Jarkko Sakkinen , X86 ML , linux-sgx@vger.kernel.org, LKML , linux-kselftest@vger.kernel.org, Andrew Morton , Andy Shevchenko , asapek@google.com, Borislav Petkov , "Xing, Cedric" , chenalexchen@google.com, Conrad Parker , cyhanish@google.com, Dave Hansen , "Huang, Haitao" , Josh Triplett , "Huang, Kai" , "Svahn, Kai" , Keith Moyer , Christian Ludloff , Andy Lutomirski , Neil Horman , Patrick Uiterwijk , David Rientjes , Thomas Gleixner , yaozhangx@google.com Subject: Re: [PATCH v36 22/24] selftests/x86: Add a selftest for SGX Message-ID: <20200827152051.GB22351@sjchrist-ice> References: <20200716135303.276442-1-jarkko.sakkinen@linux.intel.com> <20200716135303.276442-23-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 27, 2020 at 12:47:04AM -0400, Nathaniel McCallum wrote: > > +int main(int argc, char *argv[], char *envp[]) > > +{ > > + struct sgx_enclave_exception exception; > > + struct vdso_symtab symtab; > > + Elf64_Sym *eenter_sym; > > + uint64_t result = 0; > > + struct encl encl; > > + unsigned int i; > > + void *addr; > > + > > + if (!encl_load("test_encl.elf", &encl)) > > + goto err; > > + > > + if (!encl_measure(&encl)) > > + goto err; > > + > > + if (!encl_build(&encl)) > > + goto err; > > + > > + /* > > + * An enclave consumer only must do this. > > + */ > > + for (i = 0; i < encl.nr_segments; i++) { > > + struct encl_segment *seg = &encl.segment_tbl[i]; > > + > > + addr = mmap((void *)encl.encl_base + seg->offset, seg->size, > > + seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0); > > My patch version is a bit behind (v32), but I suspect this still > applies. I discovered the following by accident. > > In the Enarx code base, this invocation succeeds: > mmap(0x200000000000, 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED | > MAP_FIXED, sgxfd, 0) > > However, this one fails with -EINVAL: > mmap(0x200000000000, 0x1000, PROT_READ | PROT_WRITE, > MAP_SHARED_VALIDATE | MAP_FIXED, sgxfd, 0) > > From man mmap: > > MAP_SHARED_VALIDATE (since Linux 4.15) > This flag provides the same behavior as MAP_SHARED > except that MAP_SHARED mappings ignore unknown > flags in flags. By contrast, when creating a mapping > using MAP_SHARED_VALIDATE, the kernel veri‐ > fies all passed flags are known and fails the > mapping with the error EOPNOTSUPP for unknown > flags. This mapping type is also required to be able to > use some mapping flags (e.g., MAP_SYNC). > > I can try again on a newer patch set tomorrow if need be. But the > documentation of mmap() doesn't match the behavior I'm seeing. A brief > look through the patch set didn't turn up anything obvious that could > be causing this. This is a bug in sgx_get_unmapped_area(). EPC must be mapped SHARED, and so MAP_PRIVATE is disallowed. The current check is: if (flags & MAP_PRIVATE) return -EINVAL; and the base "flags" are: #define MAP_SHARED 0x01 /* Share changes */ #define MAP_PRIVATE 0x02 /* Changes are private */ #define MAP_SHARED_VALIDATE 0x03 /* share + validate extension flags */ which causes the SGX check to interpret MAP_SHARED_VALIDATE as MAP_PRIVATE. The types are just that, types, not flag modifiers. So the SGX code needs to be: if ((flags & MAP_TYPE) == MAP_PRIVATE) return -EINVAL; or unsigned long map_type = (flags & MAP_TYPE); if (map_type != MAP_SHARED && map_type != MAP_SHARED_VALIDATE) return -EINVAL; Side topic, there is at least one existing bug of this nature, in mm/nommu.c. I'll send a patch for that and look for any other instances of the bad pattern.