Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp35485pxb; Tue, 12 Jan 2021 19:13:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJxjWJ26RUFdzIMlKZxKZly2SNz5HQjNQyTlm0dY3VUYgdWsxEW/ygAXGqW4DFH0FDoQ4K0D X-Received: by 2002:aa7:c358:: with SMTP id j24mr91115edr.265.1610507624114; Tue, 12 Jan 2021 19:13:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610507624; cv=none; d=google.com; s=arc-20160816; b=CXut4eXYmkFqKyfg8K3ngYev1DrBhnLdT9pmt7x9/o8Gz5DNkiHimottEoZFtuYD+8 FT6SseSc5hUtpBmzmCok66L4KdLi/G+BClrWduRXmwJoozoLmLX8wrhjIE4rTO7faW7B 5Jh60M2+hPYoAttQIEEEvWRKJqOymWpuhoAMBKc1Qu8AVe9981qw1ecd2scEvmPRPKSz 4U4VydqiUGOBiqJN8qbXUrJf2vUr/r2P3LLgD8q/RYzt7yCA76duEakRbgSZYrxWsAXK epO559mO7YZ0sFodqDDTnFeWONAblVY6dWksT/2jM9QF3Pkr6tCG2m0EbruUfKtsGFpc stMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:from:cc:to:subject:ironport-sdr :ironport-sdr; bh=BehBj86jmG6BX+yOftTld5IJ3zViei4dE1yjUXDfofo=; b=dJE2ZCMjnuVSOUoWlI94/Xfqt1YuyGkqMaAB2CT8NGxTFdKLsT9931K0X95Lk5jxqf 5avcpGoJRmIPNIq+gSh8pnnlWZg4fP4z4+GAvgbIZrCritiJxFm59Ph83IZEByu8ao+9 EubXuVxIyf8fvGFxdmjUPZW8L6+/Cjknd1o+J2Qa6p8BD2KWZ84IcnbhFIUIfAoZjzU8 +Xb6+UXeam7Al5xcXw6f/ystSuX64FV7ldfLmfuPs2ErwuDb9+oDWsJIC7Ve3rom2pdm TKtZzej8qwUpsDcA+kHKIvj2PiQ2oe7WwTx+sZHhaavgj0MpYXnikLhC5sMz8TiR+68n pbMQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b11si290447ede.511.2021.01.12.19.13.20; Tue, 12 Jan 2021 19:13:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728776AbhALW1Z (ORCPT + 99 others); Tue, 12 Jan 2021 17:27:25 -0500 Received: from mga11.intel.com ([192.55.52.93]:29642 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731556AbhALW1Q (ORCPT ); Tue, 12 Jan 2021 17:27:16 -0500 IronPort-SDR: hKDgy7C2eC8aSIt4K4ydXLxkdQJeaoag/qDaebA9eGy9w4D3viSjaJtJYhirdCmnetzwCnXUtp Ommze/Sr5Etg== X-IronPort-AV: E=McAfee;i="6000,8403,9862"; a="174607976" X-IronPort-AV: E=Sophos;i="5.79,342,1602572400"; d="scan'208";a="174607976" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jan 2021 14:25:30 -0800 IronPort-SDR: roAGRNnfSbrWZcjWKNrcgJGEtlLIF7QYFZve01w7PrcT7yV6qzchbLM4yH8BQVuPQzeengeo/x nI1WQf31dyaw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.79,342,1602572400"; d="scan'208";a="363670765" Received: from viggo.jf.intel.com (HELO localhost.localdomain) ([10.54.77.144]) by orsmga002.jf.intel.com with ESMTP; 12 Jan 2021 14:25:29 -0800 Subject: [PATCH] x86/sgx: rename and document SGX bit lock To: linux-kernel@vger.kernel.org Cc: Dave Hansen , sean.j.christopherson@intel.com, jarkko@kernel.org, bp@suse.de, x86@kernel.org From: Dave Hansen Date: Tue, 12 Jan 2021 14:19:01 -0800 Message-Id: <20210112221901.2CE31C8E@viggo.jf.intel.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org SGX ioctl() calls are serialized with a lock. It's a weird open-coded lock that is not even called a "lock". That makes it a weird beast, but Sean has convinced me it's a good idea without better alternatives. Give the lock bit a better name, and document what it actually trying to do. Cc: Sean Christopherson Cc: Jarkko Sakkinen Cc: Borislav Petkov Cc: x86@kernel.org --- b/arch/x86/kernel/cpu/sgx/encl.h | 2 +- b/arch/x86/kernel/cpu/sgx/ioctl.c | 19 ++++++++++++++++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff -puN arch/x86/kernel/cpu/sgx/ioctl.c~sgx-encl-flags arch/x86/kernel/cpu/sgx/ioctl.c --- a/arch/x86/kernel/cpu/sgx/ioctl.c~sgx-encl-flags 2021-01-12 14:02:24.480689006 -0800 +++ b/arch/x86/kernel/cpu/sgx/ioctl.c 2021-01-12 14:02:24.486689006 -0800 @@ -690,8 +690,21 @@ long sgx_ioctl(struct file *filep, unsig struct sgx_encl *encl = filep->private_data; int ret; - if (test_and_set_bit(SGX_ENCL_IOCTL, &encl->flags)) - return -EBUSY; + /* + * Behold, the Big SGX Lock + * + * The primary function of this "lock" is to actively discourage + * attempts at multi-threaded enclave management. Enclave management + * is fundamentally a single-threaded affair. Enclave measurement, + * for instance would be worthless if two ADD_PAGES instances raced + * and occurred in different orders. + * + * encl->lock is ill suited for this because it would need to be + * conditionally dropped and reqacuired for operations like enclave + * page allocation and reclaim. + */ + if (test_and_set_bit(SGX_ENCL_IOCTL_LOCK, &encl->flags)) + return -EINVAL; switch (cmd) { case SGX_IOC_ENCLAVE_CREATE: @@ -711,6 +724,6 @@ long sgx_ioctl(struct file *filep, unsig break; } - clear_bit(SGX_ENCL_IOCTL, &encl->flags); + clear_bit(SGX_ENCL_IOCTL_LOCK, &encl->flags); return ret; } diff -puN arch/x86/kernel/cpu/sgx/encl.h~sgx-encl-flags arch/x86/kernel/cpu/sgx/encl.h --- a/arch/x86/kernel/cpu/sgx/encl.h~sgx-encl-flags 2021-01-12 14:02:24.482689006 -0800 +++ b/arch/x86/kernel/cpu/sgx/encl.h 2021-01-12 14:16:37.511686879 -0800 @@ -34,7 +34,7 @@ struct sgx_encl_page { }; enum sgx_encl_flags { - SGX_ENCL_IOCTL = BIT(0), + SGX_ENCL_IOCTL_LOCK = BIT(0), /* See sgx_ioctl() */ SGX_ENCL_DEBUG = BIT(1), SGX_ENCL_CREATED = BIT(2), SGX_ENCL_INITIALIZED = BIT(3), _