Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp12955pxm; Tue, 22 Feb 2022 15:19:59 -0800 (PST) X-Google-Smtp-Source: ABdhPJxd6/SwA2XCRWodqi3NhpktqdG+pun7bsKaPi1m5Bic7do2R+dxlliyUrfbnqHuycjnMUjj X-Received: by 2002:a63:1858:0:b0:374:b3c2:2dee with SMTP id 24-20020a631858000000b00374b3c22deemr1000506pgy.97.1645571998680; Tue, 22 Feb 2022 15:19:58 -0800 (PST) Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gj18-20020a17090b109200b001bc6075ca7asi768757pjb.77.2022.02.22.15.19.42; Tue, 22 Feb 2022 15:19:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=gAZ00EHB; arc=fail (signature failed); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235172AbiBVTTt (ORCPT + 99 others); Tue, 22 Feb 2022 14:19:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51168 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235117AbiBVTTr (ORCPT ); Tue, 22 Feb 2022 14:19:47 -0500 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0953FBAB88; Tue, 22 Feb 2022 11:19:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1645557560; x=1677093560; h=message-id:date:subject:to:cc:references:from: in-reply-to:content-transfer-encoding:mime-version; bh=s2ZipIi5CuGfFLimKVt8w1E5Ug7gxsJrMK6khbD6qbk=; b=gAZ00EHBUq4pHxalJo3EQ3bqx8khtlz2OH5TP7yKDaTh4nyM8NhTQrhk LpY+1BQpWCZKY1S5JVyq5V5jZGKGN3jVySeE4eI/DA5raD8Brp0et0Mga /sVsX+ctV3bAsWNHawXBpsi60JUqTWYbXgYasuoDH1mkyzqvIOVgVPDLa sbpGsbTkjJrKpdfZaJEh/khscEQ05/6hj+fmatROF2QC0TRA2Y7Nmm1WO 5w2SnFiBue4c1aVgPiyzz3+p9036oQrXQV50pkSDsHI0yKpelioD3E+Oj 8+VvtVyMaRzpPGj2I7Gb6LDzPL4/kk2wj5L9dFQ4fNtDaG6kThzCW83A+ Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10266"; a="251980866" X-IronPort-AV: E=Sophos;i="5.88,387,1635231600"; d="scan'208";a="251980866" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Feb 2022 11:19:19 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,387,1635231600"; d="scan'208";a="706732049" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga005.jf.intel.com with ESMTP; 22 Feb 2022 11:19:19 -0800 Received: from orsmsx606.amr.corp.intel.com (10.22.229.19) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Tue, 22 Feb 2022 11:19:19 -0800 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Tue, 22 Feb 2022 11:19:19 -0800 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.170) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Tue, 22 Feb 2022 11:19:18 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XhYtkp1Rdtxt73NY0uPzml7ED9LpOIyjBMWZn2nyw29QXYnBT8NYwdWEw8pSIyANxigLv68IdcndGp6Etnhc56qftAV6kVozIh3bBlJd0o2We3oI12v5fHlHGjXCGGM5ETVGqpW+POWM7ED5gGskchQGh8EIzUTcqjVHCHyiGdw+xqnfIev5DaO0WAjAzSDMZg+p3ygtUbSgzlW8NlhkwERWNhWN+3kZ8aCwF0l6VdTTMCEJ5X7RS43vXDmWyoREHUIP6L3vwQAH9DRpEw3XPlaFPk3yrJnJOoFocT+2EfYiRy72FS9TunZje0kNR8GvijjR783M8ZyFeVRndz1zQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nFZVJgjsXlNCC/X7N9F6yXfOR7TBaD04lxNqI+IJNeo=; b=NUrAredJEtHAH5H/l38VR8Z9gOD0WjyTSzIKFP5oaNgBhPkuoZvgokflFMDUjMKHnRszpvACx0NICYZtVGvwwjeVHk7xo1e+9lbQFakJ5rkYmMWsLXOMAS6NMFHpt+6Ef2G/5iCwipMjlgBSzuuREqrdqo2mEWI0JOjQpNX3cSsHQhZhRuwskBJhLwmZ+saEvmBsExz0O4rUw1/IjX+k/Vqujqu2KViVuVnKzTfR8pD0YhqxZmEH8fiI5yaqTe5yokfAzHRkafKMbJ91DQT44/7fPq4n9QYfaFe76NN4zBxlimykJEdVUeBme+n+OKbzIW6Z8taNNUWABVk1ANpiXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; Received: from BN0PR11MB5744.namprd11.prod.outlook.com (2603:10b6:408:166::16) by CY4PR11MB1477.namprd11.prod.outlook.com (2603:10b6:910:b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.24; Tue, 22 Feb 2022 19:19:16 +0000 Received: from BN0PR11MB5744.namprd11.prod.outlook.com ([fe80::55e4:9a32:8e6f:4774]) by BN0PR11MB5744.namprd11.prod.outlook.com ([fe80::55e4:9a32:8e6f:4774%4]) with mapi id 15.20.4995.026; Tue, 22 Feb 2022 19:19:16 +0000 Message-ID: <80f3d7b9-e3d5-b2c0-7707-710bf6f5081e@intel.com> Date: Tue, 22 Feb 2022 11:19:11 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 Thunderbird/91.6.0 Subject: Re: [PATCH V2 19/32] x86/sgx: Support adding of pages to an initialized enclave Content-Language: en-US To: Jarkko Sakkinen CC: , , , , , , , , , , , , , , References: From: Reinette Chatre In-Reply-To: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-ClientProxiedBy: MW3PR06CA0005.namprd06.prod.outlook.com (2603:10b6:303:2a::10) To BN0PR11MB5744.namprd11.prod.outlook.com (2603:10b6:408:166::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8f00f804-5ff6-4635-8562-08d9f63837a3 X-MS-TrafficTypeDiagnostic: CY4PR11MB1477:EE_ X-LD-Processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qkWgEEB+i8CdCgkqMmg2PEBtGvWsg2c6U15W2ZdjIIorYV9+oys6bdM7WzG0tOBkaKRcdYgPw5WDlraO41jC98GTi1IBkPmKKL8/5oZ8pkwpqnzOUDX/jz2RergyoSvQpLjq8dNPVKACdbiRBoZyCGZwiHD2I6EGOx1AH3REcgwCmz89ua6rSlkMBysiQMKVEY3Qypu7JaJIHdzT12I9s6JqQmg64GfNqiJN8NIHBBo7g0/Zo8CXQetwnDWqnBY0zoa+xCoLT0tSBQYZpKScYrtXM+525+C7YUsuONq9+goivuWgIXfdzbNAkP44o7ZbAcKGey07fOYI9WiwIGoEPm4vI6jlHRGajLUhN7/p7XPMSdP24u9cX+TQdbJalKVRoy6EfrNC6B5Su+7b543RhV9rbYWl2ab3dLv64S6l9zI+X1+V8S5G8YRZttYr80Oe6QCqpVDa85KPxY6nEYK7j2s9AMLCdspM8qISHg7aIHY8pTSuOt0oMamjsCSHMh2ayoo4NyMXwgdB2LbqNAykfDrtHfgbQkPftXcC+OKpoYILyHC/hZUIwYwOV4LB/73uLSmWGEH2bCIm0nJ6BGEnMcpfbfxiLVX6qiNJUrDBO4Kl19KaE2sudoTT0eBTyOlxsf8uPZ2bbP/y9YTs1D4QKqmsw7lSBUp63exfB5wMXJjWYggo5o/Umdxpa4qeO9w4Ti77quYexlRRTLzYGSFDiNQ8/oWlqCRIWdioVJTVrtq5hh+jk2DywGL9FKgDBX2E X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0PR11MB5744.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(4326008)(8676002)(66556008)(26005)(66476007)(66946007)(2616005)(6486002)(186003)(508600001)(6512007)(38100700002)(82960400001)(86362001)(31696002)(316002)(2906002)(7416002)(83380400001)(6506007)(8936002)(31686004)(36756003)(5660300002)(6916009)(53546011)(44832011)(6666004)(43740500002)(45980500001);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?M3BIY1pSK1V4aiswamlYbmdtdHQ4TUZPdDdRL2NNU25taFNLVVk0Nk96RDZ3?= =?utf-8?B?bytLaWpUV3huWk5MYXgweEhYaDhvQk41My9KMzZXSU1mV002YnkvSXdYbVJn?= =?utf-8?B?dFk2YzQ0WGR3TDBvTkl4WlR6OWhFS05HeXFXVDY5OEk1Z0FsZ0g3TGNLWWc3?= =?utf-8?B?elF0NU5SSDBpTGR4NUJ6SkpQdnpOencrWHY1czR0NWcvcER3dWxYcEVFdTJB?= =?utf-8?B?aW1JV2xReTV6Z3cvRzljM1FGT1BrMnBpc2RnU3d4QTF4N1FQaHhnTDVScFRF?= =?utf-8?B?eU9JV3liTzlBYmJ2ZlBGeGlOcWpSZ3k3NkY3SkNQcVBMdHNPaUtHbFV6ZnJs?= =?utf-8?B?cCtsM3dZUWxKaWhlSzFkZ2tDd3dDNnFnWXhIRHJ4WUpoc0dUbnljV3ZKSjNi?= =?utf-8?B?ZjM5bHJydXk3emluQkQvVS8yekxmUVRkQ0JUSWZuaUVvRG8rbzIxN2F3NzZm?= =?utf-8?B?TlZ2elNJbzd0MHAybmF3bng1OU9ycmVkbnlyOE1JeCt5Sk5Ed1JEUTlCL2pl?= =?utf-8?B?QzdPSWt6SDMzWnNRMmJ6b3hGdUJ2c2NZQUE5NERqY1piSW5lT1ZzNFUxOEJq?= =?utf-8?B?ejlnY1pFNFFaeWRyZDE1WDA3YUxhQmtwdXhMSlBNM3dEbDJxViszZ1NneXVh?= =?utf-8?B?V1JGazRUK3kvQlc2QTBkd3pucjkyV0ljenU5alEwN0ZjSUxqZm1yMDNTQjl1?= =?utf-8?B?UW5MR3QzbzhTbnk0eGo3NXQ3VFkxUXVqM1lGVzVtRHVEKzZNaVQ0SjhWV2tN?= =?utf-8?B?K3IrZ3NJSkIvaDJQTGZIY0lLTXFCclJvaUxIdG91b1pxZysvalpsSkd3aWQr?= =?utf-8?B?SUVoeEVjTGxhSGpweGQrM0pqNDB2Z1BoZExQSUZsN2NaUjhZT2crTHd0a1V3?= =?utf-8?B?a2Fjai9uZkV5SjJreU1mQzFXbG0zTnozVGxuSENvb205QnhkdmpKdE9DVG9I?= =?utf-8?B?bTY0TlhaV1ZndURPV2xtSm9lbXdLOFdaMElGQW8weG1RVjhFV1o5VFdMMUY4?= =?utf-8?B?cmFSTTE2d3oxMlZ0cDVXbGczZFgzSmpoc1hSMlBhMGttRXlabmVFRGRCV0Ix?= =?utf-8?B?SDBSM283UktqMmpzK1llT0UvdTVMNCtpcVVSZSt4NFpCZXVTYy9nRjI4bk1U?= =?utf-8?B?cGpZNlpvN0FsejFmdjlkbXF2bGJHVVpwWktUb2tBSDNGSTdvYmJ3bFAvclAw?= =?utf-8?B?bStsMXFkYStxK21hQmFXWEdZZjB3ZklkdGpJdExNcmc1WGxuV0RETTRmNCs4?= =?utf-8?B?SzlTdlMySmVIdCtIM0xVVFI0ZmZUdWdSbjY1WjJxUU90eE9oZzRuU3VmdUxt?= =?utf-8?B?emdZSXNQMXBzYisxMTcwMlQrQ21XSllEbmRvUVJUc3FZWWlERVVzMDdpVzIx?= =?utf-8?B?SkdLYm8wRE5vT3FmVURBTFZVRU1KeXVQRUo1TFlqMTNMWVNyWGg0SVNSQ1BM?= =?utf-8?B?b216eUFjSXR3SkdLNTJKeEdIQ3VXVlVqTS9Wa3ZYNEJPY0pOZC9UQ2sxT0dK?= =?utf-8?B?KzFlVjhrZm9OU0NKUWNWVVVMQ2VrbUVzZjdOcWJ1djZPV0R2R3pQckwrdVIv?= =?utf-8?B?Yjh0d1RibXhxbThmRDZFQWpyV1J6RVNNUC9ZdFp3R1BzV3RJeHpKOXJPc3c1?= =?utf-8?B?dHNnWnk5ajJoWGp2YzU5YXBPSlZaMG9UY3FraGs5emg5Z3dXc2JCYTFNTmdX?= =?utf-8?B?bjQ2MG40TEhaNGhncklEdFZKQ3M3OTRWMmlVZHdEUWVOWWlhcXM3SDcxTDVl?= =?utf-8?B?N1NibWIxekZLTjlZUUI1ODJkdmpLcWsrRFcybVlkV25QQ3AzS0tEMlRuQzRU?= =?utf-8?B?SkFqN3VOUm5MSzEvRTQwU01XTlZTR1cyMG1ydDR4NE0yd2lEaGdwbVVZd2l3?= =?utf-8?B?KzY0NHY3NmZkZW1OaWwxZ09QWk9qNWI3MXJwUHlyalJkSXRPUUdGRWJvY0ZP?= =?utf-8?B?SEFlYlhPbS9RSXVXUWF3Q2wzMDRVSDhLa2JHRmZrRlV5VGtoNzdsZ3hxd24z?= =?utf-8?B?QmYxYUNsUlNTdFFyRWR2QnB4VGpJbWhNeURFdnhyYjVWRytiYjhpMFhOekYx?= =?utf-8?B?K2EvSVV3NUhYdjdjTjloWmoxUDFYdnVhbFM5ZTlCUmNvMTRJVTZNUmlFZ2hw?= =?utf-8?B?Z1hEZXdzaXFFY1kwdVJDazBnYTBiTDEvdmk5MWhJS3Rxc3dWQy94VFZLSllO?= =?utf-8?B?NlNjdmtzaWlvUXhDRTFIMnFMdW5DRkhBc3Q2Mm9iZUMrT0hSZGptSHJWM1o5?= =?utf-8?Q?SfO3ukYYppRo/t9/myJq6ePr6GcvwwVA9EyiyDRYEw=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: 8f00f804-5ff6-4635-8562-08d9f63837a3 X-MS-Exchange-CrossTenant-AuthSource: BN0PR11MB5744.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2022 19:19:16.4668 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: HPRKNtStHy610A97Os59BrU1YJKi1x0X0sHmhgfg9vinxY0w3EFO9AKE6wwtHPHkbuCW+uaOlOKhO59ZLtftHYlox7L7hgk2kzsnF6z6DCI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1477 X-OriginatorOrg: intel.com X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Jarkko, On 2/20/2022 10:40 AM, Jarkko Sakkinen wrote: ... > Do you know if it is possible to do EAUG, EMODPR and the do a single > EACCEPT for both? Just looking at pseudo-code, it looked doable but > I need to check this. > > I.e. EAUG has this > > EPCM(DS:RCX).BLOCKED := 0; > EPCM(DS:RCX).PENDING := 1; > EPCM(DS:RCX).MODIFIED := 0; > EPCM(DS:RCX).PR := 0; > (* associate the EPCPAGE with the SECS by storing the SECS identifier of DS:TMP_SECS *) > Update EPCM(DS:RCX) SECS identifier to reference DS:TMP_SECS identifier; > (* Set EPCM valid fields *) > EPCM(DS:RCX).VALID := 1; > > And EMODPR only checks .VALID. After that check there is also: IF (EPCM(DS:RCX).PENDING is not 0 or (EPCM(DS:RCX).MODIFIED is not 0) ) THEN RFLAGS.ZF := 1; RAX := SGX_PAGE_NOT_MODIFIABLE; GOTO DONE; FI; Attempting the SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS ioctl() on a recently added page (EAUG) that has not yet been EACCEPTed is thus expected to fail with errno of EFAULT (indicating ENCLS[EMODPR] failure) and the returned structure's result field set to 20 (SGX_PAGE_NOT_MODIFIABLE). I confirmed this behavior by modifying the "augment" kselftest test by adding a SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS call between the new memory access and the EACCEPT. Reinette