X-Received: by 2002:a05:6808:15a9:b0:2d4:5775:d06a with SMTP id t41-20020a05680815a900b002d45775d06amr359956oiw.138.1645636009545; Wed, 23 Feb 2022 09:06:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645636009; cv=none; d=google.com; s=arc-20160816; b=US3K+S6RPjDzMkaHzI2s2yzP4F+ZiFKpBhVZ1O44ANt2ADIkftNyktgvigPgFEPFkV +dy4KDeCVPqzE+hf2MeHTL+0PcvB3mrE54+NhTeloV4OtgjfvGgW+JMI0iyEt6RSy0Ui Z/oA+mdlMKXYjyPnP/QR/qRuDmqyOkc27cs/nASkejV9IfPdgtvs+rjIIC6/efRgV1Gy ywytDvLtFNhOVs0ylFCE207B1UySjn4UG2An3w+COWHEkrWfg3vH8OE9ywyfnMEdaA2y I32rC1w6SfZVWPyNUWHXvATHexlEmo4/3TuO6axMaOeXyfRT4o742jYdvlytR4hNfwho aUzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=yTa7yYxSJ3ptG2n6pp0ogxLBDpGwBpLerp5jA9iKBLE=; b=pxYzA5erYUYGEAamDV3rReSWuC3546ikam8CP+yOD7TVwlVFBdJlQ3TqF+e+5dPO/x oXFcyMHa2FP/rxcTohvZ/9utS+2AjrfZL4OD+Zv/ozc/JtZ5l+mK/4sre78f9d7QVjwj okEj/sefpPGirjJHlfS0m5nfAanhbX3oB3CX1ENAfWxEwe0CNuKdrU0C1TIHgkXpoib7 wvsRqw+bqo7tMbQlF2H4VzoNfPdwjgq+ULRSrl7EFuODBl0FaqJ42z3VdZ1FRzZSNvB3 z02xCVORzsV4mUQRbUsLlS4FHuuxUd4EJTFEaZQSC0xC/70TySOJhGG0kU/PDoIKBJRk zYHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Hg2LUP6X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id em16si40744oab.134.2022.02.23.09.06.34; Wed, 23 Feb 2022 09:06:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Hg2LUP6X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242391AbiBWPqf (ORCPT + 99 others); Wed, 23 Feb 2022 10:46:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59150 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233481AbiBWPqb (ORCPT ); Wed, 23 Feb 2022 10:46:31 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2A77EC1151; Wed, 23 Feb 2022 07:46:04 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BC4EF61849; Wed, 23 Feb 2022 15:46:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2FF4BC340E7; Wed, 23 Feb 2022 15:46:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1645631163; bh=5y8GBuKQ8Eu0KbdCimROfrUbByVtDNDNH0UD13FuHhA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Hg2LUP6Xzp4UdLri5evbkORuqJUfg0B6m8UBZKoDct2qzjZLv5InivSv3xRJDNilK oTLsrVECQ34vJWpeuCYJSWzbA6vOuYXwdkX22kU28o14s+tDHYQKi0F4Lv4IK/EuPF 5oF3LjltFoulBk6wuk80Qjc+vksqZeUBGSpqpnvvzilv4ynDdycFinojz0xqy6Dv4x UtmzYJsJt6/ekTv+z+HQfSuSsiGkqB+nWboyaf9O0R2d8fBh0KeJDXXOv/rT+Efz9u tdIxVFq9smYfi7axYfU+/eIm1Cyw0psR1C0g5fJH+MEi0/H6HY1LNpzgdy/6jrHfV1 MDB5fo1yohihw== Date: Wed, 23 Feb 2022 16:46:39 +0100 From: Jarkko Sakkinen To: Reinette Chatre Cc: dave.hansen@linux.intel.com, tglx@linutronix.de, bp@alien8.de, luto@kernel.org, mingo@redhat.com, linux-sgx@vger.kernel.org, x86@kernel.org, seanjc@google.com, kai.huang@intel.com, cathy.zhang@intel.com, cedric.xing@intel.com, haitao.huang@intel.com, mark.shanahan@intel.com, hpa@zytor.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH V2 19/32] x86/sgx: Support adding of pages to an initialized enclave Message-ID: References: <80f3d7b9-e3d5-b2c0-7707-710bf6f5081e@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <80f3d7b9-e3d5-b2c0-7707-710bf6f5081e@intel.com> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 22, 2022 at 11:19:11AM -0800, Reinette Chatre wrote: > Hi Jarkko, > > On 2/20/2022 10:40 AM, Jarkko Sakkinen wrote: > ... > > > Do you know if it is possible to do EAUG, EMODPR and the do a single > > EACCEPT for both? Just looking at pseudo-code, it looked doable but > > I need to check this. > > > > I.e. EAUG has this > > > > EPCM(DS:RCX).BLOCKED := 0; > > EPCM(DS:RCX).PENDING := 1; > > EPCM(DS:RCX).MODIFIED := 0; > > EPCM(DS:RCX).PR := 0; > > (* associate the EPCPAGE with the SECS by storing the SECS identifier of DS:TMP_SECS *) > > Update EPCM(DS:RCX) SECS identifier to reference DS:TMP_SECS identifier; > > (* Set EPCM valid fields *) > > EPCM(DS:RCX).VALID := 1; > > > > And EMODPR only checks .VALID. > > After that check there is also: > IF (EPCM(DS:RCX).PENDING is not 0 or (EPCM(DS:RCX).MODIFIED is not 0) ) > THEN > RFLAGS.ZF := 1; > RAX := SGX_PAGE_NOT_MODIFIABLE; > GOTO DONE; > FI; > > Attempting the SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS ioctl() on a recently > added page (EAUG) that has not yet been EACCEPTed is thus expected to fail > with errno of EFAULT (indicating ENCLS[EMODPR] failure) and the returned > structure's result field set to 20 (SGX_PAGE_NOT_MODIFIABLE). > > I confirmed this behavior by modifying the "augment" kselftest test by adding > a SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS call between the new memory access and > the EACCEPT. Thank you, also Mark confirmed this. BR, Jarkko