| Message ID | 20230718004529.16404-1-haitao.huang@linux.intel.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp1435356vqt;
Mon, 17 Jul 2023 18:00:48 -0700 (PDT)
X-Google-Smtp-Source:
APBJJlHdWdF/6T0TSf39YL5C1XzWOdMGI4IKk8laJ49lxzAirWQfiLbAW/I1whoRTEIB692UDeN6
X-Received: by 2002:a50:ef0b:0:b0:51d:d1ca:eab9 with SMTP id
m11-20020a50ef0b000000b0051dd1caeab9mr11212637eds.32.1689642048282;
Mon, 17 Jul 2023 18:00:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1689642048; cv=none;
d=google.com; s=arc-20160816;
b=bCZxVKLM70bbXwrDbjsJnPUlVNE0bpK9pdbfjRLA7yCl7Fq8m03vecd0XtpPCyxKeN
rBKTfv64diAD5JjCazkBnno2oV/f/Rw/JID44Kry5UuMoxrQT5D+Fbd0J2UW0/JSMvXj
XVi6YmzDzGeEhJ6DazmD9KjqmgNX7KNaV+WJ544pwtoouPNJGnbVQ9+x4K+MOWBGcWgK
NgaQYhVbpA2aU9rKyqufJShjp37YvdcSa6uviAS75uccfirSOljrqcrU+AOYVQ1ni9S1
3kfKmfnZmG61HTTJHr45T8Z5rUNVsdjo3QeAsjXZUDx0rBvYiNSRR3YDtEOy2w2r15S4
E/2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=SDLzx6oRtJHp+gf1qbZJsRX00fxMqReV/Us1JpAMM8Y=;
fh=UKs4dVr7B+KEhESyJqsioKgqejdPz5eAGR2gYNCKXzk=;
b=I7KcpmEky+3O/MJI47SUJOgT5OEKjvbfyaQLH81oETDW9aB9NI5LAhf6Tkg6tGixrS
9H7kdzAkv/uSORFn5ulbm2LlkivucrsZ3hWEUYp9fqN5EVmW9DxV/5yJu6G2ZnYqBYGQ
kF7gpvI0WIERcTUw/Ilv8kh71Zck4wM6LkTwkxmrffZNSLU+04rr9U91YOxNneDpH33/
6I7Oy0+fWsTGrrlAzYhCdZPpwiBaFBSw13sT5WHVEQBYNTyrH29teylqMpar2MMJHJuk
fenkCV+wPVshBCthEPLfwchOIU6upooPdUdLK3sH7BkzeVTtVybT7vJpW0jPKc+8bCSa
nlQg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=kdflyR6+;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
z3-20020a50eb43000000b0051e2a1c217csi422643edp.556.2023.07.17.18.00.24;
Mon, 17 Jul 2023 18:00:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=kdflyR6+;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229938AbjGRApd (ORCPT <rfc822;daweilics@gmail.com> + 99 others);
Mon, 17 Jul 2023 20:45:33 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45906 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229517AbjGRApb (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 17 Jul 2023 20:45:31 -0400
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 80C2F10DF;
Mon, 17 Jul 2023 17:45:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1689641130; x=1721177130;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:mime-version:content-transfer-encoding;
bh=8hmovxAM62OkfQ6A1m8pIfWHXBwPK8Mh/VcMsgXwkkk=;
b=kdflyR6+NhV5YkbRDcm/FBy/oeB12OpQ7My21T2QogQEGm5gJx0bNgeK
GTiPWsIrND3W0sfcEq/MqtFc50DWyQCeEDu2GX/Qg2CxNtMP0T38MYN9D
yAsDiUUNK7XV6SdOZL8kK2LDFdUXC+ZhV8eLGzQhLLuXgygFfN+IGgMNq
kB1KBjm/O2aJ4GtA+HrZmCogIRZGcb5SEdx/xJnkMI+g8QNKhV2+L/mV7
4nR6ostU6Y60Cwss+wyvJSkAziC9HFnNwpD/AhWptDyNDCGsWzH84tdGd
a1DJvygrfDIzcYGGY+1cdevfku+6WyTsiBZMT7BB9tymOoAdfwfCMXbhk
w==;
X-IronPort-AV: E=McAfee;i="6600,9927,10774"; a="368716729"
X-IronPort-AV: E=Sophos;i="6.01,211,1684825200";
d="scan'208";a="368716729"
Received: from orsmga005.jf.intel.com ([10.7.209.41])
by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
17 Jul 2023 17:45:29 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10774"; a="897381841"
X-IronPort-AV: E=Sophos;i="6.01,211,1684825200";
d="scan'208";a="897381841"
Received: from b4969161e530.jf.intel.com ([10.165.56.46])
by orsmga005.jf.intel.com with ESMTP; 17 Jul 2023 17:45:29 -0700
From: Haitao Huang <haitao.huang@linux.intel.com>
To: kai.huang@intel.com,
"linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
"bp@alien8.de" <bp@alien8.de>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"jarkko@kernel.org" <jarkko@kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"mingo@redhat.com" <mingo@redhat.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"hpa@zytor.com" <hpa@zytor.com>,
"haitao.huang@linux.intel.com" <haitao.huang@linux.intel.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: "kristen@linux.intel.com" <kristen@linux.intel.com>,
"Chatre, Reinette" <reinette.chatre@intel.com>,
"stable@vger.kernel.org" <stable@vger.kernel.org>,
"Christopherson,, Sean" <seanjc@google.com>
Subject: [PATCH] x86/sgx: fix a NULL pointer
Date: Mon, 17 Jul 2023 17:45:29 -0700
Message-Id: <20230718004529.16404-1-haitao.huang@linux.intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <38deca3161bd4c5f1698fd7b6c43aa3c7b94d3da.camel@intel.com>
References: <38deca3161bd4c5f1698fd7b6c43aa3c7b94d3da.camel@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,
T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1771692959545426999
X-GMAIL-MSGID: 1771718100238197331
|
| Series |
x86/sgx: fix a NULL pointer
|
|
Commit Message
Haitao Huang
July 18, 2023, 12:45 a.m. UTC
Under heavy load, the SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC
page for an enclave and set encl->secs.epc_page to NULL. But the SECS
EPC page is used for EAUG in the SGX #PF handler without checking for
NULL and reloading.
Fix this by checking if SECS is loaded before EAUG and loading it if it was
reclaimed.
Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave")
Cc: stable@vger.kernel.org
Signed-off-by: Haitao Huang <haitao.huang@linux.intel.com>
---
arch/x86/kernel/cpu/sgx/encl.c | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
Comments
On Mon, 2023-07-17 at 17:45 -0700, Haitao Huang wrote: > Under heavy load, the SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC > page for an enclave and set encl->secs.epc_page to NULL. But the SECS > EPC page is used for EAUG in the SGX #PF handler without checking for > NULL and reloading. > > Fix this by checking if SECS is loaded before EAUG and loading it if it was > reclaimed. Nit: Looks the sentence break of the second paragraph isn't consistent with the first paragraph, i.e., looks the first line is too long and the "was" should be broken to the second line. And I think even for this simple patch, you are sending too frequently. The patch subject should contain the version number too so people can distinguish it from the previous one. Even better, please use "--base=auto" when generating the patch so people can know the base commit to apply to. > > Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave") > Cc: stable@vger.kernel.org > Signed-off-by: Haitao Huang <haitao.huang@linux.intel.com> > --- > arch/x86/kernel/cpu/sgx/encl.c | 25 ++++++++++++++++++++----- > 1 file changed, 20 insertions(+), 5 deletions(-) > > diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c > index 2a0e90fe2abc..2ab544da1664 100644 > --- a/arch/x86/kernel/cpu/sgx/encl.c > +++ b/arch/x86/kernel/cpu/sgx/encl.c > @@ -235,6 +235,16 @@ static struct sgx_epc_page *sgx_encl_eldu(struct sgx_encl_page *encl_page, > return epc_page; > } > > +static struct sgx_epc_page *sgx_encl_load_secs(struct sgx_encl *encl) > +{ > + struct sgx_epc_page *epc_page = encl->secs.epc_page; > + > + if (!epc_page) > + epc_page = sgx_encl_eldu(&encl->secs, NULL); > + > + return epc_page; > +} > + > static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, > struct sgx_encl_page *entry) > { > @@ -248,11 +258,9 @@ static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, > return entry; > } > > - if (!(encl->secs.epc_page)) { > - epc_page = sgx_encl_eldu(&encl->secs, NULL); > - if (IS_ERR(epc_page)) > - return ERR_CAST(epc_page); > - } > + epc_page = sgx_encl_load_secs(encl); > + if (IS_ERR(epc_page)) > + return ERR_CAST(epc_page); > > epc_page = sgx_encl_eldu(entry, encl->secs.epc_page); > if (IS_ERR(epc_page)) > @@ -339,6 +347,13 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, > > mutex_lock(&encl->lock); > > + epc_page = sgx_encl_load_secs(encl); > + if (IS_ERR(epc_page)) { > + if (PTR_ERR(epc_page) == -EBUSY) > + vmret = VM_FAULT_NOPAGE; ^ Nit: two spaces here (yeah you copied from the existing code, and sorry forgot to point out in the previous version). > + goto err_out_unlock; > + } > + > epc_page = sgx_alloc_epc_page(encl_page, false); > if (IS_ERR(epc_page)) { > if (PTR_ERR(epc_page) == -EBUSY)
Hi On Mon, 17 Jul 2023 20:39:31 -0500, Huang, Kai <kai.huang@intel.com> wrote: > On Mon, 2023-07-17 at 17:45 -0700, Haitao Huang wrote: >> Under heavy load, the SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC >> page for an enclave and set encl->secs.epc_page to NULL. But the SECS >> EPC page is used for EAUG in the SGX #PF handler without checking for >> NULL and reloading. >> >> Fix this by checking if SECS is loaded before EAUG and loading it if it >> was >> reclaimed. > > Nit: > > Looks the sentence break of the second paragraph isn't consistent with > the first > paragraph, i.e., looks the first line is too long and the "was" should > be broken > to the second line. > Yeah, I think I forgot to reformat this line after revising. > And I think even for this simple patch, you are sending too frequently. > The > patch subject should contain the version number too so people can > distinguish it > from the previous one. Even better, please use "--base=auto" when > generating > the patch so people can know the base commit to apply to. I'll send the next one as V2 and start a separate email thread. >> >> Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an >> initialized enclave") >> Cc: stable@vger.kernel.org >> Signed-off-by: Haitao Huang <haitao.huang@linux.intel.com> >> --- >> arch/x86/kernel/cpu/sgx/encl.c | 25 ++++++++++++++++++++----- >> 1 file changed, 20 insertions(+), 5 deletions(-) >> >> diff --git a/arch/x86/kernel/cpu/sgx/encl.c >> b/arch/x86/kernel/cpu/sgx/encl.c >> index 2a0e90fe2abc..2ab544da1664 100644 >> --- a/arch/x86/kernel/cpu/sgx/encl.c >> +++ b/arch/x86/kernel/cpu/sgx/encl.c >> @@ -235,6 +235,16 @@ static struct sgx_epc_page *sgx_encl_eldu(struct >> sgx_encl_page *encl_page, >> return epc_page; >> } >> >> +static struct sgx_epc_page *sgx_encl_load_secs(struct sgx_encl *encl) >> +{ >> + struct sgx_epc_page *epc_page = encl->secs.epc_page; >> + >> + if (!epc_page) >> + epc_page = sgx_encl_eldu(&encl->secs, NULL); >> + >> + return epc_page; >> +} >> + >> static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl >> *encl, >> struct sgx_encl_page *entry) >> { >> @@ -248,11 +258,9 @@ static struct sgx_encl_page >> *__sgx_encl_load_page(struct sgx_encl *encl, >> return entry; >> } >> >> - if (!(encl->secs.epc_page)) { >> - epc_page = sgx_encl_eldu(&encl->secs, NULL); >> - if (IS_ERR(epc_page)) >> - return ERR_CAST(epc_page); >> - } >> + epc_page = sgx_encl_load_secs(encl); >> + if (IS_ERR(epc_page)) >> + return ERR_CAST(epc_page); >> >> epc_page = sgx_encl_eldu(entry, encl->secs.epc_page); >> if (IS_ERR(epc_page)) >> @@ -339,6 +347,13 @@ static vm_fault_t sgx_encl_eaug_page(struct >> vm_area_struct *vma, >> >> mutex_lock(&encl->lock); >> >> + epc_page = sgx_encl_load_secs(encl); >> + if (IS_ERR(epc_page)) { >> + if (PTR_ERR(epc_page) == -EBUSY) >> + vmret = VM_FAULT_NOPAGE; > ^ > Nit: two spaces here (yeah you copied from the existing code, and sorry > forgot > to point out in the previous version). > Sure. will fix in V2. Thanks Haitao
diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 2a0e90fe2abc..2ab544da1664 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -235,6 +235,16 @@ static struct sgx_epc_page *sgx_encl_eldu(struct sgx_encl_page *encl_page, return epc_page; } +static struct sgx_epc_page *sgx_encl_load_secs(struct sgx_encl *encl) +{ + struct sgx_epc_page *epc_page = encl->secs.epc_page; + + if (!epc_page) + epc_page = sgx_encl_eldu(&encl->secs, NULL); + + return epc_page; +} + static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, struct sgx_encl_page *entry) { @@ -248,11 +258,9 @@ static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, return entry; } - if (!(encl->secs.epc_page)) { - epc_page = sgx_encl_eldu(&encl->secs, NULL); - if (IS_ERR(epc_page)) - return ERR_CAST(epc_page); - } + epc_page = sgx_encl_load_secs(encl); + if (IS_ERR(epc_page)) + return ERR_CAST(epc_page); epc_page = sgx_encl_eldu(entry, encl->secs.epc_page); if (IS_ERR(epc_page)) @@ -339,6 +347,13 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, mutex_lock(&encl->lock); + epc_page = sgx_encl_load_secs(encl); + if (IS_ERR(epc_page)) { + if (PTR_ERR(epc_page) == -EBUSY) + vmret = VM_FAULT_NOPAGE; + goto err_out_unlock; + } + epc_page = sgx_alloc_epc_page(encl_page, false); if (IS_ERR(epc_page)) { if (PTR_ERR(epc_page) == -EBUSY)