Re: [PATCH 17/25] x86/sgx: Support complete page removal

From: Jarkko Sakkinen
Date: Sat Dec 04 2021 - 18:45:56 EST

Next message: Jarkko Sakkinen: "Re: [PATCH 24/25] x86/sgx: Free up EPC pages directly to support large page ranges"
Previous message: Jarkko Sakkinen: "Re: [PATCH 16/25] x86/sgx: Support modifying SGX page type"
In reply to: Reinette Chatre: "[PATCH 17/25] x86/sgx: Support complete page removal"
Next in thread: Reinette Chatre: "Re: [PATCH 17/25] x86/sgx: Support complete page removal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 01, 2021 at 11:23:15AM -0800, Reinette Chatre wrote:
> The SGX2 page removal flow was introduced in previous patch and is
> as follows:
> 1) Change the type of the pages to be removed to SGX_PAGE_TYPE_TRIM
> using the ioctl introduced in previous patch.
> 2) Approve the page removal by running ENCLU[EACCEPT] from within
> the enclave.
> 3) Initiate actual page removal using the new ioctl introduced here.
>
> Support the final step of the SGX2 page removal flow with a new ioctl.
> With this ioctl the user specifies a page range that should
> be removed. At this time all pages in the provided range should have
> the SGX_PAGE_TYPE_TRIM page type and the ioctl will fail with EPERM
> (Operation not permitted) when it encounters a page that does not have
> the correct type. Page removal can fail on any page within the
> provided range. Support partial success by returning the number of pages
> that were successfully removed.
>
> Since actual page removal will succeed even if ENCLU[EACCEPT] was not
> run from within the enclave the ENCLU[EMODPR] instruction with RWX
> permissions is used as a no-op mechanism to ensure ENCLU[EACCEPT] was
> successfully run from within the enclave before the enclave page is
> removed.
>
> Signed-off-by: Reinette Chatre <reinette.chatre@xxxxxxxxx>
> ---
> arch/x86/include/uapi/asm/sgx.h | 21 +++++
> arch/x86/kernel/cpu/sgx/ioctl.c | 159 ++++++++++++++++++++++++++++++++
> 2 files changed, 180 insertions(+)
>
> diff --git a/arch/x86/include/uapi/asm/sgx.h b/arch/x86/include/uapi/asm/sgx.h
> index f70caccd166c..6648ded960f8 100644
> --- a/arch/x86/include/uapi/asm/sgx.h
> +++ b/arch/x86/include/uapi/asm/sgx.h
> @@ -33,6 +33,8 @@ enum sgx_page_flags {
> _IOWR(SGX_MAGIC, 0x05, struct sgx_page_modp)
> #define SGX_IOC_PAGE_MODT \
> _IOWR(SGX_MAGIC, 0x06, struct sgx_page_modt)
> +#define SGX_IOC_PAGE_REMOVE \
> + _IOWR(SGX_MAGIC, 0x07, struct sgx_page_remove)

Should be SGX_IOC_ENCLAVE_REMOVE_PAGES.

/Jarkko

Next message: Jarkko Sakkinen: "Re: [PATCH 24/25] x86/sgx: Free up EPC pages directly to support large page ranges"
Previous message: Jarkko Sakkinen: "Re: [PATCH 16/25] x86/sgx: Support modifying SGX page type"
In reply to: Reinette Chatre: "[PATCH 17/25] x86/sgx: Support complete page removal"
Next in thread: Reinette Chatre: "Re: [PATCH 17/25] x86/sgx: Support complete page removal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]