> +
> +static int sgx_vepc_free_page(struct sgx_epc_page *epc_page)
> +{
> + int ret;
> +
> + /*
> + * Take a previously guest-owned EPC page and return it to the
> + * general EPC page pool.
> + *
> + * Guests can not be trusted to have left this page in a good
> + * state, so run EREMOVE on the page unconditionally. In the
> + * case that a guest properly EREMOVE'd this page, a superfluous
> + * EREMOVE is harmless.
> + */
> + ret = __eremove(sgx_get_epc_virt_addr(epc_page));
> + if (ret) {
> + /*
> + * Only SGX_CHILD_PRESENT is expected, which is because of
> + * EREMOVE'ing an SECS still with child, in which case it can
> + * be handled by EREMOVE'ing the SECS again after all pages in
> + * virtual EPC have been EREMOVE'd. See comments in below in
> + * sgx_vepc_release().
> + *
> + * The user of virtual EPC (KVM) needs to guarantee there's no
> + * logical processor is still running in the enclave in guest,
> + * otherwise EREMOVE will get SGX_ENCLAVE_ACT which cannot be
> + * handled here.
> + */
> + WARN_ONCE(ret != SGX_CHILD_PRESENT,
> + "EREMOVE (EPC page 0x%lx): unexpected error: %d\n",
> + sgx_get_epc_phys_addr(epc_page), ret);
Hi Boris,
With the change to patch 3, I think perhaps this WARN_ONCE() should also be
changed to:
WARN_ONCE(ret != SGX_CHILD_PRESENT, EREMOVE_ERROR_MESSAGE,
ret, ret);
> + return ret;
> + }
> +
> + sgx_free_epc_page(epc_page);
> +
> + return 0;
> +}
>
