On 13/09/21 16:05, Dave Hansen wrote:
On 9/13/21 6:11 AM, Paolo Bonzini wrote:
Windows expects all pages to be in uninitialized state on startup.
In order to implement this, we will need a ioctl that performs
EREMOVE on all pages mapped by a /dev/sgx_vepc file descriptor:
other possibilities, such as closing and reopening the device,
are racy.
Hi Paolo,
How does this end up happening in the first place?
All enclave pages should start out on 'sgx_dirty_page_list' and
ksgxd sanitizes them with EREMOVE before making them available. That
should cover EREMOVE after reboots while SGX pages are initialized,
including kexec().
By "Windows startup" I mean even after guest reboot. Because another
process could sneak in and steal your EPC pages between a close() and an
open(), I'd like to have a way to EREMOVE the pages while keeping them
assigned to the specific vEPC instance, i.e. *without* going through
sgx_vepc_free_page().
Thanks,
Paolo
sgx_vepc_free_page() should do the same for pages that a guest not not
clean up properly.
sgx_encl_free_epc_page() does an EREMOVE after a normal enclave has used
a page.
Those are the only three cases that I can think of. So, it sounds like
one of those is buggy, or there's another unexpected path out there.
Ultimately, I think it would be really handy if we could do this EREMOVE
implicitly and without any new ABI.
