On Tue, Sep 03, 2019 at 05:26:34PM +0300, Jarkko Sakkinen wrote:
> From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
>
> Include SGX bit to the PF error codes and throw SIGSEGV with PF_SGX when
> a #PF with SGX set happens.
>
> CPU throws a #PF with the SGX bit in the event of Enclave Page Cache Map
> (EPCM) conflict. The EPCM is a CPU-internal table, which describes the
> properties for a enclave page. Enclaves are measured and signed software
> entities, which SGX hosts. [1]
>
> Although the primary purpose of the EPCM conflict checks is to prevent
> malicious accesses to an enclave, an illegit access can happen also for
> legit reasons.
>
> All SGX reserved memory, including EPCM is encrypted with a transient
> key that does not survive from the power transition. Throwing a SIGSEGV
> allows user space software react when this happens (e.g. rec-create the
> enclave, which was invalidated).
>
> [1] Intel SDM: 36.5.1 Enclave Page Cache Map (EPCM)
>
> Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
> Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
> ---
> arch/x86/include/asm/traps.h | 1 +
> arch/x86/mm/fault.c | 13 +++++++++++++
> 2 files changed, 14 insertions(+)
>
> diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h
> index b25e633033c3..81472cae4024 100644
> --- a/arch/x86/include/asm/traps.h
> +++ b/arch/x86/include/asm/traps.h
> @@ -171,5 +171,6 @@ enum x86_pf_error_code {
> X86_PF_RSVD = 1 << 3,
> X86_PF_INSTR = 1 << 4,
> X86_PF_PK = 1 << 5,
> + X86_PF_SGX = 1 << 15,
> };
> #endif /* _ASM_X86_TRAPS_H */
> diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
> index 9ceacd1156db..c2dea3f9e263 100644
> --- a/arch/x86/mm/fault.c
> +++ b/arch/x86/mm/fault.c
> @@ -1178,6 +1178,19 @@ access_error(unsigned long error_code, struct vm_area_struct *vma)
> if (error_code & X86_PF_PK)
> return 1;
>
> + /*
> + * Access is blocked by the Enclave Page Cache Map (EPCM), i.e. the
> + * access is allowed by the PTE but not the EPCM. This usually happens
> + * when the EPCM is yanked out from under us, e.g. by hardware after a
> + * suspend/resume cycle. In any case, software, i.e. the kernel, can't
> + * fix the source of the fault as the EPCM can't be directly modified
> + * by software. Handle the fault as an access error in order to signal
> + * userspace, e.g. so that userspace can rebuild their enclave(s), even
s/, e.g.//
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
