On Mon, Oct 07, 2019 at 09:13:34PM -0700, Sean Christopherson wrote:
> WARN if EREMOVE fails when destroying an enclave. sgx_encl_release()
> uses the non-WARN __sgx_free_page() when freeing pages as some pages may
> be in the process of being reclaimed, i.e. are owned by the reclaimer.
> But EREMOVE should never fail as sgx_encl_destroy() is only called when
> the enclave cannot have active threads, e.g. prior to EINIT and when the
> enclave is being released.
>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> ---
> arch/x86/kernel/cpu/sgx/encl.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c
> index 54ca827e68a9..a6786e7ae40e 100644
> --- a/arch/x86/kernel/cpu/sgx/encl.c
> +++ b/arch/x86/kernel/cpu/sgx/encl.c
> @@ -463,16 +463,23 @@ void sgx_encl_destroy(struct sgx_encl *encl)
> struct sgx_encl_page *entry;
> struct radix_tree_iter iter;
> void **slot;
> + int r;
>
> atomic_or(SGX_ENCL_DEAD, &encl->flags);
>
> radix_tree_for_each_slot(slot, &encl->page_tree, &iter, 0) {
> entry = *slot;
> if (entry->epc_page) {
> - if (!__sgx_free_page(entry->epc_page)) {
> + /*
> + * Freeing the page can fail if it's in the process of
> + * being reclaimed (-EBUSY), but EREMOVE itself should
> + * not fail at this point.
> + */
> + r = __sgx_free_page(entry->epc_page);
> + WARN_ONCE(r > 0, "sgx: EREMOVE returned %d (0x%x)", r, r);
> + if (!r) {
> encl->secs_child_cnt--;
> entry->epc_page = NULL;
> -
> }
>
> radix_tree_delete(&entry->encl->page_tree,
> --
> 2.22.0
Intended for v23, forgot to tag the subject...
