On 4/28/22 13:11, Reinette Chatre wrote:
>
> The backing storage is freed after running ENCLS[ELDU],
> whether ENCLS[ELDU] succeeded or not. If ENCLS[ELDU]
> thus failed then the data within that page is lost.
>
> Exit with error without removing the backing storage if
> it could not be restored to the enclave.
>
> Fixes: 08999b2489b4 ("x86/sgx: Free backing memory after faulting the enclave page")
> Signed-off-by: Reinette Chatre <reinette.chatre@xxxxxxxxx>
> ---
> arch/x86/kernel/cpu/sgx/encl.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c
> index 1a2cbe44b8d9..e5d2661800ac 100644
> --- a/arch/x86/kernel/cpu/sgx/encl.c
> +++ b/arch/x86/kernel/cpu/sgx/encl.c
> @@ -81,6 +81,10 @@ static int __sgx_encl_eldu(struct sgx_encl_page *encl_page,
> ENCLS_WARN(ret, "ELDU");
>
> ret = -EFAULT;
> + kunmap_atomic(pcmd_page);
> + kunmap_atomic((void *)(unsigned long)pginfo.contents);
> + sgx_encl_put_backing(&b, false);
> + return ret;
> }
>
> memset(pcmd_page + b.pcmd_offset, 0, sizeof(struct sgx_pcmd));
Are there any transient, recoverable errors that can come back from
ELDU? If so, this makes a lot of sense. If not, then it doesn't make a
lot of sense to preserve the swapped-out content because they enclave is
going to die anyway.
