On Thu, 2022-04-28 at 14:30 -0700, Dave Hansen wrote:
> On 4/28/22 13:11, Reinette Chatre wrote:
> >
> > The backing storage is freed after running ENCLS[ELDU],
> > whether ENCLS[ELDU] succeeded or not. If ENCLS[ELDU]
> > thus failed then the data within that page is lost.
> >
> > Exit with error without removing the backing storage if
> > it could not be restored to the enclave.
> >
> > Fixes: 08999b2489b4 ("x86/sgx: Free backing memory after faulting the enclave page")
> > Signed-off-by: Reinette Chatre <reinette.chatre@xxxxxxxxx>
> > ---
> > arch/x86/kernel/cpu/sgx/encl.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c
> > index 1a2cbe44b8d9..e5d2661800ac 100644
> > --- a/arch/x86/kernel/cpu/sgx/encl.c
> > +++ b/arch/x86/kernel/cpu/sgx/encl.c
> > @@ -81,6 +81,10 @@ static int __sgx_encl_eldu(struct sgx_encl_page *encl_page,
> > ENCLS_WARN(ret, "ELDU");
> >
> > ret = -EFAULT;
> > + kunmap_atomic(pcmd_page);
> > + kunmap_atomic((void *)(unsigned long)pginfo.contents);
> > + sgx_encl_put_backing(&b, false);
> > + return ret;
> > }
> >
> > memset(pcmd_page + b.pcmd_offset, 0, sizeof(struct sgx_pcmd));
>
> Are there any transient, recoverable errors that can come back from
> ELDU? If so, this makes a lot of sense. If not, then it doesn't make a
> lot of sense to preserve the swapped-out content because they enclave is
> going to die anyway.
Nope, it's pretty much game over then.
BR, Jarkko
