Re: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions

On Thu, Dec 14, 2017 at 09:36:05PM +, Christopherson, Sean J wrote: > On Thu, Dec 14, 2017 at 03:10:06PM +0200, Jarkko Sakkinen wrote: > > On Tue, Dec 12, 2017 at 01:46:48PM -0800, Sean Christopherson wrote: > > > So it looks like you avoid the described case by moving B to the head of > > > th

RE: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions

On Thu, Dec 14, 2017 at 03:10:06PM +0200, Jarkko Sakkinen wrote: > On Tue, Dec 12, 2017 at 01:46:48PM -0800, Sean Christopherson wrote: > > So it looks like you avoid the described case by moving B to the head of > > the list in sgx_eldu. The bug I am seeing is still straightforward to > > theoriz

Re: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions

On Tue, Dec 12, 2017 at 01:46:48PM -0800, Sean Christopherson wrote: > So it looks like you avoid the described case by moving B to the head of > the list in sgx_eldu.  The bug I am seeing is still straightforward to > theorize: > > 1. Three VA pages.  List = A->B->C > 2. Fill A and B, use

Re: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions

On Tue, Dec 12, 2017 at 01:32:28PM -0800, Sean Christopherson wrote: > On Thu, 2017-12-07 at 18:05 +0200, Jarkko Sakkinen wrote: > > On Thu, Dec 07, 2017 at 02:46:39PM +, Christopherson, Sean J wrote: > > > > > > > > > > > + for (i = 0; i < 2; i++) { > > > > + va_page = li

Re: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions

On Fri, Dec 08, 2017 at 03:31:38PM +, Christopherson, Sean J wrote: > Three VA pages in the enclave: A, B and C. Evict all pages in the > enclave, i.e. consume all slots in A, B and C. The list can be in > any order at this point, but for the sake of argument let's say the > order is C->A->B,

Re: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions

On Fri, 2017-12-08 at 07:31 -0800, Christopherson, Sean J wrote: > Jarkko Sakkinen wrote: > > On Thu, Dec 07, 2017 at 02:46:39PM +, Christopherson, Sean J wrote: > > > > + for (i = 0; i < 2; i++) { > > > > + va_page = list_first_entry(&encl->va_pages, > > > > + 

Re: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions

On Thu, 2017-12-07 at 18:05 +0200, Jarkko Sakkinen wrote: > On Thu, Dec 07, 2017 at 02:46:39PM +, Christopherson, Sean J wrote: > > > > > > > > + for (i = 0; i < 2; i++) { > > > + va_page = list_first_entry(&encl->va_pages, > > > +    struct sgx_va_page

RE: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions

> Subject: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel > Software Guard Extensions > > Intel SGX is a set of CPU instructions that can be used by applications > to set aside private regions of code and data. The code outside the > enclave is disallowed to access the memory i

RE: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions

Jarkko Sakkinen wrote: > On Thu, Dec 07, 2017 at 02:46:39PM +, Christopherson, Sean J wrote: > > > + for (i = 0; i < 2; i++) { > > > + va_page = list_first_entry(&encl->va_pages, > > > +struct sgx_va_page, list); > > > + va_offset = sgx_alloc

Re: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions

On Thu, Dec 07, 2017 at 06:05:48PM +0200, Jarkko Sakkinen wrote: > On Thu, Dec 07, 2017 at 02:46:39PM +, Christopherson, Sean J wrote: > > > + for (i = 0; i < 2; i++) { > > > + va_page = list_first_entry(&encl->va_pages, > > > +struct sgx_va_page, lis

Re: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions

On Thu, Dec 07, 2017 at 02:46:39PM +, Christopherson, Sean J wrote: > > + for (i = 0; i < 2; i++) { > > + va_page = list_first_entry(&encl->va_pages, > > + struct sgx_va_page, list); > > + va_offset = sgx_alloc_va_slot(va_page); > > +

RE: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions

Jarkko Sakkinen wrote: > +static void sgx_ewb(struct sgx_encl *encl, struct sgx_encl_page *entry) > +{ > + struct sgx_va_page *va_page; > + unsigned int va_offset; > + int ret; > + int i; > + > + for (i = 0; i < 2; i++) { > + va_page = list_first_entry(&encl->va_pag