> -----Original Message----- > From: platform-driver-x86-ow...@vger.kernel.org [mailto:platform-driver-x86- > ow...@vger.kernel.org] On Behalf Of Sean Christopherson > Sent: Wednesday, September 5, 2018 4:36 AM > To: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> > Cc: Huang, Kai <kai.hu...@intel.com>; platform-driver-...@vger.kernel.org; > x...@kernel.org; nhor...@redhat.com; linux-kernel@vger.kernel.org; > t...@linutronix.de; suresh.b.sid...@intel.com; Ayoun, Serge > <serge.ay...@intel.com>; h...@zytor.com; npmccal...@redhat.com; > mi...@redhat.com; linux-...@vger.kernel.org; Hansen, Dave > <dave.han...@intel.com> > Subject: Re: [PATCH v13 10/13] x86/sgx: Add sgx_einit() for initializing > enclaves > > On Tue, Sep 04, 2018 at 06:30:21PM +0300, Jarkko Sakkinen wrote: > > On Tue, Sep 04, 2018 at 07:54:51AM -0700, Sean Christopherson wrote: > > > I don't see any value in trying to rule out specific causes of > > > INVALID_TOKEN, but we should only retry EINIT if ret==INVALID_TOKEN > > > and RDMSR(HASH0) != sgx_lepubkeyhash[0]. Only the first MSR needs > > > to be checked for validity as they're a package deal, i.e. they'll > > > all be valid or all be reset. There shouldn't be a limit on retry > > > attempts, e.g. the MSRs could theoretically be reset between WRMSR and > EINIT. > > > > Why is doing rdmsrs necessary? With the INVALID_TOKEN error we know we > > are out-of-sync i.e. have been sleeping and then one just needs to do > > wrmsrs. > > As Kai mentioned, INVALID_TOKEN is returned for other reasons, e.g. a > production enclave trying to use a debug token or reserved bits set in the > token. > And in the KVM case, the hash and token are provided by the guest, so it's > entirely possible the enclave/token is not signed with the key specified in > the > hash. RDMSR is relatively inexpensive compared to the overall cost of EINIT. > Though of course EINIT failure isn't exactly a fast path, so I'm ok if you > want to > opt for simplicity and retry on INVALID_TOKEN without checking the MSRs, just > make sure to add a comment indicating we're intentionally not checking the > MSRs. > > > I think one retry should be enough given that VMM traps EINIT. One > > retry is needed to take care of the guest itself (or host if we are > > running on bare metal) having been in a sleep state. > > Assuming we do RDMSR(hash0), that should be sufficient to prevent infinite > retry > and
IMHO probably we need to review this assumption w/ crypto guys, at least Intel internally. Thanks, -Kai it protects against the MSRs being lost between WRMSR and EINIT during > retry. That being said, I'm ok retrying only once, especially if you want to > omit > the RDMSR. Disabling preemption should prevent the kernel from suspending > between WRMSR and EINIT, I'm just being paranoid.
