Intel SGX Enclaves Were Prone To Crashes On Linux Under Heavy Memory Pressure

Written by Michael Larabel in Intel on 24 May 2022 at 04:55 AM EDT. 4 Comments
INTEL
Intel's Software Guard Extensions (SGX) as security-related extensions to their processors that allow for protected memory enclaves has had a rather bouncy journey. Intel continues supporting SGX on their latest Xeon processors but on the client side have been deprecated since 11th Gen Core. Over the years SGX has been found vulnerable to various attacks from speculative execution exploits to Plundervolt. It also turns out under Linux until now was also open to crashing under memory pressure.

Queued up as part of the SGX changes for Linux 5.19 is addressing the possibility of the SGX support crashing when under heavy memory pressure. Dave Hansen of Intel explained in the SGX updates for v5.19:
A set of patches to prevent crashes in SGX enclaves under heavy memory pressure:

SGX uses normal RAM allocated from special shmem files as backing storage when it runs out of SGX memory (EPC). The code was overly aggressive when freeing shmem pages and was inadvertently freeing perfectly good data. This resulted in failures in the SGX instructions used to swap data back into SGX memory.

The "good" news is that it's difficult to trigger this behavior on the mainline Linux kernel and likely how the problem lasted so long. Intel noticed the issue when testing their latest out-of-tree patches for "SGX2" and then when investigating that discovered that the mainline code is also vulnerable albeit less likely to be encountered.


The SGX updates for Linux 5.19 fix this issue by being more careful about truncating pages out of the backing storage and the marking of dirty pages.
4 Comments
Related News
Linux 6.7 To Support New Intel DG2-G12 Stepping, More Raptor Lake IDs
Intel Arrow Lake NPU Support Slides Into Linux 6.6 IVPU Driver
Mesa 23.3 Lands Initial Intel Vulkan Driver Sparse Support - Needed For Many Newer Games
More Intel Xe2 / Lunar Lake Graphics Support Readied For Open-Source Mesa Drivers
Intel Has Another Series Optimizing Linux Performance With PCP High Auto-Tuning
Intel's Habana Labs Driver Quietly Drops References To The Greco AI Processor
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linux Terminal Emulators Have The Potential Of Being Much Faster
PipeWire 1.0 Planned For Release Later This Year
Linux's Multi-Grain Timestamps Short-Lived: Removed From The Kernel After A Few Weeks
Linux 6.7 Adding New Feature To Btrfs For The Steam Deck
Firefox 118 Available With Performance Improvements, Automated Translations
Blumenkrantz Optimizes Mesa Vulkan Submission Merging - Some Test Cases Improve 1000%+
Reminder: The 2023 Phoronix Premium Oktoberfest/Autumn Special
Counter-Strike 2 Now Available With An Initial Linux Build