Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp149285pxb; Fri, 17 Sep 2021 21:59:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyXc93zgrozM7aAiUxUu/WnNfQJGV0hWPNGpQ6hVT2043UfqHNyFlZT2ePoTz96FJ2ci2Qv X-Received: by 2002:a17:906:dc4b:: with SMTP id yz11mr16695234ejb.460.1631941156735; Fri, 17 Sep 2021 21:59:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631941156; cv=none; d=google.com; s=arc-20160816; b=Sgc/KBKlKK/YqsYf0ZO2p2uuQcnh4IUn7XXcT6+1lVs6RysTsBdRdJPhXPXwGLBqaw EzPtgvSRS9uUQ72gyIU7oIGFcCYmKEZVbkX2q28mSkLSO6bNGRcT7PHoWmrXSHbpcuxf tSUUuJL1/n9k/neQ/9w/X46zpQjg3b7Go8FNJstwmfB46x0YNHjjSnCdIwF2x68fPtcu z3OB/RHIqiLKP5nM8MV2v5F2EuGrYdU4UVpYvhiAPbWLSVb6W09ZsR5lm2uN9DMb4Euw 0LQobW6H5N2ZBxYLSuVxSD+UoT96/Nt5MWHQxTOfdS8bR+bUJ/RAVrTTN7sX2mLYFhuY CgVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=RxvXYWQsB0PI7I11ZIjAYlCUre6XIdR1WnMIpIxQJl4=; b=MtWEbIK0LAmBNUJ4A6OgrionpRFJEi7/Gle9Dy/fj82fK3CAnpQcQoGAgDQ7AdQeF5 FBnGBe+LmHqY/Wn9MiPtpco0OcHNPi/x5c8kNgTnM5c7hiteHubJOM8gz7apS05dT5kI teepfQXroTaJ0pkX3Bqctu0upU6ipubxvVWe9QeSoTu/eqNLT+8erbwAmheKmmZT4xjT o25RkZa2e4kFQENcsP3CoZ9JOECcwatQAjxA7NoJHxuu25mIyma0SPErJGsVIibtaAmA t6GYJancYpsgukldb1vK3yi1H2xtUaonsiKJSA9iBY1gO+96upiRzi3nI2L0UoOETyrp FE0Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y17si9494182edi.120.2021.09.17.21.58.52; Fri, 17 Sep 2021 21:59:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344518AbhIQVkU (ORCPT + 99 others); Fri, 17 Sep 2021 17:40:20 -0400 Received: from mga07.intel.com ([134.134.136.100]:54587 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241949AbhIQVkN (ORCPT ); Fri, 17 Sep 2021 17:40:13 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10110"; a="286563050" X-IronPort-AV: E=Sophos;i="5.85,302,1624345200"; d="scan'208";a="286563050" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Sep 2021 14:38:50 -0700 X-IronPort-AV: E=Sophos;i="5.85,302,1624345200"; d="scan'208";a="546646804" Received: from agluck-desk2.sc.intel.com ([10.3.52.146]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Sep 2021 14:38:49 -0700 From: Tony Luck To: Sean Christopherson , Jarkko Sakkinen , Dave Hansen Cc: Cathy Zhang , linux-sgx@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, Tony Luck Subject: [PATCH v5 3/7] x86/sgx: Initial poison handling for dirty and free pages Date: Fri, 17 Sep 2021 14:38:32 -0700 Message-Id: <20210917213836.175138-4-tony.luck@intel.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210917213836.175138-1-tony.luck@intel.com> References: <20210827195543.1667168-1-tony.luck@intel.com> <20210917213836.175138-1-tony.luck@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org A memory controller patrol scrubber can report poison in a page that isn't currently being used. Add "poison" field in the sgx_epc_page that can be set for an sgx_epc_page. Check for it: 1) When sanitizing dirty pages 2) When freeing epc pages Poison is a new field separated from flags to avoid having to make all updates to flags atomic, or integrate poison state changes into some other locking scheme to protect flags. In both cases place the poisoned page on a list of poisoned epc pages to make sure it will not be reallocated. Add debugfs files /sys/kernel/debug/sgx/poison_page_list so that system administrators get a list of those pages that have been dropped because of poison. Signed-off-by: Tony Luck --- arch/x86/kernel/cpu/sgx/main.c | 30 +++++++++++++++++++++++++++++- arch/x86/kernel/cpu/sgx/sgx.h | 3 ++- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 10892513212d..7a53ff876059 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 /* Copyright(c) 2016-20 Intel Corporation. */ +#include #include #include #include @@ -43,6 +44,7 @@ static nodemask_t sgx_numa_mask; static struct sgx_numa_node *sgx_numa_nodes; static LIST_HEAD(sgx_dirty_page_list); +static LIST_HEAD(sgx_poison_page_list); /* * Reset post-kexec EPC pages to the uninitialized state. The pages are removed @@ -62,6 +64,12 @@ static void __sgx_sanitize_pages(struct list_head *dirty_page_list) page = list_first_entry(dirty_page_list, struct sgx_epc_page, list); + if (page->poison) { + list_del(&page->list); + list_add(&page->list, &sgx_poison_page_list); + continue; + } + ret = __eremove(sgx_get_epc_virt_addr(page)); if (!ret) { /* @@ -626,7 +634,10 @@ void sgx_free_epc_page(struct sgx_epc_page *page) spin_lock(&node->lock); page->private = NULL; - list_add_tail(&page->list, &node->free_page_list); + if (page->poison) + list_add(&page->list, &sgx_poison_page_list); + else + list_add_tail(&page->list, &node->free_page_list); sgx_nr_free_pages++; spin_unlock(&node->lock); @@ -657,6 +668,7 @@ static bool __init sgx_setup_epc_section(u64 phys_addr, u64 size, for (i = 0; i < nr_pages; i++) { section->pages[i].section = index; section->pages[i].flags = 0; + section->pages[i].poison = 0; section->pages[i].private = "dirty"; list_add_tail(§ion->pages[i].list, &sgx_dirty_page_list); } @@ -801,8 +813,21 @@ int sgx_set_attribute(unsigned long *allowed_attributes, } EXPORT_SYMBOL_GPL(sgx_set_attribute); +static int poison_list_show(struct seq_file *m, void *private) +{ + struct sgx_epc_page *page; + + list_for_each_entry(page, &sgx_poison_page_list, list) + seq_printf(m, "0x%lx\n", sgx_get_epc_phys_addr(page)); + + return 0; +} + +DEFINE_SHOW_ATTRIBUTE(poison_list); + static int __init sgx_init(void) { + struct dentry *dir; int ret; int i; @@ -834,6 +859,9 @@ static int __init sgx_init(void) if (sgx_vepc_init() && ret) goto err_provision; + dir = debugfs_create_dir("sgx", arch_debugfs_dir); + debugfs_create_file("poison_page_list", 0400, dir, NULL, &poison_list_fops); + return 0; err_provision: diff --git a/arch/x86/kernel/cpu/sgx/sgx.h b/arch/x86/kernel/cpu/sgx/sgx.h index 6a55b1971956..77f3d98c9fbf 100644 --- a/arch/x86/kernel/cpu/sgx/sgx.h +++ b/arch/x86/kernel/cpu/sgx/sgx.h @@ -28,7 +28,8 @@ struct sgx_epc_page { unsigned int section; - int flags; + u16 flags; + u16 poison; union { void *private; struct sgx_encl_page *owner; -- 2.31.1