Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1275080pxb; Fri, 21 Jan 2022 14:05:21 -0800 (PST) X-Google-Smtp-Source: ABdhPJxFBI3qMLX2wX3JT9sNvkV3h0QFItlMBlElNBShSbQNtfnDqm/t1uNAhYjiZYZaD0CooH5F X-Received: by 2002:a17:902:e845:b0:14a:4ef1:dd0b with SMTP id t5-20020a170902e84500b0014a4ef1dd0bmr5346994plg.21.1642802721481; Fri, 21 Jan 2022 14:05:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642802721; cv=none; d=google.com; s=arc-20160816; b=1HaN7iT46iurwnl7KyRpMVmntFn6BhyUNcM6oSYlVvrYrPDTonXhVC8QatFWf4aarj 7Bfxir8ni+P3pexPJ0NOw8EJrh1GNqIJGb6Q1XdRqjUSjBE9HW0EhYbpXplbujniPMbq PmcC32dP+PbO6Z8qyJiCyf/n9W07gHQ1ANbCi4xM3TdhNe2PYm2z10UOaVJKeCn3ZZ9R H4qSdCsTqeyVNuR2cZZhcJal698EESsCA+01+XUmYJ50qlvoS0y+LZk2E+81tKdDGW+Q YLAAhti8u7HpFxVoAA6GQqHg2Derws/mnarW8HyQ7cSB9TJ23CLu9CVGH8P+f7W6OC9z +aQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent :content-transfer-encoding:references:in-reply-to:date:cc:to:from :subject:message-id:dkim-signature; bh=B/A4UPVf4GNLpx96eUOAeOf78iuwBGAiJPieKTrPAV8=; b=L9fdscP9jjUIwMuHGYNA8I6Ez5i2+c9nbg6FivaiLz+y8813lFcA9VBlC6jmZA8kQM rSWwXXhBvyP8kIyNWwY9EW3DK/lhLzJchh1KiEvMkrOWKk5xT5IH0Knj5TeQl0Do/Km4 aXERpMqmMNp3xfZ0TySi9eMdZxiFwiF5pJafJX5pnmVGSB3ap4e0v3+5PqSqDAaAdhTq JZVqZ137scHqa6sgCA+u0/0/lJcu9I1vPFijZlveKR7oR/SUh3LlJ811x6GxMeYxt7b7 Y+aqNvOF7roBxt2h9rKG7hjaf7LUM9DZq7ogm/VUPb+QPvHKG3Om2S9SCL+uU0yJRlx1 Ri5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=oXrEZE4J; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h3si6825239pgb.838.2022.01.21.14.05.09; Fri, 21 Jan 2022 14:05:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=oXrEZE4J; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343832AbiATNJZ (ORCPT + 99 others); Thu, 20 Jan 2022 08:09:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41866 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1359696AbiATNJU (ORCPT ); Thu, 20 Jan 2022 08:09:20 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 92523C06173F; Thu, 20 Jan 2022 05:09:19 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 33BF56171C; Thu, 20 Jan 2022 13:09:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 16837C340E0; Thu, 20 Jan 2022 13:09:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1642684158; bh=B/A4UPVf4GNLpx96eUOAeOf78iuwBGAiJPieKTrPAV8=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=oXrEZE4JIOC7YBOt6qZtAh5coTwdSFOypRTAx2nFV/JJvgc39Dwtfr9nfToEV8OC/ LR/qFukBwJYJjgNV5zzFGqrqrZQY15x0X6wyBlK6NEQ3vuPX4pOfR+kovmVWysl5Lk n9MxQ8adK72vgS7J9DaBk7pBm6Fma6VUfGoI5EurAl8TeuLhCyQGgnm2/7BJ8gjyTC c40X5h8QLVNOx1NN4BopqEleHq77W/LzqU+g0BGik+XjBymmCUKJcMTJamCZMManFn InLCBO+Mg52uV0cnSd/VBmkwGCLIAx6XlJ57sZA0s3hijGMCvY6iZSBx9GaG9dhfF/ ADeybHu1kaicQ== Message-ID: <3bfe66204ee84a0bbccaf7cd20af0d8300fb9f26.camel@kernel.org> Subject: Re: [PATCH V2] x86/sgx: Add poison handling to reclaimer From: Jarkko Sakkinen To: Reinette Chatre , tony.luck@intel.com, dave.hansen@linux.intel.com, tglx@linutronix.de, bp@alien8.de, luto@kernel.org, mingo@redhat.com, linux-sgx@vger.kernel.org, x86@kernel.org Cc: linux-kernel@vger.kernel.org Date: Thu, 20 Jan 2022 15:09:03 +0200 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.42.3 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2022-01-19 at 14:23 -0800, Reinette Chatre wrote: > The SGX reclaimer code lacks page poison handling in its main > free path. This can lead to avoidable machine checks if a > poisoned page is freed and reallocated instead of being > isolated. >=20 > A troublesome scenario is: > =C2=A01. Machine check (#MC) occurs (asynchronous, !MF_ACTION_REQUIRED) > =C2=A02. arch_memory_failure() is eventually called > =C2=A03. (SGX) page->poison set to 1 > =C2=A04. Page is reclaimed > =C2=A05. Page added to normal free lists by sgx_reclaim_pages() > =C2=A0=C2=A0=C2=A0 ^ This is the bug (poison pages should be isolated on = the > =C2=A0=C2=A0=C2=A0 sgx_poison_page_list instead) > =C2=A06. Page is reallocated by some innocent enclave, a second > (synchronous) > =C2=A0=C2=A0=C2=A0 in-kernel #MC is induced, probably during EADD instruc= tion. > =C2=A0=C2=A0=C2=A0 ^ This is the fallout from the bug >=20 > (6) is unfortunate and can be avoided by replacing the open coded > enclave page freeing code in the reclaimer with sgx_free_epc_page() > to obtain support for poison page handling that includes placing the > poisoned page on the correct list. >=20 > Fixes: d6d261bded8a ("x86/sgx: Add new sgx_epc_page flag bit to mark > free pages") > Fixes: 992801ae9243 ("x86/sgx: Initial poison handling for dirty and > free pages") Same comment as for the first version: remove the first fixes tag. BR, Jarkko