e5733d8c89
The SGX reclaimer code lacks page poison handling in its main
free path. This can lead to avoidable machine checks if a
poisoned page is freed and reallocated instead of being
isolated.
A troublesome scenario is:
1. Machine check (#MC) occurs (asynchronous, !MF_ACTION_REQUIRED)
2. arch_memory_failure() is eventually called
3. (SGX) page->poison set to 1
4. Page is reclaimed
5. Page added to normal free lists by sgx_reclaim_pages()
^ This is the bug (poison pages should be isolated on the
sgx_poison_page_list instead)
6. Page is reallocated by some innocent enclave, a second (synchronous)
in-kernel #MC is induced, probably during EADD instruction.
^ This is the fallout from the bug
(6) is unfortunate and can be avoided by replacing the open coded
enclave page freeing code in the reclaimer with sgx_free_epc_page()
to obtain support for poison page handling that includes placing the
poisoned page on the correct list.
Fixes:
|
||
|---|---|---|
| .. | ||
| mce | ||
| microcode | ||
| mtrr | ||
| resctrl | ||
| sgx | ||
| .gitignore | ||
| Makefile | ||
| acrn.c | ||
| amd.c | ||
| aperfmperf.c | ||
| bugs.c | ||
| cacheinfo.c | ||
| centaur.c | ||
| common.c | ||
| cpu.h | ||
| cpuid-deps.c | ||
| cyrix.c | ||
| feat_ctl.c | ||
| hygon.c | ||
| hypervisor.c | ||
| intel.c | ||
| intel_epb.c | ||
| intel_pconfig.c | ||
| match.c | ||
| mkcapflags.sh | ||
| mshyperv.c | ||
| perfctr-watchdog.c | ||
| powerflags.c | ||
| proc.c | ||
| rdrand.c | ||
| scattered.c | ||
| topology.c | ||
| transmeta.c | ||
| tsx.c | ||
| umc.c | ||
| umwait.c | ||
| vmware.c | ||
| vortex.c | ||
| zhaoxin.c | ||