From: Jarkko Sakkinen <jarkko@kernel.org>
To: Tony Luck <tony.luck@intel.com>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
naoya.horiguchi@nec.com
Cc: Andrew Morton <akpm@linux-foundation.org>,
Sean Christopherson <seanjc@google.com>,
Dave Hansen <dave.hansen@intel.com>,
Cathy Zhang <cathy.zhang@intel.com>,
linux-sgx@vger.kernel.org, linux-acpi@vger.kernel.org,
linux-mm@kvack.org, Reinette Chatre <reinette.chatre@intel.com>
Subject: Re: [PATCH v9 6/7] x86/sgx: Add hook to error injection address validation
Date: Tue, 12 Oct 2021 19:50:49 +0300 [thread overview]
Message-ID: <86c924fad46291f962381e9e23a6cdbb95d4d31e.camel@kernel.org> (raw)
In-Reply-To: <20211011185924.374213-7-tony.luck@intel.com>
On Mon, 2021-10-11 at 11:59 -0700, Tony Luck wrote:
> SGX reserved memory does not appear in the standard address maps.
>
> Add hook to call into the SGX code to check if an address is located
> in SGX memory.
>
> There are other challenges in injecting errors into SGX. Update the
> documentation with a sequence of operations to inject.
>
> Tested-by: Reinette Chatre <reinette.chatre@intel.com>
> Signed-off-by: Tony Luck <tony.luck@intel.com>
> ---
> .../firmware-guide/acpi/apei/einj.rst | 19 +++++++++++++++++++
> drivers/acpi/apei/einj.c | 3 ++-
> 2 files changed, 21 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/firmware-guide/acpi/apei/einj.rst b/Documentation/firmware-guide/acpi/apei/einj.rst
> index c042176e1707..55e2331a6438 100644
> --- a/Documentation/firmware-guide/acpi/apei/einj.rst
> +++ b/Documentation/firmware-guide/acpi/apei/einj.rst
> @@ -181,5 +181,24 @@ You should see something like this in dmesg::
> [22715.834759] EDAC sbridge MC3: PROCESSOR 0:306e7 TIME 1422553404 SOCKET 0 APIC 0
> [22716.616173] EDAC MC3: 1 CE memory read error on CPU_SrcID#0_Channel#0_DIMM#0 (channel:0 slot:0 page:0x12345 offset:0x0 grain:32 syndrome:0x0 - area:DRAM err_code:0001:0090 socket:0
> channel_mask:1 rank:0)
>
> +Special notes for injection into SGX enclaves:
> +
> +There may be a separate BIOS setup option to enable SGX injection.
> +
> +The injection process consists of setting some special memory controller
> +trigger that will inject the error on the next write to the target
> +address. But the h/w prevents any software outside of an SGX enclave
> +from accessing enclave pages (even BIOS SMM mode).
> +
> +The following sequence can be used:
> + 1) Determine physical address of enclave page
> + 2) Use "notrigger=1" mode to inject (this will setup
> + the injection address, but will not actually inject)
> + 3) Enter the enclave
> + 4) Store data to the virtual address matching physical address from step 1
> + 5) Execute CLFLUSH for that virtual address
> + 6) Spin delay for 250ms
> + 7) Read from the virtual address. This will trigger the error
> +
> For more information about EINJ, please refer to ACPI specification
> version 4.0, section 17.5 and ACPI 5.0, section 18.6.
> diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c
> index 2882450c443e..67c335baad52 100644
> --- a/drivers/acpi/apei/einj.c
> +++ b/drivers/acpi/apei/einj.c
> @@ -544,7 +544,8 @@ static int einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2,
> ((region_intersects(base_addr, size, IORESOURCE_SYSTEM_RAM, IORES_DESC_NONE)
> != REGION_INTERSECTS) &&
> (region_intersects(base_addr, size, IORESOURCE_MEM, IORES_DESC_PERSISTENT_MEMORY)
> - != REGION_INTERSECTS)))
> + != REGION_INTERSECTS) &&
> + !arch_is_platform_page(base_addr)))
> return -EINVAL;
>
> inject:
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
/Jarkko
next prev parent reply other threads:[~2021-10-12 16:50 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20211001164724.220532-1-tony.luck@intel.com>
2021-10-11 18:59 ` [PATCH v9 0/7] Basic recovery for machine checks inside SGX Tony Luck
2021-10-11 18:59 ` [PATCH v9 1/7] x86/sgx: Add new sgx_epc_page flag bit to mark in-use pages Tony Luck
2021-10-15 22:57 ` Sean Christopherson
2021-10-11 18:59 ` [PATCH v9 2/7] x86/sgx: Add infrastructure to identify SGX EPC pages Tony Luck
2021-10-22 10:43 ` kernel test robot
2021-10-11 18:59 ` [PATCH v9 3/7] x86/sgx: Initial poison handling for dirty and free pages Tony Luck
2021-10-15 23:07 ` Sean Christopherson
2021-10-15 23:32 ` Luck, Tony
2021-10-11 18:59 ` [PATCH v9 4/7] x86/sgx: Add SGX infrastructure to recover from poison Tony Luck
2021-10-15 23:10 ` Sean Christopherson
2021-10-15 23:19 ` Luck, Tony
2021-10-11 18:59 ` [PATCH v9 5/7] x86/sgx: Hook arch_memory_failure() into mainline code Tony Luck
2021-10-12 16:49 ` Jarkko Sakkinen
2021-10-11 18:59 ` [PATCH v9 6/7] x86/sgx: Add hook to error injection address validation Tony Luck
2021-10-12 16:50 ` Jarkko Sakkinen [this message]
2021-10-11 18:59 ` [PATCH v9 7/7] x86/sgx: Add check for SGX pages to ghes_do_memory_failure() Tony Luck
2021-10-12 16:51 ` Jarkko Sakkinen
2021-10-12 16:48 ` [PATCH v9 0/7] Basic recovery for machine checks inside SGX Jarkko Sakkinen
2021-10-12 17:57 ` Luck, Tony
2021-10-18 20:25 ` [PATCH v10 " Tony Luck
2021-10-18 20:25 ` [PATCH v10 1/7] x86/sgx: Add new sgx_epc_page flag bit to mark free pages Tony Luck
2021-10-18 20:25 ` [PATCH v10 2/7] x86/sgx: Add infrastructure to identify SGX EPC pages Tony Luck
2021-10-18 20:25 ` [PATCH v10 3/7] x86/sgx: Initial poison handling for dirty and free pages Tony Luck
2021-10-18 20:25 ` [PATCH v10 4/7] x86/sgx: Add SGX infrastructure to recover from poison Tony Luck
2021-10-18 20:25 ` [PATCH v10 5/7] x86/sgx: Hook arch_memory_failure() into mainline code Tony Luck
2021-10-20 9:06 ` Naoya Horiguchi
2021-10-20 17:04 ` Luck, Tony
2021-10-18 20:25 ` [PATCH v10 6/7] x86/sgx: Add hook to error injection address validation Tony Luck
2021-10-18 20:25 ` [PATCH v10 7/7] x86/sgx: Add check for SGX pages to ghes_do_memory_failure() Tony Luck
2021-10-26 22:00 ` [PATCH v11 0/7] Basic recovery for machine checks inside SGX Tony Luck
2021-10-26 22:00 ` [PATCH v11 1/7] x86/sgx: Add new sgx_epc_page flag bit to mark free pages Tony Luck
2021-10-26 22:00 ` [PATCH v11 2/7] x86/sgx: Add infrastructure to identify SGX EPC pages Tony Luck
2021-10-26 22:00 ` [PATCH v11 3/7] x86/sgx: Initial poison handling for dirty and free pages Tony Luck
2021-10-26 22:00 ` [PATCH v11 4/7] x86/sgx: Add SGX infrastructure to recover from poison Tony Luck
2021-10-26 22:00 ` [PATCH v11 5/7] x86/sgx: Hook arch_memory_failure() into mainline code Tony Luck
2021-10-26 22:00 ` [PATCH v11 6/7] x86/sgx: Add hook to error injection address validation Tony Luck
2021-10-26 22:00 ` [PATCH v11 7/7] x86/sgx: Add check for SGX pages to ghes_do_memory_failure() Tony Luck
2021-10-29 18:39 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86c924fad46291f962381e9e23a6cdbb95d4d31e.camel@kernel.org \
--to=jarkko@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=cathy.zhang@intel.com \
--cc=dave.hansen@intel.com \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-sgx@vger.kernel.org \
--cc=naoya.horiguchi@nec.com \
--cc=rafael.j.wysocki@intel.com \
--cc=reinette.chatre@intel.com \
--cc=seanjc@google.com \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox