On 11/16/2022 12:33 PM, Borislav Petkov wrote:
On Wed, Nov 16, 2022 at 12:01:11PM -0600, Kalra, Ashish wrote:
Ok, so i will work on implementing this leaked pages list and put it on a
sev/snp associated structure.
See __sgx_sanitize_pages() and the poison list there, for an example.
Also to add here, we will actually get a not-present #PF instead of the RMP
violation #PF on writing to these leaked pages, as these pages would have
been removed from the kernel direct map.
So if you do the list and still have the kernel raise a RMP fault for
those pages, traversing that list in the RMP handler to check whether
the page is there on it, should be a lot faster operation than doing the
#PF thing and removing them from the direct map.
Actually, these host allocated pages would have already been removed
from the kernel direct map, when they were transitioned to the firmware
state. So actually the not-present #PF fault will happen on any
read/write access to these leaked pages instead of the RMP violation #PF
(not-present #PF has higher priority than RMP violation #PF).
If these pages cannot be reclaimed, they are unsafe to use and cannot be
added back to the kernel direct map.
Thanks,
Ashish
And sorry for misleading you about UPM - we were thinking wrong
yesterday.
Thx.