[RFC PATCH v4 3/3] selftests/x86/sgx: Augment SGX selftest to test vDSO API

s that section would never exist in statically linked (enclave) images. Signed-off-by: Cedric Xing --- tools/testing/selftests/x86/sgx/Makefile | 6 +- tools/testing/selftests/x86/sgx/main.c | 344 ++--- tools/testing/selftests/x86/sgx/sgx_call.S | 40 ++- 3 files

[RFC PATCH v4 1/3] selftests/x86/sgx: Fix Makefile for SGX selftest

mpiler/linker options and simplifications to the build rules. Signed-off-by: Cedric Xing --- tools/testing/selftests/x86/sgx/Makefile | 45 +--- 1 file changed, 16 insertions(+), 29 deletions(-) diff --git a/tools/testing/selftests/x86/sgx/Makefile b/tools/testing/selftests/x86/sgx/Ma

[RFC PATCH v4 0/3] x86/sgx: Amend vDSO API to allow enclave/host parameter passing on untrusted stack

). Comments have also been added to describe the tests done. · v3 - https://patchwork.kernel.org/cover/11039263/ · v2 - https://patchwork.kernel.org/cover/10914161/ · v1 - https://patchwork.kernel.org/cover/10911615/ Cedric Xing (3): selftests/x86/sgx: Fix Makefile for SGX selftest x8

[RFC PATCH v4 2/3] x86/vdso: Modify __vdso_sgx_enter_enclave() to allow parameter passing on untrusted stack

value returned by the callback will be treated as an ENCLU leaf for re-entering the enclave, while a zero or negative value will be passed through as the return value of __vdso_sgx_enter_enclave() to its caller. It's also safe to leave callback by longjmp() or by throwing

[RFC PATCH v1 1/3] LSM/x86/sgx: Add SGX specific LSM hooks

linux/lsm_hooks.h for more information. Signed-off-by: Cedric Xing --- include/linux/lsm_hooks.h | 33 + include/linux/security.h | 26 ++ security/security.c | 21 + 3 files changed, 80 insertions(+) diff --git a/in

[RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux

_file_free_security() has been added. Signed-off-by: Cedric Xing --- security/selinux/Makefile| 2 + security/selinux/hooks.c | 77 ++- security/selinux/include/intel_sgx.h | 18 ++ security/selinux/include/objsec.h| 3 + security/selinux/

[RFC PATCH v1 0/3] security/x86/sgx: SGX specific LSM hooks

d), LSM modules would be able to track origin and protection changes of every page, hence be able to judge correctly upon mmap/mprotect requests. Cedric Xing (3): LSM/x86/sgx: Add SGX specific LSM hooks LSM/x86/sgx: Implement SGX specific hooks in SELinux LSM/x86/sgx: Call new LSM hooks from

[RFC PATCH v1 3/3] LSM/x86/sgx: Call new LSM hooks from SGX subsystem

. Secondly, security_enclave_load() is invoked upon loading of every enclave page. Lastly, security_enclave_init() is invoked before initializing (EINIT) every enclave. Signed-off-by: Cedric Xing --- arch/x86/kernel/cpu/sgx/driver/ioctl.c | 72 +++--- arch/x86/kernel/cpu/sgx

[RFC PATCH v2 0/3] An alternative __vdso_sgx_enter_enclave() to allow enclave/host parameter passing using untrusted stack

ased upon SGX1 patch v20 (https://lkml.org/lkml/2019/4/17/344) by Jarkko Sakkinen Cedric Xing (3): selftests/x86: Fixed Makefile for SGX selftest x86/vdso: Modify __vdso_sgx_enter_enclave() to allow parameter passing on untrusted stack selftests/x86: Augment SGX

[RFC PATCH v2 2/3] x86/vdso: Modify __vdso_sgx_enter_enclave() to allow parameter passing on untrusted stack

ted as an ENCLU leaf for re-entering the enclave, while a zero or negative value will be passed through as the return value of __vdso_sgx_enter_enclave() to its caller. It's also safe to leave callback by longjmp() or by throwing a C++ exception. Signed-off-by: Cedric Xing --- a

[RFC PATCH v2 1/3] selftests/x86: Fixed Makefile for SGX selftest

The original x86/sgx/Makefile doesn't work when 'x86/sgx' is specified as the test target. This patch fixes that problem, along with minor changes to the dependencies between 'x86' and 'x86/sgx' in selftests/x86/Makefile. Signed-off-by: Cedric Xing --- t

[RFC PATCH v2 3/3] selftests/x86: Augment SGX selftest to test new __vdso_sgx_enter_enclave() and its callback interface

-by: Cedric Xing --- tools/testing/selftests/x86/sgx/Makefile | 6 +- tools/testing/selftests/x86/sgx/main.c | 323 ++--- tools/testing/selftests/x86/sgx/sgx_call.S | 40 ++- 3 files changed, 322 insertions(+), 47 deletions(-) diff --git a/tools/testing/selftests/x86/sgx

[RFC PATCH v1 1/3] selftests/x86: Fixed Makefile for SGX selftest

The original x86/sgx/Makefile doesn't work when 'x86/sgx' is specified as the test target. This patch fixes that problem, along with minor changes to the dependencies between 'x86' and 'x86/sgx' in selftests/x86/Makefile. Signed-off-by: Cedric Xing --- t

[RFC PATCH v1 0/3] An alternative __vdso_sgx_enter_enclave() to allow enclave/host parameter passing using untrusted stack

upon SGX1 patch v20 (https://lkml.org/lkml/2019/4/17/344) by Jarkko Sakkinen Cedric Xing (3): selftests/x86: Fixed Makefile for SGX selftest x86/vdso: Modify __vdso_sgx_enter_enclave() to allow parameter passing on untrusted stack selftests/x86: Augment SGX selftest to test new __vd

[RFC PATCH v1 3/3] selftests/x86: Augment SGX selftest to test new __vdso_sgx_enter_enclave() and its callback interface

finishes. Signed-off-by: Cedric Xing --- tools/testing/selftests/x86/sgx/main.c | 123 ++--- tools/testing/selftests/x86/sgx/sgx_call.S | 40 ++- 2 files changed, 142 insertions(+), 21 deletions(-) diff --git a/tools/testing/selftests/x86/sgx/main.c b/tools/testing/selftests

[RFC PATCH v1 2/3] x86/vdso: Modify __vdso_sgx_enter_enclave() to allow parameter passing on untrusted stack

ted as an ENCLU leaf for re-entering the enclave, while a zero or negative value will be passed through as the return value of __vdso_sgx_enter_enclave() to its caller. It's also safe to leave callback by longjmp() or by throwing a C++ exception. Signed-off-by: Cedric Xing --- a