On Wed, Apr 07, 2021 at 06:18:11PM +0200, Borislav Petkov wrote:
> On Wed, Apr 07, 2021 at 07:03:47PM +0300, Jarkko Sakkinen wrote:
> > > Which leads to my question: what is sgx_nr_free_pages supposed to denote?
> > >
> > > Because I understand the callpath
&g
On Wed, Apr 07, 2021 at 01:53:24PM -0400, Stefan Berger wrote:
>
> On 4/7/21 12:10 PM, Mimi Zohar wrote:
> > On Wed, 2021-04-07 at 18:53 +0300, Jarkko Sakkinen wrote:
> > > On Tue, Apr 06, 2021 at 02:53:38PM -0400, Stefan Berger wrote:
> > > > This series add
On Wed, Apr 07, 2021 at 05:56:36PM +0200, Borislav Petkov wrote:
> On Tue, Apr 06, 2021 at 02:26:53AM +0300, Jarkko Sakkinen wrote:
> > Add two debugs attributes:
> >
> > * /sys/kernel/debug/x86/sgx_nr_all_pages
> > * /sys/kernel/debug/x86/sgx_nr_free_pages
>
> D
On Wed, Apr 07, 2021 at 05:49:34PM +0200, Borislav Petkov wrote:
> On Tue, Apr 06, 2021 at 02:26:52AM +0300, Jarkko Sakkinen wrote:
> > Now that the sanitization process will make pages available by calling
> > sgx_free_epc_page(), sgx_setup_epc_section() should not touch to
> &
On Tue, Apr 06, 2021 at 02:53:38PM -0400, Stefan Berger wrote:
> This series adds support for ECDSA-signed kernel modules.
>
> The first patch in this series attempts to address the issue where a
> developer created an ECDSA key for signing modules and then falls back
> to compiling an older
On Tue, Apr 06, 2021 at 09:11:21PM +0800, Hongbo Li wrote:
> From: Hongbo Li
>
> This series of patches adds support for x509 cert signed by RSA
> with PSS encoding method. RSA PSS is described in rfc8017.
Please also briefly describe it here AND also provide link to the
RFC. In the way this
$ sudo cat /sys/kernel/debug/x86/sgx_nr_free_pages
5632
Signed-off-by: Jarkko Sakkinen
---
v2:
* Use debugfs_create_ulong():
https://lore.kernel.org/linux-sgx/57c18e08-3e36-b5b3-aaba-9a21b75a1...@intel.com/
arch/x86/kernel/cpu/sgx/main.c | 13 -
1 file changed, 12 insertions(+), 1
6/sgx: Replace section->init_laundry_list with
sgx_dirty_page_list")
Signed-off-by: Jarkko Sakkinen
---
arch/x86/kernel/cpu/sgx/main.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
index 13a7599ce7d4..7df7048cb1c9 1006
On Fri, Apr 02, 2021 at 08:31:19PM +0200, Jethro Beekman wrote:
> On 2021-04-02 17:53, Dave Hansen wrote:
> > On 4/2/21 1:38 AM, Jethro Beekman wrote:
> >>> So, we're talking here about pages that have been EEADDED, but for
> >>> which we do not want to include the entire contents of the page?
>
anged, 1 insertion(+), 3 deletions(-)
Acked-by: Jarkko Sakkinen
/Jarkko
>
> diff --git a/security/keys/trusted-keys/trusted_tpm1.c
> b/security/keys/trusted-keys/trusted_tpm1.c
> index 493eb91ed017..90ded4757e79 100644
> --- a/security/keys/trusted-keys/trusted_tpm1.c
> +++ b
manually.
>
> Add ENDBR to __vdso_sgx_enter_enclave() branch targets.
>
> Signed-off-by: Yu-cheng Yu
> Cc: Andy Lutomirski
> Cc: Borislav Petkov
> Cc: Dave Hansen
> Cc: Jarkko Sakkinen
> Cc: Peter Zijlstra
Acked-by: Jarkko Sakkinen
> ---
> arch/x86/entry/vdso/vsgx.S |
On Thu, Apr 01, 2021 at 12:32:58PM -0700, Dave Hansen wrote:
> On 3/31/21 10:21 PM, Jarkko Sakkinen wrote:
> > +#ifdef CONFIG_DEBUG_FS
> > + debugfs_create_file("sgx_nr_all_pages", 0400, arch_debugfs_dir, NULL,
> > + _nr_all_pages_fop
On Thu, Apr 01, 2021 at 12:11:32PM +1100, Herbert Xu wrote:
> On Wed, Mar 31, 2021 at 04:34:29PM -0700, Eric Biggers wrote:
> > On Thu, Apr 01, 2021 at 02:31:46AM +0300, Jarkko Sakkinen wrote:
> > >
> > > It's a bummer but uapi is the god in the end. Since TPM
On Wed, Mar 31, 2021 at 04:34:29PM -0700, Eric Biggers wrote:
> On Thu, Apr 01, 2021 at 02:31:46AM +0300, Jarkko Sakkinen wrote:
> >
> > It's a bummer but uapi is the god in the end. Since TPM does not do it
> > today, that behaviour must be supported forever. Tha
6/sgx: Replace section->init_laundry_list with
sgx_dirty_page_list")
Signed-off-by: Jarkko Sakkinen
---
arch/x86/kernel/cpu/sgx/main.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
index 13a7599ce7d4..7df7048cb1c9 1006
$ sudo cat /sys/kernel/debug/x86/sgx_nr_free_pages
5632
Signed-off-by: Jarkko Sakkinen
---
arch/x86/kernel/cpu/sgx/main.c | 53 +-
1 file changed, 52 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
index
On Tue, Mar 30, 2021 at 02:47:18PM -0700, Eric Biggers wrote:
> On Sun, Mar 28, 2021 at 11:37:23PM +0300, Jarkko Sakkinen wrote:
> >
> > Unfortunately, TPM trusted keys started this bad security practice, and
> > obviously it cannot be fixed without breaking uapi ba
On Tue, Mar 30, 2021 at 12:56:41PM +0530, Sumit Garg wrote:
> On Mon, 29 Mar 2021 at 01:07, Jarkko Sakkinen wrote:
> >
> > On Sat, Mar 27, 2021 at 01:41:24PM +0100, David Gstir wrote:
> > > Hi!
> > >
> > > > On 25.03.2021, at 06:26, Sumit Garg wrote:
On Mon, Mar 29, 2021 at 12:11:24PM +0200, Ahmad Fatoum wrote:
> Hello Jarkko,
>
> On 28.03.21 22:37, Jarkko Sakkinen wrote:
> > On Sat, Mar 27, 2021 at 01:41:24PM +0100, David Gstir wrote:
> >> Generally speaking, I’d say trusting the CAAM RNG and trusting in it’s
>
m1,size=64M,prealloc
> > >
> > > Please note that the SGX relevant part is:
> > >
> > > -cpu host,+sgx_provisionkey \
> > > -sgx-epc id=epc1,memdev=mem1 \
> > > -object memory-backend-epc,id=mem1,size=64M,prealloc
> >
On Tue, Mar 30, 2021 at 10:28:28PM +0200, Varad Gautam wrote:
> Accept pss encoding for public_key_verify_signature. If
> CONFIG_CRYPTO_RSASSA_PSS is disabled, crypto_alloc_akcipher will
> fail to find a pss backend anyway.
>
> Signed-off-by: Varad Gautam
> ---
Acked-b
PSS
> signature.
>
> Signed-off-by: Varad Gautam
> ---
Reviewed-by: Jarkko Sakkinen
/Jarkko
> crypto/asymmetric_keys/asymmetric_type.c | 1 +
> include/linux/keyctl.h | 1 +
> security/keys/keyctl_pkey.c | 6 ++
> 3 files changed, 8
- a/arch/x86/kernel/cpu/sgx/encl.h
> +++ b/arch/x86/kernel/cpu/sgx/encl.h
> @@ -1,5 +1,5 @@
> /* SPDX-License-Identifier: GPL-2.0 */
> -/**
> +/*
> * Copyright(c) 2016-20 Intel Corporation.
> *
> * Contains the software defined data structures for enclaves.
> --
> 2.17.1
>
>
Acked-by: Jarkko Sakkinen
/Jarkko
certs/signing_key.x509 \
> + certs/x509.genkey \
> + vmlinux-gdb.py \
> *.spec
>
> # Directories & files removed with 'make distclean'
> --
> 2.29.2
>
>
Reviewed-by: Jarkko Sakkinen
/Jarkko
On Tue, Mar 30, 2021 at 08:08:45AM +0200, Ricardo Ribalda wrote:
> ima_file_mprotect does not return EACCES but EPERM.
>
> Signed-off-by: Ricardo Ribalda
Acked-by: Jarkko Sakkinen
/Jarkko
> ---
> security/integrity/ima/ima_main.c | 2 +-
> 1 file changed, 1 insert
On Sat, Mar 27, 2021 at 01:41:24PM +0100, David Gstir wrote:
> Hi!
>
> > On 25.03.2021, at 06:26, Sumit Garg wrote:
> >
> > On Wed, 24 Mar 2021 at 19:37, Ahmad Fatoum wrote:
> >>
> >> Hello Sumit,
> >>
> >> On 24.03.21 11:47, Sumit Garg wrote:
> >>> On Wed, 24 Mar 2021 at 14:56, Ahmad Fatoum
based on your needs.
Please also put tested-by from me to all patches (including pure KVM
patches):
Tested-by: Jarkko Sakkinen
I did the basic test, i.e. run selftest in a VM. I think that is
sufficient at this point.
/Jarkko
On Fri, Mar 26, 2021 at 09:48:48PM +0200, Jarkko Sakkinen wrote:
> On Thu, Mar 25, 2021 at 10:30:57PM +1300, Kai Huang wrote:
> > EREMOVE takes a page and removes any association between that page and
> > an enclave. It must be run on a page before it can be added into
>
On Thu, Mar 25, 2021 at 10:30:57PM +1300, Kai Huang wrote:
> EREMOVE takes a page and removes any association between that page and
> an enclave. It must be run on a page before it can be added into
> another enclave. Currently, EREMOVE is run as part of pages being freed
> into the SGX page
empt to 'fix' this again.
I'm a bit confused based on this commit message. Why is kmap_local_page()
better, and why kmalloc() is the ultimate choice of all three options?
>
> Cc: Sean Christopherson
> Cc: Jethro Beekman
> Cc: Jarkko Sakkinen
> Cc: Dave Hansen
> Signed-off-by: Ira Weiny
/Jarkko
On Tue, Mar 23, 2021 at 04:21:47PM +, Sean Christopherson wrote:
> On Tue, Mar 23, 2021, Borislav Petkov wrote:
> > On Tue, Mar 23, 2021 at 03:45:14PM +, Sean Christopherson wrote:
> > > Practically speaking, "basic" deployments of SGX VMs will be insulated
> > > from
> > > this bug. KVM
On Tue, Mar 23, 2021 at 05:06:04PM +0100, Borislav Petkov wrote:
> On Tue, Mar 23, 2021 at 03:45:14PM +, Sean Christopherson wrote:
> > Practically speaking, "basic" deployments of SGX VMs will be insulated from
> > this bug. KVM doesn't support EPC oversubscription, so even if all EPC is
> >
On Mon, Mar 22, 2021 at 12:57:26PM +0300, Andrey Ryabinin wrote:
> keyctl_read_key() has a strange code which allows possessor to read
> key's payload regardless of READ permission status:
>
> $ keyctl add user test test @u
> 196773443
> $ keyctl print 196773443
> test
> $ keyctl describe
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 901ddbb9ecf5425183ea0c09d10c2fd7868dce54
Gitweb:
https://git.kernel.org/tip/901ddbb9ecf5425183ea0c09d10c2fd7868dce54
Author:Jarkko Sakkinen
AuthorDate:Thu, 18 Mar 2021 01:53:31 +02:00
On Fri, Mar 19, 2021 at 03:59:31PM +0100, Borislav Petkov wrote:
> On Fri, Mar 19, 2021 at 04:50:33PM +0200, Jarkko Sakkinen wrote:
> > > > I was on the verge whether to merge that into the original patch since
> > > > it is the top patch on the branch or
On Fri, Mar 19, 2021 at 03:58:07PM +0100, Borislav Petkov wrote:
> On Fri, Mar 19, 2021 at 11:38:44AM -, tip-bot2 for Dave Hansen wrote:
> > tools/testing/selftests/sgx/load.c | 66 ++---
> > tools/testing/selftests/sgx/main.c | 2 +-
> > 2 files changed, 53
On Fri, Mar 19, 2021 at 08:29:27PM +1300, Kai Huang wrote:
> This series adds KVM SGX virtualization support. The first 14 patches starting
> with x86/sgx or x86/cpu.. are necessary changes to x86 and SGX core/driver to
> support KVM SGX virtualization, while the rest are patches to KVM subsystem.
On Fri, Mar 19, 2021 at 10:01:41PM +1300, Kai Huang wrote:
> On Fri, 19 Mar 2021 09:45:23 +0100 Borislav Petkov wrote:
> > On Fri, Mar 19, 2021 at 05:06:02PM +1300, Kai Huang wrote:
> > > Below kernel bug happened when running simple SGX application when EPC
> > > is under pressure. The root
On Fri, Mar 19, 2021 at 09:45:23AM +0100, Borislav Petkov wrote:
> On Fri, Mar 19, 2021 at 05:06:02PM +1300, Kai Huang wrote:
> > Below kernel bug happened when running simple SGX application when EPC
> > is under pressure. The root cause is with commit 5b8719504e3a
> > ("x86/sgx: Add a basic
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 323950a8a98b492ac2fa168e8e4c0becfb4554dd
Gitweb:
https://git.kernel.org/tip/323950a8a98b492ac2fa168e8e4c0becfb4554dd
Author:Jarkko Sakkinen
AuthorDate:Thu, 18 Mar 2021 01:53:31 +02:00
pc_page+0x46/0x152
> ...
>
> Fixes: 5b8719504e3a("x86/sgx: Add a basic NUMA allocation scheme to
> sgx_alloc_epc_page()")
> Signed-off-by: Kai Huang
Reviewed-by: Jarkko Sakkinen
> ---
> arch/x86/kernel/cpu/sgx/main.c | 4 ++--
> 1 file changed, 2 inse
rly initialized. Fix it.
>
> This was found by some fancy clang that 0day runs. My gcc
> does not detect it.
>
> Fixes: 5b8719504e3a ("x86/sgx: Add a basic NUMA allocation scheme to
> sgx_alloc_epc_page()")
> Reported-by: kernel test robot
> Signed-off-by: D
EXEC
> check that user has execute permissions on /dev/sgx_enclave and
> that /dev does not have noexec set: 'mount | grep "/dev .*noexec"'
>
> That can be fixed with:
>
> mount -o remount,noexec /devESC
>
> Hopefully, the combination of better error
ming.kicks-ass.net
>
> Since I've reproduced the problem locally, and these patches do seem to fully
> cure things, I'll shortly queue them for tip/locking/urgent.
For all:
Acked-by: Jarkko Sakkinen
/Jarkkko
On Thu, Mar 18, 2021 at 08:01:38PM +0100, Borislav Petkov wrote:
> On Thu, Mar 18, 2021 at 11:34:10AM -0700, Dave Hansen wrote:
> > I usually get that after I reboot. I have to do this:
> >
> > chmod 755 /dev/sgx_enclave
> > mount -o remount,exec /dev
>
> Yap, that did it:
>
>
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 5b8719504e3adf47646273781591ad439b3c3c7a
Gitweb:
https://git.kernel.org/tip/5b8719504e3adf47646273781591ad439b3c3c7a
Author:Jarkko Sakkinen
AuthorDate:Thu, 18 Mar 2021 01:53:31 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 51ab30eb2ad4c4a61f827dc18863cd70dc46dc32
Gitweb:
https://git.kernel.org/tip/51ab30eb2ad4c4a61f827dc18863cd70dc46dc32
Author:Jarkko Sakkinen
AuthorDate:Thu, 18 Mar 2021 01:53:30 +02:00
From: Jarkko Sakkinen
During normal runtime, the "ksgxd" daemon behaves like a version of
kswapd just for SGX. But, before it starts acting like kswapd, its
first job is to initialize enclave memory.
Currently, the SGX boot code places each enclave page on a
epc_section->init
From: Jarkko Sakkinen
Background
==
SGX enclave memory is enumerated by the processor in contiguous physical
ranges called Enclave Page Cache (EPC) sections. Currently, there is a
free list per section, but allocations simply target the lowest-numbered
sections. This is functional
On Wed, Mar 17, 2021 at 03:29:05PM +0100, Ahmad Fatoum wrote:
> MODULE_DEVICE_TABLE is defined in , which is not
> included. Add the include to fix the build error its lack caused.
>
> Cc: Sumit Garg
> Signed-off-by: Ahmad Fatoum
Hi, I appreciate your work, thanks for taking action, but
On Wed, Mar 17, 2021 at 07:07:07PM +0530, Sumit Garg wrote:
> On Wed, 17 Mar 2021 at 18:16, Peter Zijlstra wrote:
> >
> > On Wed, Mar 17, 2021 at 05:25:48PM +0530, Sumit Garg wrote:
> > > Thanks Peter for this fix. It does work for me on qemu for x86. Can
> > > you turn this into a proper fix
way, since
> module unload is never a performance critical path.
>
> Reported-by: Sumit Garg
> Signed-off-by: Peter Zijlstra (Intel)
> Tested-by: Sumit Garg
Reviewed-by: Jarkko Sakkinen
/Jarkko
> ---
> tools/objtool/check.c | 32
> 1
On Tue, Mar 16, 2021 at 12:27:19PM -0700, Yu, Yu-cheng wrote:
> On 3/16/2021 12:22 PM, Jarkko Sakkinen wrote:
> > On Tue, Mar 16, 2021 at 08:13:19AM -0700, Yu-cheng Yu wrote:
> > > ENDBR is a special new instruction for the Indirect Branch Tracking (IBT)
> > > comp
manually.
>
> Add ENDBR to __vdso_sgx_enter_enclave() branch targets.
>
> Signed-off-by: Yu-cheng Yu
> Cc: Andy Lutomirski
> Cc: Borislav Petkov
> Cc: Dave Hansen
> Cc: Jarkko Sakkinen
> Cc: Peter Zijlstra
> ---
> arch/x86/entry/vdso/vsgx.S | 4
> 1 file changed, 4
o use the CAAM for trusted keys.
>
> Signed-off-by: Ahmad Fatoum
> ---
> To: Jonathan Corbet
> To: David Howells
> To: Jarkko Sakkinen
> To: James Bottomley
> To: Mimi Zohar
> Cc: James Morris
> Cc: "Serge E. Hallyn"
> Cc: "Horia Geantă"
>
On Mon, Mar 15, 2021 at 09:27:00PM +0200, Jarkko Sakkinen wrote:
> On Mon, Mar 15, 2021 at 09:06:29PM +0200, Jarkko Sakkinen wrote:
> > On Mon, Mar 15, 2021 at 08:32:13AM -0700, Dave Hansen wrote:
> > > On 3/13/21 8:01 AM, Jarkko Sakkinen wrote:
> > >
On Mon, Mar 15, 2021 at 06:13:53PM -0700, Sean Christopherson wrote:
> On Tue, Mar 16, 2021, Jarkko Sakkinen wrote:
> > On Tue, Mar 16, 2021 at 01:05:05AM +0200, Jarkko Sakkinen wrote:
> > > The way I've understood it is that given that KVM can support SGX
> > &g
On Tue, Mar 16, 2021 at 12:49:33PM +1300, Kai Huang wrote:
> On Tue, 16 Mar 2021 01:08:44 +0200 Jarkko Sakkinen wrote:
> > On Tue, Mar 16, 2021 at 01:05:05AM +0200, Jarkko Sakkinen wrote:
> > > On Tue, Mar 16, 2021 at 09:48:59AM +1300, Kai Huang wrote:
> > > > On M
On Tue, Mar 16, 2021 at 09:29:34AM +1300, Kai Huang wrote:
> On Mon, 15 Mar 2021 15:19:32 +0200 Jarkko Sakkinen wrote:
> > On Mon, Mar 15, 2021 at 03:18:16PM +0200, Jarkko Sakkinen wrote:
> > > On Mon, Mar 15, 2021 at 08:12:36PM +1300, Kai Huang wrote:
> > > > On S
On Tue, Mar 16, 2021 at 01:05:05AM +0200, Jarkko Sakkinen wrote:
> On Tue, Mar 16, 2021 at 09:48:59AM +1300, Kai Huang wrote:
> > On Mon, 15 Mar 2021 15:51:17 +0200 Jarkko Sakkinen wrote:
> > > On Mon, Mar 15, 2021 at 03:04:59PM +0200, Jarkko Sakkinen wrote:
> > > >
On Tue, Mar 16, 2021 at 09:48:59AM +1300, Kai Huang wrote:
> On Mon, 15 Mar 2021 15:51:17 +0200 Jarkko Sakkinen wrote:
> > On Mon, Mar 15, 2021 at 03:04:59PM +0200, Jarkko Sakkinen wrote:
> > > On Mon, Mar 15, 2021 at 04:13:17PM +1300, Kai Huang wrote:
> > > > On S
On Tue, Mar 16, 2021 at 09:29:34AM +1300, Kai Huang wrote:
> On Mon, 15 Mar 2021 15:19:32 +0200 Jarkko Sakkinen wrote:
> > On Mon, Mar 15, 2021 at 03:18:16PM +0200, Jarkko Sakkinen wrote:
> > > On Mon, Mar 15, 2021 at 08:12:36PM +1300, Kai Huang wrote:
> > > > On S
On Mon, Mar 15, 2021 at 09:06:29PM +0200, Jarkko Sakkinen wrote:
> On Mon, Mar 15, 2021 at 08:32:13AM -0700, Dave Hansen wrote:
> > On 3/13/21 8:01 AM, Jarkko Sakkinen wrote:
> > > Replace the ad-hoc code with a sgx_free_epc_page(), in order to make sure
> > > that all t
On Mon, Mar 15, 2021 at 09:35:03AM -0700, Dave Hansen wrote:
> On 3/13/21 8:01 AM, Jarkko Sakkinen wrote:
> > Background
> > ==
> >
> > EPC section is covered by one or more SRAT entries that are associated with
> > one and only one PXM (NUMA node).
On Mon, Mar 15, 2021 at 09:03:21AM -0700, Dave Hansen wrote:
> On 3/13/21 8:01 AM, Jarkko Sakkinen wrote:
> > Reset initialized EPC pages in sgx_dirty_page_list to uninitialized state,
> > and free them using sgx_free_epc_page(). Do two passes, as for SECS pages
> > the
On Mon, Mar 15, 2021 at 08:32:13AM -0700, Dave Hansen wrote:
> On 3/13/21 8:01 AM, Jarkko Sakkinen wrote:
> > Replace the ad-hoc code with a sgx_free_epc_page(), in order to make sure
> > that all the relevant checks and book keeping is done, while freeing a
> > borrowed
On Mon, Mar 15, 2021 at 03:04:59PM +0200, Jarkko Sakkinen wrote:
> On Mon, Mar 15, 2021 at 04:13:17PM +1300, Kai Huang wrote:
> > On Sun, 14 Mar 2021 17:27:18 +0200 Jarkko Sakkinen wrote:
> > > On Sun, Mar 14, 2021 at 05:25:26PM +0200, Jarkko Sakkinen wrote:
> > > >
On Mon, Mar 15, 2021 at 03:18:16PM +0200, Jarkko Sakkinen wrote:
> On Mon, Mar 15, 2021 at 08:12:36PM +1300, Kai Huang wrote:
> > On Sat, 13 Mar 2021 12:45:53 +0200 Jarkko Sakkinen wrote:
> > > On Fri, Mar 12, 2021 at 01:21:54PM -0800, Sean Christopherson wrote:
> > >
On Mon, Mar 15, 2021 at 08:12:36PM +1300, Kai Huang wrote:
> On Sat, 13 Mar 2021 12:45:53 +0200 Jarkko Sakkinen wrote:
> > On Fri, Mar 12, 2021 at 01:21:54PM -0800, Sean Christopherson wrote:
> > > On Thu, Mar 11, 2021, Kai Huang wrote:
> > > > From: Jarkko Sakkinen
On Mon, Mar 15, 2021 at 04:13:17PM +1300, Kai Huang wrote:
> On Sun, 14 Mar 2021 17:27:18 +0200 Jarkko Sakkinen wrote:
> > On Sun, Mar 14, 2021 at 05:25:26PM +0200, Jarkko Sakkinen wrote:
> > > On Sat, Mar 13, 2021 at 09:07:36PM +0200, Jarkko Sakkinen wrote:
> > > >
On Sun, Mar 14, 2021 at 07:16:21PM +0800, Tianjia Zhang wrote:
> Simplify the sgx code implemntation by using library function
> getauxval() instead of a custom function to get the base address
> of vDSO.
>
> Signed-off-by: Tianjia Zhang
> Reviewed-by: Jarkko Sakkinen
>
On Sun, Mar 14, 2021 at 05:25:26PM +0200, Jarkko Sakkinen wrote:
> On Sat, Mar 13, 2021 at 09:07:36PM +0200, Jarkko Sakkinen wrote:
> > On Sat, Mar 13, 2021 at 09:05:36PM +0200, Jarkko Sakkinen wrote:
> > > On Fri, Mar 12, 2021 at 01:44:58PM -0800, Sean Christopherson wrote:
>
On Sat, Mar 13, 2021 at 09:07:36PM +0200, Jarkko Sakkinen wrote:
> On Sat, Mar 13, 2021 at 09:05:36PM +0200, Jarkko Sakkinen wrote:
> > On Fri, Mar 12, 2021 at 01:44:58PM -0800, Sean Christopherson wrote:
> > > On Tue, Mar 09, 2021, Kai Huang wrote:
> > > > M
On Sat, Mar 13, 2021 at 06:01:19PM +0200, Jarkko Sakkinen wrote:
> Background
> ==
>
> EPC section is covered by one or more SRAT entries that are associated with
> one and only one PXM (NUMA node). The motivation behind this patch is to
> provide basic elements of b
On Sat, Mar 13, 2021 at 09:05:36PM +0200, Jarkko Sakkinen wrote:
> On Fri, Mar 12, 2021 at 01:44:58PM -0800, Sean Christopherson wrote:
> > On Tue, Mar 09, 2021, Kai Huang wrote:
> > > Modify sgx_init() to always try to initialize the virtual EPC driver,
> > > even if
On Fri, Mar 12, 2021 at 01:44:58PM -0800, Sean Christopherson wrote:
> On Tue, Mar 09, 2021, Kai Huang wrote:
> > Modify sgx_init() to always try to initialize the virtual EPC driver,
> > even if the SGX driver is disabled. The SGX driver might be disabled
> > if SGX Launch Control is in locked
e them consistently.
>
> Cc: David Howells
> Cc: David S. Miller
> Cc: David Woodhouse
> Cc: Eric Snowberg
> Cc: Herbert Xu
> Cc: Jarkko Sakkinen
> Signed-off-by: Mickaël Salaün
> Link: https://lore.kernel.org/r/20210312171232.2681989-5-...@digikod.net
Revie
description checking (provided
> by following commits) to failed for builtin hashes.
>
> Update CONFIG_SYSTEM_BLACKLIST_HASH_LIST help to explain the content of
> a hash string and how to generate certificate ones.
>
> Cc: David Howells
> Cc: David Woodhouse
> Cc: Eric Sno
:
https://lore.kernel.org/lkml/158188326978.894464.217282995221175417.st...@dwillia2-desk3.amr.corp.intel.com/
Signed-off-by: Jarkko Sakkinen
---
v4:
* Cycle nodes instead of a global page list, starting from the node
of the current thread.
* Documented NUMA_KEEP_MEMINFO dependency
, as the
initialization could be triggered by kexec(), meaning that pages have been
reserved for active enclaves before the operation.
The section local lists are redundant, as sgx_free_epc_page() figures
out the correction by using epc_page->section.
Signed-off-by: Jarkko Sakkinen
---
v4:
* Open co
is a nop.
Signed-off-by: Jarkko Sakkinen
---
v4:
* Rewrote the commit message.
arch/x86/kernel/cpu/sgx/main.c | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
index 8df81a3ed945..65004fb8a91f 100644
--- a/arch
On Fri, Mar 12, 2021 at 01:21:54PM -0800, Sean Christopherson wrote:
> On Thu, Mar 11, 2021, Kai Huang wrote:
> > From: Jarkko Sakkinen
> >
> > EREMOVE takes a page and removes any association between that page and
> > an enclave. It must be run on a page before it ca
On Fri, Mar 12, 2021 at 08:30:36AM -0800, James Bottomley wrote:
> On Fri, 2021-03-12 at 18:26 +0200, Jarkko Sakkinen wrote:
> > On Wed, Mar 10, 2021 at 02:26:27PM -0800, James Bottomley wrote:
> > > On Wed, 2021-03-10 at 21:56 +0200, Jarkko Sakkinen wrote:
> > > [...]
&
On Fri, Mar 12, 2021 at 06:55:57PM +0200, Jarkko Sakkinen wrote:
> On Wed, Mar 10, 2021 at 03:20:20PM -0800, Dave Hansen wrote:
> > On 3/10/21 2:55 PM, Yu, Yu-cheng wrote:
> > > On 3/10/2021 2:39 PM, Jarkko Sakkinen wrote:
> > >> On Wed, Mar 10, 2021 at 02:05
On Thu, Mar 11, 2021 at 09:42:05AM +0100, Peter Zijlstra wrote:
> On Thu, Mar 11, 2021 at 05:36:06AM +0200, Jarkko Sakkinen wrote:
> > Does it do any harm to put it there unconditionally?
>
> Blows up your text footprint and I$ pressure. These instructions are 4
> bytes eac
On Wed, Mar 10, 2021 at 03:20:20PM -0800, Dave Hansen wrote:
> On 3/10/21 2:55 PM, Yu, Yu-cheng wrote:
> > On 3/10/2021 2:39 PM, Jarkko Sakkinen wrote:
> >> On Wed, Mar 10, 2021 at 02:05:19PM -0800, Yu-cheng Yu wrote:
> >>> When CET is enabled, __vdso_sgx_en
On Thu, Mar 11, 2021 at 09:02:38AM -0500, Stefan Berger wrote:
>
> On 3/10/21 6:24 PM, Jarkko Sakkinen wrote:
> > On Thu, Mar 11, 2021 at 01:21:47AM +0200, Jarkko Sakkinen wrote:
> > > On Wed, Mar 10, 2021 at 05:19:14PM -0500, Stefan Berger wrote:
> > > > When tp
On Thu, Mar 11, 2021 at 12:53:49PM +0800, Tianjia Zhang wrote:
>
>
> On 3/11/21 11:42 AM, Jarkko Sakkinen wrote:
> > On Thu, Mar 11, 2021 at 10:47:50AM +0800, Jia Zhang wrote:
> > >
> > >
> > > On 2021/3/11 上午5:39, Jarkko Sakkinen wrote:
> > &
On Wed, Mar 10, 2021 at 02:26:27PM -0800, James Bottomley wrote:
> On Wed, 2021-03-10 at 21:56 +0200, Jarkko Sakkinen wrote:
> [...]
> > I also need to apply
> >
> > https://lore.kernel.org/linux-integrity/20210127190617.17564-1-james.bottom...@hansenpartnership.com/
&
On Thu, Mar 11, 2021 at 10:47:50AM +0800, Jia Zhang wrote:
>
>
> On 2021/3/11 上午5:39, Jarkko Sakkinen wrote:
> > On Wed, Mar 10, 2021 at 08:44:44PM +0800, Jia Zhang wrote:
> >>
> >>
> >> On 2021/3/2 下午9:47, Jarkko Sakkinen wrote:
> >>> On
On Wed, Mar 10, 2021 at 02:55:55PM -0800, Yu, Yu-cheng wrote:
> On 3/10/2021 2:39 PM, Jarkko Sakkinen wrote:
> > On Wed, Mar 10, 2021 at 02:05:19PM -0800, Yu-cheng Yu wrote:
> > > When CET is enabled, __vdso_sgx_enter_enclave() needs an endbr64
> > > in the beginning o
On Thu, Mar 11, 2021 at 01:35:04AM +0200, Jarkko Sakkinen wrote:
> On Wed, Mar 10, 2021 at 02:26:27PM -0800, James Bottomley wrote:
> > On Wed, 2021-03-10 at 21:56 +0200, Jarkko Sakkinen wrote:
> > [...]
> > > I also need to apply
> > >
> > &g
On Wed, Mar 10, 2021 at 02:26:27PM -0800, James Bottomley wrote:
> On Wed, 2021-03-10 at 21:56 +0200, Jarkko Sakkinen wrote:
> [...]
> > I also need to apply
> >
> > https://lore.kernel.org/linux-integrity/20210127190617.17564-1-james.bottom...@hansenpartnership.com/
&
On Thu, Mar 11, 2021 at 01:21:47AM +0200, Jarkko Sakkinen wrote:
> On Wed, Mar 10, 2021 at 05:19:14PM -0500, Stefan Berger wrote:
> > When tpm_read_log_efi is called multiple times, which happens when
> > one loads and unloads a TPM2 driver multiple times, then the glob
On Wed, Mar 10, 2021 at 05:19:14PM -0500, Stefan Berger wrote:
> When tpm_read_log_efi is called multiple times, which happens when
> one loads and unloads a TPM2 driver multiple times, then the global
> variable efi_tpm_final_log_size will at some point become a negative
> number due to the
;events + log_tbl->final_events_preboot_size,
> -efi_tpm_final_log_size);
> +final_events_log_size);
> + /*
> + * The size of the 'combined log' is the size of the 'main log' plus
> + * the size of the 'final events log'.
> + */
> log->bios_event_log_end = log->bios_event_log +
> - log_size + efi_tpm_final_log_size;
> + log_size + final_events_log_size;
>
> out:
> memunmap(final_tbl);
> --
> 2.29.2
>
>
Hey, thanks a lot for that documentation!
Reviewed-by: Jarkko Sakkinen
I applied these to my master, planning to squeeze in 5.12 (if Linus accepts
them).
/Jarkko
g->bios_event_log, virt, len);
>
> acpi_os_unmap_iomem(virt, len);
> +
> + if (chip->flags & TPM_CHIP_FLAG_TPM2 &&
> + !tpm_is_tpm2_log(log->bios_event_log, len)) {
> + /* try EFI log next */
> + ret = -ENODEV;
> + goto err;
> + }
> +
> return format;
>
> err:
> kfree(log->bios_event_log);
> log->bios_event_log = NULL;
> - return -EIO;
> + return ret;
>
> }
> --
> 2.29.2
>
>
Reviewed-by: Jarkko Sakkinen
/Jarkko
int log_version;
> int rc = 0;
>
> + if (chip->flags & TPM_CHIP_FLAG_VIRTUAL)
> + return;
> +
> rc = tpm_read_log(chip);
> if (rc < 0)
> return;
> --
> 2.29.2
>
>
Reviewed-by: Jarkko Sakkinen
/Jarkko
On Wed, Mar 10, 2021 at 05:19:13PM -0500, Stefan Berger wrote:
> This series of patches fixes a couple of issues related to TPM2
> event logs, such as the disappearance of the TPM2 log on QEMU machines
> running with UEFI (my fault) and a kernel fault due to an integer under-
> flow when reading
utomirski
> Cc: Dave Hansen
> Cc: Jarkko Sakkinen
> ---
> arch/x86/entry/vdso/vsgx.S | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/x86/entry/vdso/vsgx.S b/arch/x86/entry/vdso/vsgx.S
> index 86a0e94f68df..a70d4d09f713 100644
> --- a/arch/x86/ent
201 - 300 of 8082 matches
Mail list logo