Re: [PATCH v2 1/2] x86/sgx: Do not update sgx_nr_free_pages in sgx_setup_epc_section()

On Wed, Apr 07, 2021 at 06:18:11PM +0200, Borislav Petkov wrote: > On Wed, Apr 07, 2021 at 07:03:47PM +0300, Jarkko Sakkinen wrote: > > > Which leads to my question: what is sgx_nr_free_pages supposed to denote? > > > > > > Because I understand the callpath &g

Re: [PATCH 0/2] Add support for ECDSA-signed kernel modules

On Wed, Apr 07, 2021 at 01:53:24PM -0400, Stefan Berger wrote: > > On 4/7/21 12:10 PM, Mimi Zohar wrote: > > On Wed, 2021-04-07 at 18:53 +0300, Jarkko Sakkinen wrote: > > > On Tue, Apr 06, 2021 at 02:53:38PM -0400, Stefan Berger wrote: > > > > This series add

Re: [PATCH v2 2/2] x86/sgx: Add sgx_nr_{all, free}_pages to the debugfs

On Wed, Apr 07, 2021 at 05:56:36PM +0200, Borislav Petkov wrote: > On Tue, Apr 06, 2021 at 02:26:53AM +0300, Jarkko Sakkinen wrote: > > Add two debugs attributes: > > > > * /sys/kernel/debug/x86/sgx_nr_all_pages > > * /sys/kernel/debug/x86/sgx_nr_free_pages > > D

Re: [PATCH v2 1/2] x86/sgx: Do not update sgx_nr_free_pages in sgx_setup_epc_section()

On Wed, Apr 07, 2021 at 05:49:34PM +0200, Borislav Petkov wrote: > On Tue, Apr 06, 2021 at 02:26:52AM +0300, Jarkko Sakkinen wrote: > > Now that the sanitization process will make pages available by calling > > sgx_free_epc_page(), sgx_setup_epc_section() should not touch to > &

Re: [PATCH 0/2] Add support for ECDSA-signed kernel modules

On Tue, Apr 06, 2021 at 02:53:38PM -0400, Stefan Berger wrote: > This series adds support for ECDSA-signed kernel modules. > > The first patch in this series attempts to address the issue where a > developer created an ECDSA key for signing modules and then falls back > to compiling an older

Re: [PATCH 0/5] crypto: add rsa pss support for x509

On Tue, Apr 06, 2021 at 09:11:21PM +0800, Hongbo Li wrote: > From: Hongbo Li > > This series of patches adds support for x509 cert signed by RSA > with PSS encoding method. RSA PSS is described in rfc8017. Please also briefly describe it here AND also provide link to the RFC. In the way this

[PATCH v2 2/2] x86/sgx: Add sgx_nr_{all, free}_pages to the debugfs

$ sudo cat /sys/kernel/debug/x86/sgx_nr_free_pages 5632 Signed-off-by: Jarkko Sakkinen --- v2: * Use debugfs_create_ulong(): https://lore.kernel.org/linux-sgx/57c18e08-3e36-b5b3-aaba-9a21b75a1...@intel.com/ arch/x86/kernel/cpu/sgx/main.c | 13 - 1 file changed, 12 insertions(+), 1

[PATCH v2 1/2] x86/sgx: Do not update sgx_nr_free_pages in sgx_setup_epc_section()

6/sgx: Replace section->init_laundry_list with sgx_dirty_page_list") Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/main.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 13a7599ce7d4..7df7048cb1c9 1006

Re: [PATCH RESEND 0/3] x86/sgx: eextend ioctl

On Fri, Apr 02, 2021 at 08:31:19PM +0200, Jethro Beekman wrote: > On 2021-04-02 17:53, Dave Hansen wrote: > > On 4/2/21 1:38 AM, Jethro Beekman wrote: > >>> So, we're talking here about pages that have been EEADDED, but for > >>> which we do not want to include the entire contents of the page? >

Re: [PATCH -next] KEYS: trusted: Switch to kmemdup_nul()

anged, 1 insertion(+), 3 deletions(-) Acked-by: Jarkko Sakkinen /Jarkko > > diff --git a/security/keys/trusted-keys/trusted_tpm1.c > b/security/keys/trusted-keys/trusted_tpm1.c > index 493eb91ed017..90ded4757e79 100644 > --- a/security/keys/trusted-keys/trusted_tpm1.c > +++ b

Re: [PATCH v24 9/9] x86/vdso: Add ENDBR to __vdso_sgx_enter_enclave

manually. > > Add ENDBR to __vdso_sgx_enter_enclave() branch targets. > > Signed-off-by: Yu-cheng Yu > Cc: Andy Lutomirski > Cc: Borislav Petkov > Cc: Dave Hansen > Cc: Jarkko Sakkinen > Cc: Peter Zijlstra Acked-by: Jarkko Sakkinen > --- > arch/x86/entry/vdso/vsgx.S |

Re: [PATCH 2/2] x86/sgx: Add sgx_nr_{all, free}_pages to the debugfs

On Thu, Apr 01, 2021 at 12:32:58PM -0700, Dave Hansen wrote: > On 3/31/21 10:21 PM, Jarkko Sakkinen wrote: > > +#ifdef CONFIG_DEBUG_FS > > + debugfs_create_file("sgx_nr_all_pages", 0400, arch_debugfs_dir, NULL, > > + _nr_all_pages_fop

Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

On Thu, Apr 01, 2021 at 12:11:32PM +1100, Herbert Xu wrote: > On Wed, Mar 31, 2021 at 04:34:29PM -0700, Eric Biggers wrote: > > On Thu, Apr 01, 2021 at 02:31:46AM +0300, Jarkko Sakkinen wrote: > > > > > > It's a bummer but uapi is the god in the end. Since TPM

Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

On Wed, Mar 31, 2021 at 04:34:29PM -0700, Eric Biggers wrote: > On Thu, Apr 01, 2021 at 02:31:46AM +0300, Jarkko Sakkinen wrote: > > > > It's a bummer but uapi is the god in the end. Since TPM does not do it > > today, that behaviour must be supported forever. Tha

[PATCH 1/2] x86/sgx: Do not update sgx_nr_free_pages in sgx_setup_epc_section()

6/sgx: Replace section->init_laundry_list with sgx_dirty_page_list") Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/main.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 13a7599ce7d4..7df7048cb1c9 1006

[PATCH 2/2] x86/sgx: Add sgx_nr_{all, free}_pages to the debugfs

$ sudo cat /sys/kernel/debug/x86/sgx_nr_free_pages 5632 Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/main.c | 53 +- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index

Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

On Tue, Mar 30, 2021 at 02:47:18PM -0700, Eric Biggers wrote: > On Sun, Mar 28, 2021 at 11:37:23PM +0300, Jarkko Sakkinen wrote: > > > > Unfortunately, TPM trusted keys started this bad security practice, and > > obviously it cannot be fixed without breaking uapi ba

Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

On Tue, Mar 30, 2021 at 12:56:41PM +0530, Sumit Garg wrote: > On Mon, 29 Mar 2021 at 01:07, Jarkko Sakkinen wrote: > > > > On Sat, Mar 27, 2021 at 01:41:24PM +0100, David Gstir wrote: > > > Hi! > > > > > > > On 25.03.2021, at 06:26, Sumit Garg wrote:

Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

On Mon, Mar 29, 2021 at 12:11:24PM +0200, Ahmad Fatoum wrote: > Hello Jarkko, > > On 28.03.21 22:37, Jarkko Sakkinen wrote: > > On Sat, Mar 27, 2021 at 01:41:24PM +0100, David Gstir wrote: > >> Generally speaking, I’d say trusting the CAAM RNG and trusting in it’s >

Re: [PATCH v3 00/25] KVM SGX virtualization support

m1,size=64M,prealloc > > > > > > Please note that the SGX relevant part is: > > > > > > -cpu host,+sgx_provisionkey \ > > > -sgx-epc id=epc1,memdev=mem1 \ > > > -object memory-backend-epc,id=mem1,size=64M,prealloc > >

Re: [PATCH 17/18] crypto: Accept pss as valid encoding during signature verification

On Tue, Mar 30, 2021 at 10:28:28PM +0200, Varad Gautam wrote: > Accept pss encoding for public_key_verify_signature. If > CONFIG_CRYPTO_RSASSA_PSS is disabled, crypto_alloc_akcipher will > fail to find a pss backend anyway. > > Signed-off-by: Varad Gautam > --- Acked-b

Re: [PATCH 18/18] keyctl_pkey: Add pkey parameter slen to pass in PSS salt length

PSS > signature. > > Signed-off-by: Varad Gautam > --- Reviewed-by: Jarkko Sakkinen /Jarkko > crypto/asymmetric_keys/asymmetric_type.c | 1 + > include/linux/keyctl.h | 1 + > security/keys/keyctl_pkey.c | 6 ++ > 3 files changed, 8

Re: [PATCH] x86/sgx: fix incorrect kernel-doc comment syntax in files

- a/arch/x86/kernel/cpu/sgx/encl.h > +++ b/arch/x86/kernel/cpu/sgx/encl.h > @@ -1,5 +1,5 @@ > /* SPDX-License-Identifier: GPL-2.0 */ > -/** > +/* > * Copyright(c) 2016-20 Intel Corporation. > * > * Contains the software defined data structures for enclaves. > -- > 2.17.1 > > Acked-by: Jarkko Sakkinen /Jarkko

Re: [PATCH v3 1/3] keys: cleanup build time module signing keys

certs/signing_key.x509 \ > + certs/x509.genkey \ > + vmlinux-gdb.py \ > *.spec > > # Directories & files removed with 'make distclean' > -- > 2.29.2 > > Reviewed-by: Jarkko Sakkinen /Jarkko

Re: [PATCH] IMA: Fix error in comment

On Tue, Mar 30, 2021 at 08:08:45AM +0200, Ricardo Ribalda wrote: > ima_file_mprotect does not return EACCES but EPERM. > > Signed-off-by: Ricardo Ribalda Acked-by: Jarkko Sakkinen /Jarkko > --- > security/integrity/ima/ima_main.c | 2 +- > 1 file changed, 1 insert

Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

On Sat, Mar 27, 2021 at 01:41:24PM +0100, David Gstir wrote: > Hi! > > > On 25.03.2021, at 06:26, Sumit Garg wrote: > > > > On Wed, 24 Mar 2021 at 19:37, Ahmad Fatoum wrote: > >> > >> Hello Sumit, > >> > >> On 24.03.21 11:47, Sumit Garg wrote: > >>> On Wed, 24 Mar 2021 at 14:56, Ahmad Fatoum

Re: [PATCH v3 00/25] KVM SGX virtualization support

based on your needs. Please also put tested-by from me to all patches (including pure KVM patches): Tested-by: Jarkko Sakkinen I did the basic test, i.e. run selftest in a VM. I think that is sufficient at this point. /Jarkko

Re: [PATCH v4 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()

On Fri, Mar 26, 2021 at 09:48:48PM +0200, Jarkko Sakkinen wrote: > On Thu, Mar 25, 2021 at 10:30:57PM +1300, Kai Huang wrote: > > EREMOVE takes a page and removes any association between that page and > > an enclave. It must be run on a page before it can be added into >

Re: [PATCH v4 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()

On Thu, Mar 25, 2021 at 10:30:57PM +1300, Kai Huang wrote: > EREMOVE takes a page and removes any association between that page and > an enclave. It must be run on a page before it can be added into > another enclave. Currently, EREMOVE is run as part of pages being freed > into the SGX page

Re: [PATCH] x86/sgx: Remove unnecessary kmap() from sgx_ioc_enclave_init()

empt to 'fix' this again. I'm a bit confused based on this commit message. Why is kmap_local_page() better, and why kmalloc() is the ultimate choice of all three options? > > Cc: Sean Christopherson > Cc: Jethro Beekman > Cc: Jarkko Sakkinen > Cc: Dave Hansen > Signed-off-by: Ira Weiny /Jarkko

Re: [PATCH v3 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()

On Tue, Mar 23, 2021 at 04:21:47PM +, Sean Christopherson wrote: > On Tue, Mar 23, 2021, Borislav Petkov wrote: > > On Tue, Mar 23, 2021 at 03:45:14PM +, Sean Christopherson wrote: > > > Practically speaking, "basic" deployments of SGX VMs will be insulated > > > from > > > this bug. KVM

Re: [PATCH v3 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()

On Tue, Mar 23, 2021 at 05:06:04PM +0100, Borislav Petkov wrote: > On Tue, Mar 23, 2021 at 03:45:14PM +, Sean Christopherson wrote: > > Practically speaking, "basic" deployments of SGX VMs will be insulated from > > this bug. KVM doesn't support EPC oversubscription, so even if all EPC is > >

Re: [PATCH] keys: Allow disabling read permissions for key possessor

On Mon, Mar 22, 2021 at 12:57:26PM +0300, Andrey Ryabinin wrote: > keyctl_read_key() has a strange code which allows possessor to read > key's payload regardless of READ permission status: > > $ keyctl add user test test @u > 196773443 > $ keyctl print 196773443 > test > $ keyctl describe

[tip: x86/sgx] x86/sgx: Add a basic NUMA allocation scheme to sgx_alloc_epc_page()

The following commit has been merged into the x86/sgx branch of tip: Commit-ID: 901ddbb9ecf5425183ea0c09d10c2fd7868dce54 Gitweb: https://git.kernel.org/tip/901ddbb9ecf5425183ea0c09d10c2fd7868dce54 Author:Jarkko Sakkinen AuthorDate:Thu, 18 Mar 2021 01:53:31 +02:00

Re: [PATCH] x86/sgx: Avoid returning NULL in __sgx_alloc_epc_page()

On Fri, Mar 19, 2021 at 03:59:31PM +0100, Borislav Petkov wrote: > On Fri, Mar 19, 2021 at 04:50:33PM +0200, Jarkko Sakkinen wrote: > > > > I was on the verge whether to merge that into the original patch since > > > > it is the top patch on the branch or

Re: [tip: x86/sgx] selftests/sgx: Improve error detection and messages

On Fri, Mar 19, 2021 at 03:58:07PM +0100, Borislav Petkov wrote: > On Fri, Mar 19, 2021 at 11:38:44AM -, tip-bot2 for Dave Hansen wrote: > > tools/testing/selftests/sgx/load.c | 66 ++--- > > tools/testing/selftests/sgx/main.c | 2 +- > > 2 files changed, 53

Re: [PATCH v3 00/25] KVM SGX virtualization support

On Fri, Mar 19, 2021 at 08:29:27PM +1300, Kai Huang wrote: > This series adds KVM SGX virtualization support. The first 14 patches starting > with x86/sgx or x86/cpu.. are necessary changes to x86 and SGX core/driver to > support KVM SGX virtualization, while the rest are patches to KVM subsystem.

Re: [PATCH] x86/sgx: Avoid returning NULL in __sgx_alloc_epc_page()

On Fri, Mar 19, 2021 at 10:01:41PM +1300, Kai Huang wrote: > On Fri, 19 Mar 2021 09:45:23 +0100 Borislav Petkov wrote: > > On Fri, Mar 19, 2021 at 05:06:02PM +1300, Kai Huang wrote: > > > Below kernel bug happened when running simple SGX application when EPC > > > is under pressure. The root

Re: [PATCH] x86/sgx: Avoid returning NULL in __sgx_alloc_epc_page()

On Fri, Mar 19, 2021 at 09:45:23AM +0100, Borislav Petkov wrote: > On Fri, Mar 19, 2021 at 05:06:02PM +1300, Kai Huang wrote: > > Below kernel bug happened when running simple SGX application when EPC > > is under pressure. The root cause is with commit 5b8719504e3a > > ("x86/sgx: Add a basic

[tip: x86/sgx] x86/sgx: Add a basic NUMA allocation scheme to sgx_alloc_epc_page()

The following commit has been merged into the x86/sgx branch of tip: Commit-ID: 323950a8a98b492ac2fa168e8e4c0becfb4554dd Gitweb: https://git.kernel.org/tip/323950a8a98b492ac2fa168e8e4c0becfb4554dd Author:Jarkko Sakkinen AuthorDate:Thu, 18 Mar 2021 01:53:31 +02:00

Re: [PATCH] x86/sgx: Avoid returning NULL in __sgx_alloc_epc_page()

pc_page+0x46/0x152 > ... > > Fixes: 5b8719504e3a("x86/sgx: Add a basic NUMA allocation scheme to > sgx_alloc_epc_page()") > Signed-off-by: Kai Huang Reviewed-by: Jarkko Sakkinen > --- > arch/x86/kernel/cpu/sgx/main.c | 4 ++-- > 1 file changed, 2 inse

Re: [PATCH] x86/sgx: fix uninitialized 'nid' variable

rly initialized. Fix it. > > This was found by some fancy clang that 0day runs. My gcc > does not detect it. > > Fixes: 5b8719504e3a ("x86/sgx: Add a basic NUMA allocation scheme to > sgx_alloc_epc_page()") > Reported-by: kernel test robot > Signed-off-by: D

Re: [PATCH] selftests/sgx: improve error detection and messages

EXEC > check that user has execute permissions on /dev/sgx_enclave and > that /dev does not have noexec set: 'mount | grep "/dev .*noexec"' > > That can be fixed with: > > mount -o remount,noexec /devESC > > Hopefully, the combination of better error

Re: [PATCH 0/3] static_call() vs __exit fixes

ming.kicks-ass.net > > Since I've reproduced the problem locally, and these patches do seem to fully > cure things, I'll shortly queue them for tip/locking/urgent. For all: Acked-by: Jarkko Sakkinen /Jarkkko

Re: [PATCH 1/2] x86/sgx: Replace section->init_laundry_list with sgx_dirty_page_list

On Thu, Mar 18, 2021 at 08:01:38PM +0100, Borislav Petkov wrote: > On Thu, Mar 18, 2021 at 11:34:10AM -0700, Dave Hansen wrote: > > I usually get that after I reboot. I have to do this: > > > > chmod 755 /dev/sgx_enclave > > mount -o remount,exec /dev > > Yap, that did it: > >

[tip: x86/sgx] x86/sgx: Add a basic NUMA allocation scheme to sgx_alloc_epc_page()

The following commit has been merged into the x86/sgx branch of tip: Commit-ID: 5b8719504e3adf47646273781591ad439b3c3c7a Gitweb: https://git.kernel.org/tip/5b8719504e3adf47646273781591ad439b3c3c7a Author:Jarkko Sakkinen AuthorDate:Thu, 18 Mar 2021 01:53:31 +02:00

[tip: x86/sgx] x86/sgx: Replace section->init_laundry_list with sgx_dirty_page_list

The following commit has been merged into the x86/sgx branch of tip: Commit-ID: 51ab30eb2ad4c4a61f827dc18863cd70dc46dc32 Gitweb: https://git.kernel.org/tip/51ab30eb2ad4c4a61f827dc18863cd70dc46dc32 Author:Jarkko Sakkinen AuthorDate:Thu, 18 Mar 2021 01:53:30 +02:00

[PATCH 1/2] x86/sgx: Replace section->init_laundry_list with sgx_dirty_page_list

From: Jarkko Sakkinen During normal runtime, the "ksgxd" daemon behaves like a version of kswapd just for SGX. But, before it starts acting like kswapd, its first job is to initialize enclave memory. Currently, the SGX boot code places each enclave page on a epc_section->init

[PATCH 2/2] x86/sgx: Add a basic NUMA allocation scheme to sgx_alloc_epc_page()

From: Jarkko Sakkinen Background == SGX enclave memory is enumerated by the processor in contiguous physical ranges called Enclave Page Cache (EPC) sections. Currently, there is a free list per section, but allocations simply target the lowest-numbered sections. This is functional

Re: [PATCH] KEYS: trusted: tee: fix build error due to missing include

On Wed, Mar 17, 2021 at 03:29:05PM +0100, Ahmad Fatoum wrote: > MODULE_DEVICE_TABLE is defined in , which is not > included. Add the include to fix the build error its lack caused. > > Cc: Sumit Garg > Signed-off-by: Ahmad Fatoum Hi, I appreciate your work, thanks for taking action, but

Re: [PATCH] objtool,static_call: Don't emit static_call_site for .exit.text

On Wed, Mar 17, 2021 at 07:07:07PM +0530, Sumit Garg wrote: > On Wed, 17 Mar 2021 at 18:16, Peter Zijlstra wrote: > > > > On Wed, Mar 17, 2021 at 05:25:48PM +0530, Sumit Garg wrote: > > > Thanks Peter for this fix. It does work for me on qemu for x86. Can > > > you turn this into a proper fix

Re: [PATCH] objtool,static_call: Don't emit static_call_site for .exit.text

way, since > module unload is never a performance critical path. > > Reported-by: Sumit Garg > Signed-off-by: Peter Zijlstra (Intel) > Tested-by: Sumit Garg Reviewed-by: Jarkko Sakkinen /Jarkko > --- > tools/objtool/check.c | 32 > 1

Re: [PATCH v23 9/9] x86/vdso: Add ENDBR to __vdso_sgx_enter_enclave

On Tue, Mar 16, 2021 at 12:27:19PM -0700, Yu, Yu-cheng wrote: > On 3/16/2021 12:22 PM, Jarkko Sakkinen wrote: > > On Tue, Mar 16, 2021 at 08:13:19AM -0700, Yu-cheng Yu wrote: > > > ENDBR is a special new instruction for the Indirect Branch Tracking (IBT) > > > comp

Re: [PATCH v23 9/9] x86/vdso: Add ENDBR to __vdso_sgx_enter_enclave

manually. > > Add ENDBR to __vdso_sgx_enter_enclave() branch targets. > > Signed-off-by: Yu-cheng Yu > Cc: Andy Lutomirski > Cc: Borislav Petkov > Cc: Dave Hansen > Cc: Jarkko Sakkinen > Cc: Peter Zijlstra > --- > arch/x86/entry/vdso/vsgx.S | 4 > 1 file changed, 4

Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

o use the CAAM for trusted keys. > > Signed-off-by: Ahmad Fatoum > --- > To: Jonathan Corbet > To: David Howells > To: Jarkko Sakkinen > To: James Bottomley > To: Mimi Zohar > Cc: James Morris > Cc: "Serge E. Hallyn" > Cc: "Horia Geantă" >

Re: [PATCH v4 1/3] x86/sgx: Use sgx_free_epc_page() in sgx_reclaim_pages()

On Mon, Mar 15, 2021 at 09:27:00PM +0200, Jarkko Sakkinen wrote: > On Mon, Mar 15, 2021 at 09:06:29PM +0200, Jarkko Sakkinen wrote: > > On Mon, Mar 15, 2021 at 08:32:13AM -0700, Dave Hansen wrote: > > > On 3/13/21 8:01 AM, Jarkko Sakkinen wrote: > > >

Re: [PATCH v2 07/25] x86/sgx: Initialize virtual EPC driver even when SGX driver is disabled

On Mon, Mar 15, 2021 at 06:13:53PM -0700, Sean Christopherson wrote: > On Tue, Mar 16, 2021, Jarkko Sakkinen wrote: > > On Tue, Mar 16, 2021 at 01:05:05AM +0200, Jarkko Sakkinen wrote: > > > The way I've understood it is that given that KVM can support SGX > > &g

Re: [PATCH v2 07/25] x86/sgx: Initialize virtual EPC driver even when SGX driver is disabled

On Tue, Mar 16, 2021 at 12:49:33PM +1300, Kai Huang wrote: > On Tue, 16 Mar 2021 01:08:44 +0200 Jarkko Sakkinen wrote: > > On Tue, Mar 16, 2021 at 01:05:05AM +0200, Jarkko Sakkinen wrote: > > > On Tue, Mar 16, 2021 at 09:48:59AM +1300, Kai Huang wrote: > > > > On M

Re: [PATCH v3 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()

On Tue, Mar 16, 2021 at 09:29:34AM +1300, Kai Huang wrote: > On Mon, 15 Mar 2021 15:19:32 +0200 Jarkko Sakkinen wrote: > > On Mon, Mar 15, 2021 at 03:18:16PM +0200, Jarkko Sakkinen wrote: > > > On Mon, Mar 15, 2021 at 08:12:36PM +1300, Kai Huang wrote: > > > > On S

Re: [PATCH v2 07/25] x86/sgx: Initialize virtual EPC driver even when SGX driver is disabled

On Tue, Mar 16, 2021 at 01:05:05AM +0200, Jarkko Sakkinen wrote: > On Tue, Mar 16, 2021 at 09:48:59AM +1300, Kai Huang wrote: > > On Mon, 15 Mar 2021 15:51:17 +0200 Jarkko Sakkinen wrote: > > > On Mon, Mar 15, 2021 at 03:04:59PM +0200, Jarkko Sakkinen wrote: > > > >

Re: [PATCH v2 07/25] x86/sgx: Initialize virtual EPC driver even when SGX driver is disabled

On Tue, Mar 16, 2021 at 09:48:59AM +1300, Kai Huang wrote: > On Mon, 15 Mar 2021 15:51:17 +0200 Jarkko Sakkinen wrote: > > On Mon, Mar 15, 2021 at 03:04:59PM +0200, Jarkko Sakkinen wrote: > > > On Mon, Mar 15, 2021 at 04:13:17PM +1300, Kai Huang wrote: > > > > On S

Re: [PATCH v3 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()

On Tue, Mar 16, 2021 at 09:29:34AM +1300, Kai Huang wrote: > On Mon, 15 Mar 2021 15:19:32 +0200 Jarkko Sakkinen wrote: > > On Mon, Mar 15, 2021 at 03:18:16PM +0200, Jarkko Sakkinen wrote: > > > On Mon, Mar 15, 2021 at 08:12:36PM +1300, Kai Huang wrote: > > > > On S

Re: [PATCH v4 1/3] x86/sgx: Use sgx_free_epc_page() in sgx_reclaim_pages()

On Mon, Mar 15, 2021 at 09:06:29PM +0200, Jarkko Sakkinen wrote: > On Mon, Mar 15, 2021 at 08:32:13AM -0700, Dave Hansen wrote: > > On 3/13/21 8:01 AM, Jarkko Sakkinen wrote: > > > Replace the ad-hoc code with a sgx_free_epc_page(), in order to make sure > > > that all t

Re: [PATCH v4 3/3] x86/sgx: Add a basic NUMA allocation scheme to sgx_alloc_epc_page()

On Mon, Mar 15, 2021 at 09:35:03AM -0700, Dave Hansen wrote: > On 3/13/21 8:01 AM, Jarkko Sakkinen wrote: > > Background > > == > > > > EPC section is covered by one or more SRAT entries that are associated with > > one and only one PXM (NUMA node).

Re: [PATCH v4 2/3] x86/sgx: Replace section local dirty page lists with a global list

On Mon, Mar 15, 2021 at 09:03:21AM -0700, Dave Hansen wrote: > On 3/13/21 8:01 AM, Jarkko Sakkinen wrote: > > Reset initialized EPC pages in sgx_dirty_page_list to uninitialized state, > > and free them using sgx_free_epc_page(). Do two passes, as for SECS pages > > the

Re: [PATCH v4 1/3] x86/sgx: Use sgx_free_epc_page() in sgx_reclaim_pages()

On Mon, Mar 15, 2021 at 08:32:13AM -0700, Dave Hansen wrote: > On 3/13/21 8:01 AM, Jarkko Sakkinen wrote: > > Replace the ad-hoc code with a sgx_free_epc_page(), in order to make sure > > that all the relevant checks and book keeping is done, while freeing a > > borrowed

Re: [PATCH v2 07/25] x86/sgx: Initialize virtual EPC driver even when SGX driver is disabled

On Mon, Mar 15, 2021 at 03:04:59PM +0200, Jarkko Sakkinen wrote: > On Mon, Mar 15, 2021 at 04:13:17PM +1300, Kai Huang wrote: > > On Sun, 14 Mar 2021 17:27:18 +0200 Jarkko Sakkinen wrote: > > > On Sun, Mar 14, 2021 at 05:25:26PM +0200, Jarkko Sakkinen wrote: > > > >

Re: [PATCH v3 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()

On Mon, Mar 15, 2021 at 03:18:16PM +0200, Jarkko Sakkinen wrote: > On Mon, Mar 15, 2021 at 08:12:36PM +1300, Kai Huang wrote: > > On Sat, 13 Mar 2021 12:45:53 +0200 Jarkko Sakkinen wrote: > > > On Fri, Mar 12, 2021 at 01:21:54PM -0800, Sean Christopherson wrote: > > >

Re: [PATCH v3 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()

On Mon, Mar 15, 2021 at 08:12:36PM +1300, Kai Huang wrote: > On Sat, 13 Mar 2021 12:45:53 +0200 Jarkko Sakkinen wrote: > > On Fri, Mar 12, 2021 at 01:21:54PM -0800, Sean Christopherson wrote: > > > On Thu, Mar 11, 2021, Kai Huang wrote: > > > > From: Jarkko Sakkinen

Re: [PATCH v2 07/25] x86/sgx: Initialize virtual EPC driver even when SGX driver is disabled

On Mon, Mar 15, 2021 at 04:13:17PM +1300, Kai Huang wrote: > On Sun, 14 Mar 2021 17:27:18 +0200 Jarkko Sakkinen wrote: > > On Sun, Mar 14, 2021 at 05:25:26PM +0200, Jarkko Sakkinen wrote: > > > On Sat, Mar 13, 2021 at 09:07:36PM +0200, Jarkko Sakkinen wrote: > > > >

Re: [PATCH v6] selftests/x86: Use getauxval() to simplify the code in sgx

On Sun, Mar 14, 2021 at 07:16:21PM +0800, Tianjia Zhang wrote: > Simplify the sgx code implemntation by using library function > getauxval() instead of a custom function to get the base address > of vDSO. > > Signed-off-by: Tianjia Zhang > Reviewed-by: Jarkko Sakkinen >

Re: [PATCH v2 07/25] x86/sgx: Initialize virtual EPC driver even when SGX driver is disabled

On Sun, Mar 14, 2021 at 05:25:26PM +0200, Jarkko Sakkinen wrote: > On Sat, Mar 13, 2021 at 09:07:36PM +0200, Jarkko Sakkinen wrote: > > On Sat, Mar 13, 2021 at 09:05:36PM +0200, Jarkko Sakkinen wrote: > > > On Fri, Mar 12, 2021 at 01:44:58PM -0800, Sean Christopherson wrote: >

Re: [PATCH v2 07/25] x86/sgx: Initialize virtual EPC driver even when SGX driver is disabled

On Sat, Mar 13, 2021 at 09:07:36PM +0200, Jarkko Sakkinen wrote: > On Sat, Mar 13, 2021 at 09:05:36PM +0200, Jarkko Sakkinen wrote: > > On Fri, Mar 12, 2021 at 01:44:58PM -0800, Sean Christopherson wrote: > > > On Tue, Mar 09, 2021, Kai Huang wrote: > > > > M

Re: [PATCH v4 3/3] x86/sgx: Add a basic NUMA allocation scheme to sgx_alloc_epc_page()

On Sat, Mar 13, 2021 at 06:01:19PM +0200, Jarkko Sakkinen wrote: > Background > == > > EPC section is covered by one or more SRAT entries that are associated with > one and only one PXM (NUMA node). The motivation behind this patch is to > provide basic elements of b

Re: [PATCH v2 07/25] x86/sgx: Initialize virtual EPC driver even when SGX driver is disabled

On Sat, Mar 13, 2021 at 09:05:36PM +0200, Jarkko Sakkinen wrote: > On Fri, Mar 12, 2021 at 01:44:58PM -0800, Sean Christopherson wrote: > > On Tue, Mar 09, 2021, Kai Huang wrote: > > > Modify sgx_init() to always try to initialize the virtual EPC driver, > > > even if

Re: [PATCH v2 07/25] x86/sgx: Initialize virtual EPC driver even when SGX driver is disabled

On Fri, Mar 12, 2021 at 01:44:58PM -0800, Sean Christopherson wrote: > On Tue, Mar 09, 2021, Kai Huang wrote: > > Modify sgx_init() to always try to initialize the virtual EPC driver, > > even if the SGX driver is disabled. The SGX driver might be disabled > > if SGX Launch Control is in locked

Re: [PATCH v7 4/5] certs: Factor out the blacklist hash creation

e them consistently. > > Cc: David Howells > Cc: David S. Miller > Cc: David Woodhouse > Cc: Eric Snowberg > Cc: Herbert Xu > Cc: Jarkko Sakkinen > Signed-off-by: Mickaël Salaün > Link: https://lore.kernel.org/r/20210312171232.2681989-5-...@digikod.net Revie

Re: [PATCH v7 2/5] certs: Check that builtin blacklist hashes are valid

description checking (provided > by following commits) to failed for builtin hashes. > > Update CONFIG_SYSTEM_BLACKLIST_HASH_LIST help to explain the content of > a hash string and how to generate certificate ones. > > Cc: David Howells > Cc: David Woodhouse > Cc: Eric Sno

[PATCH v4 3/3] x86/sgx: Add a basic NUMA allocation scheme to sgx_alloc_epc_page()

: https://lore.kernel.org/lkml/158188326978.894464.217282995221175417.st...@dwillia2-desk3.amr.corp.intel.com/ Signed-off-by: Jarkko Sakkinen --- v4: * Cycle nodes instead of a global page list, starting from the node of the current thread. * Documented NUMA_KEEP_MEMINFO dependency

[PATCH v4 2/3] x86/sgx: Replace section local dirty page lists with a global list

, as the initialization could be triggered by kexec(), meaning that pages have been reserved for active enclaves before the operation. The section local lists are redundant, as sgx_free_epc_page() figures out the correction by using epc_page->section. Signed-off-by: Jarkko Sakkinen --- v4: * Open co

[PATCH v4 1/3] x86/sgx: Use sgx_free_epc_page() in sgx_reclaim_pages()

is a nop. Signed-off-by: Jarkko Sakkinen --- v4: * Rewrote the commit message. arch/x86/kernel/cpu/sgx/main.c | 7 +-- 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 8df81a3ed945..65004fb8a91f 100644 --- a/arch

Re: [PATCH v3 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()

On Fri, Mar 12, 2021 at 01:21:54PM -0800, Sean Christopherson wrote: > On Thu, Mar 11, 2021, Kai Huang wrote: > > From: Jarkko Sakkinen > > > > EREMOVE takes a page and removes any association between that page and > > an enclave. It must be run on a page before it ca

Re: [PATCH v9 0/4] Introduce TEE based Trusted Keys support

On Fri, Mar 12, 2021 at 08:30:36AM -0800, James Bottomley wrote: > On Fri, 2021-03-12 at 18:26 +0200, Jarkko Sakkinen wrote: > > On Wed, Mar 10, 2021 at 02:26:27PM -0800, James Bottomley wrote: > > > On Wed, 2021-03-10 at 21:56 +0200, Jarkko Sakkinen wrote: > > > [...] &

Re: [PATCH v22 8/8] x86/vdso: Add ENDBR64 to __vdso_sgx_enter_enclave

On Fri, Mar 12, 2021 at 06:55:57PM +0200, Jarkko Sakkinen wrote: > On Wed, Mar 10, 2021 at 03:20:20PM -0800, Dave Hansen wrote: > > On 3/10/21 2:55 PM, Yu, Yu-cheng wrote: > > > On 3/10/2021 2:39 PM, Jarkko Sakkinen wrote: > > >> On Wed, Mar 10, 2021 at 02:05

Re: [PATCH v22 8/8] x86/vdso: Add ENDBR64 to __vdso_sgx_enter_enclave

On Thu, Mar 11, 2021 at 09:42:05AM +0100, Peter Zijlstra wrote: > On Thu, Mar 11, 2021 at 05:36:06AM +0200, Jarkko Sakkinen wrote: > > Does it do any harm to put it there unconditionally? > > Blows up your text footprint and I$ pressure. These instructions are 4 > bytes eac

Re: [PATCH v22 8/8] x86/vdso: Add ENDBR64 to __vdso_sgx_enter_enclave

On Wed, Mar 10, 2021 at 03:20:20PM -0800, Dave Hansen wrote: > On 3/10/21 2:55 PM, Yu, Yu-cheng wrote: > > On 3/10/2021 2:39 PM, Jarkko Sakkinen wrote: > >> On Wed, Mar 10, 2021 at 02:05:19PM -0800, Yu-cheng Yu wrote: > >>> When CET is enabled, __vdso_sgx_en

Re: [PATCH v2 1/3] tpm: efi: Use local variable for calculating final log size

On Thu, Mar 11, 2021 at 09:02:38AM -0500, Stefan Berger wrote: > > On 3/10/21 6:24 PM, Jarkko Sakkinen wrote: > > On Thu, Mar 11, 2021 at 01:21:47AM +0200, Jarkko Sakkinen wrote: > > > On Wed, Mar 10, 2021 at 05:19:14PM -0500, Stefan Berger wrote: > > > > When tp

Re: [PATCH] selftests/sgx: fix EINIT failure dueto SGX_INVALID_SIGNATURE

On Thu, Mar 11, 2021 at 12:53:49PM +0800, Tianjia Zhang wrote: > > > On 3/11/21 11:42 AM, Jarkko Sakkinen wrote: > > On Thu, Mar 11, 2021 at 10:47:50AM +0800, Jia Zhang wrote: > > > > > > > > > On 2021/3/11 上午5:39, Jarkko Sakkinen wrote: > > &

Re: [PATCH v9 0/4] Introduce TEE based Trusted Keys support

On Wed, Mar 10, 2021 at 02:26:27PM -0800, James Bottomley wrote: > On Wed, 2021-03-10 at 21:56 +0200, Jarkko Sakkinen wrote: > [...] > > I also need to apply > > > > https://lore.kernel.org/linux-integrity/20210127190617.17564-1-james.bottom...@hansenpartnership.com/ &

Re: [PATCH] selftests/sgx: fix EINIT failure dueto SGX_INVALID_SIGNATURE

On Thu, Mar 11, 2021 at 10:47:50AM +0800, Jia Zhang wrote: > > > On 2021/3/11 上午5:39, Jarkko Sakkinen wrote: > > On Wed, Mar 10, 2021 at 08:44:44PM +0800, Jia Zhang wrote: > >> > >> > >> On 2021/3/2 下午9:47, Jarkko Sakkinen wrote: > >>> On

Re: [PATCH v22 8/8] x86/vdso: Add ENDBR64 to __vdso_sgx_enter_enclave

On Wed, Mar 10, 2021 at 02:55:55PM -0800, Yu, Yu-cheng wrote: > On 3/10/2021 2:39 PM, Jarkko Sakkinen wrote: > > On Wed, Mar 10, 2021 at 02:05:19PM -0800, Yu-cheng Yu wrote: > > > When CET is enabled, __vdso_sgx_enter_enclave() needs an endbr64 > > > in the beginning o

Re: [PATCH v9 0/4] Introduce TEE based Trusted Keys support

On Thu, Mar 11, 2021 at 01:35:04AM +0200, Jarkko Sakkinen wrote: > On Wed, Mar 10, 2021 at 02:26:27PM -0800, James Bottomley wrote: > > On Wed, 2021-03-10 at 21:56 +0200, Jarkko Sakkinen wrote: > > [...] > > > I also need to apply > > > > > &g

Re: [PATCH v9 0/4] Introduce TEE based Trusted Keys support

On Wed, Mar 10, 2021 at 02:26:27PM -0800, James Bottomley wrote: > On Wed, 2021-03-10 at 21:56 +0200, Jarkko Sakkinen wrote: > [...] > > I also need to apply > > > > https://lore.kernel.org/linux-integrity/20210127190617.17564-1-james.bottom...@hansenpartnership.com/ &

Re: [PATCH v2 1/3] tpm: efi: Use local variable for calculating final log size

On Thu, Mar 11, 2021 at 01:21:47AM +0200, Jarkko Sakkinen wrote: > On Wed, Mar 10, 2021 at 05:19:14PM -0500, Stefan Berger wrote: > > When tpm_read_log_efi is called multiple times, which happens when > > one loads and unloads a TPM2 driver multiple times, then the glob

Re: [PATCH v2 1/3] tpm: efi: Use local variable for calculating final log size

On Wed, Mar 10, 2021 at 05:19:14PM -0500, Stefan Berger wrote: > When tpm_read_log_efi is called multiple times, which happens when > one loads and unloads a TPM2 driver multiple times, then the global > variable efi_tpm_final_log_size will at some point become a negative > number due to the

Re: [PATCH v2 1/3] tpm: efi: Use local variable for calculating final log size

;events + log_tbl->final_events_preboot_size, > -efi_tpm_final_log_size); > +final_events_log_size); > + /* > + * The size of the 'combined log' is the size of the 'main log' plus > + * the size of the 'final events log'. > + */ > log->bios_event_log_end = log->bios_event_log + > - log_size + efi_tpm_final_log_size; > + log_size + final_events_log_size; > > out: > memunmap(final_tbl); > -- > 2.29.2 > > Hey, thanks a lot for that documentation! Reviewed-by: Jarkko Sakkinen I applied these to my master, planning to squeeze in 5.12 (if Linus accepts them). /Jarkko

Re: [PATCH v2 2/3] tpm: acpi: Check eventlog signature before using it

g->bios_event_log, virt, len); > > acpi_os_unmap_iomem(virt, len); > + > + if (chip->flags & TPM_CHIP_FLAG_TPM2 && > + !tpm_is_tpm2_log(log->bios_event_log, len)) { > + /* try EFI log next */ > + ret = -ENODEV; > + goto err; > + } > + > return format; > > err: > kfree(log->bios_event_log); > log->bios_event_log = NULL; > - return -EIO; > + return ret; > > } > -- > 2.29.2 > > Reviewed-by: Jarkko Sakkinen /Jarkko

Re: [PATCH v2 3/3] tpm: vtpm_proxy: Avoid reading host log when using a virtual device

int log_version; > int rc = 0; > > + if (chip->flags & TPM_CHIP_FLAG_VIRTUAL) > + return; > + > rc = tpm_read_log(chip); > if (rc < 0) > return; > -- > 2.29.2 > > Reviewed-by: Jarkko Sakkinen /Jarkko

Re: [PATCH v2 0/3] Fix bugs related to TPM2 event log

On Wed, Mar 10, 2021 at 05:19:13PM -0500, Stefan Berger wrote: > This series of patches fixes a couple of issues related to TPM2 > event logs, such as the disappearance of the TPM2 log on QEMU machines > running with UEFI (my fault) and a kernel fault due to an integer under- > flow when reading

Re: [PATCH v22 8/8] x86/vdso: Add ENDBR64 to __vdso_sgx_enter_enclave

utomirski > Cc: Dave Hansen > Cc: Jarkko Sakkinen > --- > arch/x86/entry/vdso/vsgx.S | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/x86/entry/vdso/vsgx.S b/arch/x86/entry/vdso/vsgx.S > index 86a0e94f68df..a70d4d09f713 100644 > --- a/arch/x86/ent

<    1   2   3   4   5   6   7   8   9   10   >