Re: [PATCH v38 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

On Mon, Sep 21, 2020 at 12:57:39PM -0700, Sean Christopherson wrote: > On Mon, Sep 21, 2020 at 10:44:19PM +0300, Jarkko Sakkinen wrote: > > On Mon, Sep 21, 2020 at 09:49:48PM +0300, Jarkko Sakkinen wrote: > > > To have understandable semantics you have to map error codes to >

Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()

On Mon, Sep 21, 2020 at 09:57:58AM -0700, Sean Christopherson wrote: > On Mon, Sep 21, 2020 at 03:49:46PM +0300, Jarkko Sakkinen wrote: > > On Fri, Sep 18, 2020 at 04:53:37PM -0700, Sean Christopherson wrote: > > > a noexec filesystem by loading code into an enclave, and to give

Re: [PATCH v38 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

On Mon, Sep 21, 2020 at 10:44:19PM +0300, Jarkko Sakkinen wrote: > On Mon, Sep 21, 2020 at 09:49:48PM +0300, Jarkko Sakkinen wrote: > > To have understandable semantics you have to map error codes to > > conditions rather than opcodes. -EIO means loss of enclave in the event

Re: [PATCH v38 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

On Mon, Sep 21, 2020 at 09:49:48PM +0300, Jarkko Sakkinen wrote: > To have understandable semantics you have to map error codes to > conditions rather than opcodes. -EIO means loss of enclave in the event > of EPC gone invalid. Enclave is already lost, that is the reason why we >

Re: [PATCH v38 12/24] x86/sgx: Add SGX_IOC_ENCLAVE_CREATE

On Mon, Sep 21, 2020 at 03:51:07PM +0200, Borislav Petkov wrote: > > "... after checking that the provided data for SECS meets the expectations > > of ENCLS[ECREATE] for an unitialized enclave and size of the address There is a typo (should be uninitialized). > > Is this sufficient for you, or

Re: [PATCH v38 15/24] x86/sgx: Enable provisioning for remote attestation

On Mon, Sep 21, 2020 at 08:07:28PM +0200, Borislav Petkov wrote: > On Tue, Sep 15, 2020 at 02:28:33PM +0300, Jarkko Sakkinen wrote: > > @@ -181,5 +192,12 @@ int __init sgx_drv_init(void) > > return ret; > > } > > > > + ret = misc_register

Re: [PATCH v38 14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT

On Mon, Sep 21, 2020 at 11:10:21AM -0700, Sean Christopherson wrote: > On Mon, Sep 21, 2020 at 07:35:14PM +0200, Borislav Petkov wrote: > > On Tue, Sep 15, 2020 at 02:28:32PM +0300, Jarkko Sakkinen wrote: > > > +static int sgx_einit(struct sgx_sigstruct *sigs

Re: [PATCH v38 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

On Mon, Sep 21, 2020 at 09:46:48AM -0700, Sean Christopherson wrote: > > This is also true. I meant by corrupt state e.g. a kernel bug, which > > causes uninitalizes pages go the free queue. > > > > I'd rephrase this in kdoc as: "The function deinitializes enclave and > > returns -EIO when EPC is

Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()

On Mon, Sep 21, 2020 at 03:49:56PM +0300, Jarkko Sakkinen wrote: > The 2nd part of the answer is the answer to the question: why we want to > feed LSM hooks enclaves exactly in this state. The question can be further refined as why: why this is the best possible set of substates to

Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()

On Mon, Sep 21, 2020 at 03:49:56PM +0300, Jarkko Sakkinen wrote: > What really should be documented is to answer why we consider an enclave ~~ the (editing mistake) /Jarkko

Re: [PATCH v38 12/24] x86/sgx: Add SGX_IOC_ENCLAVE_CREATE

On Mon, Sep 21, 2020 at 12:03:56PM +0200, Borislav Petkov wrote: > On Tue, Sep 15, 2020 at 02:28:30PM +0300, Jarkko Sakkinen wrote: > > +static int sgx_validate_secs(const struct sgx_secs *secs) > > +{ > > + u64 max_size = (secs->attribu

Re: [PATCH v38 11/24] x86/sgx: Add SGX enclave driver

On Mon, Sep 21, 2020 at 11:30:06AM +0200, Borislav Petkov wrote: > On Tue, Sep 15, 2020 at 02:28:29PM +0300, Jarkko Sakkinen wrote: > > Intel Software Guard eXtensions (SGX) is a set of CPU instructions that can > > be used by applications to set aside private regions o

Re: [PATCH v38 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

On Fri, Sep 18, 2020 at 05:09:19PM -0700, Sean Christopherson wrote: > On Fri, Sep 18, 2020 at 03:39:32PM +0300, Jarkko Sakkinen wrote: > > On Fri, Sep 18, 2020 at 03:20:39PM +0300, Jarkko Sakkinen wrote: > > > On Thu, Sep 17, 2020 at 07:09:40PM -0700, Sean Christopherson wro

[PATCH] MAINTAINERS: TPM DEVICE DRIVER: Update GIT

Update Git URL to git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git This is done for availability reasons, i.e. better infrastructure. Cc: Mauro Carvalho Chehab Cc: "David S. Miller" Cc: Rob Herring Signed-off-by: Jarkko Sakkinen --- I'm happy to include this

Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()'

On Fri, Sep 18, 2020 at 08:09:04AM -0700, Andy Lutomirski wrote: > On Tue, Sep 15, 2020 at 4:28 AM Jarkko Sakkinen > wrote: > > > > From: Sean Christopherson > > > > Add vm_ops()->mprotect() for additional constraints for a VMA. > > > > I

Re: [PATCH v38 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

On Fri, Sep 18, 2020 at 03:20:39PM +0300, Jarkko Sakkinen wrote: > On Thu, Sep 17, 2020 at 07:09:40PM -0700, Sean Christopherson wrote: > > On Thu, Sep 17, 2020 at 01:35:10PM -0500, Haitao Huang wrote: > > > On Thu, 17 Sep 2020 11:02:06 -0500, Jarkko Sakkinen > > > wr

Re: [PATCH v38 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

On Thu, Sep 17, 2020 at 07:09:40PM -0700, Sean Christopherson wrote: > On Thu, Sep 17, 2020 at 01:35:10PM -0500, Haitao Huang wrote: > > On Thu, 17 Sep 2020 11:02:06 -0500, Jarkko Sakkinen > > wrote: > > > > > > Right, I do get the OOM case but wouldn't in tha

Re: [PATCH v6 1/4] KEYS: trusted: Add generic trusted keys framework

On Thu, Sep 17, 2020 at 07:21:49PM +0300, Jarkko Sakkinen wrote: > On Thu, Sep 17, 2020 at 07:16:35PM +0530, Sumit Garg wrote: > > Current trusted keys framework is tightly coupled to use TPM device as > > an underlying implementation which makes it difficult for implementations &

Re: [PATCH v6 1/4] KEYS: trusted: Add generic trusted keys framework

On Thu, Sep 17, 2020 at 07:16:35PM +0530, Sumit Garg wrote: > Current trusted keys framework is tightly coupled to use TPM device as > an underlying implementation which makes it difficult for implementations > like Trusted Execution Environment (TEE) etc. to provide trusted keys > support in case

Re: [PATCH v38 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

> > + for (c = 0 ; c < addp.length; c += PAGE_SIZE) { > > + if (signal_pending(current)) { > > + if (!c) > > + ret = -EINTR; > > + > > + break; > > + } > > + > > Return -ERESTARTSYS so that kernel can restart this

Re: [PATCH v38 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

On Thu, Sep 17, 2020 at 12:34:18AM -0500, Haitao Huang wrote: > On Tue, 15 Sep 2020 06:05:11 -0500, Jarkko Sakkinen > wrote: > ... > > > +static int __sgx_encl_add_page(struct sgx_encl *encl, > > + struct sgx_encl_page *encl_page, > > +

Re: [PATCH v37 02/24] x86/cpufeatures: x86/msr: Add Intel SGX Launch Control hardware bits

On Tue, Sep 15, 2020 at 09:02:50AM -0500, Josh Poimboeuf wrote: > On Tue, Sep 15, 2020 at 03:39:29PM +0200, Borislav Petkov wrote: > > On Tue, Sep 15, 2020 at 08:27:25AM -0500, Josh Poimboeuf wrote: > > > I see the v37 missing patches now, but they're not threaded with the > > > original thread. >

Re: [PATCH v37 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

On Tue, Sep 15, 2020 at 07:49:15AM -0700, Dave Hansen wrote: > On 9/15/20 3:17 AM, Jarkko Sakkinen wrote: > > OK, spotted the regression, sorry about this. I'll fix it for v38, which > > I'm sending soon given the email server issues with v37. > > I'm going to cry uncle on

Re: [PATCH v37 02/24] x86/cpufeatures: x86/msr: Add Intel SGX Launch Control hardware bits

On Tue, Sep 15, 2020 at 08:27:25AM -0500, Josh Poimboeuf wrote: > On Tue, Sep 15, 2020 at 12:57:16PM +0300, Jarkko Sakkinen wrote: > > On Mon, Sep 14, 2020 at 10:38:26AM -0500, Josh Poimboeuf wrote: > > > On Mon, Sep 14, 2020 at 10:18:16AM -0500, Josh Poimboeuf wrote

Re: [PATCH v38 03/24] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX

On Wed, Sep 16, 2020 at 01:44:48PM +0200, Borislav Petkov wrote: > On Tue, Sep 15, 2020 at 02:28:21PM +0300, Jarkko Sakkinen wrote: > > From: Sean Christopherson > > > > Include SGX bit to the PF error codes and throw SIGSEGV with PF_SGX when > > a #PF with SGX set h

Re: [PATCH v3] certs: Add EFI_CERT_X509_GUID support for dbx entries

On Tue, Sep 15, 2020 at 09:42:27AM -0600, Eric Snowberg wrote: > > > On Sep 14, 2020, at 12:12 PM, Jarkko Sakkinen > > wrote: > > > > On Fri, Sep 11, 2020 at 02:22:30PM -0400, Eric Snowberg wrote: > >> The Secure Boot Forbidden Signature Database, dbx,

Re: [PATCH v4] certs: Add EFI_CERT_X509_GUID support for dbx entries

symmetrical key to the .blacklist keyring. > Anytime the .platform keyring is used, the keys in the .blacklist keyring > are referenced, if a matching key is found, the key will be rejected. > > Signed-off-by: Eric Snowberg Looks good to me. Reviewed-by: Jarkko Sakkinen /Jarkko

Re: [PATCH v37 02/24] x86/cpufeatures: x86/msr: Add Intel SGX Launch Control hardware bits

On Tue, Sep 15, 2020 at 03:39:29PM +0200, Borislav Petkov wrote: > On Tue, Sep 15, 2020 at 08:27:25AM -0500, Josh Poimboeuf wrote: > > I see the v37 missing patches now, but they're not threaded with the > > original thread. > > Probably because he bounced only the ones you didn't get,

[PATCH v38 05/24] x86/sgx: Add wrappers for ENCLS leaf functions

. ENCLS leaf functions are documented in Intel SDM: 36.6 ENCLAVE INSTRUCTIONS AND INTEL® Acked-by: Jethro Beekman Tested-by: Darren Kenny Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/encls.h | 238

[PATCH v38 04/24] x86/sgx: Add SGX microarchitectural data structures

Beekman Reviewed-by: Darren Kenny Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/arch.h | 341 + 1 file changed, 341 insertions(+) create mode 100644 arch/x86/kernel/cpu/sgx/arch.h diff --git a/arch/x86/kernel/cpu/sgx/arch.h b/arch/x86/kernel/cpu/sgx

[PATCH v38 00/24] Intel SGX foundations

keyhash_msrs(). * return -ENOMEM in sgx_alloc_page() when VA pages consume too much space * removed unused global sgx_nr_pids * moved sgx_encl_release to sgx_encl.c * return -ERESTARTSYS instead of -EINTR in sgx_encl_init() Jarkko Sakkinen (14): x86/sgx: Add SGX microarchitectural data structures

[PATCH v38 06/24] x86/cpu/intel: Detect SGX support

subsystem doesn't need to manually do support checks on a per-CPU basis. Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Signed-off-by: Sean Christopherson Co-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/feat_ctl.c | 32

[PATCH v38 01/24] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits

-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- arch/x86/include/asm/cpufeature.h| 5 +++-- arch/x86/include/asm/cpufeatures.h | 7 ++- arch/x86/include/asm/disabled-features.h | 18 +++--- arch/x86/include/asm/msr-index.h | 1 + arch/x86

[PATCH v38 03/24] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX

Reviewed-by: Borislav Petkov Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/include/asm/traps.h | 14 -- arch/x86/mm/fault.c | 13 + 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/traps.h b/arch

[PATCH v38 12/24] x86/sgx: Add SGX_IOC_ENCLAVE_CREATE

Tested-by: Jordan Hand Tested-by: Nathaniel McCallum Tested-by: Seth Moore Tested-by: Darren Kenny Reviewed-by: Darren Kenny Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Co-developed-by: Suresh Siddha Signed-off-by: Suresh Siddha Signed-off-by: Jarkko Sakkinen

[PATCH v38 02/24] x86/cpufeatures: x86/msr: Add Intel SGX Launch Control hardware bits

decisions from the kernel. [1] Intel SDM: 38.1.4 Intel SGX Launch Control Configuration Reviewed-by: Borislav Petkov Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Signed-off-by: Sean Christopherson Co-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- arch/x86/include

[PATCH v38 09/24] x86/sgx: Add __sgx_alloc_epc_page() and sgx_free_epc_page()

state (i.e. not required from caller part). Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/main.c | 62 ++ arch/x86/kernel

[PATCH v38 08/24] x86/sgx: Initialize metadata for Enclave Page Cache (EPC) sections

-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- arch/x86/Kconfig | 17 +++ arch/x86/kernel/cpu/Makefile | 1 + arch/x86/kernel/cpu/sgx/Makefile | 2 + arch/x86/kernel/cpu/sgx/main.c | 216 +++ arch/x86/kernel/cpu/sgx/sgx.h

[PATCH v38 10/24] mm: Add vm_ops->mprotect()

nux...@kvack.org Cc: Andrew Morton Cc: Matthew Wilcox Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Signed-off-by: Sean Christopherson Co-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- include/linux/mm.h | 3 +++ mm/mprotect.c | 5 - 2 files changed, 7 insertions(+)

[PATCH v38 18/24] x86/vdso: Add support for exception fixup in vDSO functions

pler than adding the necessary infrastructure to generate pre-compiled assembly and the intended benefit of massaging GCC's inlining algorithm is unlikely to realized in the vDSO any time soon, if ever. Suggested-by: Andy Lutomirski Acked-by: Jethro Beekman Signed-off-by: Sean Christopherson

[PATCH v38 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

-off-by: Suresh Siddha Signed-off-by: Jarkko Sakkinen --- arch/x86/include/uapi/asm/sgx.h | 28 +++ arch/x86/kernel/cpu/sgx/ioctl.c | 294 arch/x86/kernel/cpu/sgx/sgx.h | 1 + 3 files changed, 323 insertions(+) diff --git a/arch/x86/include/uapi/asm/sgx.h b

[PATCH v38 22/24] selftests/x86: Add a selftest for SGX

Add a selftest for SGX. It is a trivial test where a simple enclave copies one 64-bit word of memory between two memory locations. Cc: linux-kselft...@vger.kernel.org Signed-off-by: Jarkko Sakkinen --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/sgx/.gitignore

[PATCH v38 24/24] x86/sgx: Update MAINTAINERS

Add the maintainer information for the SGX subsystem. Cc: Thomas Gleixner Cc: Borislav Petkov Signed-off-by: Jarkko Sakkinen --- MAINTAINERS | 11 +++ 1 file changed, 11 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 3b186ade3597..1d4daeb12d0a 100644 --- a/MAINTAINERS

[PATCH v38 14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT

-by: Nathaniel McCallum Tested-by: Seth Moore Tested-by: Darren Kenny Reviewed-by: Darren Kenny Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Co-developed-by: Suresh Siddha Signed-off-by: Suresh Siddha Signed-off-by: Jarkko Sakkinen --- arch/x86/include/uapi/asm

[PATCH v38 15/24] x86/sgx: Enable provisioning for remote attestation

ioctl called SGX_IOC_ENCLAVE_PROVISION is used to assign this token to an enclave. Cc: linux-security-mod...@vger.kernel.org Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Suggested-by: Andy Lutomirski Signed-off-by: Jarkko Sakkinen --- arch/x86/include/uapi/asm/sgx.h | 11 arch

[PATCH v38 11/24] x86/sgx: Add SGX enclave driver

-by: Sean Christopherson Co-developed-by: Suresh Siddha Signed-off-by: Suresh Siddha Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/Makefile | 2 + arch/x86/kernel/cpu/sgx/driver.c | 173 arch/x86/kernel/cpu/sgx/driver.h | 29 +++ arch/x86/kernel/cpu/sgx/encl.c

[PATCH v38 16/24] x86/sgx: Add a page reclaimer

Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/driver.c | 1 + arch/x86/kernel/cpu/sgx/encl.c | 340 +- arch/x86/kernel/cpu/sgx/encl.h | 41 +++ arch/x86/kernel/cpu/sgx/ioctl.c | 77 - arch/x86/kernel/cpu

[PATCH v38 14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT

-by: Nathaniel McCallum Tested-by: Seth Moore Tested-by: Darren Kenny Reviewed-by: Darren Kenny Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Co-developed-by: Suresh Siddha Signed-off-by: Suresh Siddha Signed-off-by: Jarkko Sakkinen --- arch/x86/include/uapi/asm

[PATCH v38 08/24] x86/sgx: Initialize metadata for Enclave Page Cache (EPC) sections

-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- arch/x86/Kconfig | 17 +++ arch/x86/kernel/cpu/Makefile | 1 + arch/x86/kernel/cpu/sgx/Makefile | 2 + arch/x86/kernel/cpu/sgx/main.c | 216 +++ arch/x86/kernel/cpu/sgx/sgx.h

[PATCH v38 01/24] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits

-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- arch/x86/include/asm/cpufeature.h| 5 +++-- arch/x86/include/asm/cpufeatures.h | 7 ++- arch/x86/include/asm/disabled-features.h | 18 +++--- arch/x86/include/asm/msr-index.h | 1 + arch/x86

[PATCH v38 07/24] x86/cpu/intel: Add nosgx kernel parameter

Add kernel parameter to disable Intel SGX kernel support. Tested-by: Sean Christopherson Reviewed-by: Sean Christopherson Reviewed-by: Darren Kenny Signed-off-by: Jarkko Sakkinen --- Documentation/admin-guide/kernel-parameters.txt | 2 ++ arch/x86/kernel/cpu/feat_ctl.c | 9

[PATCH v38 02/24] x86/cpufeatures: x86/msr: Add Intel SGX Launch Control hardware bits

decisions from the kernel. [1] Intel SDM: 38.1.4 Intel SGX Launch Control Configuration Reviewed-by: Borislav Petkov Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Signed-off-by: Sean Christopherson Co-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- arch/x86/include

[PATCH v38 03/24] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX

Reviewed-by: Borislav Petkov Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/include/asm/traps.h | 14 -- arch/x86/mm/fault.c | 13 + 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/traps.h b/arch

[PATCH v38 06/24] x86/cpu/intel: Detect SGX support

subsystem doesn't need to manually do support checks on a per-CPU basis. Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Signed-off-by: Sean Christopherson Co-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/feat_ctl.c | 32

[PATCH v38 16/24] x86/sgx: Add a page reclaimer

Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/driver.c | 1 + arch/x86/kernel/cpu/sgx/encl.c | 340 +- arch/x86/kernel/cpu/sgx/encl.h | 41 +++ arch/x86/kernel/cpu/sgx/ioctl.c | 77 - arch/x86/kernel/cpu

[PATCH v38 11/24] x86/sgx: Add SGX enclave driver

-by: Sean Christopherson Co-developed-by: Suresh Siddha Signed-off-by: Suresh Siddha Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/Makefile | 2 + arch/x86/kernel/cpu/sgx/driver.c | 173 arch/x86/kernel/cpu/sgx/driver.h | 29 +++ arch/x86/kernel/cpu/sgx/encl.c

[PATCH v38 12/24] x86/sgx: Add SGX_IOC_ENCLAVE_CREATE

Tested-by: Jordan Hand Tested-by: Nathaniel McCallum Tested-by: Seth Moore Tested-by: Darren Kenny Reviewed-by: Darren Kenny Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Co-developed-by: Suresh Siddha Signed-off-by: Suresh Siddha Signed-off-by: Jarkko Sakkinen

[PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call

-by: Jethro Beekman Signed-off-by: Sean Christopherson Co-developed-by: Cedric Xing Signed-off-by: Cedric Xing Signed-off-by: Jarkko Sakkinen --- arch/x86/entry/vdso/Makefile | 2 + arch/x86/entry/vdso/vdso.lds.S | 1 + arch/x86/entry/vdso/vsgx_enter_enclave.S | 157

[PATCH v38 17/24] x86/sgx: ptrace() support for the SGX driver

Add VMA callbacks for ptrace() that can be used with debug enclaves. With debug enclaves data can be read and write the memory word at a time by using ENCLS(EDBGRD) and ENCLS(EDBGWR) leaf instructions. Acked-by: Jethro Beekman Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/encl.c

[PATCH v38 09/24] x86/sgx: Add __sgx_alloc_epc_page() and sgx_free_epc_page()

state (i.e. not required from caller part). Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/main.c | 62 ++ arch/x86/kernel

[PATCH v38 07/24] x86/cpu/intel: Add nosgx kernel parameter

Add kernel parameter to disable Intel SGX kernel support. Tested-by: Sean Christopherson Reviewed-by: Sean Christopherson Reviewed-by: Darren Kenny Signed-off-by: Jarkko Sakkinen --- Documentation/admin-guide/kernel-parameters.txt | 2 ++ arch/x86/kernel/cpu/feat_ctl.c | 9

[PATCH v38 19/24] x86/fault: Add helper function to sanitize error code

Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/mm/fault.c | 24 +--- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index 1a7cc6d3281a..9e5ec861aba0 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c

[PATCH v38 00/24] Intel SGX foundations

keyhash_msrs(). * return -ENOMEM in sgx_alloc_page() when VA pages consume too much space * removed unused global sgx_nr_pids * moved sgx_encl_release to sgx_encl.c * return -ERESTARTSYS instead of -EINTR in sgx_encl_init() Jarkko Sakkinen (14): x86/sgx: Add SGX microarchitectural data structures

[PATCH v38 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

-off-by: Suresh Siddha Signed-off-by: Jarkko Sakkinen --- arch/x86/include/uapi/asm/sgx.h | 28 +++ arch/x86/kernel/cpu/sgx/ioctl.c | 294 arch/x86/kernel/cpu/sgx/sgx.h | 1 + 3 files changed, 323 insertions(+) diff --git a/arch/x86/include/uapi/asm/sgx.h b

[PATCH v38 10/24] mm: Add vm_ops->mprotect()

nux...@kvack.org Cc: Andrew Morton Cc: Matthew Wilcox Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Signed-off-by: Sean Christopherson Co-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- include/linux/mm.h | 3 +++ mm/mprotect.c | 5 - 2 files changed, 7 insertions(+)

[PATCH v38 05/24] x86/sgx: Add wrappers for ENCLS leaf functions

. ENCLS leaf functions are documented in Intel SDM: 36.6 ENCLAVE INSTRUCTIONS AND INTEL® Acked-by: Jethro Beekman Tested-by: Darren Kenny Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/encls.h | 238

[PATCH v38 15/24] x86/sgx: Enable provisioning for remote attestation

ioctl called SGX_IOC_ENCLAVE_PROVISION is used to assign this token to an enclave. Cc: linux-security-mod...@vger.kernel.org Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Suggested-by: Andy Lutomirski Signed-off-by: Jarkko Sakkinen --- arch/x86/include/uapi/asm/sgx.h | 11 arch

[PATCH v38 22/24] selftests/x86: Add a selftest for SGX

Add a selftest for SGX. It is a trivial test where a simple enclave copies one 64-bit word of memory between two memory locations. Cc: linux-kselft...@vger.kernel.org Signed-off-by: Jarkko Sakkinen --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/sgx/.gitignore

[PATCH v38 20/24] x86/traps: Attempt to fixup exceptions in vDSO before signaling

vs. signal logic can be made function specific if/when necessary. Suggested-by: Andy Lutomirski Acked-by: Jethro Beekman Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/traps.c | 19 --- arch/x86/mm/fault.c | 8 2 files

[PATCH v38 18/24] x86/vdso: Add support for exception fixup in vDSO functions

pler than adding the necessary infrastructure to generate pre-compiled assembly and the intended benefit of massaging GCC's inlining algorithm is unlikely to realized in the vDSO any time soon, if ever. Suggested-by: Andy Lutomirski Acked-by: Jethro Beekman Signed-off-by: Sean Christopherson

[PATCH v38 23/24] docs: x86/sgx: Document SGX micro architecture and kernel internals

Document the Intel SGX kernel architecture. The fine-grained micro architecture details can be looked up from Intel SDM Volume 3D. Cc: linux-...@vger.kernel.org Acked-by: Randy Dunlap Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen

[PATCH v38 04/24] x86/sgx: Add SGX microarchitectural data structures

Beekman Reviewed-by: Darren Kenny Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/arch.h | 341 + 1 file changed, 341 insertions(+) create mode 100644 arch/x86/kernel/cpu/sgx/arch.h diff --git a/arch/x86/kernel/cpu/sgx/arch.h b/arch/x86/kernel/cpu/sgx

[PATCH v38 24/24] x86/sgx: Update MAINTAINERS

Add the maintainer information for the SGX subsystem. Cc: Thomas Gleixner Cc: Borislav Petkov Signed-off-by: Jarkko Sakkinen --- MAINTAINERS | 11 +++ 1 file changed, 11 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 3b186ade3597..1d4daeb12d0a 100644 --- a/MAINTAINERS

[PATCH v38 23/24] docs: x86/sgx: Document SGX micro architecture and kernel internals

Document the Intel SGX kernel architecture. The fine-grained micro architecture details can be looked up from Intel SDM Volume 3D. Cc: linux-...@vger.kernel.org Acked-by: Randy Dunlap Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen

[PATCH v38 17/24] x86/sgx: ptrace() support for the SGX driver

Add VMA callbacks for ptrace() that can be used with debug enclaves. With debug enclaves data can be read and write the memory word at a time by using ENCLS(EDBGRD) and ENCLS(EDBGWR) leaf instructions. Acked-by: Jethro Beekman Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/encl.c

[PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call

-by: Jethro Beekman Signed-off-by: Sean Christopherson Co-developed-by: Cedric Xing Signed-off-by: Cedric Xing Signed-off-by: Jarkko Sakkinen --- arch/x86/entry/vdso/Makefile | 2 + arch/x86/entry/vdso/vdso.lds.S | 1 + arch/x86/entry/vdso/vsgx_enter_enclave.S | 157

[PATCH v38 20/24] x86/traps: Attempt to fixup exceptions in vDSO before signaling

vs. signal logic can be made function specific if/when necessary. Suggested-by: Andy Lutomirski Acked-by: Jethro Beekman Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/traps.c | 19 --- arch/x86/mm/fault.c | 8 2 files

[PATCH v38 19/24] x86/fault: Add helper function to sanitize error code

Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/mm/fault.c | 24 +--- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index 1a7cc6d3281a..9e5ec861aba0 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c

Re: [PATCH v37 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

On Tue, Sep 15, 2020 at 12:54:50PM +0300, Jarkko Sakkinen wrote: > On Sun, Sep 13, 2020 at 09:56:03PM -0500, Haitao Huang wrote: > > > > On Fri, 11 Sep 2020 07:40:08 -0500, Jarkko Sakkinen > > wrote: > > ... > > > > > +/** > >

Re: [PATCH v37 02/24] x86/cpufeatures: x86/msr: Add Intel SGX Launch Control hardware bits

On Mon, Sep 14, 2020 at 10:38:26AM -0500, Josh Poimboeuf wrote: > On Mon, Sep 14, 2020 at 10:18:16AM -0500, Josh Poimboeuf wrote: > > Hi Jarko, > > > > It looks like some of the patches weren't delivered to the lists. > > Patches 0, 1, 8, 9, and 17 seem to be missing. > > > > Lore agrees with

Re: [PATCH v37 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

On Sun, Sep 13, 2020 at 09:56:03PM -0500, Haitao Huang wrote: > > On Fri, 11 Sep 2020 07:40:08 -0500, Jarkko Sakkinen > wrote: > ... > > > +/** > > + * sgx_ioc_enclave_add_pages() - The handler for > > %SGX_IOC_ENCLAVE_ADD_PAGES > > + * @encl: an

Re: [PATCH] security: keys: Use kvfree_sensitive in a few places

On Fri, Sep 11, 2020 at 07:05:16PM +0300, Denis Efremov wrote: > Hi, > > same patch > > https://lkml.org/lkml/2020/8/27/168 > > Thanks, > Denis David, can you pick this up? /Jarkko

Re: [PATCH v2] certs: Add EFI_CERT_X509_GUID support for dbx entries

On Mon, Sep 14, 2020 at 09:01:34PM +0300, Jarkko Sakkinen wrote: > On Wed, Sep 09, 2020 at 01:27:36PM -0400, Eric Snowberg wrote: > > The Secure Boot Forbidden Signature Database, dbx, contains a list of now > > revoked signatures and keys previously approved to boot with UEFI

[PATCH v37 00/24] Intel SGX foundations

gx_nr_pids * moved sgx_encl_release to sgx_encl.c * return -ERESTARTSYS instead of -EINTR in sgx_encl_init() Jarkko Sakkinen (14): x86/sgx: Add SGX microarchitectural data structures x86/sgx: Add wrappers for ENCLS leaf functions x86/cpu/intel: Add nosgx kernel parameter x8

[PATCH v37 09/24] x86/sgx: Add __sgx_alloc_epc_page() and sgx_free_epc_page()

state (i.e. not required from caller part). Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/main.c | 62 ++ arch/x86/kernel

[PATCH v37 01/24] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits

-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- arch/x86/include/asm/cpufeature.h| 5 +++-- arch/x86/include/asm/cpufeatures.h | 7 ++- arch/x86/include/asm/disabled-features.h | 18 +++--- arch/x86/include/asm/msr-index.h | 1 + arch/x86

[PATCH v37 08/24] x86/sgx: Initialize metadata for Enclave Page Cache (EPC) sections

-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- arch/x86/Kconfig | 17 +++ arch/x86/kernel/cpu/Makefile | 1 + arch/x86/kernel/cpu/sgx/Makefile | 2 + arch/x86/kernel/cpu/sgx/main.c | 216 +++ arch/x86/kernel/cpu/sgx/sgx.h

[PATCH v37 17/24] x86/sgx: ptrace() support for the SGX driver

Add VMA callbacks for ptrace() that can be used with debug enclaves. With debug enclaves data can be read and write the memory word at a time by using ENCLS(EDBGRD) and ENCLS(EDBGWR) leaf instructions. Acked-by: Jethro Beekman Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/encl.c

[PATCH v37 03/24] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX

Reviewed-by: Borislav Petkov Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/include/asm/traps.h | 14 -- arch/x86/mm/fault.c | 13 + 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/traps.h b/arch

[PATCH v37 04/24] x86/sgx: Add SGX microarchitectural data structures

Beekman Reviewed-by: Darren Kenny Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/arch.h | 341 + 1 file changed, 341 insertions(+) create mode 100644 arch/x86/kernel/cpu/sgx/arch.h diff --git a/arch/x86/kernel/cpu/sgx/arch.h b/arch/x86/kernel/cpu/sgx

[PATCH v37 07/24] x86/cpu/intel: Add nosgx kernel parameter

Add kernel parameter to disable Intel SGX kernel support. Tested-by: Sean Christopherson Reviewed-by: Sean Christopherson Reviewed-by: Darren Kenny Signed-off-by: Jarkko Sakkinen --- Documentation/admin-guide/kernel-parameters.txt | 2 ++ arch/x86/kernel/cpu/feat_ctl.c | 9

[PATCH v37 10/24] mm: Add vm_ops->mprotect()

nux...@kvack.org Cc: Andrew Morton Cc: Matthew Wilcox Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Signed-off-by: Sean Christopherson Co-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- include/linux/mm.h | 3 +++ mm/mprotect.c | 5 - 2 files changed, 7 insertions(+)

[PATCH v37 05/24] x86/sgx: Add wrappers for ENCLS leaf functions

. ENCLS leaf functions are documented in Intel SDM: 36.6 ENCLAVE INSTRUCTIONS AND INTEL® Acked-by: Jethro Beekman Tested-by: Darren Kenny Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/encls.h | 238

[PATCH v37 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES

-off-by: Suresh Siddha Signed-off-by: Jarkko Sakkinen --- arch/x86/include/uapi/asm/sgx.h | 28 arch/x86/kernel/cpu/sgx/ioctl.c | 289 arch/x86/kernel/cpu/sgx/sgx.h | 1 + 3 files changed, 318 insertions(+) diff --git a/arch/x86/include/uapi/asm/sgx.h b

[PATCH v37 06/24] x86/cpu/intel: Detect SGX support

subsystem doesn't need to manually do support checks on a per-CPU basis. Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Signed-off-by: Sean Christopherson Co-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/feat_ctl.c | 32

[PATCH v37 14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT

-by: Nathaniel McCallum Tested-by: Seth Moore Tested-by: Darren Kenny Reviewed-by: Darren Kenny Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Co-developed-by: Suresh Siddha Signed-off-by: Suresh Siddha Signed-off-by: Jarkko Sakkinen --- arch/x86/include/uapi/asm

[PATCH v37 16/24] x86/sgx: Add a page reclaimer

Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/driver.c | 1 + arch/x86/kernel/cpu/sgx/encl.c | 340 +- arch/x86/kernel/cpu/sgx/encl.h | 41 +++ arch/x86/kernel/cpu/sgx/ioctl.c | 77 - arch/x86/kernel/cpu

[PATCH v37 15/24] x86/sgx: Enable provisioning for remote attestation

ioctl called SGX_IOC_ENCLAVE_PROVISION is used to assign this token to an enclave. Cc: linux-security-mod...@vger.kernel.org Acked-by: Jethro Beekman Reviewed-by: Darren Kenny Suggested-by: Andy Lutomirski Signed-off-by: Jarkko Sakkinen --- arch/x86/include/uapi/asm/sgx.h | 11 arch

[PATCH v37 20/24] x86/traps: Attempt to fixup exceptions in vDSO before signaling

vs. signal logic can be made function specific if/when necessary. Suggested-by: Andy Lutomirski Acked-by: Jethro Beekman Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- arch/x86/kernel/traps.c | 19 --- arch/x86/mm/fault.c | 8 2 files

[PATCH v37 12/24] x86/sgx: Add SGX_IOC_ENCLAVE_CREATE

Tested-by: Jordan Hand Tested-by: Nathaniel McCallum Tested-by: Seth Moore Tested-by: Darren Kenny Reviewed-by: Darren Kenny Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Co-developed-by: Suresh Siddha Signed-off-by: Suresh Siddha Signed-off-by: Jarkko Sakkinen

<    5   6   7   8   9   10   11   12   13   14   >