On Mon, 2017-11-13 at 21:45 +0200, Jarkko Sakkinen wrote:
> This commits implements the in-kernel launch enclave. It is wrapped into
> a user space program that reads SIGSTRUCT instances from stdin and
> outputs launch tokens to stdout.
>
> The commit also adds enclave signing tool that is used by
On Mon, 2017-11-13 at 21:45 +0200, Jarkko Sakkinen wrote:
> Intel SGX is a set of CPU instructions that can be used by applications
> to set aside private regions of code and data. The code outside the
> enclave is disallowed to access the memory inside the enclave by the CPU
> access control.
>
On Mon, 2017-11-13 at 21:45 +0200, Jarkko Sakkinen wrote:
> --- a/drivers/platform/x86/intel_sgx/sgx_main.c
> +++ b/drivers/platform/x86/intel_sgx/sgx_main.c
> @@ -88,6 +88,37 @@ u64 sgx_encl_size_max_64;
> u64 sgx_xfrm_mask = 0x3;
> u32 sgx_misc_reserved;
> u32 sgx_xsave_size_tbl[64];
> +bool s
gardless of the
kernel's TLB flushing behavior.
[1]
http://lists-archives.com/linux-kernel/28407455-x86-pkeys-new-page-fault-error-code-bit-pf_pk.html
Signed-off-by: Sean Christopherson
Cc: Dave Hansen
---
There's no indication that this condition has ever been encountered.
On Fri, 2018-06-08 at 19:09 +0200, Jarkko Sakkinen wrote:
> SGX has a set of data structures to maintain information about the enclaves
> and their security properties. BIOS reserves a fixed size region of
> physical memory for these structures by setting Processor Reserved Memory
> Range Registers
On Wed, Jun 20, 2018 at 11:39:00AM -0700, Jethro Beekman wrote:
> On 2018-06-20 11:16, Jethro Beekman wrote:
> > > This last bit is also repeated in different words in Table 35-2 and
> > > Section 42.2.2. The MSRs are *not writable* before the write-lock bit
> > > itself is locked. Meaning the MSRs
it
> manages to actually maximize both security and freedom.
>
> [0]: details here -
> https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/README#n19
> On Thu, Jun 21, 2018 at 11:29 AM Neil Horman wrote:
> >
> > On Thu, Jun 21, 2
On Tue, Aug 28, 2018 at 07:07:33AM -0700, Dave Hansen wrote:
> On 08/28/2018 01:35 AM, Jarkko Sakkinen wrote:
> > On Mon, Aug 27, 2018 at 02:15:34PM -0700, Dave Hansen wrote:
> >> On 08/27/2018 11:53 AM, Jarkko Sakkinen wrote:
> >>> +struct sgx_epc_page_ops {
> >>> + bool (*get)(struct sgx_epc_page
On Tue, Aug 28, 2018 at 09:53:11AM -0700, Dave Hansen wrote:
> >>> + sgx_nr_epc_banks++;
> >>> + }
> >>> +
> >>> + if (!sgx_nr_epc_banks) {
> >>> + pr_err("There are zero EPC banks.\n");
> >>> + return -ENODEV;
> >>> + }
> >>> +
> >>> + return 0;
> >>> +}
> >>
> >> Does this
On Tue, Aug 28, 2018 at 02:26:36PM -0700, Dave Hansen wrote:
> On 08/28/2018 02:22 PM, Sean Christopherson wrote:
> > On Tue, Aug 28, 2018 at 07:07:33AM -0700, Dave Hansen wrote:
> >> On 08/28/2018 01:35 AM, Jarkko Sakkinen wrote:
> >>> On Mon, Aug 27, 2018 at 02:15
On Tue, Aug 28, 2018 at 05:12:56PM -0500, Brijesh Singh wrote:
> kvmclock defines few static variables which are shared with hypervisor
> during the kvmclock initialization.
>
> When SEV is active, memory is encrypted with a guest-specific key, and
> if guest OS wants to share the memory region wi
ependency")
> Cc: Tom Lendacky
> Cc: k...@vger.kernel.org
> Cc: Thomas Gleixner
> Cc: Borislav Petkov
> Cc: "H. Peter Anvin"
> Cc: linux-kernel@vger.kernel.org
> Cc: Paolo Bonzini
> Cc: Sean Christopherson
> Cc: k...@vger.kernel.org
> Cc: "Radi
On Wed, Aug 29, 2018 at 07:36:22PM +, Nadav Amit wrote:
> at 10:11 AM, Nadav Amit wrote:
>
> > at 1:59 AM, Masami Hiramatsu wrote:
> >
> >> On Wed, 29 Aug 2018 01:11:42 -0700
> >> Nadav Amit wrote:
> >>
> >>> Use lockdep to ensure that text_mutex is taken when text_poke() is
> >>> called.
On Wed, Aug 29, 2018 at 12:33:54AM -0700, Huang, Kai wrote:
> [snip..]
>
> > > >
> > > > @@ -38,6 +39,18 @@ static LIST_HEAD(sgx_active_page_list); static
> > > > DEFINE_SPINLOCK(sgx_active_page_list_lock);
> > > > static struct task_struct *ksgxswapd_tsk; static
> > > > DECLARE_WAIT_QUEUE_HEAD
On Wed, Aug 29, 2018 at 08:44:47PM +, Nadav Amit wrote:
> at 1:13 PM, Sean Christopherson wrote:
>
> > On Wed, Aug 29, 2018 at 07:36:22PM +, Nadav Amit wrote:
> >> at 10:11 AM, Nadav Amit wrote:
> >>
> >>> at 1:59 AM, Masami Hiramatsu wrote:
On Wed, Aug 29, 2018 at 01:58:09PM -0700, Huang, Kai wrote:
> > -Original Message-
> > From: Christopherson, Sean J
> > Sent: Thursday, August 30, 2018 8:34 AM
> > To: Huang, Kai
> > Cc: Jarkko Sakkinen ; platform-driver-
> > x...@vger.kernel.org; x...@kernel.org; nhor...@redhat.com; linux
it reasons").
Signed-off-by: Sean Christopherson
---
arch/x86/include/asm/vmx.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 6aa8499e1f62..2665c10ece4c 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm
On Wed, Aug 22, 2018 at 10:14:17AM +0200, Borislav Petkov wrote:
> Dropping Pavel as it bounces.
>
> On Tue, Aug 21, 2018 at 11:07:38AM -0500, Brijesh Singh wrote:
> > The tsc_early_init() is called before setup_arch() -> init_mem_mapping.
>
> Ok, I see it, thanks for explaining.
>
> So back to
On Thu, Aug 23, 2018 at 01:26:55PM +0200, Paolo Bonzini wrote:
> On 22/08/2018 22:11, Brijesh Singh wrote:
> >
> > Yes, this is one of approach I have in mind. It will avoid splitting
> > the larger pages; I am thinking that early in boot code we can lookup
> > for this special section and decrypt
On Fri, Aug 24, 2018 at 10:41:27AM -0500, Brijesh Singh wrote:
>
>
> On 08/23/2018 11:16 AM, Paolo Bonzini wrote:
> >On 23/08/2018 17:29, Sean Christopherson wrote:
> >>On Thu, Aug 23, 2018 at 01:26:55PM +0200, Paolo Bonzini wrote:
> >>>On 22/08/2018 22:11, B
On Wed, Jul 11, 2018 at 07:37:18PM +0200, Vitaly Kuznetsov wrote:
> When we switched from doing rdmsr() to reading FS/GS base values from
> current->thread we completely forgot about legacy 32-bit userspaces which
> we still support in KVM (why?). task->thread.{fsbase,gsbase} are only
> synced for
On Wed, 2018-04-11 at 11:16 +0200, KarimAllah Ahmed wrote:
> If the processor does not have an "Always Running APIC Timer" (aka ARAT),
> we should not give guests direct access to MWAIT. The LAPIC timer would
> stop ticking in deep C-states, so any host deadlines would not wakeup the
> host kernel.
On Thu, Apr 12, 2018 at 04:38:39PM +0200, Paolo Bonzini wrote:
> On 21/02/2018 18:47, KarimAllah Ahmed wrote:
> > +
> > + if (kvm_vcpu_map(vcpu,
> > gpa_to_gfn(vmcs12->virtual_apic_page_addr), map))
> > + vmcs_write64(VIRTUAL_APIC_PAGE_ADDR,
> > gfn_to_gpa(map->pfn));
an L2->L1->L2 vmexit
> goes from 42k to 26k cycles.
>
> Signed-off-by: Vitaly Kuznetsov
> Signed-off-by: Paolo Bonzini
> ---
> Changes since v1:
> - drop now unneded local vmx variable in vmx_free_vcpu_nested
> [Sean Christopherson]
> ---
> arch/x8
context->base_role.word = root_page_role.word & mmu_base_role_mask.word;
> + context->get_pdptr = kvm_pdptr_read;
Would it make sense to set this in nested_ept_init_mmu_context()
along with set_cr3, get_cr3 and inject_page_fault? The other MMU
flows set them as a package deal.
Either way..
y Kuznetsov
> Signed-off-by: Paolo Bonzini
> ---
Reviewed-by: Sean Christopherson
On Tue, Sep 25, 2018 at 07:58:38PM +0200, Vitaly Kuznetsov wrote:
> Add an option to specify which MMU root we want to free. This will
> be used when nested and non-nested MMUs for L1 are split.
>
> Signed-off-by: Vitaly Kuznetsov
> Signed-off-by: Paolo Bonzini
> ---
On Tue, Sep 25, 2018 at 07:58:40PM +0200, Vitaly Kuznetsov wrote:
> From: Paolo Bonzini
>
> Just inline the contents into the sole caller, kvm_init_mmu is now
> public.
>
> Suggested-by: Vitaly Kuznetsov
> Signed-off-by: Paolo Bonzini
> ---
Reviewed-by: Sean Christopherson
ata.
> No functional change.
>
> Signed-off-by: Vitaly Kuznetsov
> ---
One nit below, other than that...
Reviewed-by: Sean Christopherson
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index e59e5f49c8c2..bb1ef0f68f8e 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x
On Tue, Sep 25, 2018 at 07:58:42PM +0200, Vitaly Kuznetsov wrote:
> MMU re-initialization is expensive, in particular,
> update_permission_bitmask() and update_pkru_bitmask() are.
>
> Cache the data used to setup shadow EPT MMU and avoid full re-init when
> it is unchanged.
>
> Signed-off-by: Vit
On Tue, Sep 25, 2018 at 07:58:43PM +0200, Vitaly Kuznetsov wrote:
> MMU reconfiguration in init_kvm_tdp_mmu()/kvm_init_shadow_mmu() can be
> avoided if the source data used to configure it didn't change; enhance
> kvm_mmu_scache with the required fields and consolidate common code in
Nit: kvm_mmu_
> ---
Reviewed-by: Sean Christopherson
On Tue, Sep 25, 2018 at 03:53:48PM -0700, Andy Lutomirski wrote:
> Minor nit:
>
> On Tue, Sep 25, 2018 at 6:12 AM Jarkko Sakkinen
> wrote:
> >
> > From: Sean Christopherson
> >
>
> > by (c) as the kernel doesn't really have any other reasonable opti
On Tue, Sep 25, 2018 at 04:06:45PM +0300, Jarkko Sakkinen wrote:
> From: Sean Christopherson
>
> The SGX Enclave Page Cache Map (EPCM) is a hardware-managed table
> that enforces accesses to an enclave's EPC page in addition to the
> software-managed kernel page tables
On Wed, Sep 26, 2018 at 01:16:59PM -0700, Dave Hansen wrote:
> On 09/26/2018 11:12 AM, Andy Lutomirski wrote:
> >> e omniscient.
> >>
> >> How about this? With formatting changes since it's long-winded...
> >>
> >>/*
> >> * Access is blocked by the Enclave Page Cache Map (EPCM), i.
On Wed, Nov 21, 2018 at 05:17:34PM +0200, Jarkko Sakkinen wrote:
> On Wed, Nov 21, 2018 at 05:17:32AM +, Jethro Beekman wrote:
> > Jarkko, can you please explain you solution in detail? The CPU receives an
> > exception. This will be handled by the kernel exception handler. What
> > information
age table entries, ensuring that it's
> always up-to-date and doesn't require explicit offsetting.
>
> Cc: Chintan Pandya
> Cc: Toshi Kani
> Cc: Thomas Gleixner
> Cc: Michal Hocko
> Cc: Andrew Morton
> Cc: Sean Christopherson
> Signed-off-by: Will Deacon
Tested-by: Sean Christopherson
Reviewed-by: Sean Christopherson
On Mon, Nov 19, 2018 at 02:45:36PM -0800, Andy Lutomirski wrote:
> One of Linus' favorite hobbies seems to be looking at OOPSes and
> decoding the error code in his head. This is not one of my favorite
> hobbies :)
>
> Teach the page fault OOPS hander to decode the error code. If it's
> a !USER
e the changelog below.
I responded to the original thread a hair too late...
What about something like this instead of manually handling the case
where error_code==0 so that we get e.g. "[KERNEL] [READ]" instead of
"normal kernel read fault"? Getting "[PROT] [KERNEL] [READ]&
On Tue, Nov 27, 2018 at 09:36:03AM +0100, Heiko Carstens wrote:
> Use pr_alert_once() instead of pr_alert() if page table misaccounting
> has been detected.
>
> If this happens once it is very likely that there will be numerous
> other occurrence as well, which would flood dmesg and the console wi
On Tue, Nov 27, 2018 at 10:07:53AM -0600, Eric W. Biederman wrote:
>
>
> syzbot writes:
>
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:e195ca6cb6f2 Merge branch 'for-linus' of git://git.kernel...
> > git tree: upstream
> > console output: https://syzkall
On Wed, Nov 21, 2018 at 03:53:05PM +, David Laight wrote:
>
>
> > -Original Message-
> > From: Jan Beulich [mailto:jbeul...@suse.com]
> > Sent: 21 November 2018 14:42
> > To: David Laight
> > Cc: mi...@elte.hu; t...@linutronix.de; Boris Ostrovsky; Juergen Gross;
> > linux-kernel@vger
On Tue, Nov 20, 2018 at 12:11:33PM +0200, Jarkko Sakkinen wrote:
> On Mon, Nov 19, 2018 at 09:00:08AM -0800, Andy Lutomirski wrote:
> > On Mon, Nov 19, 2018 at 8:02 AM Jarkko Sakkinen
> > wrote:
> > >
> > > On Mon, Nov 19, 2018 at 07:29:36AM -0800, Andy Lutomirski wrote:
> > > > 1. The kernel need
On Fri, Nov 16, 2018 at 03:37:15PM +0100, Borislav Petkov wrote:
> On Fri, Nov 16, 2018 at 03:01:10AM +0200, Jarkko Sakkinen wrote:
> > From: Sean Christopherson
> >
> > CPUID_12_EAX is an Intel-defined feature bits leaf dedicated for SGX
> > that enumerates the SG
On Fri, Nov 16, 2018 at 03:01:20AM +0200, Jarkko Sakkinen wrote:
> From: Sean Christopherson
>
> Add a new IA32_FEATURE_CONTROL bit, SGX_LE_WR.
Introducing SGX_LE_WR needs to land before patch 06/23, which references
the flag when updating feature bits.
On Tue, Nov 13, 2018 at 11:40:09PM +0200, Jarkko Sakkinen wrote:
> Add a selftest for SGX. It is a trivial test where a simple enclave
> copies one 64-bit word of memory between two memory locations given to
> the enclave as arguments.
>
> Signed-off-by: Jarkko Sakkinen
> ---
> +SUBDIRS_64 := sgx
's size to
under 4k, i.e. reduces the effective size of the userspace vDSO mapping
by a full page.
Fixes: da861e18eccc ("x86, vdso: Get rid of the fake section mechanism")
Cc: Andy Lutomirski
Signed-off-by: Sean Christopherson
---
arch/x86/entry/vdso/vdso-layout.lds.S | 22 ---
e another stab at zapping/stripping the
unneeded sections.
Fixes: da861e18eccc ("x86, vdso: Get rid of the fake section mechanism")
Cc: Andy Lutomirski
Signed-off-by: Sean Christopherson
---
arch/x86/entry/vdso/vdso-layout.lds.S | 5 -
1 file changed, 5 deletions(-)
diff --git a/arch/
ops the current image's size
to under 4k, i.e. reduces the effective size of the userspace vDSO
mapping by a full page.
Sean Christopherson (2):
x86/vdso: Remove obsolete "fake section table" reservation
x86/vdso: Remove a stale/misleading comment from the linker script
arch/x8
On Tue, Dec 04, 2018 at 08:17:40AM -0800, Sean Christopherson wrote:
> At one point the vDSO image was manually stripped down by vdso2c in an
> attempt to minimize the size of the image mapped into userspace. Part
> of that stripping process involved building a fake section table so as
On Tue, Dec 04, 2018 at 10:22:39AM -0800, Sean Christopherson wrote:
> On Tue, Dec 04, 2018 at 08:17:40AM -0800, Sean Christopherson wrote:
> > At one point the vDSO image was manually stripped down by vdso2c in an
> > attempt to minimize the size of the image mapped into userspac
On Tue, Dec 04, 2018 at 10:58:51AM -0800, Andy Lutomirski wrote:
> On Tue, Dec 4, 2018 at 10:29 AM Sean Christopherson
> wrote:
> >
> > On Tue, Dec 04, 2018 at 10:22:39AM -0800, Sean Christopherson wrote:
> > > On Tue, Dec 04, 2018 at 08:17:40AM -0800, Sean Christoph
On Tue, Dec 04, 2018 at 11:22:25AM -0800, Andy Lutomirski wrote:
> On Tue, Nov 27, 2018 at 7:32 AM Sean Christopherson
> wrote:
> > diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
> > index 2ff25ad33233..510e263c256b 100644
> > --- a/arch/x86/mm/fault.c
>
On Tue, Dec 04, 2018 at 11:47:10AM -0800, Andy Lutomirski wrote:
> On Tue, Dec 4, 2018 at 11:34 AM Sean Christopherson
> wrote:
> >
> > On Tue, Dec 04, 2018 at 11:22:25AM -0800, Andy Lutomirski wrote:
> > > On Tue, Nov 27, 2018 at 7:32 AM Sean Christopherson
> &g
e another stab at zapping/stripping the
unneeded sections.
Fixes: da861e18eccc ("x86, vdso: Get rid of the fake section mechanism")
Cc: Andy Lutomirski
Signed-off-by: Sean Christopherson
Acked-by: Andy Lutomirski
---
arch/x86/entry/vdso/vdso-layout.lds.S | 5 -
1 file changed, 5 deleti
The "required" moniker implies that vdso2c will fail if one of the
defined symbols is not found, which is simply not true, e.g.
VDSO32_NOTE_MASK is quite obviously 32-bit only and not required
for the 64-bit image.
Cc: Andy Lutomirski
Signed-off-by: Sean Christopherson
---
arch/x86/
's size to
under 4k, i.e. reduces the effective size of the userspace vDSO mapping
by a full page.
Fixes: da861e18eccc ("x86, vdso: Get rid of the fake section mechanism")
Cc: Andy Lutomirski
Signed-off-by: Sean Christopherson
---
arch/x86/entry/vdso/vdso-layout.lds.S | 22 ---
...now that all required symbols are exported by vdso2c.
Cc: Andy Lutomirski
Signed-off-by: Sean Christopherson
---
Regarding Andy's concern that we might want the exported flag in the
future for exception fixup, I prototyped a few approaches and in the
end we always need to know at leas
ops the current image's size
to under 4k, i.e. reduces the effective size of the userspace vDSO
mapping by a full page.
v1->v2:
- Remove the definition of sym_VDSO_FAKE_SECTION_TABLE_*
- Add patches 3/4 and 4/4 for additional cleanup
Sean Christopherson (4):
x86/vdso: Remove obsol
On Tue, Dec 04, 2018 at 11:22:25AM -0800, Andy Lutomirski wrote:
> On Tue, Nov 27, 2018 at 7:32 AM Sean Christopherson
> wrote:
> > arch/x86/mm/fault.c | 6 --
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/x86/mm/fault.c b
TE|INSTR|READ] [RSDV] [PK]
Cc: Andy Lutomirski
Cc: Borislav Petkov
Cc: Dave Hansen
Cc: H. Peter Anvin
Cc: Linus Torvalds
Cc: Peter Zijlstra
Cc: Rik van Riel
Cc: Thomas Gleixner
Cc: Yu-cheng Yu
Cc: linux-kernel@vger.kernel.org
Cc: Ingo Molnar
Signed-off-by: Sean Christopherson
---
arch/
so that the caller can know
whether the fault occurred in the enclave or if it occurred on EENTER.
A fault on EENTER generally means the enclave has died and needs to be
restarted.
Suggested-by: Andy Lutomirski
Cc: Andy Lutomirski
Cc: Jarkko Sakkinen
Cc: Dave Hansen
Cc: Josh Triplett
deal.
One proposed solution for supporting SGX without requiring signals is
to wrap enclave transitions in a vDSO function so that SGX exceptions
can be intercepted via exception fixup and returned inline to the
caller. This RFC series adds exception fixup and SGX support to the
vDSO.
Sean Chri
turn the fault
information directly to its caller, thus avoiding the need to juggle
signal handlers.
Suggested-by: Andy Lutomirski
Cc: Andy Lutomirski
Cc: Jarkko Sakkinen
Cc: Dave Hansen
Cc: Josh Triplett
Signed-off-by: Sean Christopherson
---
arch/x86/entry/vdso/Makefile
call fixup_vdso_exception() after
the error code has been sanitized.
Suggested-by: Andy Lutomirski
Cc: Andy Lutomirski
Cc: Jarkko Sakkinen
Cc: Dave Hansen
Cc: Josh Triplett
Signed-off-by: Sean Christopherson
---
arch/x86/mm/fault.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a
: Andy Lutomirski
Cc: Andy Lutomirski
Cc: Jarkko Sakkinen
Cc: Dave Hansen
Cc: Josh Triplett
Signed-off-by: Sean Christopherson
---
arch/x86/kernel/traps.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 9b7c4ca8f0a7
On Wed, Dec 05, 2018 at 03:40:48PM -0800, Andy Lutomirski wrote:
> On Wed, Dec 5, 2018 at 3:20 PM Sean Christopherson
> wrote:
> > +notrace long __vdso_sgx_eenter(void *tcs, void *priv,
> > + struct sgx_eenter_fault_info *fault_info)
> > +
On Thu, Dec 06, 2018 at 05:55:47AM -0800, Sean Christopherson wrote:
> On Wed, Dec 05, 2018 at 03:40:48PM -0800, Andy Lutomirski wrote:
> > On Wed, Dec 5, 2018 at 3:20 PM Sean Christopherson
> > wrote:
> > > +notrace long __vdso_sgx_eent
#PF error code(0007): !K !I !S +U +W +P
[0.153004] #PF error code(0025): +K !I !S +U !W +P
[0.153004] #PF error code(0002): !K !I !S !U +W !P
[0.153004] #PF error code(0004): !K !I !S +U !W !P
[0.153004] #PF error code(0006): !K !I !S +U +W !P
[0.153362] #PF error code(0
On Thu, Dec 06, 2018 at 10:17:34AM -0800, Dave Hansen wrote:
> > #define CREATE_TRACE_POINTS
> > #include
> > @@ -928,6 +929,9 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned
> > long error_code,
> > if (address >= TASK_SIZE_MAX)
> > error_code |= X86_PF
turn the fault
information directly to its caller, thus avoiding the need to juggle
signal handlers.
Suggested-by: Andy Lutomirski
Cc: Andy Lutomirski
Cc: Jarkko Sakkinen
Cc: Dave Hansen
Cc: Josh Triplett
Signed-off-by: Sean Christopherson
---
arch/x86/entry/vdso/Makefile
to report faults directly to userspace when the
fault would otherwise directly result in a signal being sent to the
process.
Suggested-by: Andy Lutomirski
Cc: Andy Lutomirski
Cc: Jarkko Sakkinen
Cc: Dave Hansen
Cc: Josh Triplett
Signed-off-by: Sean Christopherson
---
arch/x86/kernel/traps.c
exit
handler if they want to support correctable enclave faults, as there
is no other way to request ERESUME.
Suggested-by: Andy Lutomirski
Cc: Andy Lutomirski
Cc: Jarkko Sakkinen
Cc: Dave Hansen
Cc: Josh Triplett
Signed-off-by: Sean Christopherson
---
arch/x86/entry/vdso/Makefile
er_enclave() to abstract the details
of EENTER and ERESUME to some degree.
- Give the enclave RDI, RSI and RDX to pass data out of the enclave.
- Call fixup_vdso_exception() in do_int3().
v1:
https://lkml.kernel.org/r/20181205232012.28920-1-sean.j.christopher...@intel.com
Sean Christophe
to call fixup_vdso_exception() after
the error code has been sanitized.
Suggested-by: Andy Lutomirski
Cc: Andy Lutomirski
Cc: Jarkko Sakkinen
Cc: Dave Hansen
Cc: Josh Triplett
Signed-off-by: Sean Christopherson
---
arch/x86/mm/fault.c | 7 +++
1 file changed, 7 insertions(+)
diff --git
PM Sean Christopherson
> wrote:
> >
> +
> > + /*
> > +* Invoke the caller's exit handler if one was provided. The return
> > +* value tells us whether to re-enter the enclave (EENTER or
> > ERESUME)
> > +* or
k van Riel
Cc: Thomas Gleixner
Cc: Yu-cheng Yu
Cc: linux-kernel@vger.kernel.org
Cc: Ingo Molnar
Signed-off-by: Sean Christopherson
---
arch/x86/mm/fault.c | 41 ++---
1 file changed, 10 insertions(+), 31 deletions(-)
diff --git a/arch/x86/mm/fault.c b/arc
On Fri, Dec 07, 2018 at 09:56:09AM -0800, Andy Lutomirski wrote:
> On Fri, Dec 7, 2018 at 8:51 AM Sean Christopherson
> wrote:
> > I like that the exit handler allows userspace to trap/panic with the full
> > call stack in place, and in a dedicated path, i.e. outside of the ba
On Fri, Dec 07, 2018 at 10:52:49AM -0800, Linus Torvalds wrote:
> On Fri, Dec 7, 2018 at 10:44 AM Sean Christopherson
> wrote:
> >
> > Remove the per-bit decoding of the error code and instead print the raw
> > error code followed by a brief description of what caused the
Cc: Ingo Molnar
Signed-off-by: Sean Christopherson
---
v2:
- Explicitly call out protection keys violations
- "Slightly" reword the changelog
arch/x86/mm/fault.c | 42 +++---
1 file changed, 11 insertions(+), 31 deletions(-)
diff --git a/arch/x86
On Fri, Dec 07, 2018 at 11:23:10AM -0800, Andy Lutomirski wrote:
>
> > On Dec 7, 2018, at 11:02 AM, Sean Christopherson
> > wrote:
> >
> >> On Fri, Dec 07, 2018 at 09:56:09AM -0800, Andy Lutomirski wrote:
> >> On Fri, Dec 7, 2018 at 8:51 AM Sean Christ
On Fri, Dec 07, 2018 at 12:16:59PM -0800, Andy Lutomirski wrote:
>
> > On Dec 7, 2018, at 12:09 PM, Sean Christopherson
> > wrote:
> >
> > Speaking of preserving registers, the asm blob needs to mark RBX as
> > clobbered since it's modified for EEXIT
On Fri, Dec 07, 2018 at 12:16:59PM -0800, Andy Lutomirski wrote:
>
>
> > On Dec 7, 2018, at 12:09 PM, Sean Christopherson
> > wrote:
> >
> >> On Fri, Dec 07, 2018 at 11:23:10AM -0800, Andy Lutomirski wrote:
> >>
> >> Ah, I see. You’re sayi
On Fri, Dec 07, 2018 at 12:46:30PM -0800, Linus Torvalds wrote:
> On Fri, Dec 7, 2018 at 11:52 AM Sean Christopherson
> wrote:
> >
> > Remove the per-bit decoding of the error code and instead print:
>
> The patch looks fine to me, so feel free to add an acked-by, but:
&
On Thu, Nov 08, 2018 at 03:23:59PM -0700, Rian Quinn wrote:
> I apologize upfront if this is the wrong place to post this, pretty new to
> this.
>
> We are working on the Bareflank Hypervisor (www.bareflank.org), and we
> are passing through the INIT/SIPI process (similar to how a VMX
> rootkit f
On Fri, Nov 09, 2018 at 11:04:59AM -0700, Rian Quinn wrote:
> >> I apologize upfront if this is the wrong place to post this, pretty new to
> >> this.
> >>
> >> We are working on the Bareflank Hypervisor (www.bareflank.org), and we
> >> are passing through the INIT/SIPI process (similar to how a V
On Mon, Jun 25, 2018 at 05:00:05PM -0400, Nathaniel McCallum wrote:
> On Thu, Jun 21, 2018 at 5:21 PM Sean Christopherson
> wrote:
> >
> > On Thu, Jun 21, 2018 at 03:11:18PM -0400, Nathaniel McCallum wrote:
> > > If this is acceptable for everyone, my hope is the foll
On Tue, Jun 19, 2018 at 05:57:53PM +0300, Jarkko Sakkinen wrote:
> On Fri, Jun 08, 2018 at 11:24:12AM -0700, Dave Hansen wrote:
> > On 06/08/2018 10:09 AM, Jarkko Sakkinen wrote:
> > > +static __init bool sgx_is_enabled(bool *lc_enabled)
> > > {
> > > unsigned long fc;
> > >
> > > @@ -41,12 +4
On Fri, 2018-06-08 at 19:09 +0200, Jarkko Sakkinen wrote:
> This commit adds wrappers for Intel(R) SGX ENCLS opcode functionality.
>
> Signed-off-by: Jarkko Sakkinen
> ---
> arch/x86/include/asm/sgx.h | 198 +
> 1 file changed, 198 insertions(+)
>
> diff --gi
On Fri, 2018-06-08 at 19:09 +0200, Jarkko Sakkinen wrote:
> SGX has a set of data structures to maintain information about the enclaves
> and their security properties. BIOS reserves a fixed size region of
> physical memory for these structures by setting Processor Reserved Memory
> Range Registers
() is trying to adjust a high MMIO
address.
Fixes: 6b28baca9b1f ("x86/speculation/l1tf: Protect PROT_NONE PTEs against
speculation")
Signed-off-by: Sean Christopherson
Cc: Andi Kleen
Cc: Thomas Gleixner
Cc: Josh Poimboeuf
Cc: Michal Hocko
Cc: Vlastimil Babka
Cc: Dave Hansen
Cc: Gre
On Fri, Aug 17, 2018 at 09:13:51AM -0700, Linus Torvalds wrote:
> On Thu, Aug 16, 2018 at 1:47 PM Sean Christopherson
> wrote:
> >
> > Fixes: 6b28baca9b1f ("x86/speculation/l1tf: Protect PROT_NONE PTEs against
> > speculation")
>
> This seems wrong.
&
turn the fault
information directly to its caller, thus avoiding the need to juggle
signal handlers.
Suggested-by: Andy Lutomirski
Cc: Andy Lutomirski
Cc: Jarkko Sakkinen
Cc: Dave Hansen
Cc: Josh Triplett
Signed-off-by: Sean Christopherson
---
arch/x86/entry/vdso/Makefile
to report faults directly to userspace when the
fault would otherwise directly result in a signal being sent to the
process.
Suggested-by: Andy Lutomirski
Cc: Andy Lutomirski
Cc: Jarkko Sakkinen
Cc: Dave Hansen
Cc: Josh Triplett
Signed-off-by: Sean Christopherson
---
arch/x86/kernel/traps.c
Lutomirski
Cc: Andy Lutomirski
Cc: Jarkko Sakkinen
Cc: Dave Hansen
Cc: Josh Triplett
Signed-off-by: Sean Christopherson
---
arch/x86/mm/fault.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index fefeb745d21d..c6f5f77ffabd 100644
--- a
ang
Cc: Jethro Beekman
Cc: Dr. Greg Wettstein
Signed-off-by: Sean Christopherson
---
arch/x86/entry/vdso/Makefile | 2 +
arch/x86/entry/vdso/vdso.lds.S | 1 +
arch/x86/entry/vdso/vsgx_enter_enclave.S | 136 +++
arch/x86/include/uapi/asm/sgx.h
...to prepare for vDSO exception fixup, which will expose the error
code to userspace and runs before set_signal_archinfo(), i.e. squashes
the signal when fixup is successful.
Signed-off-by: Sean Christopherson
---
arch/x86/mm/fault.c | 26 ++
1 file changed, 14
lement __vdso_sgx_enter_enclave() directly in assembly
- Modify effective enclave register ABI to follow x86-64 kernel ABI
- Split __vdso_sgx_enter_enclave input into separate non-union params
- Drop the exit_handler() concept
Sean Christopherson (5):
x86/vdso: Add support for exception fi
On Mon, Dec 17, 2018 at 08:01:02PM +0200, Jarkko Sakkinen wrote:
> On Mon, Dec 17, 2018 at 09:45:40AM -0800, Dave Hansen wrote:
> > > +struct sgx_encl *sgx_encl_alloc(struct sgx_secs *secs)
> > > +{
> > ...
> > > + kref_init(&encl->refcount);
> > > + INIT_LIST_HEAD(&encl->add_page_reqs);
> > > + IN
On Mon, Dec 17, 2018 at 08:23:19PM +0200, Jarkko Sakkinen wrote:
> On Mon, Dec 17, 2018 at 10:09:57AM -0800, Sean Christopherson wrote:
> > No, EREMOVE should never fail if the enclave is being released, i.e. all
> > references to the enclave are gone. And failure during s
1 - 100 of 2874 matches
Mail list logo
