lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <57206102.3050507@jbeekman.nl>
Date:	Tue, 26 Apr 2016 23:49:38 -0700
From:	Jethro Beekman <kernel@...ekman.nl>
To:	Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
	gregkh@...uxfoundation.org
Cc:	"open list:STAGING SUBSYSTEM" <devel@...verdev.osuosl.org>,
	"maintainer:X86 ARCHITECTURE 32-BIT AND 64-BIT" <x86@...nel.org>,
	"open list:X86 ARCHITECTURE 32-BIT AND 64-BIT" 
	<linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH 3/6] intel_sgx: driver for Intel Secure Guard eXtensions

On 25-04-16 10:34, Jarkko Sakkinen wrote:
> diff --git a/drivers/staging/intel_sgx/isgx_ioctl.c
b/drivers/staging/intel_sgx/isgx_ioctl.c
> new file mode 100644
> index 0000000..9d8b36b
> --- /dev/null
> +++ b/drivers/staging/intel_sgx/isgx_ioctl.c
>
> +static long isgx_ioctl_enclave_create(struct file *filep, unsigned int cmd,
> + unsigned long arg)
>
> + secs->base = vm_mmap(filep, 0, secs->size,
> + PROT_READ | PROT_WRITE | PROT_EXEC,
> + MAP_SHARED, 0);

Why does the ioctl interface map userspace memory for an open device? There's
already a perfectly good syscall for that: mmap.

> diff --git a/drivers/staging/intel_sgx/isgx_user.h b/drivers/staging/intel_sgx/isgx_user.h
> new file mode 100644
> index 0000000..672d19c
> --- /dev/null
> +++ b/drivers/staging/intel_sgx/isgx_user.h
> 
> +#define SGX_ADD_SKIP_EEXTEND 0x1
> +
> +struct sgx_add_param {
> +	unsigned long		addr;
> +	unsigned long		user_addr;
> +	struct isgx_secinfo	*secinfo;
> +	unsigned int		flags;
> +};

The hardware supports calling EEXTEND on only a part of a page, I think the
driver should also support that.

Jethro

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ