lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 28 Aug 2018 11:28:11 +0300
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     Dave Hansen <dave.hansen@...el.com>
Cc:     x86@...nel.org, platform-driver-x86@...r.kernel.org,
        sean.j.christopherson@...el.com, nhorman@...hat.com,
        npmccallum@...hat.com, linux-sgx@...r.kernel.org,
        Suresh Siddha <suresh.b.siddha@...el.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Serge Ayoun <serge.ayoun@...el.com>,
        "Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
        Borislav Petkov <bp@...e.de>,
        Reinette Chatre <reinette.chatre@...el.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" 
        <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v13 06/13] x86/sgx: Detect Intel SGX

On Mon, Aug 27, 2018 at 12:53:59PM -0700, Dave Hansen wrote:
> > +config INTEL_SGX_CORE
> > +	prompt "Intel SGX core functionality"
> > +	def_bool n
> > +	depends on X86_64 && CPU_SUP_INTEL
> > +	help
> > +	Intel Software Guard eXtensions (SGX) is a set of CPU instructions
> > +	that allows ring 3 applications to create enclaves, private regions
> > +	of memory that are protected, by hardware, from unauthorized access
> > +	and/or modification.
> 
> This is a bit comma-crazy.  Also, considering some of our recent CVE
> fun, I'd probably not claim hardware protection. :)

Agreed :)

> Maybe:
> 
> 	Intel Software Guard eXtensions (SGX) CPU feature that allows
> 	ring 3 applications to create enclaves: private regions
> 	of memory that are architecturally protected from unauthorized
> 	access and/or modification.

Yeah, looks way more better structured.

> > +	This option enables kernel recognition of SGX, high-level management
> > +	of the Enclave Page Cache (EPC), tracking and writing of SGX Launch
> > +	Enclave Hash MSRs, and allows for virtualization of SGX via KVM. By
> > +	iteslf, this option does not provide SGX support to userspace.
> 
> itself
> 
> 
> > diff --git a/arch/x86/include/asm/sgx_pr.h b/arch/x86/include/asm/sgx_pr.h
> > new file mode 100644
> > index 000000000000..c68578127620
> > --- /dev/null
> > +++ b/arch/x86/include/asm/sgx_pr.h
> > @@ -0,0 +1,13 @@
> > +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
> > +// Copyright(c) 2016-17 Intel Corporation.
> > +
> > +#ifndef _ASM_X86_SGX_PR_H
> > +#define _ASM_X86_SGX_PR_H
> > +
> > +#include <linux/printk.h>
> > +#include <linux/ratelimit.h>
> > +
> > +#undef pr_fmt
> > +#define pr_fmt(fmt) "sgx: " fmt
> > +
> > +#endif /* _ASM_X86_SGX_PR_H */
> 
> I don't think this belongs in a generic header.  Generally, we do the
> pr_fmt stuff in .c files, not in headers.  If someone includes this
> header directly or indirectly, they'll get a big surprise.
> 
> If you *must* have this in a .h file, put it in
> arch/x86/kernel/cpu/intel_sgx.h or something and #include "intel_sgx.h"
> in all the .c files where you want this.

I think for intel_sgx.c (the core part) we could just manually add the
"sgx:" prefix because there are only few log messages. I would move the
definition to drivers/platform/x86/intel_sgx/sgx.h because the prefix
makes sense for all .c files there AFAIK.

> > +static __init int sgx_init(void)
> > +{
> > +	unsigned long fc;
> > +
> > +	if (!boot_cpu_has(X86_FEATURE_SGX))
> > +		return false;
> > +
> > +	if (!boot_cpu_has(X86_FEATURE_SGX1))
> > +		return false;
> > +
> > +	rdmsrl(MSR_IA32_FEATURE_CONTROL, fc);
> > +	if (!(fc & FEATURE_CONTROL_LOCKED)) {
> > +		pr_info("IA32_FEATURE_CONTROL MSR is not locked\n");
> > +		return false;
> > +	}
> 
> This is a rather crummy error message.  Doesn't this keep sgx from
> initializing?  Would something like this be more informative?
> 
> 	pr_info("failed init: IA32_FEATURE_CONTROL MSR not locked\n");

What about:

pr_err(FW_BUG "IA32_FEATURE_CONTROL MSR not locked\n");

> > +	if (!(fc & FEATURE_CONTROL_SGX_ENABLE)) {
> > +		pr_info("disabled by the firmware\n");
> > +		return false;
> > +	}
> > +
> > +	if (!(fc & FEATURE_CONTROL_SGX_LE_WR))
> > +		pr_info("IA32_SGXLEPUBKEYHASHn MSRs are not writable\n");
> 
> How about something that might help an end user?  Perhaps:
> 
> 	pr_warn("launch configuration not available\n");

I think this message is a false flag here in the first place as KVM does
not require writable MSRs. It really should be moved to the driver.

> > +	sgx_enabled = true;
> > +	sgx_lc_enabled = !!(fc & FEATURE_CONTROL_SGX_LE_WR);
> > +	return 0;
> > +}
> > +
> > +arch_initcall(sgx_init);
> > 
> 
> 

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ