lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 25 Feb 2021 03:01:54 +0200
From:   Jarkko Sakkinen <>
To:     Dave Hansen <>
Subject: Re: [PATCH 0/3] Introduce version array structure: sgx_va

On Wed, Feb 24, 2021 at 03:48:50PM -0800, Dave Hansen wrote:
> On 2/24/21 2:20 PM, Jarkko Sakkinen wrote:
> > The use of sgx_va can be later on extended to the following use cases:
> > 
> > - A global VA for reclaimed SECS pages.
> > - A global VA for reclaimed VA pages.
> ...
> >  arch/x86/kernel/cpu/sgx/driver.c |   3 +-
> >  arch/x86/kernel/cpu/sgx/encl.c   | 180 ++++++++++++++++++++++---------
> >  arch/x86/kernel/cpu/sgx/encl.h   |  36 ++++---
> >  arch/x86/kernel/cpu/sgx/ioctl.c  |  77 +++++--------
> >  arch/x86/kernel/cpu/sgx/main.c   |  19 +---
> >  5 files changed, 184 insertions(+), 131 deletions(-)
> It looks interesting.
> Were you planning on keeping this on the back burner until we need it
> more acutely?  Or, were you thinking it should be merged immediately?

I think this can wait. Perhaps, this could be picked to some other patch
set, such as EDMM.

Let's just say that this should be part of anything that touches the page

IDA might look odd. Mapping through IDA allocated ID's is for conserving
the amount of used EPC pages for the version array.

Alternative would be to linearly map enclave page offset to the VA page
index but that would introduce a sloppy allocation of EPC.

The selected approach, on the other hand, no matter how sparsely you create
enclave pages, that does not add to the amount of EPC VA page usage.

BTW, encl_page->va_page could be removed, and use sgx_va_get() to locate
the VA page, when needed. I'm open for opinions with this one: it's space
vs the cost of access question.


Powered by blists - more mailing lists