| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210920125401.2389105-1-pbonzini@redhat.com>
Date: Mon, 20 Sep 2021 08:53:59 -0400
From: Paolo Bonzini <pbonzini@...hat.com>
To: linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc: x86@...nel.org, linux-sgx@...r.kernel.org, jarkko@...nel.org,
dave.hansen@...ux.intel.com, yang.zhong@...el.com
Subject: [PATCH 0/2] x86: sgx_vepc: implement ioctl to EREMOVE all pages
Add to /dev/sgx_vepc a ioctl that brings vEPC pages back to uninitialized
state with EREMOVE. This is useful in order to match the expectations
of guests after reboot, and to match the behavior of real hardware.
The ioctl is a cleaner alternative to closing and reopening the
/dev/sgx_vepc device; reopening /dev/sgx_vepc could be problematic in
case userspace has sandboxed itself since the time it first opened the
device, and has thus lost permissions to do so.
If possible, I would like these patches to be included in 5.15 through
either the x86 or the KVM tree.
Thanks,
Paolo
Changes from RFC:
- improved commit messages, added documentation
- renamed ioctl from SGX_IOC_VEPC_REMOVE to SGX_IOC_VEPC_REMOVE_ALL
Paolo Bonzini (2):
x86: sgx_vepc: extract sgx_vepc_remove_page
x86: sgx_vepc: implement SGX_IOC_VEPC_REMOVE_ALL ioctl
Documentation/x86/sgx.rst | 14 ++++++++++
arch/x86/include/uapi/asm/sgx.h | 2 ++
arch/x86/kernel/cpu/sgx/virt.c | 48 ++++++++++++++++++++++++++++++---
3 files changed, 61 insertions(+), 3 deletions(-)
--
2.27.0
Powered by blists - more mailing lists