| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <22c1c59f-9b7c-69fa-eff3-1670b94c77af@redhat.com>
Date: Tue, 12 Oct 2021 19:03:49 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Jarkko Sakkinen <jarkko@...nel.org>, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Cc: dave.hansen@...ux.intel.com, seanjc@...gle.com, x86@...nel.org,
yang.zhong@...el.com
Subject: Re: [PATCH v2 2/2] x86: sgx_vepc: implement SGX_IOC_VEPC_REMOVE ioctl
On 12/10/21 18:57, Jarkko Sakkinen wrote:
>> +
>> static const struct file_operations sgx_vepc_fops = {
>> .owner = THIS_MODULE,
>> .open = sgx_vepc_open,
>> + .unlocked_ioctl = sgx_vepc_ioctl,
>> + .compat_ioctl = sgx_vepc_ioctl,
>> .release = sgx_vepc_release,
>> .mmap = sgx_vepc_mmap,
>> };
> I went through this a few times, the code change is sound and
> reasoning makes sense in the commit message.
>
> The only thing that I think that is IMHO lacking is a simple
> kselftest. I think a trivial test for SGX_IOC_VEP_REMOVE_ALL
> would do.
Yeah, a trivial test wouldn't cover a lot; it would be much better to at
least set up a SECS, and check that the first call returns 1 and the
second returns 0. There is no existing test for /dev/sgx_vepc at all.
Right now I'm relying on Yang for testing this in QEMU, but I'll look
into adding a selftest that does the full setup and runs an enclave in a
guest.
Paolo
Powered by blists - more mailing lists