| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Oct 2021 15:10:38 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: Paolo Bonzini <pbonzini@...hat.com>, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Cc: dave.hansen@...ux.intel.com, seanjc@...gle.com, x86@...nel.org,
yang.zhong@...el.com, jarkko@...nel.org
Subject: Re: [PATCH v2 1/2] x86: sgx_vepc: extract sgx_vepc_remove_page
On 10/12/21 3:57 AM, Paolo Bonzini wrote:
> For bare-metal SGX on real hardware, the hardware provides guarantees
> SGX state at reboot. For instance, all pages start out uninitialized.
> The vepc driver provides a similar guarantee today for freshly-opened
> vepc instances, but guests such as Windows expect all pages to be in
> uninitialized state on startup, including after every guest reboot.
>
> One way to do this is to simply close and reopen the /dev/sgx_vepc file
> descriptor and re-mmap the virtual EPC. However, this is problematic
> because it prevents sandboxing the userspace (for example forbidding
> open() after the guest starts; this is doable with heavy use of SCM_RIGHTS
> file descriptor passing).
>
> In order to implement this, we will need a ioctl that performs
> EREMOVE on all pages mapped by a /dev/sgx_vepc file descriptor:
> other possibilities, such as closing and reopening the device,
> are racy.
>
> Start the implementation by creating a separate function with just
> the __eremove wrapper.
>
> Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
Reviewed-by: Dave Hansen <dave.hansen@...ux.intel.com>
Powered by blists - more mailing lists