| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 16 Oct 2021 03:14:32 -0400
From: Paolo Bonzini <pbonzini@...hat.com>
To: linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc: dave.hansen@...ux.intel.com, seanjc@...gle.com, x86@...nel.org,
yang.zhong@...el.com, jarkko@...nel.org, bp@...e.de
Subject: [PATCH v3 0/2] x86: sgx_vepc: implement ioctl to EREMOVE all pages
Add to /dev/sgx_vepc a ioctl that brings vEPC pages back to uninitialized
state with EREMOVE. This is useful in order to match the expectations
of guests after reboot, and to match the behavior of real hardware.
The ioctl is a cleaner alternative to closing and reopening the
/dev/sgx_vepc device; reopening /dev/sgx_vepc could be problematic in
case userspace has sandboxed itself since the time it first opened the
device, and has thus lost permissions to do so.
If possible, I would like these patches to be included in 5.15 through
either the x86 or the KVM tree.
Thanks,
Paolo
Changes from RFC:
- improved commit messages, added documentation
- renamed ioctl from SGX_IOC_VEPC_REMOVE to SGX_IOC_VEPC_REMOVE_ALL
Change from v1:
- fixed documentation and code to cover SGX_ENCLAVE_ACT errors
- removed Tested-by since the code is quite different now
Changes from v2:
- return EBUSY also if EREMOVE causes a general protection fault
Paolo Bonzini (2):
x86: sgx_vepc: extract sgx_vepc_remove_page
x86: sgx_vepc: implement SGX_IOC_VEPC_REMOVE_ALL ioctl
Documentation/x86/sgx.rst | 35 +++++++++++++++++++++
arch/x86/include/uapi/asm/sgx.h | 2 ++
arch/x86/kernel/cpu/sgx/virt.c | 63 ++++++++++++++++++++++++++++++---
3 files changed, 95 insertions(+), 5 deletions(-)
--
2.27.0
Powered by blists - more mailing lists