On Tue, 2020-11-24 at 21:52 +0800, Wang Hai wrote:
> Fix to return a negative error code from the error handling
> case instead of 0, as done elsewhere in this function.
>
> Fixes: d8d74ea3c002 ("tpm: ibmvtpm: Wait for buffer to be set before
> proceeding")
> Reported-by: Hulk Robot
>
On Tue, 2020-11-24 at 10:14 -0300, Ezequiel Garcia wrote:
> Hi Jarkko,
>
> Thanks for your review.
>
> On Tue, 2020-11-24 at 00:06 +0200, Jarkko Sakkinen wrote:
> > On Fri, Nov 20, 2020 at 07:23:45PM +0200, Adrian Ratiu wrote:
> > > From: "dlau...@chro
On Tue, Nov 03, 2020 at 09:31:46PM +0530, Sumit Garg wrote:
> Add a Trusted Keys co-maintainer entry in order to support TEE based
> Trusted Keys framework.
>
> Signed-off-by: Sumit Garg
Acked-by: Jarkko Sakkinen
> ---
> MAINTAINERS | 2 ++
> 1 file changed, 2 insertio
On Tue, Nov 03, 2020 at 09:31:44PM +0530, Sumit Garg wrote:
> Add support for TEE based trusted keys where TEE provides the functionality
> to seal and unseal trusted keys using hardware unique key.
>
> Refer to Documentation/tee.txt for detailed information about TEE.
>
> Signed-off-by: Sumit
d successfully during iteration.
>
> Note that current implementation only supports a single trust source at
> runtime which is either selectable at compile time or during boot via
> aforementioned module parameter.
>
> Suggested-by: Jarkko Sakkinen
> Signed-off-by: Sumit Garg
On Tue, Nov 24, 2020 at 05:27:30AM +0200, Jarkko Sakkinen wrote:
> On Thu, Nov 19, 2020 at 03:42:35PM +0100, Hans de Goede wrote:
> > Hi,
> >
> > On 11/19/20 7:36 AM, Jerry Snitselaar wrote:
> > >
> > > Matthew Garrett @ 2020-10-15 15:39 MST:
> > &g
On Thu, Nov 19, 2020 at 03:42:35PM +0100, Hans de Goede wrote:
> Hi,
>
> On 11/19/20 7:36 AM, Jerry Snitselaar wrote:
> >
> > Matthew Garrett @ 2020-10-15 15:39 MST:
> >
> >> On Thu, Oct 15, 2020 at 2:44 PM Jerry Snitselaar
> >> wrote:
> >>>
> >>> There is a misconfiguration in the bios of
On Wed, Nov 18, 2020 at 11:36:20PM -0700, Jerry Snitselaar wrote:
>
> Matthew Garrett @ 2020-10-15 15:39 MST:
>
> > On Thu, Oct 15, 2020 at 2:44 PM Jerry Snitselaar
> > wrote:
> >>
> >> There is a misconfiguration in the bios of the gpio pin used for the
> >> interrupt in the T490s. When
On Mon, Nov 23, 2020 at 06:19:22PM +1100, Stephen Rothwell wrote:
> Hi all,
>
> After merging the tip tree, today's linux-next build (htmldocs) produced
> these warnings:
>
> arch/x86/kernel/cpu/sgx/ioctl.c:666: warning: Function parameter or member
> 'encl' not described in
DEFER_PERM_CHECK)
> goto invalid_key;
> + break;
> case 0:
> break;
> }
> --
> 2.27.0
>
>
Reviewed-by: Jarkko Sakkinen
/Jarkko
On Tue, Nov 24, 2020 at 12:52:31AM +0200, Jarkko Sakkinen wrote:
> On Fri, Nov 20, 2020 at 12:40:14PM -0600, Gustavo A. R. Silva wrote:
> > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning
> > by explicitly adding a break statement instead of lettin
t:
> break;
> }
> --
> 2.27.0
>
>
Reviewed-by: Jarkko Sakkinen
Who is picking these patches?
/Jarkko
On Fri, Nov 20, 2020 at 07:23:45PM +0200, Adrian Ratiu wrote:
> From: "dlau...@chromium.org"
>
> Add TPM 2.0 compatible I2C interface for chips with cr50 firmware.
>
> The firmware running on the currently supported H1 MCU requires a
> special driver to handle its specific protocol, and this
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 14132a5b807bb5caf778fe7ae1597e630971e949
Gitweb:
https://git.kernel.org/tip/14132a5b807bb5caf778fe7ae1597e630971e949
Author:Jarkko Sakkinen
AuthorDate:Wed, 18 Nov 2020 23:39:32 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 0eaa8d153a1d573e53b8283c90db44057d1376f6
Gitweb:
https://git.kernel.org/tip/0eaa8d153a1d573e53b8283c90db44057d1376f6
Author:Jarkko Sakkinen
AuthorDate:Wed, 18 Nov 2020 19:06:40 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 3fa97bf001262a1d88ec9b4ac5ae6abe0ed1356c
Gitweb:
https://git.kernel.org/tip/3fa97bf001262a1d88ec9b4ac5ae6abe0ed1356c
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:34 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 947c6e11fa4310b31c10016ae9816cdca3f1694e
Gitweb:
https://git.kernel.org/tip/947c6e11fa4310b31c10016ae9816cdca3f1694e
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:33 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: bc4bac2ecef0e47fd5c02f9c6f9585fd477f9beb
Gitweb:
https://git.kernel.org/tip/bc4bac2ecef0e47fd5c02f9c6f9585fd477f9beb
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:35 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: c82c61865024b9981f00358433bebed92ca20c00
Gitweb:
https://git.kernel.org/tip/c82c61865024b9981f00358433bebed92ca20c00
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:26 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: c6d26d370767fa227fc44b98a8bdad112efdf563
Gitweb:
https://git.kernel.org/tip/c6d26d370767fa227fc44b98a8bdad112efdf563
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:24 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 888d249117876239593fe3039b6ead8ad6849035
Gitweb:
https://git.kernel.org/tip/888d249117876239593fe3039b6ead8ad6849035
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:23 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 9d0c151b41fed7b879030f4e533143d098781701
Gitweb:
https://git.kernel.org/tip/9d0c151b41fed7b879030f4e533143d098781701
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:25 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: d2285493bef310b66b56dfe4eb75c1e2f431ea5c
Gitweb:
https://git.kernel.org/tip/d2285493bef310b66b56dfe4eb75c1e2f431ea5c
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:20 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 70d3b8ddcd20d3c859676f56c43c7b2360c70266
Gitweb:
https://git.kernel.org/tip/70d3b8ddcd20d3c859676f56c43c7b2360c70266
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:12 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 2c273671d0dfcf89c9c8a319ed093406e3ff665c
Gitweb:
https://git.kernel.org/tip/2c273671d0dfcf89c9c8a319ed093406e3ff665c
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:13 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 38853a303982e3be3eccb1a1132399a5c5e2d806
Gitweb:
https://git.kernel.org/tip/38853a303982e3be3eccb1a1132399a5c5e2d806
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:19 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 3fe0778edac8628637e2fd23835996523b1a3372
Gitweb:
https://git.kernel.org/tip/3fe0778edac8628637e2fd23835996523b1a3372
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:22 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 1728ab54b4be94aed89276eeb8e750a345659765
Gitweb:
https://git.kernel.org/tip/1728ab54b4be94aed89276eeb8e750a345659765
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:32 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 2adcba79e69d4a4c0ac3bb86f466d8b5df301608
Gitweb:
https://git.kernel.org/tip/2adcba79e69d4a4c0ac3bb86f466d8b5df301608
Author:Jarkko Sakkinen
AuthorDate:Fri, 13 Nov 2020 00:01:31 +02:00
On Tue, Nov 17, 2020 at 06:26:50PM +0100, Borislav Petkov wrote:
> On Fri, Nov 13, 2020 at 12:01:31AM +0200, Jarkko Sakkinen wrote:
> > +bool encl_load(const char *path, struct encl *encl)
> > +{
> > + Elf64_Phdr *phdr_tbl;
> > + off_t src_offset;
> > + E
On Tue, Nov 17, 2020 at 06:26:50PM +0100, Borislav Petkov wrote:
> On Fri, Nov 13, 2020 at 12:01:31AM +0200, Jarkko Sakkinen wrote:
> > +bool encl_load(const char *path, struct encl *encl)
> > +{
> > + Elf64_Phdr *phdr_tbl;
> > + off_t src_offset;
> > + E
On Mon, Nov 16, 2020 at 11:19:12AM -0700, Shuah Khan wrote:
> On 11/12/20 3:01 PM, Jarkko Sakkinen wrote:
> > Add a selftest for SGX. It is a trivial test where a simple enclave copies
> > one 64-bit word of memory between two memory locations, but ensures that
> > all SGX
On Tue, Nov 17, 2020 at 02:14:02PM +0100, Borislav Petkov wrote:
> On Fri, Nov 13, 2020 at 12:01:30AM +0200, Jarkko Sakkinen wrote:
> > diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
> > index 2ad757fb3c23..9915fbd34264 100644
> > --- a/arch/x8
> could theoretically be dynamically allocated and then freed after the
> laundering process. But, I suspect it would take nearly 128 bytes
> of extra instructions to do that.
>
> Cc: Jethro Beekman
> Cc: Serge Ayoun
> Cc: Jarkko Sakkinen
> Signed-off-by: Jarkko Sakkinen
On Mon, Nov 16, 2020 at 06:28:40PM +0100, Borislav Petkov wrote:
> On Mon, Nov 16, 2020 at 09:21:16AM -0800, Dave Hansen wrote:
> > That works when there is something universal across the set, like if
> > Sean Signed-off-by on each patch and we didn't have any other SoB's.
> > Sean is also
On Mon, Nov 16, 2020 at 10:09:57AM +, Mel Gorman wrote:
> On Sun, Nov 15, 2020 at 10:36:51AM -0800, Dave Hansen wrote:
> > On 11/15/20 9:32 AM, Matthew Wilcox wrote:
> > > On Fri, Nov 13, 2020 at 12:01:21AM +0200, Jarkko Sakkinen wrote:
> > >> +++ b/include/linux
->mprotect() hook.
> >
> > Solution
> >
> >
> > Add a vm_ops->mprotect() hook so that mprotect() operations which are
> > inconsistent with any page's stashed intent can be rejected by the driver.
> >
> > Cc: linux...@kvack.org
> >
On Fri, Nov 13, 2020 at 10:25:43AM +, Mel Gorman wrote:
> On Fri, Nov 13, 2020 at 12:01:21AM +0200, Jarkko Sakkinen wrote:
> > From: Sean Christopherson
> >
> > Background
> > ==
> >
> > 1. SGX enclave pages are populated with data by copy
On Sat, Nov 14, 2020 at 05:32:56PM +0800, Hillf Danton wrote:
> On Fri, 13 Nov 2020 00:01:20 +0200 Jarkko Sakkinen wrote:
> >
> > The previous patch initialized a simple SGX page allocator. Add functions
> > for runtime allocation and free.
> >
> >
>
> > [*] Intel SDM: 36.5.1 Enclave Page Cache Map (EPCM)
> >
> > Acked-by: Jethro Beekman # v40
> > # Signed-off-by: Sean Christopherson
> > Signed-off-by: Jarkko Sakkinen
> > ---
> > arch/x86/include/asm/trap_pf.h | 1 +
> > arch/x86/m
On Mon, Nov 16, 2020 at 04:34:23PM -0800, Dave Hansen wrote:
> On 11/16/20 9:54 AM, Dave Hansen wrote:
> >> ENCLS instructions must be serialized for a given enclave, but holding
> >> encl->lock for an entire ioctl() will result in deadlock due to an enclave
> >> triggering reclaim on itself.
> >>
On Tue, Nov 17, 2020 at 10:47:47AM +0800, Hillf Danton wrote:
> On Mon, 16 Nov 2020 09:54:47 -0800 Dave Hansen wrote:
> >
> > Hillf, I noticed that you removed a bunch of folks from cc, including
> > me.
>
> I would have not done that if I noted Mr. TLB on the cc list, sigh.
>
> > Was there a
On Sun, Nov 15, 2020 at 12:40:44PM +0800, Hillf Danton wrote:
> On Fri, 13 Nov 2020 00:01:23 +0200 Jarkko Sakkinen wrote:
> >
> > +long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg)
> > +{
> > + struct sgx_encl *encl = filep->
On Mon, Nov 16, 2020 at 09:54:47AM -0800, Dave Hansen wrote:
> Hillf, I noticed that you removed a bunch of folks from cc, including
> me. Was there a reason for that? I haven't been seeing your feedback
> on these patches at all.
I used the same script as for previous versions as '--cc-cmd',
Add the maintainer information for the SGX subsystem.
Cc: Thomas Gleixner
Cc: Borislav Petkov
Acked-by: Jethro Beekman # v40
Signed-off-by: Jarkko Sakkinen
---
MAINTAINERS | 13 +
1 file changed, 13 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 0b75ed0f06d8
Document the Intel SGX kernel architecture. The fine-grained architecture
details can be looked up from Intel SDM Volume 3D.
Cc: linux-...@vger.kernel.org
Acked-by: Jethro Beekman # v40
# Co-developed-by: Sean Christopherson
# Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
# Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Declare 'k' for the MSR updating loop. It was incorrectly using 'i'.
* Return -EIO instead of -EFAULT on EINIT failure, just like happens
when EADD or EEXTEND fails.
* When EINIT fails, just return -EIO
Beekman # v40
# Co-developed-by: Sean Christopherson
# Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Remove SGX_ENCL_DEAD checks from the page reclaimer. They are no
longer needed as enclave contents are deleted only when it is released.
arch/x86
lly used via ptrace() APIs.
Cc: linux...@kvack.org
Cc: Andrew Morton
Cc: Matthew Wilcox
Tested-by: Jethro Beekman # v40
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Check only for SGX_ENCL_DEBUG in sgx_vma_access(), so that a debug
enclave's memory can read and written at any phase of
code runs before the sanitization
happens.
Move error code sanitization out of the signal code and into a helper.
Call the helper in the signal code.
Acked-by: Jethro Beekman # v40
# Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Add the missing change
# v40
# Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
---
arch/x86/entry/vdso/Makefile | 6 ++--
arch/x86/entry/vdso/extable.c | 46
arch/x86/entry/vdso/extable.h | 28 +++
arch/x86/entry/vdso/vdso-layout.lds.S
are the responsibility of the enclave and
the runtime.
Suggested-by: Andy Lutomirski
Tested-by: Jethro Beekman # v40
# Signed-off-by: Sean Christopherson
Co-developed-by: Cedric Xing
Signed-off-by: Cedric Xing
Co-developed-by: Jarkko Sakkinen
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Relaid out
Signed-off-by: Jarkko Sakkinen
---
Changes from v40:
* Remove $(OUTPUT)/test_encl.elf from TEST_CUSTOM_PROGS, as otherwise
run_tests tries to execute it. Add it as a build dependency.
* Use the correct device path, /dev/sgx_enclave, instead of
/dev/sgx/enclave.
* Return kselftest framework expected
vs. signal logic can be made function specific if/when necessary.
Suggested-by: Andy Lutomirski
Acked-by: Jethro Beekman # v40
# Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
---
arch/x86/kernel/traps.c | 10 ++
arch/x86/mm/fault.c | 7 +++
2 files changed
a token which allows provisioning enclave duty.
This file descriptor can be passed around and ultimately given as an
argument to the /dev/sgx_enclave driver ioctl().
Cc: linux-security-mod...@vger.kernel.org
Suggested-by: Andy Lutomirski
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Rename
Christopherson
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Remove unneeded access_ok(). It is taken care of by get_user_pages().
* Define SGX_EEXTEND_BLOCK_SIZE to capture the block size used with
EEXTEND.
* When EADD or EEXTEND fail, just return -EIO. Leave the enclave cleanup
at the next allocation.
Acked-by: Jethro Beekman # v40
# Co-developed-by: Sean Christopherson
# Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
---
arch/x86/kernel/cpu/sgx/main.c | 65 ++
arch/x86/kernel/cpu/sgx/sgx.h | 3 ++
2 files changed
: 38.1.4 Intel SGX Launch Control Configuration
Acked-by: Jethro Beekman # v40
# Signed-off-by: Sean Christopherson
Co-developed-by: Jarkko Sakkinen
Signed-off-by: Jarkko Sakkinen
---
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/msr-index.h | 7 +++
2 files changed, 8
intent can be rejected by the driver.
Cc: linux...@kvack.org
Cc: Andrew Morton
Cc: Matthew Wilcox
Cc: Mel Gorman
Acked-by: Jethro Beekman # v40
Acked-by: Dave Hansen # v40
# Signed-off-by: Sean Christopherson
Co-developed-by: Jarkko Sakkinen
Signed-off-by: Jarkko Sakkinen
---
Changes fr
-by: Jarkko Sakkinen
---
Changes from v40:
* Do not check !page in sgx_encl_may_map() while iterating.
* Do not check !vm_private_data in sgx_encl_find(), as the enclave is
created at VFS open.
Changes from v39:
* Rename /dev/sgx/enclave as /dev/sgx_enclave.
* In the page fault handler, do not check
-by: Sean Christopherson
# Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Remove sgx_validate_secs() and ECREATE do the validation. If it fails,
return -EIO.
.../userspace-api/ioctl/ioctl-number.rst | 1 +
arch/x86/include/uapi/asm/sgx.h
Add kernel parameter to disable Intel SGX kernel support, along with
supporting Documentation.
Acked-by: Jethro Beekman # v40
# Tested-by: Sean Christopherson
# Reviewed-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
---
Documentation/admin-guide/kernel-parameters.txt | 2 ++
arch
eloped-by: Jarkko Sakkinen
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Replace CONFIG_INTEL_SGX with CONFIG_X86_SGX.
Changes from v40:
* Renamed 'ksgxswapd' as 'ksgxd'.
arch/x86/Kconfig | 17 +++
arch/x86/kernel/cpu/Makefile | 1 +
arch/x86/kernel/cpu/sgx/Makefile
-by: Jarkko Sakkinen
Signed-off-by: Jarkko Sakkinen
---
arch/x86/kernel/cpu/feat_ctl.c | 29 -
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c
index 29a3bedabd06..d38e97325018 100644
--- a/arch/x86
IA32_FEATURE_CONTROL for SGX to be supported (Intel SDM section 36.7.1).
The setting or clearing of this bit has no impact on the CPUID bits above,
which is why it needs to be detected separately.
Acked-by: Jethro Beekman # v40
# Signed-off-by: Sean Christopherson
Co-developed-by: Jarkko Sakkinen
Signed-off
-by: Jethro Beekman # v40
# Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
---
arch/x86/include/asm/trap_pf.h | 1 +
arch/x86/mm/fault.c| 12
2 files changed, 13 insertions(+)
diff --git a/arch/x86/include/asm/trap_pf.h b/arch/x86/include/asm
groups,
one for functions which do not return error codes and a “ret_” set for
those that do.
ENCLS functions are documented in Intel SDM section 36.6.
Acked-by: Jethro Beekman # v40
# Co-developed-by: Sean Christopherson
# Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
ruft rdmsr-calls from sgx_set_pubkeyhash_msrs().
* return -ENOMEM in sgx_alloc_page() when VA pages consume too much space
* removed unused global sgx_nr_pids
* moved sgx_encl_release to sgx_encl.c
* return -ERESTARTSYS instead of -EINTR in sgx_encl_init()
Jarkko Sakkinen (14):
x86/sgx: Add SGX archi
al or uapi structures.
The data structures are described in Intel SDM section 37.6.
Acked-by: Jethro Beekman # v40
Signed-off-by: Jarkko Sakkinen
---
arch/x86/kernel/cpu/sgx/arch.h | 338 +
1 file changed, 338 insertions(+)
create mode 100644 arch/x86/kernel/cpu/
On Sun, Nov 08, 2020 at 11:56:30AM +0800, Hillf Danton wrote:
> On Wed, 4 Nov 2020 16:54:27 Jarkko Sakkinen wrote:
> [...]
> > +/**
> > + * sgx_alloc_epc_page() - Allocate an EPC page
> > + * @owner: the owner of the EPC page
> > + * @reclaim:
On Fri, Nov 06, 2020 at 10:52:50AM -0800, Nick Desaulniers wrote:
> On Thu, Nov 5, 2020 at 8:16 PM Alexei Starovoitov
> wrote:
> >
> > I can take it through the bpf tree if no one objects.
>
> Doesn't matter to me. You'll need to coordinate with Andrew though,
> since I got the email that this
On Fri, Nov 06, 2020 at 09:37:25PM +0100, Borislav Petkov wrote:
> On Fri, Nov 06, 2020 at 06:51:07PM +0200, Jarkko Sakkinen wrote:
> > Both comments make sense to me. I'll refine this patch on Monday and
>
> And while you're at it, I'd suggest you refine the whole patchset and
&g
On Fri, Nov 06, 2020 at 06:09:20PM +0100, Borislav Petkov wrote:
> On Fri, Nov 06, 2020 at 06:07:42PM +0200, Jarkko Sakkinen wrote:
> > On Thu, Nov 05, 2020 at 07:10:47PM +0100, Borislav Petkov wrote:
> > > On Thu, Nov 05, 2020 at 07:57:45PM +0200, Jarkko Sakkinen wrote:
> &
On Fri, Nov 06, 2020 at 10:04:09AM +, Mel Gorman wrote:
> On Wed, Nov 04, 2020 at 04:54:16PM +0200, Jarkko Sakkinen wrote:
> > From: Sean Christopherson
> >
> > Background
> > ==
> >
> > 1. SGX enclave pages are populated with data by copy
Here's two critical bug fixes. 'rc4' because it is only two days
before rc3 is getting released.
/Jarkko
The following changes since commit 521b619acdc8f1f5acdac15b84f81fd9515b2aff:
Merge tag 'linux-kselftest-kunit-fixes-5.10-rc3' of
On Thu, Nov 05, 2020 at 07:10:47PM +0100, Borislav Petkov wrote:
> On Thu, Nov 05, 2020 at 07:57:45PM +0200, Jarkko Sakkinen wrote:
> > I'll rather send a full patch set if required.
>
> Why if the changes all belong to this patch and why should I take a
> patch which clear
On Fri, Nov 06, 2020 at 03:02:41PM +0530, Sumit Garg wrote:
> On Thu, 5 Nov 2020 at 10:37, Jarkko Sakkinen wrote:
> >
> > On Tue, Nov 03, 2020 at 09:31:42PM +0530, Sumit Garg wrote:
> > > Add support for TEE based trusted keys where TEE provides the
> > > funct
On Thu, Nov 05, 2020 at 05:05:59PM +0100, Borislav Petkov wrote:
> On Thu, Nov 05, 2020 at 03:16:15AM +0200, Jarkko Sakkinen wrote:
> > Further, I'd declare this as an inline function given how trivial it
> > turn into.
> >
> ...
>
> So are you sending a new version
On Tue, Nov 03, 2020 at 09:31:42PM +0530, Sumit Garg wrote:
> Add support for TEE based trusted keys where TEE provides the functionality
> to seal and unseal trusted keys using hardware unique key. Also, this is
> an alternative in case platform doesn't possess a TPM device.
>
> This patch-set
On Thu, Nov 05, 2020 at 03:10:54AM +0200, Jarkko Sakkinen wrote:
> Noticed couple of minor glitches.
>
> On Wed, Nov 04, 2020 at 04:54:17PM +0200, Jarkko Sakkinen wrote:
> > +int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start,
> > +unsigned lo
Noticed couple of minor glitches.
On Wed, Nov 04, 2020 at 04:54:17PM +0200, Jarkko Sakkinen wrote:
> +int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start,
> + unsigned long end, unsigned long vm_flags)
> +{
> + unsigned long vm_prot_bits = vm_flag
r
> clang sources.
>
> Cc:
> Fixes: commit 1f7a44f63e6c ("compiler-clang: add build check for clang
> 10.0.1")
> Reported-by: Chen Yu
> Reported-by: Jarkko Sakkinen
> Signed-off-by: Nick Desaulniers
> ---
Thank you, resolved my issue.
Acked-by: Jarkko Sak
On Wed, Nov 04, 2020 at 09:04:52PM +0200, Jarkko Sakkinen wrote:
> On Wed, Nov 04, 2020 at 07:21:29PM +0100, Borislav Petkov wrote:
> > On Wed, Nov 04, 2020 at 04:54:09PM +0200, Jarkko Sakkinen wrote:
> > > +static void __init sgx_init(void)
>
On Wed, Nov 04, 2020 at 07:21:29PM +0100, Borislav Petkov wrote:
> On Wed, Nov 04, 2020 at 04:54:09PM +0200, Jarkko Sakkinen wrote:
> > +static void __init sgx_init(void)
> > +{
> > + int i;
> > +
> > + if (!boot_cpu_has(X86_FEATURE_SGX))
>
> Guys,
Document the Intel SGX kernel architecture. The fine-grained architecture
details can be looked up from Intel SDM Volume 3D.
Cc: linux-...@vger.kernel.org
Acked-by: Randy Dunlap
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
Add the maintainer information for the SGX subsystem.
Cc: Thomas Gleixner
Cc: Borislav Petkov
Signed-off-by: Jarkko Sakkinen
---
MAINTAINERS | 13 +
1 file changed, 13 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index e706e1473818..f5615111bb2f 100644
--- a/MAINTAINERS
lly used via ptrace() APIs.
Cc: linux...@kvack.org
Cc: Andrew Morton
Cc: Matthew Wilcox
Acked-by: Jethro Beekman
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Check only for SGX_ENCL_DEBUG in sgx_vma_access(), so that a debug
enclave's memory can read and written at any phase of its l
-by: Jethro Beekman
Tested-by: Jordan Hand
Tested-by: Nathaniel McCallum
Tested-by: Chunyang Hui
Tested-by: Seth Moore
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Remove SGX_ENCL_DEAD checks from the page
Add a selftest for SGX. It is a trivial test where a simple enclave copies
one 64-bit word of memory between two memory locations, but ensures that
all SGX hardware and software infrastructure is functioning.
Cc: Shuah Khan
Cc: linux-kselft...@vger.kernel.org
Signed-off-by: Jarkko Sakkinen
-by: Suresh Siddha
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Remove sgx_validate_secs() and let ECREATE do the validation. If it
fails, return -EIO.
.../userspace-api/ioctl/ioctl-number.rst | 1 +
arch/x86/include/uapi/asm/sgx.h | 25
arch/x86/kernel/cpu
vs. signal logic can be made function specific if/when necessary.
Suggested-by: Andy Lutomirski
Acked-by: Jethro Beekman
Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
---
arch/x86/kernel/traps.c | 10 ++
arch/x86/mm/fault.c | 7 +++
2 files changed, 17
Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
---
arch/x86/entry/vdso/Makefile | 6 ++--
arch/x86/entry/vdso/extable.c | 46
arch/x86/entry/vdso/extable.h | 28 +++
arch/x86/entry/vdso/vdso-layout.lds.S | 9
are the responsibility of the enclave and
the runtime.
Suggested-by: Andy Lutomirski
Acked-by: Jethro Beekman
Tested-by: Jethro Beekman
Signed-off-by: Sean Christopherson
Co-developed-by: Cedric Xing
Signed-off-by: Cedric Xing
Co-developed-by: Jarkko Sakkinen
Signed-off-by: Jarkko Sakkinen
---
Changes from v39
code runs before the sanitization
happens.
Move error code sanitization out of the signal code and into a helper.
Call the helper in the signal code.
Acked-by: Jethro Beekman
Signed-off-by: Sean Christopherson
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Add the missing change
-by: Jarkko Sakkinen
---
Changes from v39:
* Rename /dev/sgx/provision as /dev/sgx_provision.
arch/x86/include/uapi/asm/sgx.h | 11 ++
arch/x86/kernel/cpu/sgx/driver.c | 24 -
arch/x86/kernel/cpu/sgx/driver.h | 2 ++
arch/x86/kernel/cpu/sgx/ioctl.c | 37
Hui
Tested-by: Jordan Hand
Tested-by: Nathaniel McCallum
Tested-by: Seth Moore
Tested-by: Darren Kenny
Reviewed-by: Darren Kenny
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Co-developed-by: Suresh Siddha
Signed-off-by: Suresh Siddha
Signed-off-by: Jarkko
-off-by: Jarkko Sakkinen
---
Changes from v39:
* Declare 'k' for the MSR updating loop. It was incorrectly using 'i'.
* Return -EIO instead of -EFAULT on EINIT failure, just like happens
when EADD or EEXTEND fails.
* When EINIT fails, just return -EIO. Leave the enclave cleanup as the
duty
Add kernel parameter to disable Intel SGX kernel support, along with
supporting Documentation.
Tested-by: Sean Christopherson
Reviewed-by: Sean Christopherson
Reviewed-by: Darren Kenny
Signed-off-by: Jarkko Sakkinen
---
Documentation/admin-guide/kernel-parameters.txt | 2 ++
arch/x86/kernel
Co-developed-by: Jarkko Sakkinen
Signed-off-by: Jarkko Sakkinen
---
Changes from v39:
* Remove X86_FEATURE_SGX{1, 2}. They were only mistakenly being used for
model-specific errata detection. Further, the errata does not occur
on any processors that this implementation supports. Later
Tested-by: Nathaniel McCallum
Tested-by: Seth Moore
Tested-by: Darren Kenny
Reviewed-by: Darren Kenny
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Co-developed-by: Suresh Siddha
Signed-off-by: Suresh Siddha
Signed-off-by: Jarkko Sakkinen
---
Changes from v39
601 - 700 of 8077 matches
Mail list logo