On Thu, 21 Apr 2016, Kees Cook wrote:
> When I was fixing up const recommendations from checkpatch.pl, I went
> overboard. This fixes the warning (during a W=1 build):
>
> include/linux/fs.h:2627:74: warning: type qualifiers ignored on function
> return type [-Wignored-qualifiers]
> static inlin
On Fri, Apr 22, 2016 at 8:37 PM, Zhangjian (Bamvor)
wrote:
> Hi, Yury
>
>
> On 2016/4/6 6:44, Yury Norov wrote:
>>
>> There are about 20 failing tests of 782 in lite scenario.
>> float_bessel
>> float_exp_log
>> float_iperb
>> float_power
>> float_trigo
>> pipeio_1
>> pipeio_3
>> pipeio_5
>> pipei
Hi!
> > > Preventing cold boot attacks is really just icing on the cake. The
> > > real point of this is to allow you to run an "enclave". An SGX
> > > enclave has unencrypted code but gets access to a key that only it can
> > > access. It could use that key to unwrap your ssh private key and s
* Andy Lutomirski wrote:
> > What new syscalls would be needed for ssh to get all this support?
>
> This patchset or similar, plus some user code and an enclave to use.
>
> Sadly, on current CPUs, you also need Intel to bless the enclave. It looks
> like
> new CPUs might relax that requirem
The resource_alignment will releases memory resources allocated
by firmware so that kernel can reassign new resources later on.
But this will cause the problem that no resources can be
allocated by kernel if PCI_PROBE_ONLY was set, e.g. on pSeries
platform because PCI_PROBE_ONLY force kernel to use
When vfio passthrough a PCI device of which MMIO BARs are
smaller than PAGE_SIZE, guest will not handle the mmio
accesses to the BARs which leads to mmio emulations in host.
This is because vfio will not allow to passthrough one BAR's
mmio page which may be shared with other BARs. Otherwise,
there
Now we use the IORESOURCE_STARTALIGN to identify bridge resources
in __assign_resources_sorted(). That's quite fragile. We can't
make sure that the PCI devices' resources will not use
IORESOURCE_STARTALIGN any more.
In this patch, we try to use a more robust way to identify
bridge resources.
Sign
This series aims to add an option for PCI resource allocator to
force BARs not to share PAGE_SIZE. This would make sense to VFIO
driver. Because current VFIO implementation disallows to mmap
sub-page(size < PAGE_SIZE) MMIO BARs which may share the same page
with other BARs for security reasons.
When using resource_alignment kernel parameter, the current
implement reassigns the alignment by changing resources' size
which can potentially break some drivers. For example, the driver
uses the size to locate some register whose length is related
to the size.
This patch adds a new option "nores
Current vfio-pci implementation disallows to mmap
sub-page(size < PAGE_SIZE) MMIO BARs because these BARs' mmio
page may be shared with other BARs. This will cause some
performance issues when we passthrough a PCI device with
this kind of BARs. Guest will be not able to handle the mmio
accesses to
Hi!
> This RFC patch series provides support for AMD's new Secure Memory
> Encryption (SME) feature.
>
> SME can be used to mark individual pages of memory as encrypted through the
> page tables. A page of memory that is marked encrypted will be automatically
> decrypted when read from DRAM and w
On Tue 2016-04-26 17:56:14, Tom Lendacky wrote:
> Provide the Kconfig support to build the SME support in the kernel.
Probably should go last in the series?
> Signed-off-by: Tom Lendacky
> ---
> arch/x86/Kconfig |9 +
> 1 file changed, 9 insertions(+)
>
> diff --git a/arch/x86/Kco
On Tue 2016-04-26 17:56:26, Tom Lendacky wrote:
> Provide support for Secure Memory Encryption (SME). This initial support
> defines the memory encryption mask as a variable for quick access and an
> accessor for retrieving the number of physical addressing bits lost if
> SME is enabled.
>
> Signe
Hi!
> This patch adds the support to check for and enable SME when available
> on the processor and when the mem_encrypt=on command line option is set.
> This consists of setting the encryption mask, calculating the number of
> physical bits of addressing lost and encrypting the kernel "in place."
On Tue, Mar 22, 2016 at 02:00:58PM +0100, Pavel Machek wrote:
> Why would I want SME on my system? My system seems to work without it.
Your system doesn't have it and SME is default off.
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
--
To unsubscribe from this list:
On Apr 27, 2016 1:18 AM, "Ingo Molnar" wrote:
>
>
> * Andy Lutomirski wrote:
>
> > > What new syscalls would be needed for ssh to get all this support?
> >
> > This patchset or similar, plus some user code and an enclave to use.
> >
> > Sadly, on current CPUs, you also need Intel to bless the enc
On 03/22/2016 08:00 AM, Pavel Machek wrote:
> Hi!
>
>> This RFC patch series provides support for AMD's new Secure Memory
>> Encryption (SME) feature.
>>
>> SME can be used to mark individual pages of memory as encrypted through the
>> page tables. A page of memory that is marked encrypted will be
On Tue, Apr 12, 2016 at 4:46 PM, Jonathan Corbet wrote:
> On Fri, 8 Apr 2016 17:12:27 +0200
> Markus Heiser wrote:
>
>> motivated by this MT, I implemented a toolchain to migrate the kernel’s
>> DocBook XML documentation to reST markup.
>>
>> It converts 99% of the docs well ... to gain an impres
On Tue, Apr 26, 2016 at 3:56 PM, Tom Lendacky wrote:
> For AMD processors that support PAT, set the write-protect cache mode
> (_PAGE_CACHE_MODE_WP) entry to the actual write-protect value (x05).
What's the purpose of using the WP memory type?
--Andy
--
To unsubscribe from this list: send the li
On Tue, Apr 26, 2016 at 3:55 PM, Tom Lendacky wrote:
> This RFC patch series provides support for AMD's new Secure Memory
> Encryption (SME) feature.
>
> SME can be used to mark individual pages of memory as encrypted through the
> page tables. A page of memory that is marked encrypted will be aut
On Wed, Apr 27, 2016 at 04:30:45PM +0200, Pavel Machek wrote:
> That does not answer the question. "Why would I want SME on my
> system?".
Because your question wasn't formulated properly. Here's some text from
the 0th mail which you could've found on your own:
"The following links provide additi
On 04/27/2016 09:33 AM, Andy Lutomirski wrote:
> On Tue, Apr 26, 2016 at 3:56 PM, Tom Lendacky wrote:
>> For AMD processors that support PAT, set the write-protect cache mode
>> (_PAGE_CACHE_MODE_WP) entry to the actual write-protect value (x05).
>
> What's the purpose of using the WP memory type
On Wed 2016-04-27 16:05:20, Borislav Petkov wrote:
> On Tue, Mar 22, 2016 at 02:00:58PM +0100, Pavel Machek wrote:
> > Why would I want SME on my system? My system seems to work without it.
>
> Your system doesn't have it and SME is default off.
That does not answer the question. "Why would I wan
On Wed, Apr 27, 2016 at 7:44 AM, Tom Lendacky wrote:
> On 04/27/2016 09:33 AM, Andy Lutomirski wrote:
>> On Tue, Apr 26, 2016 at 3:56 PM, Tom Lendacky
>> wrote:
>>> For AMD processors that support PAT, set the write-protect cache mode
>>> (_PAGE_CACHE_MODE_WP) entry to the actual write-protect v
On Wed 2016-04-27 16:39:51, Borislav Petkov wrote:
> On Wed, Apr 27, 2016 at 04:30:45PM +0200, Pavel Machek wrote:
> > That does not answer the question. "Why would I want SME on my
> > system?".
>
> Because your question wasn't formulated properly. Here's some text from
> the 0th mail which you c
On 04/27/2016 09:47 AM, Andy Lutomirski wrote:
> On Wed, Apr 27, 2016 at 7:44 AM, Tom Lendacky wrote:
>> On 04/27/2016 09:33 AM, Andy Lutomirski wrote:
>>> On Tue, Apr 26, 2016 at 3:56 PM, Tom Lendacky
>>> wrote:
For AMD processors that support PAT, set the write-protect cache mode
(_P
On Wed, Apr 27, 2016 at 8:05 AM, Tom Lendacky wrote:
> On 04/27/2016 09:47 AM, Andy Lutomirski wrote:
>> On Wed, Apr 27, 2016 at 7:44 AM, Tom Lendacky
>> wrote:
>>> On 04/27/2016 09:33 AM, Andy Lutomirski wrote:
On Tue, Apr 26, 2016 at 3:56 PM, Tom Lendacky
wrote:
> For AMD proce
On 03/22/2016 08:01 AM, Pavel Machek wrote:
> On Tue 2016-04-26 17:56:14, Tom Lendacky wrote:
>> Provide the Kconfig support to build the SME support in the kernel.
>
>
> Probably should go last in the series?
Yeah, I've seen arguments both ways for this. Doing it early
allows compiling and test
On Wed 2016-04-27 10:17:36, Tom Lendacky wrote:
> On 03/22/2016 08:01 AM, Pavel Machek wrote:
> > On Tue 2016-04-26 17:56:14, Tom Lendacky wrote:
> >> Provide the Kconfig support to build the SME support in the kernel.
> >
> >
> > Probably should go last in the series?
>
> Yeah, I've seen argume
On Wed, Apr 27, 2016 at 08:12:56AM -0700, Andy Lutomirski wrote:
> I think there are some errata
Isn't that addressed by the first branch of the if-test in pat_init():
if ((c->x86_vendor == X86_VENDOR_INTEL) &&
(((c->x86 == 0x6) && (c->x86_model <= 0xd)) ||
((c->x
On Wed, Apr 27, 2016 at 8:31 AM, Borislav Petkov wrote:
> On Wed, Apr 27, 2016 at 08:12:56AM -0700, Andy Lutomirski wrote:
>> I think there are some errata
>
> Isn't that addressed by the first branch of the if-test in pat_init():
>
> if ((c->x86_vendor == X86_VENDOR_INTEL) &&
>
On Wed, Apr 27, 2016 at 05:30:10PM +0200, Pavel Machek wrote:
> Doing it early will break bisect, right?
How exactly? Please do tell.
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of
On Wed 2016-04-27 16:39:51, Borislav Petkov wrote:
> On Wed, Apr 27, 2016 at 04:30:45PM +0200, Pavel Machek wrote:
> > That does not answer the question. "Why would I want SME on my
> > system?".
>
> Because your question wasn't formulated properly. Here's some text from
> the 0th mail which you c
On Tue, Apr 26, 2016 at 9:06 PM, Zhao Lei wrote:
> Hi, Kees Cook
>
> * From: Kees Cook [mailto:keesc...@chromium.org]
>> Sent: Wednesday, April 27, 2016 7:48 AM
>> To: Andrew Morton
>> Cc: Randy Dunlap ; Andy Whitcroft
>> ; Joe Perches ; Zhao Lei
>> ; linux-doc@vger.kernel.org;
>> linux-ker...@vg
On 03/22/2016 08:03 AM, Pavel Machek wrote:
> On Tue 2016-04-26 17:56:26, Tom Lendacky wrote:
>> Provide support for Secure Memory Encryption (SME). This initial support
>> defines the memory encryption mask as a variable for quick access and an
>> accessor for retrieving the number of physical add
On Wed 2016-04-27 17:41:40, Borislav Petkov wrote:
> On Wed, Apr 27, 2016 at 05:30:10PM +0200, Pavel Machek wrote:
> > Doing it early will break bisect, right?
>
> How exactly? Please do tell.
Hey look, SME slowed down 30% since being initially merged into
kernel!
On 27/04/16 17:41, Pavel Machek wrote:
On Wed 2016-04-27 17:41:40, Borislav Petkov wrote:
On Wed, Apr 27, 2016 at 05:30:10PM +0200, Pavel Machek wrote:
Doing it early will break bisect, right?
How exactly? Please do tell.
Hey look, SME slowed down 30% since being initially merged into
kerne
On Wed, Apr 27, 2016 at 06:41:37PM +0200, Pavel Machek wrote:
> Hey look, SME slowed down 30% since being initially merged into
> kernel!
How is that breaking bisection?
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
--
To unsubscribe from this list: send the line "u
There are many lines containing incorrect spelling words and needless spaces.
They should be fixed.
Signed-off-by: Kyeongmin Cho
---
Documentation/cpu-hotplug.txt | 2 +-
Documentation/devices.txt | 4 ++--
Documentation/hsi.txt | 2 +-
Documentation/kasan.txt
On 04/27/2016 09:39 AM, Andy Lutomirski wrote:
> On Tue, Apr 26, 2016 at 3:55 PM, Tom Lendacky wrote:
>> This RFC patch series provides support for AMD's new Secure Memory
>> Encryption (SME) feature.
>>
>> SME can be used to mark individual pages of memory as encrypted through the
>> page tables.
On Wed, Apr 27, 2016 at 12:30 AM, Andrew Pinski wrote:
> On Fri, Apr 22, 2016 at 8:37 PM, Zhangjian (Bamvor)
> wrote:
>> Hi, Yury
>>
>>
>> On 2016/4/6 6:44, Yury Norov wrote:
>>>
>>> There are about 20 failing tests of 782 in lite scenario.
>>> float_bessel
>>> float_exp_log
>>> float_iperb
>>> f
On 04/27/16 12:39, Kyeongmin Cho wrote:
> There are many lines containing incorrect spelling words and needless spaces.
> They should be fixed.
>
> Signed-off-by: Kyeongmin Cho
Acked-by: Randy Dunlap
Thanks.
> ---
> Documentation/cpu-hotplug.txt | 2 +-
> Documentation/devices.txt
On Mon, Apr 25, 2016 at 12:52:45PM -0500, ttha...@opensource.altera.com wrote:
> From: Thor Thayer
>
> Add the device tree bindings needed to support the Altera Ethernet
> FIFO buffers on the Arria10 chip.
>
> Signed-off-by: Thor Thayer
> ---
> v2 No Change
> ---
> .../bindings/arm/altera/soc
Hello Ramesh,
please send out a new v3 patchset to trigger the process again :-)
Best regards,
Oliver
On 04/13/2016 08:25 AM, Ramesh Shanmugasundaram wrote:
HI Marc,
Gentle reminder!
Are you happy with the open comment's disposition? I can send a next version of
patch if we have a closure on
44 matches
Mail list logo
