27;high' not described in 'sgx_calc_section_metric'
...
The function sgx_calc_section_metric() is a simple helper which is only
used in sgx/main.c. There's no need to use k-doc style comment for it.
Downgrade to normal comment to silence this warning.
Signed-off-by: Kai H
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: e9a15a40e857fc6ccfbb05fec7b184e9003057df
Gitweb:
https://git.kernel.org/tip/e9a15a40e857fc6ccfbb05fec7b184e9003057df
Author:Kai Huang
AuthorDate:Fri, 19 Mar 2021 20:22:17 +13:00
Committer
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: b0c7459be0670fabe080e30906ba9fe62df5e02c
Gitweb:
https://git.kernel.org/tip/b0c7459be0670fabe080e30906ba9fe62df5e02c
Author:Kai Huang
AuthorDate:Thu, 25 Mar 2021 22:30:57 +13:00
Committer
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: faa7d3e6f3b983a28bf0f88f82dcb1c162e61105
Gitweb:
https://git.kernel.org/tip/faa7d3e6f3b983a28bf0f88f82dcb1c162e61105
Author:Kai Huang
AuthorDate:Fri, 19 Mar 2021 20:23:02 +13:00
Committer
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 73916b6a0c714258f9c2619408a66c6696a761a7
Gitweb:
https://git.kernel.org/tip/73916b6a0c714258f9c2619408a66c6696a761a7
Author:Kai Huang
AuthorDate:Fri, 19 Mar 2021 20:23:07 +13:00
Committer
On Tue, 6 Apr 2021 19:08:58 +0200 Borislav Petkov wrote:
> On Tue, Apr 06, 2021 at 09:41:52PM +1200, Kai Huang wrote:
> > > Ok, I'll make the changes and you can redo the KVM rest ontop.
> > >
> >
> > Thank you!
>
> I.e., something like this:
Looks
On Tue, 6 Apr 2021 11:32:11 +0200 Borislav Petkov wrote:
> On Tue, Apr 06, 2021 at 09:24:24PM +1200, Kai Huang wrote:
> > Such invalid input has already been handled in handle_encls_xx() before
> > calling
> > the two helpers in this patch. KVM returns to Qemu and let it d
On Tue, 6 Apr 2021 11:09:01 +0200 Borislav Petkov wrote:
> On Tue, Apr 06, 2021 at 08:59:58PM +1200, Kai Huang wrote:
> > OK. My thinking was that, returning negative error value basically means
> > guest
> > will be killed.
>
> You need to define how you're go
On Tue, 6 Apr 2021 10:28:00 +0200 Borislav Petkov wrote:
> On Tue, Apr 06, 2021 at 09:46:34AM +1200, Kai Huang wrote:
> > Fine to me. Please let me know if you want me to resend patches. Thanks.
>
> Patch updated:
Looks fine. Thank you!
>
> ---
> From: Sean Christopher
On Tue, 6 Apr 2021 09:40:38 +0200 Borislav Petkov wrote:
> On Tue, Apr 06, 2021 at 09:44:21AM +1200, Kai Huang wrote:
> > The intention was to catch KVM bug, since KVM is the only caller, and in
> > current
> > implementation KVM won't call this function if @secs is
On Mon, 5 Apr 2021 11:01:51 +0200 Borislav Petkov wrote:
> On Fri, Mar 19, 2021 at 08:22:21PM +1300, Kai Huang wrote:
> > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> > index 35391e94bd22..007912f67a06 100644
> > --- a/arch/x86/Kconfig
> > +++ b/arch/x86/Kcon
On Mon, 5 Apr 2021 11:07:59 +0200 Borislav Petkov wrote:
> On Fri, Mar 19, 2021 at 08:23:08PM +1300, Kai Huang wrote:
> > + /*
> > +* @secs is an untrusted, userspace-provided address. It comes from
> > +* KVM and is assumed to be a valid pointer whic
On Fri, 2 Apr 2021 15:42:51 + Sean Christopherson wrote:
> On Fri, Apr 02, 2021, Borislav Petkov wrote:
> > On Fri, Mar 19, 2021 at 08:23:02PM +1300, Kai Huang wrote:
> > > Modify sgx_init() to always try to initialize the virtual EPC driver,
> > > even if the SGX d
On Fri, 2 Apr 2021 13:22:35 +0200 Borislav Petkov wrote:
> On Sat, Apr 03, 2021 at 12:08:10AM +1300, Kai Huang wrote:
> > Do you want me to send updated patch?
>
> No need. If I do, I'll ask kindly, otherwise you don't have to do
> anything.
>
I see. Thanks.
On Fri, 2 Apr 2021 11:48:16 +0200 Borislav Petkov wrote:
> On Fri, Mar 19, 2021 at 08:23:02PM +1300, Kai Huang wrote:
> > Modify sgx_init() to always try to initialize the virtual EPC driver,
> > even if the SGX driver is disabled. The SGX driver might be disabled
> > if SGX
On Thu, 1 Apr 2021 20:31:59 +0200 Borislav Petkov wrote:
> On Thu, Apr 01, 2021 at 01:20:39AM +1300, Kai Huang wrote:
> > Could you help to review whether below change is OK?
>
> I ended up applying this:
Thank you!
>
> ---
> From: Sean Christopherson
> Date: Fri,
On Wed, 31 Mar 2021 21:53:45 +1300 Kai Huang wrote:
> On Wed, 31 Mar 2021 09:44:39 +0200 Boris Petkov wrote:
> > On March 31, 2021 8:51:38 AM GMT+02:00, Kai Huang
> > wrote:
> > >How about adding explanation to Documentation/x86/sgx.rst?
> >
> > Sure, and t
n
Acked-by: Dave Hansen
Acked-by: Jarkko Sakkinen
Co-developed-by: Kai Huang
Signed-off-by: Kai Huang
---
v3->v4:
- Added documentation to explain virtual EPC, and suggest user what to do if
user wants to run both host SGX apps and KVM SGX guests, since EPC pages
assigned to guest is no
On Wed, 31 Mar 2021 21:53:45 +1300 Kai Huang wrote:
> On Wed, 31 Mar 2021 09:44:39 +0200 Boris Petkov wrote:
> > On March 31, 2021 8:51:38 AM GMT+02:00, Kai Huang
> > wrote:
> > >How about adding explanation to Documentation/x86/sgx.rst?
> >
> > Sure, and t
On Wed, 31 Mar 2021 09:44:39 +0200 Boris Petkov wrote:
> On March 31, 2021 8:51:38 AM GMT+02:00, Kai Huang wrote:
> >How about adding explanation to Documentation/x86/sgx.rst?
>
> Sure, and then we should point users at it. The thing is also indexed by
> search engines so hop
On Wed, 31 Mar 2021 08:44:23 +0200 Boris Petkov wrote:
> On March 31, 2021 3:10:32 AM GMT+02:00, Kai Huang
> wrote:
>
> > The admin will be aware of
> >such EPC
> >allocation disjoint situation, and deploy host enclaves/KVM SGX guests
> >accordingly.
>
On Fri, 26 Mar 2021 16:03:55 +0100 Borislav Petkov wrote:
> On Fri, Mar 19, 2021 at 08:22:21PM +1300, Kai Huang wrote:
> > From: Sean Christopherson
> >
> > Add a misc device /dev/sgx_vepc to allow userspace to allocate "raw" EPC
> > without an associated
> > diff --git a/arch/x86/kernel/cpu/sgx/sgx.h b/arch/x86/kernel/cpu/sgx/sgx.h
> > index 653af8ca1a25..6b21a165500e 100644
> > --- a/arch/x86/kernel/cpu/sgx/sgx.h
> > +++ b/arch/x86/kernel/cpu/sgx/sgx.h
> > @@ -13,6 +13,11 @@
> > #undef pr_fmt
> > #define pr_fmt(fmt) "sgx: " fmt
> >
> > +/* E
On Thu, 25 Mar 2021 09:42:41 +0100 Borislav Petkov wrote:
> ... so you could send the final version of this patch as a reply to this
> thread, now that everyone agrees, so that I can continue going through
> the rest.
>
I have sent it by replying to this patch.
[PATCH v4 03/25] x86/sgx: Wipe out
> +
> +static int sgx_vepc_free_page(struct sgx_epc_page *epc_page)
> +{
> + int ret;
> +
> + /*
> + * Take a previously guest-owned EPC page and return it to the
> + * general EPC page pool.
> + *
> + * Guests can not be trusted to have left this page in a good
> +
or message when EREMOVE fails, and add
documentation to explain to user what is the bug and suggest user what
to do when this bug happens, although extremely unlikely.
Signed-off-by: Kai Huang
---
Documentation/x86/sgx.rst | 27 +++
arch/x86/kernel/cpu/sgx/en
On Thu, 25 Mar 2021 00:39:01 +0100 Paolo Bonzini wrote:
> On 25/03/21 00:23, Kai Huang wrote:
> > I changed to below (with slight modification on Paolo's):
> >
> > /* Error message for EREMOVE failure, when kernel is about to leak EPC page
> > */
&
>
> > +/* Error message for EREMOVE failure, when kernel is about to leak EPC
> > page */
> > +#define EREMOVE_ERROR_MESSAGE \
> > + "EREMOVE returned %d (0x%x), kernel bug likely. EPC page leaked,
> > SGX may become
> > unusuable. Please refer to Documentation/x86/sgx.rst for more inf
On Wed, 24 Mar 2021 11:09:20 +0100 Paolo Bonzini wrote:
> On 24/03/21 10:38, Kai Huang wrote:
> > Hi Sean, Boris, Paolo,
> >
> > Thanks for the discussion. I tried to digest all your conversations and
> > hopefully I have understood you correctly. I pasted the new pat
anation of this
bug to the commit msg (per Paolo). I am terrible Documentation writer, so
please help to check and give comments. Thanks!
---
commit 1e297a535bcb4f51a08343c40207520017d85efe (HEAD)
Author: Kai Huang
Date: Wed Jan 20 03:40:53 2021 +0200
x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()
On Mon, 22 Mar 2021 23:37:26 +0100 Borislav Petkov wrote:
> On Tue, Mar 23, 2021 at 11:06:43AM +1300, Kai Huang wrote:
> > This path is called by host SGX driver only, so yes this leaking is done by
> > host enclaves only.
>
> Yes, so I was told.
>
> > This patch
>
> Btw, I probably have seen this and forgotten again so pls remind me,
> is the amount of pages available for SGX use static and limited by,
> I believe BIOS, or can a leakage in EPC pages cause system memory
> shortage?
>
Yes EPC size is fixed and configured in BIOS. Leaking EPC pages may c
On Mon, 22 Mar 2021 22:06:45 +0100 Borislav Petkov wrote:
> On Mon, Mar 22, 2021 at 12:37:02PM -0700, Sean Christopherson wrote:
> > Yes. Note, it's still true if you strike out the "too", KVM support is
> > completely
> > orthogonal to this code. The purpose of this patch is to separate out the
On Mon, 22 Mar 2021 20:11:57 +0100 Paolo Bonzini wrote:
> On 22/03/21 19:56, Sean Christopherson wrote:
> > EREMOVE can only fail if there's a kernel or hardware bug (or a VMM bug if
> > running as a guest). IME, nearly every kernel/KVM bug that I introduced
> > that
> > led to EREMOVE failure wa
On Mon, 22 Mar 2021 12:37:02 -0700 Sean Christopherson wrote:
> On Mon, Mar 22, 2021, Borislav Petkov wrote:
> > On Mon, Mar 22, 2021 at 11:56:37AM -0700, Sean Christopherson wrote:
> > > Not necessarily. This can only trigger in the host, and thus require a
> > > host
> > > reboot, if the host i
>
> I just say add my ack to SGX specific patches where it is missing.
> Good enough.
>
> /Jarkko
Thank you Jarkko!
Hi Boris,
If there's no other comments, should I send another version adding Jarkko's
Acked-by
for the x86 SGX patches that don't have it (patch 2, 5, 6, 7, 8, 13 -- in which
p
On Fri, 19 Mar 2021 22:01:41 +1300 Kai Huang wrote:
> On Fri, 19 Mar 2021 09:45:23 +0100 Borislav Petkov wrote:
> > On Fri, Mar 19, 2021 at 05:06:02PM +1300, Kai Huang wrote:
> > > Below kernel bug happened when running simple SGX application when EPC
> > > is under p
On Fri, 19 Mar 2021 09:45:23 +0100 Borislav Petkov wrote:
> On Fri, Mar 19, 2021 at 05:06:02PM +1300, Kai Huang wrote:
> > Below kernel bug happened when running simple SGX application when EPC
> > is under pressure. The root cause is with commit 5b8719504e3a
> > ("
n traps ECREATE from
guest, and only allows ECREATE with provisioning key bit to run when guest
supports KVM_CAP_SGX_ATTRIBUTE.
Kai Huang (4):
x86/cpufeatures: Make SGX_LC feature bit depend on SGX bit
x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()
x86/sgx: Initialize virtual EPC driver even whe
guest access to privileged attributes by
default.
Cc: Andy Lutomirski
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
---
Documentation/virt/kvm/api.rst | 23 +++
arch/x86/kvm/cpuid.c | 2 +-
arch/x86/kvm/x86.c | 21
e writable, e.g. to allow firmware to lock down the LE
root key with a non-Intel value.
Signed-off-by: Sean Christopherson
Co-developed-by: Kai Huang
Signed-off-by: Kai Huang
---
arch/x86/kvm/vmx/sgx.c | 35 +++
arch/x86/kvm/vmx/sgx.h | 6 ++
arch/x86/kvm
execute, the ~1500 cycle overhead to trap-and-execute EINIT is
unlikely to be noticed by the guest, let alone impact its overall SGX
performance.
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
---
arch/x86/kvm/vmx/sgx.c | 55 ++
1 file changed, 55
on key, all SGX
attribute bits may be exposed to the guest. Guest access to the
provision key, which is controlled via securityfs, will be added in a
future patch.
Note, KVM does not yet support exposing ENCLS_C leafs or ENCLV leafs.
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
---
arch/
masks diverges from hardware
in order to enforce the desired CPUID model, i.e. inject #GP if the
guest attempts to set a bit that hasn't been enumerated as allowed-1 in
CPUID.
Note, access to the PROVISIONKEY is not yet supported.
Signed-off-by: Sean Christopherson
Co-developed-by: Kai Huang
Sig
-off-by: Kai Huang
---
arch/x86/kvm/Makefile | 2 ++
arch/x86/kvm/vmx/sgx.c | 50 ++
arch/x86/kvm/vmx/sgx.h | 15 +
arch/x86/kvm/vmx/vmx.c | 9 +---
4 files changed, 73 insertions(+), 3 deletions(-)
create mode 100644 arch/x86/kvm/vmx/sgx.c
_LOOP_EXITING only affects CPL0 and enclaves exist only at
CPL3, so we also don't need to worry about that interaction.
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
---
arch/x86/include/asm/vmx.h | 1 +
arch/x86/include/uapi/asm/vmx.h | 1 +
arch/x86/kvm/vmx/neste
-execute scheme for
virtualizing SGX Launch Control, e.g. to inject SGX-induced #PFs if
EINIT faults in the host, and to support live migration.
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
---
arch/x86/include/asm/kvm_host.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch
stopherson
Signed-off-by: Kai Huang
---
arch/x86/kvm/cpuid.c | 32 +++-
arch/x86/kvm/cpuid.h | 39 ++-
2 files changed, 61 insertions(+), 10 deletions(-)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 6bd2f8b830e4..a0
s for
non-EPC pages in order to pass user pointers directly to ECREATE and
EINIT, which avoids having to copy pages worth of data into the kernel.
Signed-off-by: Sean Christopherson
Acked-by: Jarkko Sakkinen
Signed-off-by: Kai Huang
---
arch/x86/kvm/x86.c | 2 ++
1 file changed, 2 insertions(+)
Sean Christopherson
Signed-off-by: Kai Huang
---
arch/x86/kvm/cpuid.h | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
index 8925a929186c..a175ff75bbbe 100644
--- a/arch/x86/kvm/cpuid.h
+++ b/arch/x86/kvm/cpuid.h
@@ -
Add a helper to update SGX_LEPUBKEYHASHn MSRs. SGX virtualization also
needs to update those MSRs based on guest's "virtual" SGX_LEPUBKEYHASHn
before EINIT from guest.
Acked-by: Dave Hansen
Acked-by: Jarkko Sakkinen
Signed-off-by: Kai Huang
---
arch/x86/kernel/cpu/s
From: Sean Christopherson
Move the ENCLS leaf definitions to sgx.h so that they can be used by
KVM.
Signed-off-by: Sean Christopherson
Acked-by: Dave Hansen
Acked-by: Jarkko Sakkinen
Signed-off-by: Kai Huang
---
arch/x86/include/asm/sgx.h | 15 +++
arch/x86/kernel/cpu/sgx
: Jarkko Sakkinen
Signed-off-by: Kai Huang
---
arch/x86/include/asm/sgx.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h
index 34f44238d1d1..3b025afec0a7 100644
--- a/arch/x86/include/asm/sgx.h
+++ b/arch/x86/include/asm/sgx.h
@@ -40,6
driver is not enabled due to flexible launch control is not available,
SGX virtualization can still be enabled, and use it to restrict VM's
capability of being able to access provisioning key.
Signed-off-by: Sean Christopherson
Reviewed-by: Jarkko Sakkinen
Acked-by: Dave Hansen
Signed-off-by
From: Sean Christopherson
Add a helper to extract the fault indicator from an encoded ENCLS return
value. SGX virtualization will also need to detect ENCLS faults.
Signed-off-by: Sean Christopherson
Acked-by: Dave Hansen
Acked-by: Jarkko Sakkinen
Signed-off-by: Kai Huang
---
arch/x86
are subject to
segmentation and paging mechanisms. It's also possible to generate
kernel mappings for ENCLS parameters by resolving PFN but using
__uaccess_xx() is simpler.
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
---
v2->v3:
- Updated to use addr,size directly for acces
componments. Also update MAINTAINERS to include asm/sgx.h.
Signed-off-by: Sean Christopherson
Acked-by: Dave Hansen
Co-developed-by: Kai Huang
Signed-off-by: Kai Huang
---
v1->v3:
- Added MAINTAINERS file update to include new asm/sgx.h
- Changed 'line' to 'comment' in the
SGX.
Acked-by: Dave Hansen
Reviewed-by: Sean Christopherson
Signed-off-by: Kai Huang
---
arch/x86/kernel/cpu/sgx/main.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
index 6a734f484aa7..b73114150ff8
SGX virtualization.
Signed-off-by: Sean Christopherson
Acked-by: Dave Hansen
Co-developed-by: Kai Huang
Signed-off-by: Kai Huang
---
arch/x86/Kconfig | 12 ++
arch/x86/kernel/cpu/sgx/Makefile | 1 +
arch/x86/kernel/cpu/sgx/sgx.h| 9 ++
arch/x86/kernel/cpu/sgx/virt.c
: Dave Hansen
Co-developed-by: Kai Huang
Signed-off-by: Kai Huang
---
v2->v3:
- Fix nit: s/Faunch/Launch.
---
arch/x86/kernel/cpu/feat_ctl.c | 59 +-
1 file changed, 44 insertions(+), 15 deletions(-)
diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/
to handle recoverable EREMOVE errors when
saniziting EPC pages after they are freed.
Signed-off-by: Sean Christopherson
Acked-by: Dave Hansen
Acked-by: Jarkko Sakkinen
Signed-off-by: Kai Huang
---
arch/x86/kernel/cpu/sgx/arch.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/
kernel support
for SGX1 and SGX2.
Suppress both SGX1 and SGX2 from /proc/cpuinfo. SGX1 basically means
SGX, and for SGX2 there is no concrete use case of using it in
/proc/cpuinfo.
Signed-off-by: Sean Christopherson
Acked-by: Dave Hansen
Signed-off-by: Kai Huang
---
arch/x86/include/asm
() with sgx_encl_free_epc_page() in all call
sites. No functional change is intended, except the new WARNING message
when EREMOVE fails.
Acked-by: Jarkko Sakkinen
Signed-off-by: Kai Huang
---
v2->v3:
- Changed to replace all call sites of sgx_free_epc_page() with
sgx_encl_free_epc_page()
: Sean Christopherson
Signed-off-by: Kai Huang
---
arch/x86/kernel/cpu/cpuid-deps.c | 1 +
arch/x86/kernel/cpu/feat_ctl.c | 12 +++-
2 files changed, 4 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c
index 42af31b64c2c
254.711480] CR2: 0008
[ 254.735494] ---[ end trace 970dce6d4cdf7f64 ]---
[ 254.759915] RIP: 0010:sgx_alloc_epc_page+0x46/0x152
...
Fixes: 5b8719504e3a("x86/sgx: Add a basic NUMA allocation scheme to
sgx_alloc_epc_page()")
Signed-off-by: Kai Huang
---
arch/x86/kernel/cpu/sgx/main.c |
On Tue, 16 Mar 2021 14:46:05 +0200 Jarkko Sakkinen wrote:
> On Mon, Mar 15, 2021 at 06:13:53PM -0700, Sean Christopherson wrote:
> > On Tue, Mar 16, 2021, Jarkko Sakkinen wrote:
> > > On Tue, Mar 16, 2021 at 01:05:05AM +0200, Jarkko Sakkinen wrote:
> > > > The way I've understood it is that given t
On Tue, 16 Mar 2021 00:59:31 +0200 Jarkko Sakkinen wrote:
> On Tue, Mar 16, 2021 at 09:29:34AM +1300, Kai Huang wrote:
> > On Mon, 15 Mar 2021 15:19:32 +0200 Jarkko Sakkinen wrote:
> > > On Mon, Mar 15, 2021 at 03:18:16PM +0200, Jarkko Sakkinen wrote:
> > > > On M
On Tue, 16 Mar 2021 01:08:44 +0200 Jarkko Sakkinen wrote:
> On Tue, Mar 16, 2021 at 01:05:05AM +0200, Jarkko Sakkinen wrote:
> > On Tue, Mar 16, 2021 at 09:48:59AM +1300, Kai Huang wrote:
> > > On Mon, 15 Mar 2021 15:51:17 +0200 Jarkko Sakkinen wrote:
> > > > On M
On Mon, 15 Mar 2021 15:51:17 +0200 Jarkko Sakkinen wrote:
> On Mon, Mar 15, 2021 at 03:04:59PM +0200, Jarkko Sakkinen wrote:
> > On Mon, Mar 15, 2021 at 04:13:17PM +1300, Kai Huang wrote:
> > > On Sun, 14 Mar 2021 17:27:18 +0200 Jarkko Sakkinen wrote:
> > > > On S
On Mon, 15 Mar 2021 15:19:32 +0200 Jarkko Sakkinen wrote:
> On Mon, Mar 15, 2021 at 03:18:16PM +0200, Jarkko Sakkinen wrote:
> > On Mon, Mar 15, 2021 at 08:12:36PM +1300, Kai Huang wrote:
> > > On Sat, 13 Mar 2021 12:45:53 +0200 Jarkko Sakkinen wrote:
> > > > On F
On Sat, 13 Mar 2021 12:45:53 +0200 Jarkko Sakkinen wrote:
> On Fri, Mar 12, 2021 at 01:21:54PM -0800, Sean Christopherson wrote:
> > On Thu, Mar 11, 2021, Kai Huang wrote:
> > > From: Jarkko Sakkinen
> > >
> > > EREMOVE takes a page and removes any associ
On Tue, 9 Mar 2021 14:39:46 +1300 Kai Huang wrote:
> From: Sean Christopherson
>
> The host kernel must intercept ECREATE to impose policies on guests, and
> intercept EINIT to be able to write guest's virtual SGX_LEPUBKEYHASH MSR
> values to hardware before running guest&#
On Fri, 12 Mar 2021 13:58:40 -0800 Sean Christopherson wrote:
> On Tue, Mar 09, 2021, Kai Huang wrote:
> > From: Sean Christopherson
> >
> > Expose SGX architectural structures, as KVM will use many of the
> > architectural constants and structs to virtualize SGX.
&
; > On Fri, Mar 12, 2021 at 01:44:58PM -0800, Sean Christopherson wrote:
> > > > > On Tue, Mar 09, 2021, Kai Huang wrote:
> > > > > > Modify sgx_init() to always try to initialize the virtual EPC
> > > > > > driver,
> > > > > >
On Fri, 2021-03-12 at 14:04 -0800, Sean Christopherson wrote:
> On Tue, Mar 09, 2021, Paolo Bonzini wrote:
> > On 09/03/21 10:30, Borislav Petkov wrote:
> > > On Tue, Mar 09, 2021 at 02:38:49PM +1300, Kai Huang wrote:
> > > > This series adds KVM SGX virtualization
On Wed, 10 Mar 2021 14:29:48 +0100 Borislav Petkov wrote:
> On Wed, Mar 10, 2021 at 10:27:05PM +1300, Kai Huang wrote:
> > Sorry for the mistake. I will send out another version with that fixed.
>
> If patch 3 is the only one which needs to change, you can send only that
> one
: Jarkko Sakkinen
Co-developed-by: Kai Huang
Acked-by: Jarkko Sakkinen
Signed-off-by: Kai Huang
---
v2->v3:
- Fixed bug during copy/paste which results in SECS page and va pages are not
correctly freed in sgx_encl_release() (sorry for the mistake).
- Added Jarkko's Acked-by.
On Thu, 2021-03-11 at 11:43 +1300, Kai Huang wrote:
> On Thu, 2021-03-11 at 00:35 +0200, Jarkko Sakkinen wrote:
> > On Thu, Mar 11, 2021 at 12:12:17AM +0200, Jarkko Sakkinen wrote:
> > > On Thu, Mar 11, 2021 at 12:10:56AM +0200, Jarkko Sakkinen wrote:
> > > > On T
On Thu, 2021-03-11 at 00:35 +0200, Jarkko Sakkinen wrote:
> On Thu, Mar 11, 2021 at 12:12:17AM +0200, Jarkko Sakkinen wrote:
> > On Thu, Mar 11, 2021 at 12:10:56AM +0200, Jarkko Sakkinen wrote:
> > > On Thu, Mar 11, 2021 at 09:36:15AM +1300, Kai Huang wrote:
> > > &g
On Wed, 2021-03-10 at 20:01 +0200, Jarkko Sakkinen wrote:
> On Tue, Mar 09, 2021 at 10:30:37AM +0100, Borislav Petkov wrote:
> > On Tue, Mar 09, 2021 at 02:38:49PM +1300, Kai Huang wrote:
> > > This series adds KVM SGX virtualization support. The first 14 patches
> > >
On Wed, 2021-03-10 at 17:11 +0200, Jarkko Sakkinen wrote:
> On Wed, Mar 03, 2021 at 08:59:17AM -0800, Dave Hansen wrote:
> > On 3/3/21 7:03 AM, Jarkko Sakkinen wrote:
> > > diff --git a/arch/x86/kernel/cpu/sgx/main.c
> > > b/arch/x86/kernel/cpu/sgx/main.c
> > > index 52d070fb4c9a..ed99c60024dc 100
On Tue, 9 Mar 2021 14:39:01 +1300 Kai Huang wrote:
> From: Jarkko Sakkinen
>
> EREMOVE takes a page and removes any association between that page and
> an enclave. It must be run on a page before it can be added into
> another enclave. Currently, EREMOVE is run as part of pa
On Tue, 2021-03-09 at 10:30 +0100, Borislav Petkov wrote:
> On Tue, Mar 09, 2021 at 02:38:49PM +1300, Kai Huang wrote:
> > This series adds KVM SGX virtualization support. The first 14 patches
> > starting
> > with x86/sgx or x86/cpu.. are necessary changes to x86 and SG
On Tue, 2021-03-09 at 10:30 +0100, Borislav Petkov wrote:
> On Tue, Mar 09, 2021 at 02:38:49PM +1300, Kai Huang wrote:
> > This series adds KVM SGX virtualization support. The first 14 patches
> > starting
> > with x86/sgx or x86/cpu.. are necessary changes to x86 and SG
e writable, e.g. to allow firmware to lock down the LE
root key with a non-Intel value.
Signed-off-by: Sean Christopherson
Co-developed-by: Kai Huang
Signed-off-by: Kai Huang
---
arch/x86/kvm/vmx/sgx.c | 35 +++
arch/x86/kvm/vmx/sgx.h | 6 ++
arch/x86/kvm
on key, all SGX
attribute bits may be exposed to the guest. Guest access to the
provision key, which is controlled via securityfs, will be added in a
future patch.
Note, KVM does not yet support exposing ENCLS_C leafs or ENCLV leafs.
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
---
arch/
masks diverges from hardware
in order to enforce the desired CPUID model, i.e. inject #GP if the
guest attempts to set a bit that hasn't been enumerated as allowed-1 in
CPUID.
Note, access to the PROVISIONKEY is not yet supported.
Signed-off-by: Sean Christopherson
Co-developed-by: Kai Huang
Sig
execute, the ~1500 cycle overhead to trap-and-execute EINIT is
unlikely to be noticed by the guest, let alone impact its overall SGX
performance.
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
---
arch/x86/kvm/vmx/sgx.c | 55 ++
1 file changed, 55
guest access to privileged attributes by
default.
Cc: Andy Lutomirski
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
---
Documentation/virt/kvm/api.rst | 23 +++
arch/x86/kvm/cpuid.c | 2 +-
arch/x86/kvm/x86.c | 21
_LOOP_EXITING only affects CPL0 and enclaves exist only at
CPL3, so we also don't need to worry about that interaction.
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
---
v1->v2:
- Add comment to explain why injecting #UD when emulating guest
instruction due to VM-EXI
Sean Christopherson
Signed-off-by: Kai Huang
---
arch/x86/kvm/cpuid.h | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
index 8925a929186c..a175ff75bbbe 100644
--- a/arch/x86/kvm/cpuid.h
+++ b/arch/x86/kvm/cpuid.h
@@ -
stopherson
Signed-off-by: Kai Huang
---
arch/x86/kvm/cpuid.c | 32 +++-
arch/x86/kvm/cpuid.h | 39 ++-
2 files changed, 61 insertions(+), 10 deletions(-)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 6bd2f8b830e4..a0
-off-by: Kai Huang
---
arch/x86/kvm/Makefile | 2 ++
arch/x86/kvm/vmx/sgx.c | 50 ++
arch/x86/kvm/vmx/sgx.h | 15 +
arch/x86/kvm/vmx/vmx.c | 9 +---
4 files changed, 73 insertions(+), 3 deletions(-)
create mode 100644 arch/x86/kvm/vmx/sgx.c
s for
non-EPC pages in order to pass user pointers directly to ECREATE and
EINIT, which avoids having to copy pages worth of data into the kernel.
Signed-off-by: Sean Christopherson
Acked-by: Jarkko Sakkinen
Signed-off-by: Kai Huang
---
arch/x86/kvm/x86.c | 2 ++
1 file changed, 2 insertions(+)
-execute scheme for
virtualizing SGX Launch Control, e.g. to inject SGX-induced #PFs if
EINIT faults in the host, and to support live migration.
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
---
arch/x86/include/asm/kvm_host.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch
driver is not enabled due to flexible launch control is not available,
SGX virtualization can still be enabled, and use it to restrict VM's
capability of being able to access provisioning key.
Signed-off-by: Sean Christopherson
Reviewed-by: Jarkko Sakkinen
Acked-by: Dave Hansen
Signed-off-by
are subject to
segmentation and paging mechanisms. It's also possible to generate
kernel mappings for ENCLS parameters by resolving PFN but using
__uaccess_xx() is simpler.
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
---
v1->v2:
- Tried to address Dave's comments:
Add a helper to update SGX_LEPUBKEYHASHn MSRs. SGX virtualization also
needs to update those MSRs based on guest's "virtual" SGX_LEPUBKEYHASHn
before EINIT from guest.
Acked-by: Dave Hansen
Acked-by: Jarkko Sakkinen
Signed-off-by: Kai Huang
---
v1->v2:
- Added WARN_O
: Jarkko Sakkinen
Signed-off-by: Kai Huang
---
arch/x86/include/asm/sgx.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h
index 48f0c42027c0..0db1e47a90c5 100644
--- a/arch/x86/include/asm/sgx.h
+++ b/arch/x86/include/asm/sgx.h
@@ -40,6
From: Sean Christopherson
Add a helper to extract the fault indicator from an encoded ENCLS return
value. SGX virtualization will also need to detect ENCLS faults.
Signed-off-by: Sean Christopherson
Acked-by: Dave Hansen
Acked-by: Jarkko Sakkinen
Signed-off-by: Kai Huang
---
arch/x86
1 - 100 of 197 matches
Mail list logo
