mirror_ubuntu-kernels

mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2026-01-04 19:18:12 +00:00

History

Paolo Bonzini ae095b16fc x86/sgx/virt: implement SGX_IOC_VEPC_REMOVE ioctl For bare-metal SGX on real hardware, the hardware provides guarantees SGX state at reboot. For instance, all pages start out uninitialized. The vepc driver provides a similar guarantee today for freshly-opened vepc instances, but guests such as Windows expect all pages to be in uninitialized state on startup, including after every guest reboot. Some userspace implementations of virtual SGX would rather avoid having to close and reopen the /dev/sgx_vepc file descriptor and re-mmap the virtual EPC. For example, they could sandbox themselves after the guest starts and forbid further calls to open(), in order to mitigate exploits from untrusted guests. Therefore, add a ioctl that does this with EREMOVE. Userspace can invoke the ioctl to bring its vEPC pages back to uninitialized state. There is a possibility that some pages fail to be removed if they are SECS pages, and the child and SECS pages could be in separate vEPC regions. Therefore, the ioctl returns the number of EREMOVE failures, telling userspace to try the ioctl again after it's done with all vEPC regions. A more verbose description of the correct usage and the possible error conditions is documented in sgx.rst. Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Link: https://lkml.kernel.org/r/20211021201155.1523989-3-pbonzini@redhat.com		2021-10-22 08:32:12 -07:00
..
boot	Kbuild updates for v5.15	2021-09-03 15:33:47 -07:00
configs	configs: remove the obsolete CONFIG_INPUT_POLLDEV	2021-09-08 11:50:28 -07:00
crypto	crypto: x86/sm4 - Fix frame pointer stack corruption	2021-09-24 15:58:50 +08:00
entry	compat: remove some compat entry points	2021-09-08 15:32:35 -07:00
events	perf/x86/msr: Add Sapphire Rapids CPU support	2021-10-15 11:25:26 +02:00
hyperv	hyperv-fixes for 5.15	2021-10-07 09:44:48 -07:00
ia32	binfmt: remove in-tree usage of MAP_DENYWRITE	2021-09-03 18:42:01 +02:00
include	x86/sgx/virt: implement SGX_IOC_VEPC_REMOVE ioctl	2021-10-22 08:32:12 -07:00
kernel	x86/sgx/virt: implement SGX_IOC_VEPC_REMOVE ioctl	2021-10-22 08:32:12 -07:00
kvm	kvm: fix objtool relocation warning	2021-10-03 13:34:19 -07:00
lib	x86/insn, tools/x86: Fix undefined behavior due to potential unaligned accesses	2021-09-24 12:37:38 +02:00
math-emu	x86/math-emu: Rename frstor()	2021-06-23 18:16:33 +02:00
mm	x86/fault: Fix wrong signal when vsyscall fails with pkey	2021-09-20 22:28:47 +02:00
net	bpf, x86: Fix bpf mapping of atomic fetch implementation	2021-09-28 12:10:29 +02:00
pci	xen: branch for v5.15-rc5	2021-10-08 12:55:23 -07:00
platform	- A FPU fix to properly handle invalid MXCSR values: 32-bit masks them	2021-10-10 10:00:51 -07:00
power	x86/power: Fix kernel-doc warnings in cpu.c	2021-08-12 10:15:40 +02:00
purgatory	kernel.h: split out panic and oops helpers	2021-07-01 11:06:04 -07:00
ras
realmode	memblock: make memblock_find_in_range method private	2021-09-03 09:58:17 -07:00
tools	- Remove cc-option checks which are old and already supported by the	2021-08-30 13:27:16 -07:00
um	um: fix stub location calculation	2021-08-26 22:28:03 +02:00
video
xen	xen/x86: adjust data placement	2021-10-05 08:36:19 +02:00
.gitignore
Kbuild
Kconfig	x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically	2021-10-11 19:14:22 +02:00
Kconfig.assembler
Kconfig.cpu
Kconfig.debug	tracing: Refactor TRACE_IRQFLAGS_SUPPORT in Kconfig	2021-08-16 11:37:21 -04:00
Makefile	Kbuild updates for v5.15	2021-09-03 15:33:47 -07:00
Makefile_32.cpu	x86/build: Do not add -falign flags unconditionally for clang	2021-09-19 10:35:53 +09:00
Makefile.um	um: allow not setting extra rpaths in the linux binary	2021-06-17 21:54:15 +02:00