From: Paolo Bonzini <pbonzini@redhat.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: bp@suse.de, seanjc@google.com, dave.hansen@linux.intel.com,
jarkko@kernel.org, yang.zhong@intel.com, x86@kernel.org
Subject: [PATCH v4 0/2] x86: sgx_vepc: implement ioctl to EREMOVE all pages
Date: Thu, 21 Oct 2021 16:11:53 -0400 [thread overview]
Message-ID: <20211021201155.1523989-1-pbonzini@redhat.com> (raw)
Add to /dev/sgx_vepc a ioctl that brings vEPC pages back to uninitialized
state with EREMOVE. This is useful in order to match the expectations
of guests after reboot, and to match the behavior of real hardware.
The ioctl is a cleaner alternative to closing and reopening the
/dev/sgx_vepc device; reopening /dev/sgx_vepc could be problematic in
case userspace has sandboxed itself since the time it first opened the
device, and has thus lost permissions to do so.
If possible, I would like these patches to be included in 5.15 through
either the x86 or the KVM tree.
Thanks,
Paolo
Changes from RFC:
- improved commit messages, added documentation
- renamed ioctl from SGX_IOC_VEPC_REMOVE to SGX_IOC_VEPC_REMOVE_ALL
Change from v1:
- fixed documentation and code to cover SGX_ENCLAVE_ACT errors
- removed Tested-by since the code is quite different now
Changes from v2:
- return EBUSY also if EREMOVE causes a general protection fault
Changes from v3:
- keep the warning if EREMOVE causes a #PF (or any other fault
than a general protection fault)
Paolo Bonzini (2):
x86: sgx_vepc: extract sgx_vepc_remove_page
x86: sgx_vepc: implement SGX_IOC_VEPC_REMOVE_ALL ioctl
Documentation/x86/sgx.rst | 35 +++++++++++++++++++++
arch/x86/include/uapi/asm/sgx.h | 2 ++
arch/x86/kernel/cpu/sgx/virt.c | 63 ++++++++++++++++++++++++++++++---
3 files changed, 95 insertions(+), 5 deletions(-)
--
2.27.0
next reply other threads:[~2021-10-21 20:12 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-21 20:11 Paolo Bonzini [this message]
2021-10-21 20:11 ` [PATCH v4 1/2] x86: sgx_vepc: extract sgx_vepc_remove_page Paolo Bonzini
2021-10-22 17:58 ` [tip: x86/sgx] x86/sgx/virt: " tip-bot2 for Paolo Bonzini
2021-10-21 20:11 ` [PATCH v4 2/2] x86: sgx_vepc: implement SGX_IOC_VEPC_REMOVE ioctl Paolo Bonzini
2021-10-22 0:07 ` Sean Christopherson
2021-10-22 17:58 ` [tip: x86/sgx] x86/sgx/virt: " tip-bot2 for Paolo Bonzini
2021-10-22 6:25 ` [PATCH v4 0/2] x86: sgx_vepc: implement ioctl to EREMOVE all pages Yang Zhong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211021201155.1523989-1-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=bp@suse.de \
--cc=dave.hansen@linux.intel.com \
--cc=jarkko@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=seanjc@google.com \
--cc=x86@kernel.org \
--cc=yang.zhong@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.