From: Borislav Petkov <bp@suse.de>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: x86-ml <x86@kernel.org>, lkml <linux-kernel@vger.kernel.org>
Subject: [GIT PULL] x86/SGX for v5.11
Date: Mon, 14 Dec 2020 12:42:00 +0100
Message-ID: <20201214114200.GD26358@zn.tnic> (raw)
Hi Linus,
please pull the Intel Software Guard eXtensions enablement. This has
been long in the making, we were one revision number short of 42. :)
Thx.
---
The following changes since commit 09162bc32c880a791c6c0668ce0745cf7958f576:
Linux 5.10-rc4 (2020-11-15 16:44:31 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_sgx_for_v5.11
for you to fetch changes up to a4b9c48b96517ff4780b22a784e7537eac5dc21b:
x86/sgx: Return -EINVAL on a zero length buffer in sgx_ioc_enclave_add_pages() (2020-12-03 19:54:40 +0100)
----------------------------------------------------------------
"Intel SGX is new hardware functionality that can be used by
applications to populate protected regions of user code and data called
enclaves. Once activated, the new hardware protects enclave code and
data from outside access and modification.
Enclaves provide a place to store secrets and process data with those
secrets. SGX has been used, for example, to decrypt video without
exposing the decryption keys to nosy debuggers that might be used to
subvert DRM. Software has generally been rewritten specifically to
run in enclaves, but there are also projects that try to run limited
unmodified software in enclaves."
Most of the functionality is concentrated into arch/x86/kernel/cpu/sgx/
except the addition of a new mprotect() hook to control enclave page
permissions and support for vDSO exceptions fixup which will is used by
SGX enclaves.
All this work by Sean Christopherson, Jarkko Sakkinen and many others.
----------------------------------------------------------------
Borislav Petkov (1):
x86/sgx: Fix sgx_ioc_enclave_provision() kernel-doc comment
Dave Hansen (1):
x86/sgx: Clarify 'laundry_list' locking
Jarkko Sakkinen (17):
x86/sgx: Add SGX architectural data structures
x86/sgx: Add wrappers for ENCLS functions
x86/cpu/intel: Add a nosgx kernel parameter
x86/sgx: Add SGX page allocator functions
x86/sgx: Add an SGX misc driver interface
x86/sgx: Add SGX_IOC_ENCLAVE_CREATE
x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES
x86/sgx: Add SGX_IOC_ENCLAVE_INIT
x86/sgx: Add SGX_IOC_ENCLAVE_PROVISION
selftests/x86: Add a selftest for SGX
x86/sgx: Add a page reclaimer
x86/sgx: Add ptrace() support for the SGX driver
Documentation/x86: Document SGX kernel architecture
x86/sgx: Update MAINTAINERS
selftests/sgx: Use a statically generated 3072-bit RSA key
x86/sgx: Return -ERESTARTSYS in sgx_ioc_enclave_add_pages()
x86/sgx: Return -EINVAL on a zero length buffer in sgx_ioc_enclave_add_pages()
Mauro Carvalho Chehab (1):
x86/sgx: Fix a typo in kernel-doc markup
Sean Christopherson (10):
x86/cpufeatures: Add Intel SGX hardware bits
x86/{cpufeatures,msr}: Add Intel SGX Launch Control hardware bits
x86/sgx: Initialize metadata for Enclave Page Cache (EPC) sections
x86/mm: Signal SIGSEGV with PF_SGX
x86/cpu/intel: Detect SGX support
mm: Add 'mprotect' hook to struct vm_operations_struct
x86/vdso: Add support for exception fixup in vDSO functions
x86/fault: Add a helper function to sanitize error code
x86/traps: Attempt to fixup exceptions in vDSO before signaling
x86/vdso: Implement a vDSO for Intel SGX enclave call
Documentation/admin-guide/kernel-parameters.txt | 2 +
Documentation/userspace-api/ioctl/ioctl-number.rst | 1 +
Documentation/x86/index.rst | 1 +
Documentation/x86/sgx.rst | 211 ++++++
MAINTAINERS | 13 +
arch/x86/Kconfig | 17 +
arch/x86/entry/vdso/Makefile | 8 +-
arch/x86/entry/vdso/extable.c | 46 ++
arch/x86/entry/vdso/extable.h | 28 +
arch/x86/entry/vdso/vdso-layout.lds.S | 9 +-
arch/x86/entry/vdso/vdso.lds.S | 1 +
arch/x86/entry/vdso/vdso2c.h | 50 +-
arch/x86/entry/vdso/vsgx.S | 151 +++++
arch/x86/include/asm/cpufeatures.h | 2 +
arch/x86/include/asm/disabled-features.h | 8 +-
arch/x86/include/asm/enclu.h | 9 +
arch/x86/include/asm/msr-index.h | 8 +
arch/x86/include/asm/trap_pf.h | 2 +
arch/x86/include/asm/vdso.h | 5 +
arch/x86/include/uapi/asm/sgx.h | 168 +++++
arch/x86/kernel/cpu/Makefile | 1 +
arch/x86/kernel/cpu/feat_ctl.c | 38 +-
arch/x86/kernel/cpu/sgx/Makefile | 5 +
arch/x86/kernel/cpu/sgx/arch.h | 338 ++++++++++
arch/x86/kernel/cpu/sgx/driver.c | 194 ++++++
arch/x86/kernel/cpu/sgx/driver.h | 29 +
arch/x86/kernel/cpu/sgx/encl.c | 740 +++++++++++++++++++++
arch/x86/kernel/cpu/sgx/encl.h | 119 ++++
arch/x86/kernel/cpu/sgx/encls.h | 231 +++++++
arch/x86/kernel/cpu/sgx/ioctl.c | 716 ++++++++++++++++++++
arch/x86/kernel/cpu/sgx/main.c | 733 ++++++++++++++++++++
arch/x86/kernel/cpu/sgx/sgx.h | 86 +++
arch/x86/kernel/traps.c | 10 +
arch/x86/mm/fault.c | 45 +-
include/linux/mm.h | 7 +
mm/mprotect.c | 7 +
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/sgx/.gitignore | 2 +
tools/testing/selftests/sgx/Makefile | 57 ++
tools/testing/selftests/sgx/call.S | 44 ++
tools/testing/selftests/sgx/defines.h | 21 +
tools/testing/selftests/sgx/load.c | 277 ++++++++
tools/testing/selftests/sgx/main.c | 246 +++++++
tools/testing/selftests/sgx/main.h | 41 ++
tools/testing/selftests/sgx/sign_key.S | 12 +
tools/testing/selftests/sgx/sign_key.pem | 39 ++
tools/testing/selftests/sgx/sigstruct.c | 381 +++++++++++
tools/testing/selftests/sgx/test_encl.c | 20 +
tools/testing/selftests/sgx/test_encl.lds | 40 ++
tools/testing/selftests/sgx/test_encl_bootstrap.S | 89 +++
50 files changed, 5290 insertions(+), 19 deletions(-)
create mode 100644 Documentation/x86/sgx.rst
create mode 100644 arch/x86/entry/vdso/extable.c
create mode 100644 arch/x86/entry/vdso/extable.h
create mode 100644 arch/x86/entry/vdso/vsgx.S
create mode 100644 arch/x86/include/asm/enclu.h
create mode 100644 arch/x86/include/uapi/asm/sgx.h
create mode 100644 arch/x86/kernel/cpu/sgx/Makefile
create mode 100644 arch/x86/kernel/cpu/sgx/arch.h
create mode 100644 arch/x86/kernel/cpu/sgx/driver.c
create mode 100644 arch/x86/kernel/cpu/sgx/driver.h
create mode 100644 arch/x86/kernel/cpu/sgx/encl.c
create mode 100644 arch/x86/kernel/cpu/sgx/encl.h
create mode 100644 arch/x86/kernel/cpu/sgx/encls.h
create mode 100644 arch/x86/kernel/cpu/sgx/ioctl.c
create mode 100644 arch/x86/kernel/cpu/sgx/main.c
create mode 100644 arch/x86/kernel/cpu/sgx/sgx.h
create mode 100644 tools/testing/selftests/sgx/.gitignore
create mode 100644 tools/testing/selftests/sgx/Makefile
create mode 100644 tools/testing/selftests/sgx/call.S
create mode 100644 tools/testing/selftests/sgx/defines.h
create mode 100644 tools/testing/selftests/sgx/load.c
create mode 100644 tools/testing/selftests/sgx/main.c
create mode 100644 tools/testing/selftests/sgx/main.h
create mode 100644 tools/testing/selftests/sgx/sign_key.S
create mode 100644 tools/testing/selftests/sgx/sign_key.pem
create mode 100644 tools/testing/selftests/sgx/sigstruct.c
create mode 100644 tools/testing/selftests/sgx/test_encl.c
create mode 100644 tools/testing/selftests/sgx/test_encl.lds
create mode 100644 tools/testing/selftests/sgx/test_encl_bootstrap.S
--
Regards/Gruss,
Boris.
SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer, HRB 36809, AG Nürnberg
next reply index
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-14 11:42 Borislav Petkov [this message]
2020-12-14 22:02 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201214114200.GD26358@zn.tnic \
--to=bp@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
LKML Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git
git clone --mirror https://lore.kernel.org/lkml/9 lkml/git/9.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
linux-kernel@vger.kernel.org
public-inbox-index lkml
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git