Merge tag 'x86_sgx_for_6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull Intel software guard extension (SGX) updates from Dave Hansen:
"A couple of x86/sgx changes.

The first one is a no-brainer to use the (simple) SHA-256 library.

For the second one, some folks doing testing noticed that SGX systems
under memory pressure were inducing fatal machine checks at pretty
unnerving rates, despite the SGX code having _some_ awareness of
memory poison.

It turns out that the SGX reclaim path was not checking for poison
_and_ it always accesses memory to copy it around. Make sure that
poisoned pages are not reclaimed"

* tag 'x86_sgx_for_6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/sgx: Prevent attempts to reclaim poisoned pages
x86/sgx: Use SHA-256 library API instead of crypto_shash API

Linus Torvalds 1 year ago bbd9c366 b78f1293

+5 -31

4 changed files

expand all

arch

x86

Kconfig

kernel

cpu

sgx

driver.h

ioctl.c

main.c

+1 -2

arch/x86/Kconfig

··· 1858 1858 config X86_SGX 1859 1859 bool "Software Guard eXtensions (SGX)" 1860 1860 depends on X86_64 && CPU_SUP_INTEL && X86_X2APIC 1861 - depends on CRYPTO=y 1862 - depends on CRYPTO_SHA256=y 1861 + select CRYPTO_LIB_SHA256 1863 1862 select MMU_NOTIFIER 1864 1863 select NUMA_KEEP_MEMINFO if NUMA 1865 1864 select XARRAY_MULTI

-1

arch/x86/kernel/cpu/sgx/driver.h

··· 2 2 #ifndef __ARCH_SGX_DRIVER_H__ 3 3 #define __ARCH_SGX_DRIVER_H__ 4 4 5 - #include <crypto/hash.h> 6 5 #include <linux/kref.h> 7 6 #include <linux/mmu_notifier.h> 8 7 #include <linux/radix-tree.h>

+2 -28

arch/x86/kernel/cpu/sgx/ioctl.c

··· 3 3 4 4 #include <asm/mman.h> 5 5 #include <asm/sgx.h> 6 + #include <crypto/sha2.h> 6 7 #include <linux/mman.h> 7 8 #include <linux/delay.h> 8 9 #include <linux/file.h> ··· 464 463 return ret; 465 464 } 466 465 467 - static int __sgx_get_key_hash(struct crypto_shash *tfm, const void *modulus, 468 - void *hash) 469 - { 470 - SHASH_DESC_ON_STACK(shash, tfm); 471 - 472 - shash->tfm = tfm; 473 - 474 - return crypto_shash_digest(shash, modulus, SGX_MODULUS_SIZE, hash); 475 - } 476 - 477 - static int sgx_get_key_hash(const void *modulus, void *hash) 478 - { 479 - struct crypto_shash *tfm; 480 - int ret; 481 - 482 - tfm = crypto_alloc_shash("sha256", 0, CRYPTO_ALG_ASYNC); 483 - if (IS_ERR(tfm)) 484 - return PTR_ERR(tfm); 485 - 486 - ret = __sgx_get_key_hash(tfm, modulus, hash); 487 - 488 - crypto_free_shash(tfm); 489 - return ret; 490 - } 491 - 492 466 static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, 493 467 void *token) 494 468 { ··· 499 523 sgx_xfrm_reserved_mask) 500 524 return -EINVAL; 501 525 502 - ret = sgx_get_key_hash(sigstruct->modulus, mrsigner); 503 - if (ret) 504 - return ret; 526 + sha256(sigstruct->modulus, SGX_MODULUS_SIZE, (u8 *)mrsigner); 505 527 506 528 mutex_lock(&encl->lock); 507 529

arch/x86/kernel/cpu/sgx/main.c

··· 720 720 goto out; 721 721 } 722 722 723 + sgx_unmark_page_reclaimable(page); 724 + 723 725 /* 724 726 * TBD: Add additional plumbing to enable pre-emptive 725 727 * action for asynchronous poison notification. Until

Configure Feed

Configure Feed