On Sat, Oct 16, 2021 at 03:14:32AM -0400, Paolo Bonzini wrote:
> Add to /dev/sgx_vepc a ioctl that brings vEPC pages back to uninitialized
> state with EREMOVE. This is useful in order to match the expectations
> of guests after reboot, and to match the behavior of real hardware.
>
> The ioctl is a cleaner alternative to closing and reopening the
> /dev/sgx_vepc device; reopening /dev/sgx_vepc could be problematic in
> case userspace has sandboxed itself since the time it first opened the
> device, and has thus lost permissions to do so.
>
> If possible, I would like these patches to be included in 5.15 through
> either the x86 or the KVM tree.
>
> Thanks,
>
> Paolo
>
> Changes from RFC:
> - improved commit messages, added documentation
> - renamed ioctl from SGX_IOC_VEPC_REMOVE to SGX_IOC_VEPC_REMOVE_ALL
>
> Change from v1:
> - fixed documentation and code to cover SGX_ENCLAVE_ACT errors
> - removed Tested-by since the code is quite different now
>
> Changes from v2:
> - return EBUSY also if EREMOVE causes a general protection fault
>
> Paolo Bonzini (2):
> x86: sgx_vepc: extract sgx_vepc_remove_page
> x86: sgx_vepc: implement SGX_IOC_VEPC_REMOVE_ALL ioctl
>
> Documentation/x86/sgx.rst | 35 +++++++++++++++++++++
> arch/x86/include/uapi/asm/sgx.h | 2 ++
> arch/x86/kernel/cpu/sgx/virt.c | 63 ++++++++++++++++++++++++++++++---
> 3 files changed, 95 insertions(+), 5 deletions(-)
Sean,
are you happy with that version now?
Thx.
--
Regards/Gruss,
Boris.
SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer, HRB 36809, AG Nürnberg
