Kernel: Intel SGX, Swapfile Problem, and Security Fixes
Intel Sends Out KVM SGX Virtualization Patches For Linux - Phoronix
Intel SGX support finally landed in Linux 5.11 after going through 40+ rounds of review that took years for bringing up Software Guard Extensions in the mainline kernel. But that trek isn't yet over as Intel is now working on KVM SGX virtualization support to be upstreamed.
Intel earlier sent out a "request for comments" on KVM SGX virtualization support while on Monday they sent out the first formal (non-RFC) patch series with this support for handling Software Guard Extensions in the context of KVM virtualization. Basically this allows for a portion of the system memory to be encrypted with an SGX enclave exclusively for a KVM guest virtual machine that can't be accessed outside of the secure enclave. Separate from SGX enclaves, Intel also has coming out with future CPUs the Total Memory Encryption (TME) feature. AMD meanwhile has been working on Secure Encrypted Virtualization (SEV) with Secure Memory Encryption (SME) as their EPYC approach for securing guest VM memory from other VMs or the host.
Linux 5.12 Lands Fix For File-System Corruption Caused By Swapfile Issue - Phoronix
For those wanting to help in testing out the Linux 5.12 kernel, at least it should no longer eat your data now if you rely on a swapfile.
The file-system corruption issue on Linux 5.12 Git noted last week and then followed up on yesterday when the corruption hit Intel's graphics CI systems and narrowed down to a set of swap-related changes, has now been resolved with today's latest Git code.
[...]
With that fix now in, we can get back to looking at Linux 5.12 performance changes and other more interesting testing than worrying about data loss.
High severity Linux network security holes found, fixed | ZDNet
Young and rising Linux security developer Alexander Popov of Russia's Positive Technologies discovered and fixed a set of five security holes in the Linux kernel's virtual socket implementation. An attacker could use these vulnerabilities (CVE-2021-26708) to gain root access and knock out servers in a Denial of Service (DoS) attack.
