From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Jethro Beekman <kernel@jbeekman.nl>
Cc: gregkh@linuxfoundation.org,
"open list:STAGING SUBSYSTEM" <devel@driverdev.osuosl.org>,
"maintainer:X86 ARCHITECTURE 32-BIT AND 64-BIT" <x86@kernel.org>,
"open list:X86 ARCHITECTURE 32-BIT AND 64-BIT"
<linux-kernel@vger.kernel.org>, Ingo Molnar <mingo@redhat.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH 3/6] intel_sgx: driver for Intel Secure Guard eXtensions
Date: Wed, 27 Apr 2016 15:40:56 +0300 [thread overview]
Message-ID: <20160427124056.GA22003@intel.com> (raw)
In-Reply-To: <57206102.3050507@jbeekman.nl>
On Tue, Apr 26, 2016 at 11:49:38PM -0700, Jethro Beekman wrote:
> On 25-04-16 10:34, Jarkko Sakkinen wrote:
> > diff --git a/drivers/staging/intel_sgx/isgx_ioctl.c
> b/drivers/staging/intel_sgx/isgx_ioctl.c
> > new file mode 100644
> > index 0000000..9d8b36b
> > --- /dev/null
> > +++ b/drivers/staging/intel_sgx/isgx_ioctl.c
> >
> > +static long isgx_ioctl_enclave_create(struct file *filep, unsigned int cmd,
> > + unsigned long arg)
> >
> > + secs->base = vm_mmap(filep, 0, secs->size,
> > + PROT_READ | PROT_WRITE | PROT_EXEC,
> > + MAP_SHARED, 0);
>
> Why does the ioctl interface map userspace memory for an open device?
> There's already a perfectly good syscall for that: mmap.
You didn't explain what would be the value in doing this but after
thinking for a short while I found out two good reasons:
* The current API is ugly in a way that you can anyway call mmap
directly too and have a useless zombie enclave. This would make
the API less ambiguous.
* SGX_IOC_ENCLAVE_CREATE could be removed. SECS could be passed
through SGX_IOC_ENCLAVE_ADD_PAGE thus simplifying the API a lot.
Given these circumstances I think this does make sense.
> > diff --git a/drivers/staging/intel_sgx/isgx_user.h b/drivers/staging/intel_sgx/isgx_user.h
> > new file mode 100644
> > index 0000000..672d19c
> > --- /dev/null
> > +++ b/drivers/staging/intel_sgx/isgx_user.h
> >
> > +#define SGX_ADD_SKIP_EEXTEND 0x1
> > +
> > +struct sgx_add_param {
> > + unsigned long addr;
> > + unsigned long user_addr;
> > + struct isgx_secinfo *secinfo;
> > + unsigned int flags;
> > +};
>
> The hardware supports calling EEXTEND on only a part of a page, I think the
> driver should also support that.
Why would you want to do that?
> Jethro
/Jarkko
next prev parent reply other threads:[~2016-04-27 12:41 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-25 17:34 [PATCH 0/6] Intel Secure Guard Extensions Jarkko Sakkinen
2016-04-25 17:34 ` [PATCH 1/6] x86: add SGX definition to cpufeature Jarkko Sakkinen
2016-04-25 19:31 ` Andy Lutomirski
2016-04-25 19:48 ` Andi Kleen
2016-04-25 17:34 ` [PATCH 2/6] x86, sgx: common macros and definitions Jarkko Sakkinen
2016-04-25 17:34 ` [PATCH 3/6] intel_sgx: driver for Intel Secure Guard eXtensions Jarkko Sakkinen
2016-04-25 17:55 ` Greg KH
2016-04-25 19:04 ` Jarkko Sakkinen
2016-04-27 6:49 ` Jethro Beekman
2016-04-27 12:40 ` Jarkko Sakkinen [this message]
2016-04-27 23:32 ` Jethro Beekman
2016-04-29 20:04 ` Jarkko Sakkinen
2016-04-29 22:22 ` Jethro Beekman
2016-05-09 5:29 ` Jarkko Sakkinen
2016-05-09 7:06 ` Jarkko Sakkinen
2016-04-25 17:34 ` [PATCH 4/6] intel_sgx: ptrace() support for the driver Jarkko Sakkinen
2016-04-25 17:34 ` [PATCH 5/6] intel_sgx: driver documentation Jarkko Sakkinen
2016-04-25 20:01 ` Andy Lutomirski
2016-05-05 22:45 ` Jarkko Sakkinen
2016-05-06 0:52 ` Andy Lutomirski
2016-05-06 11:35 ` Jarkko Sakkinen
2016-05-06 16:24 ` Andy Lutomirski
2016-04-25 17:34 ` [PATCH 6/6] intel_sgx: TODO file for the staging area Jarkko Sakkinen
2016-04-25 17:54 ` Greg KH
2016-04-25 18:56 ` Jarkko Sakkinen
2016-04-25 19:06 ` One Thousand Gnomes
2016-04-25 20:01 ` Andi Kleen
2016-04-26 11:23 ` Jarkko Sakkinen
2016-04-27 6:38 ` Jethro Beekman
2016-05-17 9:38 ` Jarkko Sakkinen
2016-04-25 17:53 ` [PATCH 0/6] Intel Secure Guard Extensions Greg KH
2016-04-25 19:03 ` Jarkko Sakkinen
2016-04-25 19:20 ` Andy Lutomirski
2016-04-26 19:00 ` Pavel Machek
2016-04-26 19:05 ` Andy Lutomirski
2016-04-26 19:41 ` Pavel Machek
2016-04-26 19:56 ` Andy Lutomirski
2016-04-26 20:11 ` Pavel Machek
2016-04-26 20:59 ` One Thousand Gnomes
2016-04-26 21:52 ` Pavel Machek
2016-04-26 22:35 ` Andy Lutomirski
2016-04-26 22:33 ` Andy Lutomirski
2016-04-27 7:32 ` Pavel Machek
2016-04-27 8:18 ` Ingo Molnar
2016-04-27 14:05 ` Andy Lutomirski
2016-05-06 11:23 ` Jarkko Sakkinen
2016-05-06 16:21 ` Andy Lutomirski
2016-04-26 20:16 ` One Thousand Gnomes
2016-04-26 20:19 ` One Thousand Gnomes
2016-04-29 20:17 ` Jarkko Sakkinen
2016-05-01 9:40 ` Pavel Machek
2016-05-02 15:37 ` Austin S. Hemmelgarn
2016-05-03 9:06 ` Dr. Greg Wettstein
2016-05-03 15:38 ` Pavel Machek
2016-05-04 9:04 ` Dr. Greg Wettstein
2016-05-04 11:07 ` Pavel Machek
2016-05-06 11:39 ` Jarkko Sakkinen
2016-05-06 11:54 ` Thomas Gleixner
2016-05-09 5:38 ` Jarkko Sakkinen
2016-05-09 6:27 ` Thomas Gleixner
2016-05-09 9:20 ` Jarkko Sakkinen
2016-05-12 8:50 ` Dr. Greg Wettstein
2016-05-09 7:04 ` Greg KH
2016-05-09 9:13 ` Jarkko Sakkinen
2016-05-08 9:58 ` Dr. Greg Wettstein
2016-05-09 1:32 ` Andy Lutomirski
2016-05-13 9:42 ` Dr. Greg Wettstein
2016-05-13 14:09 ` Andy Lutomirski
2016-05-05 22:52 ` Jarkko Sakkinen
2016-05-06 7:14 ` Pavel Machek
2016-05-06 11:27 ` Jarkko Sakkinen
2016-04-29 22:08 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160427124056.GA22003@intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=kernel@jbeekman.nl \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.