All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: "Huang, Kai" <kai.huang@intel.com>
Cc: "Christopherson, Sean J" <sean.j.christopherson@intel.com>,
	Andy Lutomirski <luto@kernel.org>,
	Jethro Beekman <jethro@fortanix.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	"x86@kernel.org" <x86@kernel.org>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Peter Zijlstra <peterz@infradead.org>,
	"H. Peter Anvin" <hpa@zytor.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
	Josh Triplett <josh@joshtriplett.org>,
	Haitao Huang <haitao.huang@linux.intel.com>,
	"Dr . Greg Wettstein" <greg@enjellic.com>
Subject: Re: x86/sgx: uapi change proposal
Date: Thu, 10 Jan 2019 19:43:33 +0200	[thread overview]
Message-ID: <20190110174333.GI6589@linux.intel.com> (raw)
In-Reply-To: <105F7BF4D0229846AF094488D65A0989355A45B6@PGSMSX112.gar.corp.intel.com>

On Tue, Jan 08, 2019 at 07:27:11PM +0000, Huang, Kai wrote:
> > >
> > > Can one of you explain why SGX_ENCLAVE_CREATE is better than just
> > > opening a new instance of /dev/sgx for each encalve?
> > 
> > Directly associating /dev/sgx with an enclave means /dev/sgx can't be used
> > to provide ioctl()'s for other SGX-related needs, e.g. to mmap() raw EPC and
> > expose it a VM.  Proposed layout in the link below.  I'll also respond to
> > Jarkko's question about exposing EPC through /dev/sgx instead of having
> > KVM allocate it on behalf of the VM.
> > 
> > https://lkml.kernel.org/r/20181218185349.GC30082@linux.intel.com
> 
> Hi Sean,
> 
> Sorry for replying to old email. But IMHO it is not a must that Qemu needs to open some /dev/sgx and allocate/mmap EPC for guest's virtual EPC slot, instead, KVM could create private slot, which is not visible to Qemu, for virtual EPC, and KVM could call core-SGX EPC allocation API directly.
> 
> I am not sure what's the good of allowing userspace to alloc/mmap a raw EPC region? Userspace is not allowed to touch EPC anyway, expect enclave code.
> 
> To me KVM creates private EPC slot is cleaner than exposing /dev/sgx/epc and allowing userspace to map some raw EPC region. 
> 
> Thanks,
> -Kai

Side-note: this particular use case does not necessarily be solved in
the first upstream patch set, does it? Just try to keep the patch set
as small as possible (still be a huge one).

/Jarkko

  parent reply	other threads:[~2019-01-10 17:43 UTC|newest]

Thread overview: 64+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-14 21:57 [RFC PATCH v5 0/5] x86: Add vDSO exception fixup for SGX Sean Christopherson
2018-12-14 21:57 ` [RFC PATCH v5 1/5] x86/vdso: Add support for exception fixup in vDSO functions Sean Christopherson
2018-12-14 21:57 ` [RFC PATCH v5 2/5] x86/fault: Add helper function to sanitize error code Sean Christopherson
2018-12-14 21:57 ` [RFC PATCH v5 3/5] x86/fault: Attempt to fixup unhandled #PF on ENCLU before signaling Sean Christopherson
2018-12-14 21:57 ` [RFC PATCH v5 4/5] x86/traps: Attempt to fixup exceptions in vDSO " Sean Christopherson
2018-12-14 21:57 ` [RFC PATCH v5 5/5] x86/vdso: Add __vdso_sgx_enter_enclave() to wrap SGX enclave transitions Sean Christopherson
2018-12-19  9:21   ` Jarkko Sakkinen
2018-12-18  4:18 ` [RFC PATCH v5 0/5] x86: Add vDSO exception fixup for SGX Jarkko Sakkinen
2018-12-18 15:08   ` Sean Christopherson
2018-12-19  4:43     ` Jarkko Sakkinen
2018-12-19  5:03       ` Jarkko Sakkinen
2018-12-19  7:58 ` x86/sgx: uapi change proposal Jarkko Sakkinen
2018-12-19  8:41   ` Jethro Beekman
2018-12-19  9:11     ` Jarkko Sakkinen
2018-12-19  9:36       ` Jethro Beekman
2018-12-19 10:43         ` Jarkko Sakkinen
2018-12-19 14:45         ` Sean Christopherson
2018-12-20  2:58           ` Andy Lutomirski
2018-12-20 10:32             ` Jarkko Sakkinen
2018-12-20 13:12               ` Jarkko Sakkinen
2018-12-20 13:19                 ` Jarkko Sakkinen
2018-12-22  8:16               ` Jarkko Sakkinen
     [not found]                 ` <20181222082502.GA13275@linux.intel.com>
2018-12-23 12:52                   ` Jarkko Sakkinen
2018-12-23 20:42                     ` Andy Lutomirski
2018-12-24 11:52                       ` Jarkko Sakkinen
2019-01-02 20:47                   ` Sean Christopherson
2019-01-03 15:02                     ` Jarkko Sakkinen
     [not found]                       ` <20190103162634.GA8610@linux.intel.com>
2019-01-09 14:45                         ` Jarkko Sakkinen
2018-12-21 16:28             ` Sean Christopherson
2018-12-21 17:12               ` Andy Lutomirski
2018-12-21 18:24                 ` Sean Christopherson
2018-12-21 23:41                   ` Jarkko Sakkinen
2018-12-23 20:41                   ` Andy Lutomirski
2018-12-24 12:01                     ` Jarkko Sakkinen
2018-12-21 23:37                 ` Jarkko Sakkinen
2018-12-22  6:32                 ` Jarkko Sakkinen
2019-01-08 19:27               ` Huang, Kai
2019-01-08 22:09                 ` Sean Christopherson
2019-01-08 22:54                   ` Andy Lutomirski
2019-01-09 16:31                     ` Sean Christopherson
2019-01-10 21:34                       ` Andy Lutomirski
2019-01-10 22:22                         ` Huang, Kai
2019-01-10 23:54                         ` Sean Christopherson
2019-01-11  0:30                           ` Andy Lutomirski
2019-01-11  1:32                             ` Sean Christopherson
2019-01-11 12:58                       ` Jarkko Sakkinen
2019-01-11 13:00                         ` Jarkko Sakkinen
2019-01-11 23:19                         ` Sean Christopherson
2019-01-18 14:37                           ` Jarkko Sakkinen
2019-01-10 17:45                     ` Jarkko Sakkinen
2019-01-10 21:36                       ` Andy Lutomirski
2019-01-11 16:07                         ` Jarkko Sakkinen
2019-01-09  5:24                   ` Huang, Kai
2019-01-09 17:16                     ` Sean Christopherson
2019-01-10  0:21                       ` Huang, Kai
2019-01-10  0:40                         ` Sean Christopherson
2019-01-10 17:43                 ` Jarkko Sakkinen [this message]
2018-12-20 10:30           ` Jarkko Sakkinen
2018-12-19 14:43     ` Dr. Greg
2018-12-20 10:34       ` Jarkko Sakkinen
2018-12-20 22:06         ` Dr. Greg
2018-12-21 13:48           ` Jarkko Sakkinen
2018-12-20 12:08     ` Arnd Bergmann
2018-12-20 12:49       ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190110174333.GI6589@linux.intel.com \
    --to=jarkko.sakkinen@linux.intel.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=greg@enjellic.com \
    --cc=haitao.huang@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=jethro@fortanix.com \
    --cc=josh@joshtriplett.org \
    --cc=kai.huang@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-sgx@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=sean.j.christopherson@intel.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.