From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: linux-sgx@vger.kernel.org
Subject: Re: [PATCH] x86/sgx: Return 0 when !CONFIG_INTEL_SGX_DRIVER
Date: Mon, 12 Aug 2019 18:22:27 -0700 [thread overview]
Message-ID: <20190813012227.GJ4996@linux.intel.com> (raw)
In-Reply-To: <20190802193321.llx4dcqhslh46toy@linux.intel.com>
On Fri, Aug 02, 2019 at 10:33:38PM +0300, Jarkko Sakkinen wrote:
> On Thu, Aug 01, 2019 at 09:29:31AM -0700, Sean Christopherson wrote:
> > On Thu, Aug 01, 2019 at 07:22:19PM +0300, Jarkko Sakkinen wrote:
> > > On Mon, Jul 15, 2019 at 06:59:03AM -0700, Sean Christopherson wrote:
> > > > On Sun, Jul 14, 2019 at 05:32:12PM +0300, Jarkko Sakkinen wrote:
> > > > > When the config option is not enabled the initialization is always
> > > > > succesful.
> > > >
> > > > Why would the be initialization be considered successful? It's dead code
> > > > and memory consumption if the driver can't load. When KVM support gets
> > > > added, the initialization can be considered successful if the driver *or*
> > > > virtual EPC are enabled and load cleanly.
> > >
> > > When a config option disabled means it that the functionality does not
> > > exist at all, which means that there is nothing to fail. That is why it
> > > would be actually better to flag the whole call than the way it is done
> > > in this patch.
> >
> > Regardless of how it's done, the core SGX management shouldn't consume
> > resources if it doesn't have downstream consumers. Making INTEL_SGX
> > depend on INTEL_SGX_DRIVER is the obvious alternative.
>
> Is there a specific blocker that prevents using SGX just with KVM when
> the latter option is disabled?
Nope, KVM does not have any dependencies on the native driver. But if
sgx_drv_init() returns 0 when CONFIG_INTEL_SGX_DRIVER=n, then sgx_init()
won't handle KVM failure correctly since it will think the native driver
initialized cleanly. E.g. with both KVM and driver in play, I was
thinking of something like this in sgx_init():
/* Success if the native *or* virtual driver initialized cleanly. */
ret = sgx_drv_init();
ret = sgx_virt_epc_init() ? ret : 0;
if (ret)
goto err;
return 0;
If sgx_drv_init() returns 0 when CONFIG_INTEL_SGX_DRIVER=n, then failure
in sgx_virt_epc_init() is ignored and we end up with the SGX subsystem
wasting resources again.
next prev parent reply other threads:[~2019-08-13 1:22 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-14 14:32 [PATCH] x86/sgx: Return 0 when !CONFIG_INTEL_SGX_DRIVER Jarkko Sakkinen
2019-07-15 9:29 ` Jarkko Sakkinen
2019-07-15 13:59 ` Sean Christopherson
2019-08-01 16:22 ` Jarkko Sakkinen
2019-08-01 16:29 ` Sean Christopherson
2019-08-02 19:33 ` Jarkko Sakkinen
2019-08-13 1:22 ` Sean Christopherson [this message]
2019-08-15 21:56 ` Jarkko Sakkinen
2019-08-21 17:24 ` Sean Christopherson
2019-08-22 0:29 ` Jarkko Sakkinen
2019-08-22 0:31 ` Sean Christopherson
2019-08-22 14:42 ` Jarkko Sakkinen
2019-08-22 1:26 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190813012227.GJ4996@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=linux-sgx@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.