From: Sean Christopherson <sean.j.christopherson@intel.com>
To: "Dr. Greg" <greg@enjellic.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
linux-sgx@vger.kernel.org, akpm@linux-foundation.org,
dave.hansen@intel.com, nhorman@redhat.com, npmccallum@redhat.com,
haitao.huang@intel.com, andriy.shevchenko@linux.intel.com,
tglx@linutronix.de, kai.svahn@intel.com, bp@alien8.de,
josh@joshtriplett.org, luto@kernel.org, kai.huang@intel.com,
rientjes@google.com, cedric.xing@intel.com,
puiterwijk@redhat.com
Subject: Re: [PATCH v27 00/22] Intel SGX foundations
Date: Mon, 24 Feb 2020 13:13:17 -0800 [thread overview]
Message-ID: <20200224211317.GJ29865@linux.intel.com> (raw)
In-Reply-To: <20200224100932.GA15526@wind.enjellic.com>
On Mon, Feb 24, 2020 at 04:09:32AM -0600, Dr. Greg wrote:
> On Sun, Feb 23, 2020 at 07:25:37PM +0200, Jarkko Sakkinen wrote:
>
> Good morning, I hope the week is starting well for everyone.
>
> > Intel(R) SGX is a set of CPU instructions that can be used by
> > applications to set aside private regions of code and data. The code
> > outside the enclave is disallowed to access the memory inside the
> > enclave by the CPU access control.
>
> Do we misinterpret or is the driver not capable of being built in
> modular form?
Correct.
> If not, it would appear that this functionality has been lost since
> version 19 of the driver, admittedly some time ago.
It was removed in v20[*].
> > v19:
> >
> > ... [ deleted ] ...
> >
> > * Allow the driver to be compiled as a module now that it no code is using
> > its routines and it only uses exported symbols. Now the driver is
> > essentially just a thin ioctl layer.
>
> Not having the driver available in modular form obviously makes work
> on the driver a bit more cumbersome.
Heh, depends on your development environment, e.g. I do 99% of my testing
in a VM with a very minimal kernel that even an anemic system can
incrementally build in a handful of seconds.
> I'm assuming that the lack of module support is secondary to some
> innate architectural issues with the driver?
As of today, the only part of the driver that can be extracted into a
module is effectively the ioctl() handlers, i.e. a module would just be an
ioctl() wrapper around a bunch of in-kernel functionality. At that point,
building the "driver" as a module doesn't provide any novel benefit, e.g.
very little memory footprint savings, reloading the module wouldn't "fix"
any bugs with EPC management, SGX can still be forcefully disabled via
kernel parameter, etc... And on the flip side, allowing it to be a module
would require exporting a non-trivial number of APIs that really shouldn't
be exposed outside of the SGX subsystem.
As for why things are baked into the kernel:
- EPC management: support for future enhancements (KVM and EPC cgroup).
- Reclaim: don't add a unnecessary infrastructure, i.e. avoid a callback
mechanism for which there is a single implementation.
- Tracking of LEPUBKEYHASH MSRs: KVM support.
[*] https://lkml.kernel.org/r/20190401225717.GA13450@linux.intel.com
next prev parent reply other threads:[~2020-02-24 21:13 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-23 17:25 [PATCH v27 00/22] Intel SGX foundations Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 01/22] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 02/22] x86/cpufeatures: x86/msr: Intel SGX Launch Control " Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 03/22] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 04/22] x86/sgx: Add SGX microarchitectural data structures Jarkko Sakkinen
2020-03-03 0:39 ` Sean Christopherson
2020-03-03 20:14 ` Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 05/22] x86/sgx: Add wrappers for ENCLS leaf functions Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 06/22] x86/cpu/intel: Detect SGX supprt Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 07/22] x86/sgx: Enumerate and track EPC sections Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 08/22] x86/sgx: Add functions to allocate and free EPC pages Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 09/22] mm: Introduce vm_ops->may_mprotect() Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 10/22] x86/sgx: Linux Enclave Driver Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 11/22] selftests/x86: Recurse into subdirectories Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 12/22] selftests/x86: Add a selftest for SGX Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 13/22] x86/sgx: Add provisioning Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 14/22] x86/sgx: Add a page reclaimer Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 15/22] x86/sgx: ptrace() support for the SGX driver Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 16/22] x86/vdso: Add support for exception fixup in vDSO functions Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 17/22] x86/fault: Add helper function to sanitize error code Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 18/22] x86/traps: Attempt to fixup exceptions in vDSO before signaling Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 19/22] x86/vdso: Add __vdso_sgx_enter_enclave() to wrap SGX enclave transitions Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 20/22] selftests/x86: Add vDSO selftest for SGX Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 21/22] x86/sgx: Update MAINTAINERS Jarkko Sakkinen
2020-02-23 17:25 ` [PATCH v27 22/22] docs: x86/sgx: Document SGX micro architecture and kernel internals Jarkko Sakkinen
2020-02-24 10:09 ` [PATCH v27 00/22] Intel SGX foundations Dr. Greg
2020-02-24 21:13 ` Sean Christopherson [this message]
2020-02-28 22:02 ` Dr. Greg
2020-02-28 22:19 ` Nathaniel McCallum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200224211317.GJ29865@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=dave.hansen@intel.com \
--cc=greg@enjellic.com \
--cc=haitao.huang@intel.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=josh@joshtriplett.org \
--cc=kai.huang@intel.com \
--cc=kai.svahn@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=luto@kernel.org \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=puiterwijk@redhat.com \
--cc=rientjes@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).