From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932178AbdK0RH5 (ORCPT ); Mon, 27 Nov 2017 12:07:57 -0500 Received: from mga11.intel.com ([192.55.52.93]:56889 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753798AbdK0RHy (ORCPT ); Mon, 27 Nov 2017 12:07:54 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.44,465,1505804400"; d="scan'208";a="153719121" Message-ID: <1511802219.9392.44.camel@intel.com> Subject: Re: [PATCH v5 11/11] intel_sgx: driver documentation From: Sean Christopherson To: Jarkko Sakkinen , Thomas Gleixner Cc: Darren Hart , platform-driver-x86@vger.kernel.org, LKML , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, linux-doc@vger.kernel.org, Jonathan Corbet Date: Mon, 27 Nov 2017 09:03:39 -0800 In-Reply-To: <20171120230843.ozqhqhj5h3uuds3f@linux.intel.com> References: <20171113194528.28557-1-jarkko.sakkinen@linux.intel.com> <20171113194528.28557-12-jarkko.sakkinen@linux.intel.com> <20171117214310.GB25974@fury> <20171120230843.ozqhqhj5h3uuds3f@linux.intel.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2017-11-21 at 01:08 +0200, Jarkko Sakkinen wrote: > On Sat, Nov 18, 2017 at 12:34:33AM +0100, Thomas Gleixner wrote: > > > > This is architecural. From the cursory read of that series it seems there > > are two parts to it: > > > >   1) The actual core handling, which should be in arch/x86 because that > >      hardly qualifies as a 'platform' device driver. > > > >   2) The user space interface, which can be separated out perhaps. > > > > I don't know how intertwingled they are, but that's hard to tell from the > > actual patches w/o doing a deep inspection. Jarkko should be able to answer > > that. > > > > Thanks, > > > > tglx > Darren, tglx, > > You can leave user space device as separate module as sgx_ioctl.c merely > calls stuff that I have inside sgx_encl.c. VMA creation is bound to file > operations. > > My questions would be: > > 1. What is your recommendation on the deployment under arch/x86? > 2. Which parts should be compilable as a LKM? Only the user interface >    or both parts? > > /Jarkko To enable KVM and a cgroup for EPC accounting, at a minimum arch/x86 needs to manage the EPC pages (alloc/free/lrus/reclaim/etc...) and LE hash MSRs.  IMO, ideally everything else would be left in the device driver, e.g. anything involving ENCLS.  Keeping the majority of the driver out of arch/x86 minimizes the footprint in arch/x86 and thereby the size of KVM's dependency required to virtualize SGX, and allows the various SGX pieces, e.g. arch, driver and KVM, to evolve more independently. Preferably the arch/x86 code would not be a loadable module, e.g. to simplify KVM support. I have a branch based on Jarkko's patches (I believe it's up-to-date with v5) that implements what I described.  I'd be happy to send RFC patches if that would help. Branches for those interested: https://github.com/sean-jc/linux.git sgx/arch   - move core EPC to arch/x86 https://github.com/sean-jc/linux.git sgx/kvm    - KVM support for SGX https://github.com/sean-jc/linux.git sgx/lc     - KVM support for Launch Control https://github.com/sean-jc/linux.git sgx/cgroup - EPC cgroup branch relationships:     Jarkko's patches             |             |          sgx/arch         /        \      sgx/kvm    sgx/cgroup       /    sgx/lc