From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Andy Lutomirski <luto@kernel.org>
Cc: Jethro Beekman <jethro@fortanix.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"x86@kernel.org" <x86@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
Josh Triplett <josh@joshtriplett.org>,
Haitao Huang <haitao.huang@linux.intel.com>,
"Dr . Greg Wettstein" <greg@enjellic.com>
Subject: Re: x86/sgx: uapi change proposal
Date: Fri, 21 Dec 2018 10:24:54 -0800 [thread overview]
Message-ID: <20181221182454.GA27371@linux.intel.com> (raw)
In-Reply-To: <CALCETrX+KisMCbptrnPSO79-YF4E3nR1XHt+a7hCs1GXsxAbtw@mail.gmail.com>
On Fri, Dec 21, 2018 at 09:12:46AM -0800, Andy Lutomirski wrote:
> > On Dec 21, 2018, at 9:28 AM, Sean Christopherson <sean.j.christopherson@intel.com> wrote:
> >
> > On Wed, Dec 19, 2018 at 06:58:48PM -0800, Andy Lutomirski wrote:
> >>> On Dec 19, 2018, at 6:45 AM, Sean Christopherson <sean.j.christopherson@intel.com> wrote:
> >>>
> >>>>> On Wed, Dec 19, 2018 at 09:36:16AM +0000, Jethro Beekman wrote:
> >>>
> >>> I agree with Jethro, passing the enclave_fd as a param is obnoxious.
> >>> And it means the user needs to open /dev/sgx to do anything with an
> >>> enclave fd, e.g. the enclave fd might be passed to a builder thread,
> >>> it shouldn't also need the device fd.
> >>>
> >>> E.g.:
> >>>
> >>> sgx_fd = open("/dev/sgx", O_RDWR);
> >>> BUG_ON(sgx_fd < 0);
> >>>
> >>> enclave_fd = ioctl(sgx_fd, SGX_ENCLAVE_CREATE, &ecreate);
> >>> BUG_ON(enclave_fd < 0);
> >>>
> >>> ret = ioctl(enclave_fd, SGX_ENCLAVE_ADD_PAGE, &eadd);
> >>> BUG_ON(ret);
> >>>
> >>> ...
> >>>
> >>> ret = ioctl(enclave_fd, SGX_ENCLAVE_INIT, &einit);
> >>> BUG_ON(ret);
> >>>
> >>> ...
> >>>
> >>> close(enclave_fd);
> >>> close(sgx_fd);
> >>>
> >>>
> >>> Take a look at virt/kvm/kvm_main.c to see how KVM manages anon inodes
> >>> and ioctls for VMs and vCPUs.
> >>
> >> Can one of you explain why SGX_ENCLAVE_CREATE is better than just
> >> opening a new instance of /dev/sgx for each encalve?
> >
> > Directly associating /dev/sgx with an enclave means /dev/sgx can't be
> > used to provide ioctl()'s for other SGX-related needs, e.g. to mmap()
> > raw EPC and expose it a VM. Proposed layout in the link below. I'll
> > also respond to Jarkko's question about exposing EPC through /dev/sgx
> > instead of having KVM allocate it on behalf of the VM.
>
> Hmm. I guess this makes some sense. My instinct would be to do it a
> little differently and have:
>
> /dev/sgx/enclave: Each instance is an enclave.
>
> /dev/sgx/epc: Used to get raw EPC for KVM. Might have different
> permissions, perhaps 0660 and group kvm.
>
> /dev/sgx/something_else: For when SGX v3 adds something else :)
Mmmm, I like this approach a lot. It would allow userspace to easily
manage permissions for each "feature", e.g. give all users access to
/dev/sgx/epc but restrict /dev/sgx/enclave.
And we could add e.g. /dev/sgx/admin if we wanted to exposed ioctls()
that apply to all aspects of SGX.
Do you know if /dev/sgx/epc could be dynamically created, e.g. by
KVM when the kvm_intel module is loaded? That would seal the deal for
me as it'd keep open the option of having KVM handle oversubscription
of guest EPC while exposing EPC through /dev/sgx instead of /dev/kvm.
next prev parent reply other threads:[~2018-12-21 18:24 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-14 21:57 [RFC PATCH v5 0/5] x86: Add vDSO exception fixup for SGX Sean Christopherson
2018-12-14 21:57 ` [RFC PATCH v5 1/5] x86/vdso: Add support for exception fixup in vDSO functions Sean Christopherson
2018-12-14 21:57 ` [RFC PATCH v5 2/5] x86/fault: Add helper function to sanitize error code Sean Christopherson
2018-12-14 21:57 ` [RFC PATCH v5 3/5] x86/fault: Attempt to fixup unhandled #PF on ENCLU before signaling Sean Christopherson
2018-12-14 21:57 ` [RFC PATCH v5 4/5] x86/traps: Attempt to fixup exceptions in vDSO " Sean Christopherson
2018-12-14 21:57 ` [RFC PATCH v5 5/5] x86/vdso: Add __vdso_sgx_enter_enclave() to wrap SGX enclave transitions Sean Christopherson
2018-12-19 9:21 ` Jarkko Sakkinen
2018-12-18 4:18 ` [RFC PATCH v5 0/5] x86: Add vDSO exception fixup for SGX Jarkko Sakkinen
2018-12-18 15:08 ` Sean Christopherson
2018-12-19 4:43 ` Jarkko Sakkinen
2018-12-19 5:03 ` Jarkko Sakkinen
2018-12-19 7:58 ` x86/sgx: uapi change proposal Jarkko Sakkinen
2018-12-19 8:41 ` Jethro Beekman
2018-12-19 9:11 ` Jarkko Sakkinen
2018-12-19 9:36 ` Jethro Beekman
2018-12-19 10:43 ` Jarkko Sakkinen
2018-12-19 14:45 ` Sean Christopherson
2018-12-20 2:58 ` Andy Lutomirski
2018-12-20 10:32 ` Jarkko Sakkinen
2018-12-20 13:12 ` Jarkko Sakkinen
2018-12-20 13:19 ` Jarkko Sakkinen
2018-12-22 8:16 ` Jarkko Sakkinen
[not found] ` <20181222082502.GA13275@linux.intel.com>
2018-12-23 12:52 ` Jarkko Sakkinen
2018-12-23 20:42 ` Andy Lutomirski
2018-12-24 11:52 ` Jarkko Sakkinen
2019-01-02 20:47 ` Sean Christopherson
2019-01-03 15:02 ` Jarkko Sakkinen
[not found] ` <20190103162634.GA8610@linux.intel.com>
2019-01-09 14:45 ` Jarkko Sakkinen
2018-12-21 16:28 ` Sean Christopherson
2018-12-21 17:12 ` Andy Lutomirski
2018-12-21 18:24 ` Sean Christopherson [this message]
2018-12-21 23:41 ` Jarkko Sakkinen
2018-12-23 20:41 ` Andy Lutomirski
2018-12-24 12:01 ` Jarkko Sakkinen
2018-12-21 23:37 ` Jarkko Sakkinen
2018-12-22 6:32 ` Jarkko Sakkinen
2019-01-08 19:27 ` Huang, Kai
2019-01-08 22:09 ` Sean Christopherson
2019-01-08 22:54 ` Andy Lutomirski
2019-01-09 16:31 ` Sean Christopherson
2019-01-10 21:34 ` Andy Lutomirski
2019-01-10 22:22 ` Huang, Kai
2019-01-10 23:54 ` Sean Christopherson
2019-01-11 0:30 ` Andy Lutomirski
2019-01-11 1:32 ` Sean Christopherson
2019-01-11 12:58 ` Jarkko Sakkinen
2019-01-11 13:00 ` Jarkko Sakkinen
2019-01-11 23:19 ` Sean Christopherson
2019-01-18 14:37 ` Jarkko Sakkinen
2019-01-10 17:45 ` Jarkko Sakkinen
2019-01-10 21:36 ` Andy Lutomirski
2019-01-11 16:07 ` Jarkko Sakkinen
2019-01-09 5:24 ` Huang, Kai
2019-01-09 17:16 ` Sean Christopherson
2019-01-10 0:21 ` Huang, Kai
2019-01-10 0:40 ` Sean Christopherson
2019-01-10 17:43 ` Jarkko Sakkinen
2018-12-20 10:30 ` Jarkko Sakkinen
2018-12-19 14:43 ` Dr. Greg
2018-12-20 10:34 ` Jarkko Sakkinen
2018-12-20 22:06 ` Dr. Greg
2018-12-21 13:48 ` Jarkko Sakkinen
2018-12-20 12:08 ` Arnd Bergmann
2018-12-20 12:49 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181221182454.GA27371@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=greg@enjellic.com \
--cc=haitao.huang@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jethro@fortanix.com \
--cc=josh@joshtriplett.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.