Linux-man Archive on lore.kernel.org
 help / color / Atom feed
From: Jarkko Sakkinen <jarkko@kernel.org>
To: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Cc: linux-man <linux-man@vger.kernel.org>,
	linux-sgx@vger.kernel.org,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
	<x86@kernel.org>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] sgx.7: New page with overview of Software Guard eXtensions (SGX)
Date: Fri, 4 Dec 2020 03:55:03 +0200
Message-ID: <20201204015503.GA146985@kernel.org> (raw)
In-Reply-To: <20201202171742.GA91954@kernel.org>

On Wed, Dec 02, 2020 at 07:17:42PM +0200, Jarkko Sakkinen wrote:
> On Wed, Dec 02, 2020 at 11:37:01AM +0100, Michael Kerrisk (man-pages) wrote:
> > Hi Jarkko,
> > 
> > Thanks for the page. I'll have some more comments later, most likely.
> > But to begin with, are there any other manual pages that should be
> > listed in a SEE ALSO section for this manual page, and are there any
> > pages in man-pages that you think should refer to this page in their
> > SEE ALSO sections?
> 
> Thanks for quick response.
> 
> SGX does not declare any syscalls but it does have an ioctl API and
> a vDSO.
> 
> I think one thing that the man page is missing is SIGSEGV handling.
> When user space directly invokes ENCLU[EENTER], then the exceptions
> inside are recognized through SIGSEV. This should be probably added,
> and then "SEE ALSO" should point out to sigaction().

Obviously I need to have references to mmap() and mprotect() too.

Ignoring everything else related to this feature and simplify the
concept, in SGX you build an enclave yet to be mapped memory, then
mmap() it and possibly mprotect() it. When you build an enclave, you
assign permissions to each page, and there's an invariant in the kernel
implementation that mmap/mprotect() permissions are not allowed to
surpass the intended permissions. The implementation is multi-process
by nature, i.e. one process can build an enclave and other process can
just map it (e.g. getting fd through fork or SCM_RIGHTS).

Hmm... that would be a good paragraph for my man page (with editing of
course) before any other details, when describing enclave construction
:-)

/Jarkko

  reply index

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-02  7:15 Jarkko Sakkinen
2020-12-02 10:37 ` Michael Kerrisk (man-pages)
2020-12-02 17:17   ` Jarkko Sakkinen
2020-12-04  1:55     ` Jarkko Sakkinen [this message]
2020-12-02 11:50 ` Alejandro Colomar (mailing lists; readonly)
2020-12-02 12:05   ` Michael Kerrisk (man-pages)
2020-12-02 14:20   ` Michael Kerrisk (man-pages)
2020-12-02 14:45     ` Alejandro Colomar (man-pages)
2020-12-02 14:47       ` Michael Kerrisk (man-pages)
2020-12-18 10:24         ` Alejandro Colomar (man-pages)
2020-12-18 12:51           ` Jarkko Sakkinen
2020-12-02 17:27     ` Jarkko Sakkinen
2020-12-02 17:21   ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201204015503.GA146985@kernel.org \
    --to=jarkko@kernel.org \
    --cc=dave.hansen@linux.intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-man@vger.kernel.org \
    --cc=linux-sgx@vger.kernel.org \
    --cc=mtk.manpages@gmail.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-man Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-man/0 linux-man/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-man linux-man/ https://lore.kernel.org/linux-man \
		linux-man@vger.kernel.org
	public-inbox-index linux-man

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-man


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git