Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3202964imu;
        Mon, 17 Dec 2018 15:25:18 -0800 (PST)
X-Google-Smtp-Source: AFSGD/XsvKYXpf4QJ/sz1se7QGH0XJpN1zKZ98qiHxni+GCvJMl6kYsuM4/B+3L3MxdHy04mST3K
X-Received: by 2002:a17:902:2b8a:: with SMTP id l10mr13494537plb.70.1545089118720;
        Mon, 17 Dec 2018 15:25:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1545089118; cv=none;
        d=google.com; s=arc-20160816;
        b=vPZNJ0B2zRmzattoF//L1um3DhxN8F7Xla4IubZY7zjJ0cH/5lkTpAMI8Oz6+snjUQ
         07kMhWEhqQtyYOS9Bkc6map49EPsFa6h+PgvzCDcPgMXFpr3hSc0YYa3TN7PoX3nB+Rd
         3Q3Arbo34bjZsMjrNAXwhxD2JzPk6+t2qpLlyNSEd0bz8Yt72Ve5U7QIa/QWz+i9kd0D
         IFkyGAmc/i3K7BrAGQrqiumonJSwthJb/f7cEC4qbBj1VXlTOF9qlt3eqkH8IMQ7i4Fh
         /iXymdqaUUp7OWnbiKpaZAgUfXrplPcBtP8rpMGS8lS5COhbHTa65BXEBmpnrzbiFHcx
         bm6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=Z0WnL5wbHpSIfd1tUNLntntlkBaKkEKLtdRfwRDfclA=;
        b=eg+dtXUr+t+mMZlY6wj+9BH6RhC0gHqFS0I+bw+68GjsCZd4fjCN0OL+TU4TzK9GJ2
         /XBbE98j/o+BK42dedH025zjXd/29A8zDBMBBQPALbF/xBH40lwF0RwJg1s/7UOwFSFV
         kTXdWOMY/w5LIL2qBPphw9HSeQU640SzXL5u9QLgynauB+RsoJIb1m+bNbKt4ZfZ6FHZ
         WvGAUoTk446S32z3fe4Beoy+k6drceveRrXRYdru5x21FQN+9kjE9B9hrCGS6yFBSUHh
         9cLYyGh1IOkPHYpqW8ZMnLcSwW5TWRY8xSXvbhR36lCxRWPyphLA6ch3huYJ3XZtIncT
         MVjw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 128si12160732pgh.261.2018.12.17.15.25.03;
        Mon, 17 Dec 2018 15:25:18 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731662AbeLQWgn (ORCPT <rfc822;ahaning.tech@gmail.com>
        + 99 others); Mon, 17 Dec 2018 17:36:43 -0500
Received: from mga03.intel.com ([134.134.136.65]:56555 "EHLO mga03.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727597AbeLQWgn (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 17 Dec 2018 17:36:43 -0500
X-Amp-Result: UNSCANNABLE
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Dec 2018 14:36:42 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,366,1539673200"; 
   d="scan'208";a="102267709"
Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.154])
  by orsmga008.jf.intel.com with ESMTP; 17 Dec 2018 14:36:42 -0800
Date:   Mon, 17 Dec 2018 14:36:42 -0800
From:   Sean Christopherson <sean.j.christopherson@intel.com>
To:     Dave Hansen <dave.hansen@intel.com>
Cc:     Andy Lutomirski <luto@kernel.org>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        X86 ML <x86@kernel.org>,
        Platform Driver <platform-driver-x86@vger.kernel.org>,
        linux-sgx@vger.kernel.org, nhorman@redhat.com,
        npmccallum@redhat.com, "Ayoun, Serge" <serge.ayoun@intel.com>,
        shay.katz-zamir@intel.com,
        Haitao Huang <haitao.huang@linux.intel.com>,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        "Svahn, Kai" <kai.svahn@intel.com>, mark.shanahan@intel.com,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Darren Hart <dvhart@infradead.org>,
        Andy Shevchenko <andy@infradead.org>,
        "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" 
        <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v17 18/23] platform/x86: Intel SGX driver
Message-ID: <20181217223642.GH12491@linux.intel.com>
References: <20181217184333.GA26920@linux.intel.com>
 <ccfb67a0-fd8d-82c8-8018-fd68e901f287@intel.com>
 <CALCETrX0W4dhFJBHEbDbKed_QZxmw6ZNMajfsoVgqGqhMB0nDg@mail.gmail.com>
 <beea8ad3-a607-5478-ad87-b8dd33e86146@intel.com>
 <20181217194913.GD29785@linux.intel.com>
 <16fdd37a-b9cc-1045-1497-2cfff6af176a@intel.com>
 <CALCETrUhVDxMAtpyn5ahsTFwhJkzWxKa5Ur8q4FuVaKLmSyYHQ@mail.gmail.com>
 <826f6a5a-fdf6-e7e5-d2d8-bcdc57c016fe@intel.com>
 <CALCETrX_7g+GYj2hHvFjodPw_ryrVTQdF2M3p+KYNTBUOhg-8g@mail.gmail.com>
 <18800fdc-a2e1-39a3-9ee5-0065865ea052@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <18800fdc-a2e1-39a3-9ee5-0065865ea052@intel.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Dec 17, 2018 at 12:15:47PM -0800, Dave Hansen wrote:
> On 12/17/18 12:10 PM, Andy Lutomirski wrote:
> >> There's no 'struct page' for enclave memory as it stands.  That means no
> >> page cache, and that means there's no 'struct address_space *mapping' in
> >> the first place.
> >>
> >> Basically, the choice was made a long time ago to have SGX's memory
> >> management live outside the core VM.  I've waffled back and forth on it,
> >> but I do still think this is the right way to do it.
> > AFAICS a lack of struct page isn't a problem.  The core code seems to
> > understand that address_space objects might cover non-struct-page
> > memory.  Morally, enclave memory is a lot like hot-unpluggable PCI
> > space.
> 
> Yeah, this is true.  The existing code seems to make it all the way from
> unmap_mapping_range() down to zap_page_range() without 'struct page'.
> 
> Overall, I think what Andy is saying here is that an open(/dev/sgx)
> should give you a "unique" enclave fd.  That fd can end up mapped into
> one or more processes either via fork() or the other ways fds end up
> getting handed around.  mmap() of this fd would be *required* to be
> MAP_SHARED.  That means you don't need to support COW, and the semantics
> are the same as any other MAP_SHARED mapping: children and parents and
> anybody mmap()'ing it must all coordinate.
> 
> This sounds interesting at least.  It might lead to an unholy mess in
> the driver, or it might be a great cleanup.  But, it does sound like
> something that would both potentially simplify the semantics and the
> implementation.

It's very similar to KVM's model, which has proven to be fairly robust,
so I don't think it'll be an unholy mess (famous last words).  It
probably won't be a "great" cleanup per se, but it definitely should
make the code more maintainable in the long run.

The other interesting aspect of the enclave fd approach is that it would
allow userspace to *execute* an enclave from multiple processes, so long
as it did the necessary multiplexing of pthreads to enclave threads.  I
think SGX2 instructions (dynamic EPC management) would even allow adding
new enclave threads on-demand.