Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5138352imu; Wed, 19 Dec 2018 06:18:23 -0800 (PST) X-Google-Smtp-Source: AFSGD/VyR6s595Qlf7iCfdbeyYMvzHigwRABtJ/2UUyA0J9wLOp9RcVHDPiNPSqaP0j9CXsYMeug X-Received: by 2002:a17:902:aa4c:: with SMTP id c12mr20342596plr.48.1545229103939; Wed, 19 Dec 2018 06:18:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545229103; cv=none; d=google.com; s=arc-20160816; b=ClVEIfc+MJdzxhC581sDLDeNC+xJU1j+qn2NLmQ182iYjKHrxpHhlkdnAbuXuT79wl 7jSBcRlwJhW35kTIj3TSVlT9aOpO5IJP60ohU2oMOf7uCPyf4t7HNCYBNljkBT6fOIGp F54P8oEm1EwWzTCOXnbLDQHSLoBSOTJTNo6MN1E0be/KO8EMGRH8Lpxifsv5DcwpMHbX vbhDL63gKriM7cSNQYkK2M70bkn8APtohNWEZjaKeZuEnF6N8P0okkL7dvMV6Y5dgRzw dT0AGTPZFDa8600bw76XbvxDPvMa50KuXAphA0Afl2V3lei+z8i5i7MwEZJ1QQqEAAxJ yfLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=kHln1LMfCYYdYPPpFwSgj6xgfjVKqBeELdxVngrHMLY=; b=WgVCaup5tpyJOCw2f0llCgeu+ZXYIUOXk1W5ywwjstdLGdVI0DLWVJ9O/pFchG24bI lPFaW14ABTzIp3FSmR//Es/LL3lqO1/AUi93Lee/MFvD7jqKQSl5hJ6QeR20XrmGs2bE vTydy7LEK/F+67H0JWp46t8mBvH4OBKUAhAKqv0o5kUYtebfLGgnWa/heG+Miqegv+uZ rvo+S00izlCYxXQT7ZANYJpqpguQxt9ixENJlPWlPgqVxIqtRc1RtSMRa84k2Zx69mKm l22aKYQXBjf0VzyNkR+Ck9JIgNNH0DZgF5pfUJ1qlS1enmxycX0vHa9Leten+2xzYQxm 133w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d9si14903703pgv.123.2018.12.19.06.18.04; Wed, 19 Dec 2018 06:18:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729114AbeLSKoH (ORCPT + 99 others); Wed, 19 Dec 2018 05:44:07 -0500 Received: from mga17.intel.com ([192.55.52.151]:17015 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727586AbeLSKoH (ORCPT ); Wed, 19 Dec 2018 05:44:07 -0500 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Dec 2018 02:44:06 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,372,1539673200"; d="scan'208";a="284967997" Received: from unknown (HELO localhost) ([10.249.254.232]) by orsmga005.jf.intel.com with ESMTP; 19 Dec 2018 02:44:00 -0800 Date: Wed, 19 Dec 2018 12:43:59 +0200 From: Jarkko Sakkinen To: Jethro Beekman Cc: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "x86@kernel.org" , Dave Hansen , Peter Zijlstra , "sean.j.christopherson@intel.com" , "H. Peter Anvin" , "linux-kernel@vger.kernel.org" , "linux-sgx@vger.kernel.org" , Andy Lutomirski , Josh Triplett , Haitao Huang , "Dr . Greg Wettstein" Subject: Re: x86/sgx: uapi change proposal Message-ID: <20181219104015.GA4863@linux.intel.com> References: <20181214215729.4221-1-sean.j.christopherson@intel.com> <7706b2aa71312e1f0009958bcab24e1e9d8d1237.camel@linux.intel.com> <598cd050-f0b5-d18c-96a0-915f02525e3e@fortanix.com> <20181219091148.GA5121@linux.intel.com> <613c6814-4e71-38e5-444a-545f0e286df8@fortanix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <613c6814-4e71-38e5-444a-545f0e286df8@fortanix.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Dec 19, 2018 at 09:36:16AM +0000, Jethro Beekman wrote: > On 2018-12-19 14:41, Jarkko Sakkinen wrote: > > On Wed, Dec 19, 2018 at 08:41:12AM +0000, Jethro Beekman wrote: > > > One weird thing is the departure from the normal mmap behavior that the > > > memory mapping persists even if the original fd is closed. (See man mmap: > > > "closing the file descriptor does not unmap the region.") > > > > The mmapped region and enclave would be completely disjoint to start > > with. The enclave driver code would assume that an enclave VMA exists > > when it maps enclave address space to a process. > > > > I.e. VMA would no longer reference to the enclave or vice versa but > > you would still create an enclave VMA with mmap(). > > > > This is IMHO very clear and well-defined semantics. > > > > > > struct sgx_enclave_add_page { > > > > __u64 enclave_fd; > > > > __u64 src; > > > > __u64 secinfo; > > > > __u16 mrmask; > > > > } __attribute__((__packed__)); > > > > > > Wouldn't you just pass enclave_fd as the ioctl fd parameter? > > > > I'm still planning to keep the API in the device fd and use enclave_fd > > as handle to the enclave address space. I don't see any obvious reason > > to change that behavior. > > > > And if we ever add any "global" ioctls, then we would have to define > > APIs to both fd's, which would become a mess. > > > > > How to specify the address of the page that is being added? > > > > Yes, that is correct and my bad to remove it (just quickly drafted what > > I had in mind). > > So your plan is that to call EADD, userspace has to pass the device fd AND > the enclave fd AND the enclave address? That seems a little superfluous. If the enclave fd would have ioctls to add pages etc., two ioctls APIs would be already needed now (create for device fd and rest to the enclave fd). Which one would be more superfluous? /Jarkko