Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp426180imu; Wed, 19 Dec 2018 22:19:05 -0800 (PST) X-Google-Smtp-Source: AFSGD/VGr/VQAlnawVYB9J9WxFiut9ioIaefcSAFn6q5ifDgxqqVCAZqpQLpouZjuMDMNa+37HtD X-Received: by 2002:a62:cd44:: with SMTP id o65mr23067530pfg.222.1545286744724; Wed, 19 Dec 2018 22:19:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545286744; cv=none; d=google.com; s=arc-20160816; b=P1RH1BAaOM9Vgo9q2eVIow4uHEPW7Ra1IX2Wemnh62gopLdRit2evBGfUaoCN6/pCW w9RmfwynybBSbR+eP7cxGVAxWaythAPgbOLSq2iiL8Sdr95SrrTsWiUzHpDODU57kChC +iM4NgHmC8PJJ6qJTIQvwdSPMawfkQbX0H6aXML6H/Nzj3uKb3gfV8nI3zX9bg51sQmh LdMPK6tXhplGSiu3LNsUsoGfMvIenkr9MNAdMTnZqLGX2dahw4C+hpRpeI4SNmdziI5c g3D6MTZgFDEcPbUjLAykPIF5FZzvQXd3rY9TcZDXO3IE6le3gH4mJTNwyHmY6ugqAlwz Po8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Z2BLG8z76j1Jy5uaXQlH18bFF7C88KmJ4xC+ROAQ+jg=; b=BOhL4T87nTK0XWGYD329bhxG9OqvI5p9LSOl7a3QtoZpl4Sc7lAumNge2/0GIvhYqU EX8cQFWVqoBEvD/PtRovu4to1YegQ4J4AnDIw7+CKc+IkYOzzOCt/UUNs6PTHiqfpLfS GOyAUtuMal7UAJulHRP01k1qDAEkWh6npBMsVNjJQz9mgFQbrMLgzOI9rkhMl9QTiBp/ FeHk9mJyss5zctY8F+sW+LqyeZCzP5XTi2E9HoilFHU7tBD4VwvRJ3ZdhULGn+L7vzci ntyoHToxPGVlHICCczHR9ZqU9vwULQXBHdbx1kfSZDBy7izgSkuc0s02gh8jfHTXb/XG /Fzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=PcFyA7H0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a2si16398045pgv.33.2018.12.19.22.18.48; Wed, 19 Dec 2018 22:19:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=PcFyA7H0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728008AbeLTC7C (ORCPT + 99 others); Wed, 19 Dec 2018 21:59:02 -0500 Received: from mail.kernel.org ([198.145.29.99]:40516 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726604AbeLTC7C (ORCPT ); Wed, 19 Dec 2018 21:59:02 -0500 Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 92A86217D9 for ; Thu, 20 Dec 2018 02:59:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1545274741; bh=iGdGEXSLYKpXBlSfgEdCCW99gLqSH/g6t/h8EZuf/+M=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=PcFyA7H0dGzszd8FLZLLpkKINtgrlILAHurbhWSCC21lOuS1LJ5t6Dy90ARECri4X kukOLTO2zRU6+jR4CnMNyU9RuMZQai/UM2liZ7YQTBmwAQjEggek5ou7a2FklweQiY gO7ncum+fkpHK2YV0aK7OPRDvteumvt6XfOSrFag= Received: by mail-wm1-f46.google.com with SMTP id y139so428832wmc.5 for ; Wed, 19 Dec 2018 18:59:01 -0800 (PST) X-Gm-Message-State: AA+aEWaWRIuWaXnKY/KmI8q4Lw2ngYa3ePrv/R+GqBtlnZjMdRp+onnW y5sVGRPAkafjLtsRktyo7SRx4YELX/2rW31cUfzT+w== X-Received: by 2002:a1c:864f:: with SMTP id i76mr9172581wmd.83.1545274739990; Wed, 19 Dec 2018 18:58:59 -0800 (PST) MIME-Version: 1.0 References: <20181214215729.4221-1-sean.j.christopherson@intel.com> <7706b2aa71312e1f0009958bcab24e1e9d8d1237.camel@linux.intel.com> <598cd050-f0b5-d18c-96a0-915f02525e3e@fortanix.com> <20181219091148.GA5121@linux.intel.com> <613c6814-4e71-38e5-444a-545f0e286df8@fortanix.com> <20181219144515.GA30909@linux.intel.com> In-Reply-To: <20181219144515.GA30909@linux.intel.com> From: Andy Lutomirski Date: Wed, 19 Dec 2018 18:58:48 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: x86/sgx: uapi change proposal To: Sean Christopherson Cc: Jethro Beekman , Jarkko Sakkinen , Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "x86@kernel.org" , Dave Hansen , Peter Zijlstra , "H. Peter Anvin" , "linux-kernel@vger.kernel.org" , "linux-sgx@vger.kernel.org" , Josh Triplett , Haitao Huang , "Dr . Greg Wettstein" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Dec 19, 2018, at 6:45 AM, Sean Christopherson wrote: > >> On Wed, Dec 19, 2018 at 09:36:16AM +0000, Jethro Beekman wrote: > I agree with Jethro, passing the enclave_fd as a param is obnoxious. > And it means the user needs to open /dev/sgx to do anything with an > enclave fd, e.g. the enclave fd might be passed to a builder thread, > it shouldn't also need the device fd. > > E.g.: > > sgx_fd = open("/dev/sgx", O_RDWR); > BUG_ON(sgx_fd < 0); > > enclave_fd = ioctl(sgx_fd, SGX_ENCLAVE_CREATE, &ecreate); > BUG_ON(enclave_fd < 0); > > ret = ioctl(enclave_fd, SGX_ENCLAVE_ADD_PAGE, &eadd); > BUG_ON(ret); > > ... > > ret = ioctl(enclave_fd, SGX_ENCLAVE_INIT, &einit); > BUG_ON(ret); > > ... > > close(enclave_fd); > close(sgx_fd); > > > Take a look at virt/kvm/kvm_main.c to see how KVM manages anon inodes > and ioctls for VMs and vCPUs. Can one of you explain why SGX_ENCLAVE_CREATE is better than just opening a new instance of /dev/sgx for each encalve?