Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1961949imu; Sat, 22 Dec 2018 09:04:10 -0800 (PST) X-Google-Smtp-Source: ALg8bN5wCCELy5EwHfq3UyYoV/hwNA1x5zlN4gA1BL5Ai++Yei42/EHT/a3VJcNFH4GClT54HDvv X-Received: by 2002:a17:902:690c:: with SMTP id j12mr7020866plk.206.1545498250108; Sat, 22 Dec 2018 09:04:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545498250; cv=none; d=google.com; s=arc-20160816; b=fyLcBtxAUrvkWAEZpom206kWZAHlBTJ04TE+v+1WXIcxJxLsFCy2QoEmhMi66kuVnq j9FX+gOCWYMKxz853g2wMDCC5adGRVk+mbNMX3tbo6YKVHzCP/87L0Lco7wtQxHVomjO 5cYAP4Sekb0PP6WFnk7F7/kSpv/fD0V96Z6gAKJzMWglpWFbhwH2iqwyvpglwOHeMLXY Tfgci5I6qPvXkBK6nqFE1BLZEl52Gl/mokvocWsMURRbttFe3I9BEBpM+bWqEHFuYoLS fob87UUmka/BUISV0z+L8H1qkRgUjiW+3XX6wExJUf4tfJiC9tTfMUQJrt53MNdO4hX7 s3Sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=oeiqlsdimRrJgdp5JTUWbt5PN6B633fJ0iX/b64BXL0=; b=os8f3oo3dGfVHD/Wi6XtrjR9Aq1KMismPW/cIyizKKEToV40hdkj2WCdU/hBFa5vsE ulQWp5cGfHpC+oiYogY6XNDTahQVJSRIwS25vQddkhmlVVmGbzWSHDMRK+5s4P8Pseoo uHedk8Y/CykLKAqemEo807gwXFRo3aEqgoefqyoovktAJTH6JC9A/uZplLvPsfNb7bmy jzjiUSsnMiUBTKkDW+4ss4XctX56XE0Zb/unSL/egyc7jmQnvKsyra2J4YcqseMhGnUQ YTDx9q5fnMitHvqqpyGuJYNjAWi4yve7KBSuVfbsRIJyTAMzjnMTpb1s6eFozNPXv7b3 JeQA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=plkoMWCR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v61si1336761plb.54.2018.12.22.09.03.54; Sat, 22 Dec 2018 09:04:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=plkoMWCR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390124AbeLURNq (ORCPT + 99 others); Fri, 21 Dec 2018 12:13:46 -0500 Received: from mail.kernel.org ([198.145.29.99]:35768 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731799AbeLURNq (ORCPT ); Fri, 21 Dec 2018 12:13:46 -0500 Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6F32D21970 for ; Fri, 21 Dec 2018 17:13:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1545412424; bh=NKQ6Ta8Xhq9H9Ht4qiyj2z49nx9fCRA+nd/VKc96BM8=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=plkoMWCRqC42eYyk/0BVbfjWjqyZ12LwZ//E5/uPTjygUhnpIWiVpbLq5EtF5iePK kVTr7QyT7jHboyZCElLvCB0GbgT1smUhRehGBEA55j20bnTo44TeI8XE9zgh8EhNiV TFF3whg7zEFEpdbpzyKyvPKWYv7V1KKjrc/DWHtI= Received: by mail-wm1-f49.google.com with SMTP id f81so6400402wmd.4 for ; Fri, 21 Dec 2018 09:13:44 -0800 (PST) X-Gm-Message-State: AJcUukcOV2vlp29xLIas/Ch1BKkxPCpzQcJTvH2FBnvYnv2VOvnhZyCo yEnjcRAFYO5nDQsJoQu+QEYsitSPe7/wt+l7htoAdg== X-Received: by 2002:a7b:c7c7:: with SMTP id z7mr3854825wmk.74.1545412422919; Fri, 21 Dec 2018 09:13:42 -0800 (PST) MIME-Version: 1.0 References: <20181214215729.4221-1-sean.j.christopherson@intel.com> <7706b2aa71312e1f0009958bcab24e1e9d8d1237.camel@linux.intel.com> <598cd050-f0b5-d18c-96a0-915f02525e3e@fortanix.com> <20181219091148.GA5121@linux.intel.com> <613c6814-4e71-38e5-444a-545f0e286df8@fortanix.com> <20181219144515.GA30909@linux.intel.com> <20181221162825.GB26865@linux.intel.com> In-Reply-To: <20181221162825.GB26865@linux.intel.com> From: Andy Lutomirski Date: Fri, 21 Dec 2018 09:12:46 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: x86/sgx: uapi change proposal To: Sean Christopherson Cc: Andy Lutomirski , Jethro Beekman , Jarkko Sakkinen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "x86@kernel.org" , Dave Hansen , Peter Zijlstra , "H. Peter Anvin" , "linux-kernel@vger.kernel.org" , "linux-sgx@vger.kernel.org" , Josh Triplett , Haitao Huang , "Dr . Greg Wettstein" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Dec 21, 2018, at 9:28 AM, Sean Christopherson wrote: > > On Wed, Dec 19, 2018 at 06:58:48PM -0800, Andy Lutomirski wrote: >>> On Dec 19, 2018, at 6:45 AM, Sean Christopherson wrote: >>> >>>>> On Wed, Dec 19, 2018 at 09:36:16AM +0000, Jethro Beekman wrote: >>> >>> I agree with Jethro, passing the enclave_fd as a param is obnoxious. >>> And it means the user needs to open /dev/sgx to do anything with an >>> enclave fd, e.g. the enclave fd might be passed to a builder thread, >>> it shouldn't also need the device fd. >>> >>> E.g.: >>> >>> sgx_fd = open("/dev/sgx", O_RDWR); >>> BUG_ON(sgx_fd < 0); >>> >>> enclave_fd = ioctl(sgx_fd, SGX_ENCLAVE_CREATE, &ecreate); >>> BUG_ON(enclave_fd < 0); >>> >>> ret = ioctl(enclave_fd, SGX_ENCLAVE_ADD_PAGE, &eadd); >>> BUG_ON(ret); >>> >>> ... >>> >>> ret = ioctl(enclave_fd, SGX_ENCLAVE_INIT, &einit); >>> BUG_ON(ret); >>> >>> ... >>> >>> close(enclave_fd); >>> close(sgx_fd); >>> >>> >>> Take a look at virt/kvm/kvm_main.c to see how KVM manages anon inodes >>> and ioctls for VMs and vCPUs. >> >> Can one of you explain why SGX_ENCLAVE_CREATE is better than just >> opening a new instance of /dev/sgx for each encalve? > > Directly associating /dev/sgx with an enclave means /dev/sgx can't be > used to provide ioctl()'s for other SGX-related needs, e.g. to mmap() > raw EPC and expose it a VM. Proposed layout in the link below. I'll > also respond to Jarkko's question about exposing EPC through /dev/sgx > instead of having KVM allocate it on behalf of the VM. Hmm. I guess this makes some sense. My instinct would be to do it a little differently and have: /dev/sgx/enclave: Each instance is an enclave. /dev/sgx/epc: Used to get raw EPC for KVM. Might have different permissions, perhaps 0660 and group kvm. /dev/sgx/something_else: For when SGX v3 adds something else :)