Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2833729imu; Sun, 23 Dec 2018 08:50:13 -0800 (PST) X-Google-Smtp-Source: ALg8bN5FDabnNpSCr6CnUSbXLPjf//p9g9KFgKPQ80HGR08hHRk2kOl+pWFjhvdPjMScevePbQ0l X-Received: by 2002:a17:902:4c85:: with SMTP id b5mr9751075ple.226.1545583813699; Sun, 23 Dec 2018 08:50:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545583813; cv=none; d=google.com; s=arc-20160816; b=D+p7n53urMjc7E6Ov4vQXNmT1b5ildy0m+nyaY0ySfX108kXOjZJ48Z0Dzu/8VM7WM F5gaZWgyb9GF8IBNAWuIcKigp9+pc3GiGQnlowJ8DDhjUtZXizJb4dTALXS1SOZDAuow myZq6APiit+3+Yc3x/zoN5ulC767p9RwCnjZyok/79Tmt1WFs5jDopkoyxn8ka+Wxjc5 T6GbG1Itz+jocGtXz4h0X/2x4zpc91kKvNwFCaO5yDf8cyxK7taYFzzyqIY8ZyNJhxYn Cuip7FaS+YvVSKxkv8/t89sAm3gWv4SRotz9o2FnL16sG0beMs8Rd2oeWLH1ik8hWvL6 8FBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=HsrrEAzrxYm3UHmLFlyfH1i3lsOaRdQppYmJon7k2n8=; b=K0EELXrU1u0pq1iH/zi/eU5X8nRBQ5FAMalN0Yfm4XenJWZhCrJFAdZnXzyF2qA4gO 021TEHSRKdZ15cRr/GPz9YRh4PkWb/L6yOdC7Sf5/qALJULNMOdtbaThZqQKwSEtezSC bN6Iiie8u3HJaWh61VbazOFSuqT6axPoqQJAY8wD4eKgYLMc3qjBRlvZNs9726vrrnJP 2PI0m1si8sBa3gV7aQsg/01CODNRY5QVlavMzFuWdjdUk1qoJs/3nLSxmdwwHU6pJq9Y PIjN1f44KblJlLTYGAOVHPsrRaaKtqB/z6C7Vjrqfp799xLs6dbF3TRbt13bfDLyPAeM KECA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t64si25413635pgd.202.2018.12.23.08.49.57; Sun, 23 Dec 2018 08:50:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392320AbeLVQzV (ORCPT + 99 others); Sat, 22 Dec 2018 11:55:21 -0500 Received: from mga17.intel.com ([192.55.52.151]:8051 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725961AbeLVQzV (ORCPT ); Sat, 22 Dec 2018 11:55:21 -0500 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Dec 2018 22:32:50 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,383,1539673200"; d="scan'208";a="120391972" Received: from ncanderx-mobl.ger.corp.intel.com (HELO localhost) ([10.249.254.238]) by FMSMGA003.fm.intel.com with ESMTP; 21 Dec 2018 22:32:43 -0800 Date: Sat, 22 Dec 2018 08:32:41 +0200 From: Jarkko Sakkinen To: Andy Lutomirski Cc: Sean Christopherson , Jethro Beekman , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "x86@kernel.org" , Dave Hansen , Peter Zijlstra , "H. Peter Anvin" , "linux-kernel@vger.kernel.org" , "linux-sgx@vger.kernel.org" , Josh Triplett , Haitao Huang , "Dr . Greg Wettstein" Subject: Re: x86/sgx: uapi change proposal Message-ID: <20181222063241.GA8895@linux.intel.com> References: <20181214215729.4221-1-sean.j.christopherson@intel.com> <7706b2aa71312e1f0009958bcab24e1e9d8d1237.camel@linux.intel.com> <598cd050-f0b5-d18c-96a0-915f02525e3e@fortanix.com> <20181219091148.GA5121@linux.intel.com> <613c6814-4e71-38e5-444a-545f0e286df8@fortanix.com> <20181219144515.GA30909@linux.intel.com> <20181221162825.GB26865@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Dec 21, 2018 at 09:12:46AM -0800, Andy Lutomirski wrote: > /dev/sgx/enclave: Each instance is an enclave. > > /dev/sgx/epc: Used to get raw EPC for KVM. Might have different > permissions, perhaps 0660 and group kvm. > > /dev/sgx/something_else: For when SGX v3 adds something else :) Responding again to this anyway now that I have had time think about it. Here is now I see it: 1. /dev/sgx/enclave should be /dev/sgx as it is now. 2. /dev/sgx/epc should be something that you'd reach through /dev/kvm. This essentially a circular dependency. KVM uapi should provide KVM services. Now you sprinkle KVM uapi to two subsystems. 3. "something else" is securityfs (e.g. provisioning). That is kind of stuff that it is meant for. I'm sorry but from my perspective this does not look too good no matter what glasses I put on... /Jarkko