Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp6887146ybi; Wed, 5 Jun 2019 07:55:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqycbVX2bWZXOWR+1eELThISAvx1bX1toIJfrJAVVrTSLMtRC4eoRE1vbMhFpvH6yUo0n+sx X-Received: by 2002:a62:5103:: with SMTP id f3mr46861040pfb.146.1559746541203; Wed, 05 Jun 2019 07:55:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559746541; cv=none; d=google.com; s=arc-20160816; b=pg27Wljtwxs9NQvgKp7jqD8ALSVZ5PuS1UwwU83xt3DAA+ZJHP4xAa29YXrIPWTxVp sdliDBwGDNc12UVxPEZGnQnMihu1HVnympNiL7GiehAl0bbMyqqU9zAzKtCDbQsFfVuD R37iyqYLk2ugtxPPsOWqbrjsdB2j5ABptPrjS3rManxbK6lwNfkQQ9Pf0q9NCXuhzp9L J0ZRNmcQHPH25xGKoMDiyJ4eGKIcCvOesCZevnwnTHJzvMhoDQiOFFC5B8gNnDuMPvuF hUyKEOtm3GmWqoYbC7HYWbwhVYj/52ZR1NIorE85SWizCn5xov27kiubcWSv7oVDpn2X f9pQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=b9bm0mKZddG3XKFh3xNzcPwsrn9pR4yjE7f8jP1dtl0=; b=kmON7VdOmfLSM4s8orbQ2MJbDgtqU6J3dHYamCeugWNVgpg2vrAA5FVTv5Dos53ZkV YupBtwA2q6R2fIxRKPKsTWLL1VC8F94jZe5WJlFPOS36Gg7qEz6EStEEJ9c1U7Gp32f9 RhbIksYjhdzn7BX9cHY8Xu+pMjtXgqmcP2k0Z90PDnaWcczp3l5qiROHqGJtcSopa2sC 8lzQrG1w9FvrryHMi6UH3IjxE+Dr5r+D3PyuELVbH6aKwNOXGGstrXPkj6FZmC99Lo4E gT7EqJAgdNnN5+OKaOFJ0iLe/Qzhjqa685x1Xn1W8pmhSL5RZsl98HL6T1tZQggSUwd9 fQRw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f8si26346392pgo.380.2019.06.05.07.55.22; Wed, 05 Jun 2019 07:55:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728513AbfFEOwW (ORCPT + 99 others); Wed, 5 Jun 2019 10:52:22 -0400 Received: from mga07.intel.com ([134.134.136.100]:27111 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728306AbfFEOwV (ORCPT ); Wed, 5 Jun 2019 10:52:21 -0400 X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Jun 2019 07:52:21 -0700 X-ExtLoop1: 1 Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.36]) by fmsmga007.fm.intel.com with ESMTP; 05 Jun 2019 07:52:20 -0700 Date: Wed, 5 Jun 2019 07:52:19 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: Jethro Beekman , "linux-kernel@vger.kernel.org" , "x86@kernel.org" , "linux-sgx@vger.kernel.org" , "akpm@linux-foundation.org" , "dave.hansen@intel.com" , "nhorman@redhat.com" , "npmccallum@redhat.com" , "serge.ayoun@intel.com" , "shay.katz-zamir@intel.com" , "haitao.huang@intel.com" , "andriy.shevchenko@linux.intel.com" , "tglx@linutronix.de" , "kai.svahn@intel.com" , "bp@alien8.de" , "josh@joshtriplett.org" , "luto@kernel.org" , "kai.huang@intel.com" , "rientjes@google.com" Subject: Re: [PATCH v20 15/28] x86/sgx: Add the Linux SGX Enclave Driver Message-ID: <20190605145219.GC26328@linux.intel.com> References: <20190417103938.7762-1-jarkko.sakkinen@linux.intel.com> <20190417103938.7762-16-jarkko.sakkinen@linux.intel.com> <20190422215831.GL1236@linux.intel.com> <6dd981a7-0e38-1273-45c1-b2c0d8bf6fed@fortanix.com> <20190424002653.GB14422@linux.intel.com> <20190604201232.GA7775@linux.intel.com> <20190605142908.GD11331@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190605142908.GD11331@linux.intel.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 05, 2019 at 05:29:08PM +0300, Jarkko Sakkinen wrote: > On Tue, Jun 04, 2019 at 01:12:32PM -0700, Sean Christopherson wrote: > > On Tue, Apr 23, 2019 at 05:26:53PM -0700, Sean Christopherson wrote: > > > On Tue, Apr 23, 2019 at 11:29:24PM +0000, Jethro Beekman wrote: > > > > On 2019-04-22 14:58, Sean Christopherson wrote: > > > > >Where do we stand on removing the ACPI and platform_driver dependencies? > > > > >Can we get rid of them sooner rather than later? > > > > > > > > You know my position on this... > > > > https://www.spinics.net/lists/linux-sgx/msg00624.html . I don't really have > > > > any new arguments. > > > > > > > > Considering the amount of planned changes for the driver post-merge, I think > > > > it's crucial that the driver part can be swapped out with alternative > > > > implementations. > > > > > > This gets far outside of my area of expertise as I think this is more of > > > a policy question as opposed to a technical question, e.g. do we export > > > function simply to allow out-of-tree alternatives. > > > > > > > >Now that the core SGX code is approaching stability, I'd like to start > > > > >sending RFCs for the EPC virtualization and KVM bits to hash out that side > > > > >of things. The ACPI crud is the last chunk of code that would require > > > > >non-trivial changes to the core SGX code for the proposed virtualization > > > > >implementation. I'd strongly prefer to get it out of the way before > > > > >sending the KVM RFCs. > > > > > > > > What kind of changes? Wouldn't KVM just be another consumer of the same API > > > > used by the driver? > > > > > > Nope, userspace "only" needs to be able to mmap() arbitrary chunks of EPC. > > > Except for EPC management, which is already in built into the kernel, the > > > EPC virtualization code has effectively zero overlap with the driver. Of > > > course this is all technically speculative since none of this is upstream... > > > > Jarkko, can you weigh in with your thoughts on the ACPI stuff? > > If there is LKM, then it is required (for loading the LKM). > > I think we should see how the access control gets implemented first and > see what constraints it introduces. It might help with to make the right > decision whether to allow LKM or not. At this point I don't see the access control stuff impacting the LKM decision. Irrespetive of the access control thing, there are (at least) two issues with using ACPI to probe the driver: - ACPI probing breaks if there are multiple device, i.e. when KVM adds a raw EPC device. We could do something like probe the driver via ACPI but manually load the raw EPC device from core SGX code, but IMO taking that approach should be a concious decision. - ACPI probing means core SGX will consume resources for EPC management even if there is no end consumer, e.g. the driver refuses to load due to lack of FLC support. It would be very helpful for us to make a decision about LKM support sooner rather than later, e.g. to start reworking the core code now and so that I can send RFCs for KVM support. IMO we're just delaying the inevitable and slowing down upstreaming in the process.