Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp22087ybk; Fri, 8 May 2020 12:59:00 -0700 (PDT) X-Google-Smtp-Source: APiQypIWiJQNIUCv1zJqh4G85YWuXTnfveJFTOINc2Gt0hnm5K8/LKcOeSd6Ce5ZI9aCcVViTGrP X-Received: by 2002:a17:906:6a84:: with SMTP id p4mr3484087ejr.21.1588967940278; Fri, 08 May 2020 12:59:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588967940; cv=none; d=google.com; s=arc-20160816; b=LptZuK9dHbH+TxRsxUA0hxsMLvJoPIxy6384qo0Z+2Pjbp3IBaSQ31ufx5PgBYO4FH 3opts4N17/vt8uBbSwfAfuQ5tynvsplBSuGtOAThxkjP6yklmek8bFgj8TkdGJSN48IB 5EKiInyYaUXiWE9TqEita3xyu7k87mtB+LumZjFWVgWisC6jnStsS/eJ/2kEmjsLBL/r l2taU/sPYOHHIUue2Mz9BslufBOrFjB3Wo7Ikf5sIrHi2TSXWZrIZnDIqL6AR24/3fLN iC30UIlRTfrGP0nx/BYBTe1fxAlGrlgqbftDTr8Z+nbluPOt+9XvYzyvI4Vh4KfXK1qO LPKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=rP8r/dSyyIW61xhcO6GpR4eyQXV7zqb/d00c6R2yPT0=; b=CnlBMcHdq5bB9/cpEOP+sh4kCP5D3pzJ0mhlfv6Bta1kmbCDa8xfFcA0oO3xvBnGNs Se6B6RRUvYLP+gZ2GMFTabwGy1UZ65Hbobf6W/b5CvoRkLTR0vsWHyVNV9knqvM1pG6C O14VSDknQfSMEkIXU2/VXjb9z6BsQaScLsI/ig1ySoBx8MCsnSm3swLkhS5P9ykbSwoK 2/gRHphG1mbEdi8IbPPZMgPdGW969FDdBVNHA4GXaKJAcjrAU+c+j50hsPGWT3z508fZ 972gfpRN6bP6fQqIWCkR3ZHOcIdgay9rcSlj9n4rJsflKeyG2yfhaAkm5/+A4SsuEwl5 0nZQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c17si1550433ejn.336.2020.05.08.12.58.36; Fri, 08 May 2020 12:59:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726913AbgEHT4h (ORCPT + 99 others); Fri, 8 May 2020 15:56:37 -0400 Received: from mga12.intel.com ([192.55.52.136]:28180 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726811AbgEHT4g (ORCPT ); Fri, 8 May 2020 15:56:36 -0400 IronPort-SDR: Md3Q+Boyc5oIN5e6H9kuKuPAMyNChTPMjHLpsByVsn3IuTCBfRjGq19giiuVaYOlIhKSMURH8E fQv69+mqq0QA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2020 12:56:36 -0700 IronPort-SDR: 5dvUlHF0eVomO7/SJ8Ft/0t312Z5Qft3VfjLwBlw3b+HpF2haHTQ5a2NFlWrt2OpYTu5cNOtGy tD2mYVzEQvXQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,368,1583222400"; d="scan'208";a="296246998" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.152]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2020 12:56:35 -0700 Date: Fri, 8 May 2020 12:56:35 -0700 From: Sean Christopherson To: "Dr. Greg" Cc: Thomas Gleixner , Jarkko Sakkinen , torvalds@linux-foundation.org, linux-kernel@vger.kernel.org, x86@kernel.org, linux-sgx@vger.kernel.org, akpm@linux-foundation.org, dave.hansen@intel.com, nhorman@redhat.com, npmccallum@redhat.com, haitao.huang@intel.com, andriy.shevchenko@linux.intel.com, kai.svahn@intel.com, bp@alien8.de, josh@joshtriplett.org, luto@kernel.org, kai.huang@intel.com, rientjes@google.com, cedric.xing@intel.com, puiterwijk@redhat.com Subject: Re: [PATCH v29 00/20] Intel SGX foundations Message-ID: <20200508195635.GR27052@linux.intel.com> References: <20200421215316.56503-1-jarkko.sakkinen@linux.intel.com> <20200426165753.GA11046@wind.enjellic.com> <87d07gk24l.fsf@nanos.tec.linutronix.de> <20200508190226.GA31465@wind.enjellic.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200508190226.GA31465@wind.enjellic.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 08, 2020 at 02:02:26PM -0500, Dr. Greg wrote: > On Thu, May 07, 2020 at 02:41:30AM +0200, Thomas Gleixner wrote: > > The diffstat of your patch is irrelevant. What's relevant is the > > fact that it is completely unreviewed and that it creates yet > > another user space visible ABI with a noticable lack of > > documentation. ... > As to lack of review, we would certainly welcome technical and API > comments but we cannot force them. Thomas' point isn't that your code needs to be reviewed, it's that trying to squeeze it into the initial merge will, not might, _will_ push out the acceptance of SGX. The same is true for other features we have lined up, e.g. KVM and cgroup support. It's not a slight on your code, it's just reality at this point. > In fact, anyone who reviews the patch will see that the current driver > creates a pointer in the ioctl call to pass downward into the hardware > initialization routines. Our code simply replaces that pointer with > one supplied by userspace. Personally, I'm in favor of adding a reserved placeholder for a token so as to avoid adding a second ioctl() in the event that something gets upstreamed that wants the token. Ditto for a file descriptor for the backing store in sgx_enclave_create. But, I have contributed exactly zero ioctls to the kernel, so take that with a big block of salt :-) > At the very least a modular form of the driver should be considered > that would allow alternate implementations. Sean indicated that there > was a 'kludgy' approach that would allow an alternate modular > implementation alongside the in-kernel driver. I believe that Andy > has already indicated that may not be an advisable approach. Modularizing the the driver does nothing for your use case. The "driver" is a relatively lightweight wrapper, removing that is akin to making /dev/sgx/enclave inaccessible, i.e. it doesn't make the EPC tracking and core code go away. Modularizing the whole thing is flat out not an option, as doing so is not compatible with an EPC cgroup and adds unnecessary complexity to KVM enabling, both of which are highly desired features by pretty much everyone that plans on using SGX. Andy is right to caution against playing games to squish in-kernel things, but the virtualization snafu is a completely different beast. E.g. SGX doesn't require fiddling with CR4, won't corrupt random memory across kexec(), doesn't block INIT, etc... And I'm not advocating long-term shenanigans, I just wanted to point out that there are options for running out-of-tree drivers in the short term, e.g. until proper policy controls land upstream.