Received: by 2002:a17:90a:bc8d:0:0:0:0 with SMTP id x13csp1548048pjr; Mon, 18 May 2020 16:05:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwCzcippFl+XPYD4kPaD/9SQIVIWUbGzvKe66SyMz9LdhxPFjit8Xu5JasTuOYdbdspMa2E X-Received: by 2002:a17:906:1ccd:: with SMTP id i13mr390355ejh.148.1589843151875; Mon, 18 May 2020 16:05:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589843151; cv=none; d=google.com; s=arc-20160816; b=st21VLVNysAv58peAO7/DXQY8hZgf1pmNgCKDBeb/MIcbE3jpeRf+DQ0QzEtIJnqTD FnDUw0QpK0fjMbsIFj6aevewlFt/5U/m4P2PiLOzMi8gB0jVvMtVfzU1vzHqQs6D1bT3 klTp6llva25lO+HvAs3coaHayTnUQ/9meKAEj0cIWOVPEM9YzD58TLrJnRaaF9hSZT5E NTIgYBmsZGRXgK+IP0lgNvOw3ZJ7LKoUr+Q0ANtD90+ZpqKY4mLLuoN/9zKWdp9bLPEK 824prXn6On1HUceYPR4YjE4nqkrw4hpilB+E9fXiZHgxQUs7babLwYbTo62sYX1L1BKP cYzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from; bh=ADa0roTsqpGbxXsan03a6M/ZUjwrtU9mDVJg3TCWwGM=; b=UTF4Q3/0VeBufQJ1kCklN6EGv9HJubAJagKptNxLrASf5A1QCVZpfJD4cBGbmSUVKs 3nDrEe9nhMgd14u34OgegtSl9rSHsNNUDRBtmBOnffEEhsQBWH48742kUqzqS5uzVMiN QxzeGnSbf8V9GgbZLWlixw5eSSmXGZpaSVk2NlPJ0QTaxtwRgy5K1cRMoDQTZyRmt3sJ Uek8nfAeV2JyWUR+5/3uDnr+ftNS4baS3F/OG2fbeCvJlgvm/ni9Rrsx/2hfUUPG0YCc W/RbjeFyX/uuBfX3L14n1j5c/E0H6dZzExtZ8a2rDNQOlP86hUynaGEwkIWZRqRVSGGI c1UA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 3si3375889ejy.429.2020.05.18.16.05.28; Mon, 18 May 2020 16:05:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726937AbgERXDk (ORCPT + 99 others); Mon, 18 May 2020 19:03:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53682 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726490AbgERXDk (ORCPT ); Mon, 18 May 2020 19:03:40 -0400 Received: from Galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC124C061A0C for ; Mon, 18 May 2020 16:03:39 -0700 (PDT) Received: from p5de0bf0b.dip0.t-ipconnect.de ([93.224.191.11] helo=nanos.tec.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1jaon8-0005Gg-6r; Tue, 19 May 2020 01:03:26 +0200 Received: by nanos.tec.linutronix.de (Postfix, from userid 1000) id AF7351006A1; Tue, 19 May 2020 01:03:25 +0200 (CEST) From: Thomas Gleixner To: Jarkko Sakkinen , Andi Kleen Cc: Sasha Levin , linux-kernel@vger.kernel.org, bp@alien8.de, luto@kernel.org, hpa@zytor.com, dave.hansen@intel.com, tony.luck@intel.com, ravi.v.shankar@intel.com, chang.seok.bae@intel.com Subject: Re: [PATCH v12 00/18] Enable FSGSBASE instructions In-Reply-To: <371e6a92cad25cbe7a8489785efa7d3457ecef3b.camel@linux.intel.com> References: <20200511045311.4785-1-sashal@kernel.org> <0186c22a8a6be1516df0703c421faaa581041774.camel@linux.intel.com> <20200515164013.GF29995@sasha-vm> <20200518153407.GA499505@tassilo.jf.intel.com> <371e6a92cad25cbe7a8489785efa7d3457ecef3b.camel@linux.intel.com> Date: Tue, 19 May 2020 01:03:25 +0200 Message-ID: <87v9ksvoaq.fsf@nanos.tec.linutronix.de> MIME-Version: 1.0 Content-Type: text/plain X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Jarkko Sakkinen writes: > On Mon, 2020-05-18 at 08:34 -0700, Andi Kleen wrote: >> > Yes, for SGX this is functional feature because enclave entry points, >> > thread control structures (aka TCS's), reset FSBASE and GSBASE registers >> > to fixed (albeit user defined) values. And syscall's can be done only >> > outside of enclave. >> > >> > This is a required feature for fancier runtimes (such as Graphene). >> >> Can you please explain a bit more? What do they need GS for? > > Apparently, uses only wrfsbase: > > https://raw.githubusercontent.com/oscarlab/graphene/master/Pal/src/host/Linux-SGX/db_misc.c > > I'm not too familiar with the codebase yet but by reading some research > papers in the past the idea is to multiplex one TCS for multiple virtual > threads inside the enclave. > > E.g. TCS could represent a vcpu for a libos type of container and on > entry would pick on a thread and set fsbase accordingly for a thread > control block. That justifies to write books which recommend to load a kernel module which creates a full unpriviledged root hole. I bet none of these papers ever mentioned that. Thanks, tglx