Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp3817702pxu; Tue, 20 Oct 2020 00:56:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy4pDcYkEstPdMHGQ7hyGmkM/51WntD6pg0XphBELy1X6Jaqx92E1GcciCg7jiAdxJ/0ymr X-Received: by 2002:aa7:c98f:: with SMTP id c15mr1522216edt.200.1603180579007; Tue, 20 Oct 2020 00:56:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603180579; cv=none; d=google.com; s=arc-20160816; b=Gu/TyOlTZlzP7ShKkAKLqYNAqZPA1CzHB4/7rXU4OzxJALYcCnz6nQQBKWiwqHWTo/ FCoEgtLCULkFbBdu32ImuId2D8hAvyIz7CinYugMndI4OtYd8WRhi7GYpPtczLNn+PUx W4XbpzAH99ZfFy3MvNWv47Ibe960B2txTzTD+Py29bS0EfpooPRoc04RtvyPKj/aRERW +jFR7mrHZ0uUcd3e7FSwWofsGdBaGuv1K1CPgcd82NogYMw7mOEijCN0qo49V239fh3M BpbucPLUgA5r7Xzl7OQ9ERB1ACpOGbLyNEYkRK+TTy/gmIYcuH4x0m5yTEzpue6KvNCv Hscg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :ironport-sdr:ironport-sdr; bh=vsydTzk+iS25CF5ZLbVaNTxkGpsb4pdG0W+51RJNZ9M=; b=HLRe77iHRHJF4/hW94Cn0N1iApvwDuYas9Y4uyH3b8Ly0RDANgkgD20PRu6WkV6rwu 0PUZitn5N329Nuh0+nqakthI0KappMTWVlkM27jVqt9dqUQhea2J4KYPoBTr9R/sLVF8 PYK50ZvzQZmkGqC/lJg2qCc/TBmp6/zEX+jgnoUs6Jf+vtUU9GxebhajB05MnSnl5nvm DlnAY6bhMn2DE39S9XE8XkoZvvmDTtH7XLlyZ8ChaeSZSi+o7v0EnxMDErpyigh/sEB7 DQIyYfRYdXRZL6axdmMGxnRWfqJlQSaR6lxJWI52shehc12jYWq5ZaRLs6oPLaQmX9/X FYyA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j1si630476edr.167.2020.10.20.00.55.57; Tue, 20 Oct 2020 00:56:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731210AbgJSUsz (ORCPT + 99 others); Mon, 19 Oct 2020 16:48:55 -0400 Received: from mga18.intel.com ([134.134.136.126]:59815 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727005AbgJSUsy (ORCPT ); Mon, 19 Oct 2020 16:48:54 -0400 IronPort-SDR: +jNfbTBwyn6dzbb6osDG2vHRlxfB9aPI5dUNxOzMAPfvNfecOzgeu+m0Cw73eX/arbmydgKo23 Zfg9eJXPReYg== X-IronPort-AV: E=McAfee;i="6000,8403,9779"; a="154888477" X-IronPort-AV: E=Sophos;i="5.77,395,1596524400"; d="scan'208";a="154888477" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Oct 2020 13:48:51 -0700 IronPort-SDR: cm1QVCVsRcaS10+hBK6utHuUhevmVBlc4cJKrj49U6pb0dwq8QReRCEBLlkySAKqOjkn0Y036f F+utmTuTbIow== X-IronPort-AV: E=Sophos;i="5.77,395,1596524400"; d="scan'208";a="315785615" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.160]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Oct 2020 13:48:51 -0700 Date: Mon, 19 Oct 2020 13:48:50 -0700 From: Sean Christopherson To: Dave Hansen Cc: Jarkko Sakkinen , x86@kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Haitao Huang , Chunyang Hui , Jordan Hand , Nathaniel McCallum , Seth Moore , Darren Kenny , Suresh Siddha , akpm@linux-foundation.org, andriy.shevchenko@linux.intel.com, asapek@google.com, bp@alien8.de, cedric.xing@intel.com, chenalexchen@google.com, conradparker@google.com, cyhanish@google.com, haitao.huang@intel.com, kai.huang@intel.com, kai.svahn@intel.com, kmoy@google.com, ludloff@google.com, luto@kernel.org, nhorman@redhat.com, puiterwijk@redhat.com, rientjes@google.com, tglx@linutronix.de, yaozhangx@google.com, mikko.ylinen@intel.com Subject: Re: [PATCH v39 12/24] x86/sgx: Add SGX_IOC_ENCLAVE_CREATE Message-ID: <20201019204848.GB23072@linux.intel.com> References: <20201003045059.665934-1-jarkko.sakkinen@linux.intel.com> <20201003045059.665934-13-jarkko.sakkinen@linux.intel.com> <5f194bf0-ced1-66e1-b6a2-503741a3e7f1@intel.com> <20201018042633.GI68722@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 19, 2020 at 01:21:09PM -0700, Dave Hansen wrote: > On 10/17/20 9:26 PM, Jarkko Sakkinen wrote: > >>> +long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg) > >>> +{ > >>> + struct sgx_encl *encl = filep->private_data; > >>> + int ret, encl_flags; > >>> + > >>> + encl_flags = atomic_fetch_or(SGX_ENCL_IOCTL, &encl->flags); > >>> + if (encl_flags & SGX_ENCL_IOCTL) > >>> + return -EBUSY; > >> > >> Is the SGX_ENCL_IOCTL bit essentially just a lock to single-thread > >> ioctl()s? Should we name it as such? > > > > Yes. It makes the concurrency overally easier if we can assume that > > only a single ioctl is in progress. There is no good reason to do > > them in parallel. > > > > E.g. when you add pages you want to do that serially because the > > order changes the MRENCLAVE. > > There are also hardware concurrency requirements, right? A bunch of the > SGX functions seem not not even support being called in parallel. Yes, and the driver, even when "holding" SGX_ENCL_IOCTL, takes encl->lock when executing an ENCLS leaf. The separate IOCTL flag avoids complications with reclaim, specifically it allows the ioctls to initiate reclaim without hitting a deadlock. Reclaim needs to take encl->lock, e.g. to do ENCLS[EBLOCK], and reclaim is by default initiated during allocation if there are no pages available. I.e. if an ioctl() simply held encl->lock, it would deadlock in the scenario where it triggered reclaim on the current enclave. In other words, the flag is necessary even if it weren't being used a lock primitive, e.g. it'd still need to exist even if encl->lock were taken to set and check the flag. The atomic shenanigans were added as an optimization to allow reclaim in parallel with the bulk of the ioctl flows, and partly because using atomic_fetch_or() avoided having to drop encl->lock in an error flow, i.e. yielded less code. > > So should I rename it as SGX_ENCL_IOCTL_LOCKED? > > I'd rather not see hand-rolled locking primitives frankly. IOCTL_IN_PROGRESS would be my vote if we want a more descriptive name.