Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp2977674pxm; Mon, 28 Feb 2022 09:36:03 -0800 (PST) X-Google-Smtp-Source: ABdhPJynKWomWBNj4sv7UKpjvIUo+DNrnoH1tHTwJq9/1oF0oQEe45xPWRXi2AvnE7uWFwRl2kTl X-Received: by 2002:a65:670b:0:b0:375:5fb1:50c7 with SMTP id u11-20020a65670b000000b003755fb150c7mr17929883pgf.441.1646069759472; Mon, 28 Feb 2022 09:35:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646069759; cv=none; d=google.com; s=arc-20160816; b=IElmLhu+EImXTtYUYt0OSxJ1JFjWfH0nQR0+fID6/hqKNTpn47pD7oL4+wSVF3AFmD cdMWE0ceAyh00rjTtXoDXxaTFFji2RN9J53iZXomF4hPEPMT7DF016C+9YaesHatNA7e PlvjpBo8gsu5OJtgP3GQ2prws0MS7SgQFBSh+1LmnSYzXT1TH5Ym3hoJN7gZmdLoxrbc 3xnWYqyZcpPWVUglzTZnOfWqZJKFheigjEg9RZYBFTDeTDfacm03Z/yR6nnUUIO0j8bf 5TFRR+5NBtu3kEPkiJCxftKKQq4UkDSa9gV0Zubg0hsdEr1lAQWuG/Alo5avxn0/Z33J y3LQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=f1cGK+7OKl8w+5Ty/dk4VPH/m8j1BOZC+KgtC6tzNbU=; b=VKLro7jbpTZEXbNNftSzjpudZEs9Y+N0ddS/2iueoFeDZ/G3xjqzQzyG2VBXa5Ds5b zM8aYVT5SHMFgngyGtmOReF8p7ZpapxqQLkVekk+IQ0r+DmGP7KGFQIqn8QJnLRU2pbF lOlXz6waFcJltvMNHsQGIgXpi2ee8iHjFte2CDPe2K/sVgD0pRQPT4ig+9OXng1MxFhj dxmRogheU1lyAcgq5WThjCoV9ZPbe/KdqDIAESi/fdOknjB8aapNPB1wNtrloywq+zKq 5zM119uaHw7sa/0XqFpWxgJLO/WMs4RcEW7coh5CN6Q1fzXWSkeZogqcY/nzFg1++pZX qrdQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="Vdfn/ApE"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a1-20020a62d401000000b004f2765997c6si9682007pfh.167.2022.02.28.09.35.43; Mon, 28 Feb 2022 09:35:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="Vdfn/ApE"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234811AbiB1NTV (ORCPT + 99 others); Mon, 28 Feb 2022 08:19:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49356 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232573AbiB1NTV (ORCPT ); Mon, 28 Feb 2022 08:19:21 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7619321824; Mon, 28 Feb 2022 05:18:40 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D962F612FE; Mon, 28 Feb 2022 13:18:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C4915C340EE; Mon, 28 Feb 2022 13:18:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1646054319; bh=XfIHH2mAQKwp0r1bdsldo5rQLUX2ZAbLdDoUJspHYv8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Vdfn/ApER9g7nrPN7jyeWPZTOfE8Dy0Mb4YhSRqtoJS7wG1p0xzAWiPChnjTNyJCv ZLPmy74tCxa/HkYBs6i8EVsanZ6n+7ZrcYXKSZiyoA/RDc/GnBJFW2FyBlg5lNv+/U QPvUXubpvWmLWk16t3DXgYCN6d+dfndkgSrdmQx9K0XjfbuM7NyoV4be67eyrRRfeL JZzBMcYuyT9LBXNhmxcTT93qmLWxiVCL9Cl/9u3xwPgA02UVVwqBrB9XA6wFUQ9l1L HC++jj67ZvV9+3z6Z3Ns+iaBG84Nb0U1PCSQJ6HHbSxNVg1yM/YomTb9mg9PV5o6ga 6aXDlPK1mlv2A== Date: Mon, 28 Feb 2022 14:19:17 +0100 From: Jarkko Sakkinen To: "Dhanraj, Vijay" Cc: "Chatre, Reinette" , "dave.hansen@linux.intel.com" , "tglx@linutronix.de" , "bp@alien8.de" , "Lutomirski, Andy" , "mingo@redhat.com" , "linux-sgx@vger.kernel.org" , "x86@kernel.org" , "Christopherson,, Sean" , "Huang, Kai" , "Zhang, Cathy" , "Xing, Cedric" , "Huang, Haitao" , "Shanahan, Mark" , "hpa@zytor.com" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions Message-ID: References: <4ce06608b5351f65f4e6bc6fc87c88a71215a2e7.1644274683.git.reinette.chatre@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 28, 2022 at 01:25:07PM +0100, Jarkko Sakkinen wrote: > On Wed, Feb 23, 2022 at 07:21:50PM +0000, Dhanraj, Vijay wrote: > > Hi All, > > > > Regarding the recent update of splitting the page permissions change > > request into two IOCTLS (RELAX and RESTRICT), can we combine them into > > one? That is, revert to how it was done in the v1 version? > > They are logically separate complex functionalities: > > 1. "restrict" calls EMODPR and requires EACCEPT > 2. "relax" increases permissions up to vetted ("EADD") and could be > combined with EMODPE called inside enclave. > > I don't think it is a good idea. I.e. in microarchitecture there is no EMODP but two different flows, and thus it is not sane to act like there was with that kind of ioctl. It is as granular as the hardware is this way, and I think that is common sense. It would make much sense as combining ECREATE/EADD/EINIT into a single multi-function ioctl. Often user space needs to be anyway have at least some logically distinct flows fore these. BR, Jarkko