Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2627152pxp; Mon, 14 Mar 2022 00:58:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwHuqYIx8lNZPvj8zzmhSkV5j3o2S9Br8jCvisw9LDiIbKHZr2lzleig3nhPizYTd+LjBRN X-Received: by 2002:a63:d1e:0:b0:372:c1cd:9e16 with SMTP id c30-20020a630d1e000000b00372c1cd9e16mr18862896pgl.421.1647244707614; Mon, 14 Mar 2022 00:58:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647244707; cv=none; d=google.com; s=arc-20160816; b=0jaHHjq+1V1YoUFVfLjuT7KeebZYCKz4kCwTS1vnxLbqY9RLGU/6ghhTox/YyMPS3w 7adlkrtk/jgfXsHIigRBu9uN2FdzhQ9uONJL3geI53/wwWEsMEZtRdd4tFcgDx3xo3j3 LzcJpxgMZrKzl1riMHkLKXUio/SpWo15tIIuzrkf9MkifOjxKbdSFwMR+vIS+0vKh87H BCvCGFr1WduNM3/kf/by27p/paHxRFd6UGAzkxGzTxho1KGR52cpUOs/yerWLLToKPXU IT+xGJ9YSsWnAxmduaR5Opgmk9WQR1lqdbsU9Ru1azLTiMeo16YPgfiAphHlLbZLRvBH nhPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Rbkk61k7pLVhoia4oc1jOSpz6Ini/9QrIlxbsZvdqXM=; b=0KTmig0mTB6VXcQIjuxecsh9xsOGiwMeTTGlvgE4Bnl4y1qpHaog6Vchsm6c5M8u6Z i66d9qk+QTIpdJv6WRKE5fwj+2EnhMO/1lnw+q0N60IBZWgD6fsP0YIMqnBGqMGyhgqd YEZ4MLfXAM4IvpEx34zPAJ/VYUwGVcl/c0LgTQbIrLKuegK3zkTcCEBg6rlg3d4xqx1y E7b6D25cAH3h0oO4eFaI/zOlSf0467+epIBO3teGHtjhxEHqgIFeZfvwZccE7qTjOmd5 JTn4cPbbKBH9zyjBR6NyhA13XgXz4Jel9MCdRfpUGMfqCVjRhVoHnq5jW+EKmIO//wF4 SZ4w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="IH7fsJ/A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f11-20020a170902ce8b00b0015301b286ccsi16013441plg.80.2022.03.14.00.58.16; Mon, 14 Mar 2022 00:58:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="IH7fsJ/A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236088AbiCNDoh (ORCPT + 99 others); Sun, 13 Mar 2022 23:44:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231910AbiCNDog (ORCPT ); Sun, 13 Mar 2022 23:44:36 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A3EDFD19; Sun, 13 Mar 2022 20:43:28 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A7A5C60FA9; Mon, 14 Mar 2022 03:43:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8AAADC340F4; Mon, 14 Mar 2022 03:43:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1647229407; bh=Rbkk61k7pLVhoia4oc1jOSpz6Ini/9QrIlxbsZvdqXM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=IH7fsJ/AfB8HKAP7zz2ZMjNVXu6fyD+gnA5DC+sdIdwG385SHHE5bNmvrAd5XRVy1 YxOziEdzPNYTL5OqvUBaOmS8CjnB7utNWVbywOEwDghXWl1wb+EUE+OOwNFqwJcJcr UcCSAVx+GUH7a1s1jx1qs1ZsztweZ2XFFJJkXlya8MEhzEJS0/HUJjb1G7KjT+fy7e Lyo3VG65loS2RY6jKUsqsaB+qYvah/n3jYvI+bEmb4dOK4gWYJdL6qLtn7C+iqm2t9 /mTQKbQLh53Aq4IoGkHjKt6Muxp0mmOr7thKuin2SlpvzWltAU2scj9qg2nlywGlei t7/5Bqn+K9H+g== Date: Mon, 14 Mar 2022 05:42:40 +0200 From: Jarkko Sakkinen To: Reinette Chatre Cc: Haitao Huang , "Dhanraj, Vijay" , "dave.hansen@linux.intel.com" , "tglx@linutronix.de" , "bp@alien8.de" , "Lutomirski, Andy" , "mingo@redhat.com" , "linux-sgx@vger.kernel.org" , "x86@kernel.org" , "Christopherson,, Sean" , "Huang, Kai" , "Zhang, Cathy" , "Xing, Cedric" , "Huang, Haitao" , "Shanahan, Mark" , "hpa@zytor.com" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions Message-ID: References: <4ce06608b5351f65f4e6bc6fc87c88a71215a2e7.1644274683.git.reinette.chatre@intel.com> <97565fed-dc67-bab1-28d4-c40201c9f055@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-8.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 11, 2022 at 11:28:27AM -0800, Reinette Chatre wrote: > Supporting permission restriction in an ioctl() enables the runtime to manage > the enclave memory without needing to map it. Which is opposite what you do in EAUG. You can also augment pages without needing the map them. Sure you get that capability, but it is quite useless in practice. > I have considered the idea of supporting the permission restriction with > mprotect() but as you can see in this response I did not find it to be > practical. Where is it practical? What is your application? How is it practical to delegate the concurrency management of a split mprotect() to user space? How do we get rid off a useless up-call to the host? > Reinette BR, Jarkko