Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Dhanraj, Vijay" <vijay.dhanraj@xxxxxxxxx>
Subject: Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions
From: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
Date: Mon, 28 Feb 2022 13:24:58 +0100
Cc: "Chatre, Reinette" <reinette.chatre@xxxxxxxxx>, "dave.hansen@xxxxxxxxxxxxxxx" <dave.hansen@xxxxxxxxxxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, "bp@xxxxxxxxx" <bp@xxxxxxxxx>, "Lutomirski, Andy" <luto@xxxxxxxxxx>, "mingo@xxxxxxxxxx" <mingo@xxxxxxxxxx>, "linux-sgx@xxxxxxxxxxxxxxx" <linux-sgx@xxxxxxxxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "Christopherson,, Sean" <seanjc@xxxxxxxxxx>, "Huang, Kai" <kai.huang@xxxxxxxxx>, "Zhang, Cathy" <cathy.zhang@xxxxxxxxx>, "Xing, Cedric" <cedric.xing@xxxxxxxxx>, "Huang, Haitao" <haitao.huang@xxxxxxxxx>, "Shanahan, Mark" <mark.shanahan@xxxxxxxxx>, "hpa@xxxxxxxxx" <hpa@xxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>
In-reply-to: <DM8PR11MB55917F499CDF4CC7D426B0A7F63C9@DM8PR11MB5591.namprd11.prod.outlook.com>
References: <cover.1644274683.git.reinette.chatre@intel.com> <4ce06608b5351f65f4e6bc6fc87c88a71215a2e7.1644274683.git.reinette.chatre@intel.com> <YhLhoMFPyOFZ2fsX@iki.fi> <DM8PR11MB55917F499CDF4CC7D426B0A7F63C9@DM8PR11MB5591.namprd11.prod.outlook.com>

On Wed, Feb 23, 2022 at 07:21:50PM +0000, Dhanraj, Vijay wrote:
> Hi All,
> 
> Regarding the recent update of splitting the page permissions change
> request into two IOCTLS (RELAX and RESTRICT), can we combine them into
> one? That is, revert to how it was done in the v1 version?

They are logically separate complex functionalities:

1. "restrict" calls EMODPR and requires EACCEPT
2. "relax" increases permissions up to vetted ("EADD") and could be
    combined with EMODPE called inside enclave.

I don't think it is a good idea.

BR, Jarkko

Follow-Ups:
- Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions
  - From: Dave Hansen
- Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions
  - From: Jarkko Sakkinen

References:
- [PATCH V2 00/32] x86/sgx and selftests/sgx: Support SGX2
  - From: Reinette Chatre
- [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions
  - From: Reinette Chatre
- Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions
  - From: Jarkko Sakkinen
- RE: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions
  - From: Dhanraj, Vijay

Prev by Date: Re: [PATCH 2/6] treewide: remove using list iterator after loop body as a ptr
Next by Date: Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions
Previous by thread: Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions
Next by thread: Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions
Index(es):
- Date
- Thread

[Index of Archives] [AMD Graphics] [Linux USB Devel] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]