Re: [PATCH v38 14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT

From: Borislav Petkov
Date: Tue Sep 22 2020 - 04:29:27 EST

Next message: Borislav Petkov: "Re: [PATCH v38 15/24] x86/sgx: Enable provisioning for remote attestation"
Previous message: online84304: "Good day"
In reply to: Borislav Petkov: "Re: [PATCH v38 14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v38 14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 21, 2020 at 12:17:00PM -0700, Sean Christopherson wrote:
> That was effectively my original suggestion as well, check for a stale cache
> and retry indefinitely. I capitulated because it did feel like I was being
> overly paranoid. I'm obviously ok going the retry indefinitely route :-).
>
> https://lkml.kernel.org/r/20180904163546.GA5421@xxxxxxxxxxxxxxx

Right, so if EINIT is so expensive, why does it matter how many cyccles
WRMSR has? I.e., you don't really need to cache - you simply write the 4
MSRs and you're done. Simple.

As to "indefinitely" - caller can increment a counter which counts
how many times it returned SGX_INVALID_EINITTOKEN. I guess when it
reaches some too high number which should not be reached during normal
usage patterns, you can give up and issue a message to say that counter
reached max retries or so but other than that, you should be ok. That
thing is running interruptible in a loop anyway...

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Borislav Petkov: "Re: [PATCH v38 15/24] x86/sgx: Enable provisioning for remote attestation"
Previous message: online84304: "Good day"
In reply to: Borislav Petkov: "Re: [PATCH v38 14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v38 14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]