Re: [PATCH v11 09/13] x86, sgx: basic routines for enclave page cache

From: Jethro Beekman
Date: Fri Jun 08 2018 - 14:22:05 EST


On 2018-06-08 10:09, Jarkko Sakkinen wrote:
+/*
+ * Writing the LE hash MSRs is extraordinarily expensive, e.g.
+ * 3-4x slower than normal MSRs, so we use a per-cpu cache to
+ * track the last known value of the MSRs to avoid unnecessarily
+ * writing the MSRs with the current value. Because most Linux
+ * kernels will use an LE that is signed with a non-Intel key,

I don't think you can predict what most Linux kernels will be doing. I think not initializing the cache to the CPU's initial value is fine, but this particular argument shouldn't appear in the rationale.

+ * i.e. the first EINIT will need to write the MSRs regardless
+ * of the cache, the cache is intentionally left uninitialized
+ * during boot as initializing the cache would be pure overhead
+ * for the majority of systems. Furthermore, the MSRs are per-cpu
+ * and the boot-time values aren't guaranteed to be identical
+ * across cpus, so we'd have to run code all all cpus to properly
+ * init the cache. All in all, the complexity and overhead of
+ * initializing the cache is not justified.
+ */
+static DEFINE_PER_CPU(u64 [4], sgx_le_pubkey_hash_cache);

--
Jethro Beekman | Fortanix

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature