Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions

From: Jarkko Sakkinen
Date: Mon Feb 28 2022 - 07:25:07 EST

Next message: Muchun Song: "[PATCH v6 15/16] mm: list_lru: rename list_lru_per_memcg to list_lru_memcg"
Previous message: Muchun Song: "[PATCH v6 14/16] mm: memcontrol: fix cannot alloc the maximum memcg ID"
Next in thread: Jarkko Sakkinen: "Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 23, 2022 at 07:21:50PM +0000, Dhanraj, Vijay wrote:
> Hi All,
>
> Regarding the recent update of splitting the page permissions change
> request into two IOCTLS (RELAX and RESTRICT), can we combine them into
> one? That is, revert to how it was done in the v1 version?

They are logically separate complex functionalities:

1. "restrict" calls EMODPR and requires EACCEPT
2. "relax" increases permissions up to vetted ("EADD") and could be
combined with EMODPE called inside enclave.

I don't think it is a good idea.

BR, Jarkko

Next message: Muchun Song: "[PATCH v6 15/16] mm: list_lru: rename list_lru_per_memcg to list_lru_memcg"
Previous message: Muchun Song: "[PATCH v6 14/16] mm: memcontrol: fix cannot alloc the maximum memcg ID"
Next in thread: Jarkko Sakkinen: "Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]