Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions

From: Jarkko Sakkinen
Date: Sun Mar 13 2022 - 23:43:32 EST

Next message: Jarkko Sakkinen: "Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions"
Previous message: Tian, Kevin: "RE: [PATCH v8 8/9] hisi_acc_vfio_pci: Add support for VFIO live migration"
In reply to: Reinette Chatre: "Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions"
Next in thread: Jarkko Sakkinen: "Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 11, 2022 at 11:28:27AM -0800, Reinette Chatre wrote:
> Supporting permission restriction in an ioctl() enables the runtime to manage
> the enclave memory without needing to map it.

Which is opposite what you do in EAUG. You can also augment pages without
needing the map them. Sure you get that capability, but it is quite useless
in practice.

> I have considered the idea of supporting the permission restriction with
> mprotect() but as you can see in this response I did not find it to be
> practical.

Where is it practical? What is your application? How is it practical to
delegate the concurrency management of a split mprotect() to user space?
How do we get rid off a useless up-call to the host?

> Reinette

BR, Jarkko

Next message: Jarkko Sakkinen: "Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions"
Previous message: Tian, Kevin: "RE: [PATCH v8 8/9] hisi_acc_vfio_pci: Add support for VFIO live migration"
In reply to: Reinette Chatre: "Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions"
Next in thread: Jarkko Sakkinen: "Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]