diff mbox series

[v4,4/5] x86/sgx: Allows ioctl PROVISION to execute before CREATE

Message ID 20210201132653.35690-5-tianjia.zhang@linux.alibaba.com (mailing list archive)
State New, archived
Headers show
Series Some optimizations related to sgx | expand

Commit Message

Tianjia Zhang Feb. 1, 2021, 1:26 p.m. UTC
In the function sgx_create_enclave(), the direct assignment
operation of attributes_mask determines that the ioctl PROVISION
operation must be executed after the ioctl CREATE operation,
which will limit the flexibility of sgx developers.

This patch takes the assignment of attributes_mask from the
function sgx_create_enclave() has been moved to the function
sgx_open(), this will allow users to perform ioctl PROVISION
operations before ioctl CREATE, increase the flexibility of
the API and reduce restrictions.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
---
 arch/x86/kernel/cpu/sgx/driver.c | 1 +
 arch/x86/kernel/cpu/sgx/ioctl.c  | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

Comments

Jarkko Sakkinen Feb. 2, 2021, 9:57 p.m. UTC | #1
On Mon, Feb 01, 2021 at 09:26:52PM +0800, Tianjia Zhang wrote:
> In the function sgx_create_enclave(), the direct assignment
> operation of attributes_mask determines that the ioctl PROVISION
> operation must be executed after the ioctl CREATE operation,
> which will limit the flexibility of sgx developers.

Please write acronyms correctly. It's not 'sgx'. It's 'SGX'.

Who are the "sgx developers" and how do they benefit from this?

/Jarkko
Tianjia Zhang Feb. 11, 2021, 6:11 a.m. UTC | #2
On 2/3/21 5:57 AM, Jarkko Sakkinen wrote:
> On Mon, Feb 01, 2021 at 09:26:52PM +0800, Tianjia Zhang wrote:
>> In the function sgx_create_enclave(), the direct assignment
>> operation of attributes_mask determines that the ioctl PROVISION
>> operation must be executed after the ioctl CREATE operation,
>> which will limit the flexibility of sgx developers.
> 
> Please write acronyms correctly. It's not 'sgx'. It's 'SGX'.
> 
> Who are the "sgx developers" and how do they benefit from this?
> 
> /Jarkko
> 

It mainly refers to application developers based on SGX technology.

One of the benefits that this brings is that the PROVISION operation can 
be called before or after the enclave is created, compared to the 
previous PROVISION operation can only be executed after the enclave is 
created.

Thanks,
Tianjia
diff mbox series

Patch

diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/driver.c
index f2eac41bb4ff..fba0d0bfe976 100644
--- a/arch/x86/kernel/cpu/sgx/driver.c
+++ b/arch/x86/kernel/cpu/sgx/driver.c
@@ -36,6 +36,7 @@  static int sgx_open(struct inode *inode, struct file *file)
 		return ret;
 	}
 
+	encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
 	file->private_data = encl;
 
 	return 0;
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index 90a5caf76939..1c6ecf9fbeff 100644
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -109,7 +109,6 @@  static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
 	encl->base = secs->base;
 	encl->size = secs->size;
 	encl->attributes = secs->attributes;
-	encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
 
 	/* Set only after completion, as encl->lock has not been taken. */
 	set_bit(SGX_ENCL_CREATED, &encl->flags);