From: zhubojun <bojun.zhu@outlook.com>
To: reinette.chatre@intel.com
Cc: bp@alien8.de, cathy.zhang@intel.com, cedric.xing@intel.com,
dave.hansen@linux.intel.com, haitao.huang@intel.com,
hpa@zytor.com, jarkko@kernel.org, kai.huang@intel.com,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-sgx@vger.kernel.org, luto@kernel.org,
mark.shanahan@intel.com, mingo@redhat.com, seanjc@google.com,
shuah@kernel.org, tglx@linutronix.de, vijay.dhanraj@intel.com,
x86@kernel.org
Subject: Re: [PATCH V5 15/31] x86/sgx: Support restricting of enclave page permissions
Date: Thu, 1 Sep 2022 23:55:54 +0800 [thread overview]
Message-ID: <PSAPR04MB416734EEED145D832A04B936E97B9@PSAPR04MB4167.apcprd04.prod.outlook.com> (raw)
Hi, Reinette, thanks for your great contribution for EDMM Linux kernel patch. I am trying to follow the newest patch now, and I have some questions on it.
It seems that `sgx_enclave_restrict_permissions()` is able to do permission restrictions for multiple enclave’s pages. After driver invokes ENCLS[EMODPR] to restrict the page’s permission, it should then invoke ENCLS[ETRACK] and send IPIs to ensure stale TLB entries have been flushed. Only in this way, ENCLU[EACCEPT] inside enclave can only succeed.
Current implementation invokes `sgx_enclave_etrack(encl)` after every `__emodpr(…)` in the for loop. My question is:
Can we move the `sgx_enclave_etrack(encl)` out of the for loop? After doing so, `sgx_enclave_etrack(encl)` is invoked **one** time for multiple enclave pages’ permission restriction, instead of N times (N = `modp -> length / PAGE_SIZE`). We may gain some performance optimization from it.
Please correct my if my understanding is incorrect. Looking forward to your reply and Thanks for your time!
BR,
Bojun
next reply other threads:[~2022-09-01 15:56 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-01 15:55 zhubojun [this message]
2022-09-02 15:22 ` [PATCH V5 15/31] x86/sgx: Support restricting of enclave page permissions Reinette Chatre
2022-09-07 2:39 ` zhubojun
2022-09-07 2:42 ` zhubojun
-- strict thread matches above, loose matches on Subject: below --
2022-05-10 18:08 [PATCH V5 00/31] x86/sgx and selftests/sgx: Support SGX2 Reinette Chatre
2022-05-10 18:08 ` [PATCH V5 15/31] x86/sgx: Support restricting of enclave page permissions Reinette Chatre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PSAPR04MB416734EEED145D832A04B936E97B9@PSAPR04MB4167.apcprd04.prod.outlook.com \
--to=bojun.zhu@outlook.com \
--cc=bp@alien8.de \
--cc=cathy.zhang@intel.com \
--cc=cedric.xing@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=haitao.huang@intel.com \
--cc=hpa@zytor.com \
--cc=jarkko@kernel.org \
--cc=kai.huang@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mark.shanahan@intel.com \
--cc=mingo@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=seanjc@google.com \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
--cc=vijay.dhanraj@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).