| Message ID | 20210201132653.35690-5-tianjia.zhang@linux.alibaba.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Some optimizations related to sgx | expand |
On Mon, Feb 01, 2021 at 09:26:52PM +0800, Tianjia Zhang wrote: > In the function sgx_create_enclave(), the direct assignment > operation of attributes_mask determines that the ioctl PROVISION > operation must be executed after the ioctl CREATE operation, > which will limit the flexibility of sgx developers. Please write acronyms correctly. It's not 'sgx'. It's 'SGX'. Who are the "sgx developers" and how do they benefit from this? /Jarkko
On 2/3/21 5:57 AM, Jarkko Sakkinen wrote: > On Mon, Feb 01, 2021 at 09:26:52PM +0800, Tianjia Zhang wrote: >> In the function sgx_create_enclave(), the direct assignment >> operation of attributes_mask determines that the ioctl PROVISION >> operation must be executed after the ioctl CREATE operation, >> which will limit the flexibility of sgx developers. > > Please write acronyms correctly. It's not 'sgx'. It's 'SGX'. > > Who are the "sgx developers" and how do they benefit from this? > > /Jarkko > It mainly refers to application developers based on SGX technology. One of the benefits that this brings is that the PROVISION operation can be called before or after the enclave is created, compared to the previous PROVISION operation can only be executed after the enclave is created. Thanks, Tianjia
diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/driver.c index f2eac41bb4ff..fba0d0bfe976 100644 --- a/arch/x86/kernel/cpu/sgx/driver.c +++ b/arch/x86/kernel/cpu/sgx/driver.c @@ -36,6 +36,7 @@ static int sgx_open(struct inode *inode, struct file *file) return ret; } + encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; file->private_data = encl; return 0; diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index 90a5caf76939..1c6ecf9fbeff 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -109,7 +109,6 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) encl->base = secs->base; encl->size = secs->size; encl->attributes = secs->attributes; - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; /* Set only after completion, as encl->lock has not been taken. */ set_bit(SGX_ENCL_CREATED, &encl->flags);
In the function sgx_create_enclave(), the direct assignment operation of attributes_mask determines that the ioctl PROVISION operation must be executed after the ioctl CREATE operation, which will limit the flexibility of sgx developers. This patch takes the assignment of attributes_mask from the function sgx_create_enclave() has been moved to the function sgx_open(), this will allow users to perform ioctl PROVISION operations before ioctl CREATE, increase the flexibility of the API and reduce restrictions. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> --- arch/x86/kernel/cpu/sgx/driver.c | 1 + arch/x86/kernel/cpu/sgx/ioctl.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-)