Message ID | 20210118133335.98907-1-tianjia.zhang@linux.alibaba.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | x86/sgx: Allows ioctl PROVISION to execute before CREATE | expand |
On Mon, Jan 18, 2021, Tianjia Zhang wrote: > In function sgx_encl_create(), the logic of directly assigning > value to attributes_mask determines that the call to > SGX_IOC_ENCLAVE_PROVISION must be after the command of > SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to > or operation, the PROVISION command can be executed earlier and > more flexibly. > > Reported-by: Jia Zhang <zhang.jia@linux.alibaba.com> > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > --- > arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c > index f45957c05f69..0ca3fc238bc2 100644 > --- a/arch/x86/kernel/cpu/sgx/ioctl.c > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c > @@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) > encl->base = secs->base; > encl->size = secs->size; > encl->attributes = secs->attributes; > - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; > + encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; Alternatively, move the existing code to sgx_open()? Initializing the field when the encl object is allocated feels more correct. > /* Set only after completion, as encl->lock has not been taken. */ > set_bit(SGX_ENCL_CREATED, &encl->flags); > -- > 2.19.1.3.ge56e4f7 >
Hi, On 1/20/21 4:05 AM, Sean Christopherson wrote: > On Mon, Jan 18, 2021, Tianjia Zhang wrote: >> In function sgx_encl_create(), the logic of directly assigning >> value to attributes_mask determines that the call to >> SGX_IOC_ENCLAVE_PROVISION must be after the command of >> SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to >> or operation, the PROVISION command can be executed earlier and >> more flexibly. >> >> Reported-by: Jia Zhang <zhang.jia@linux.alibaba.com> >> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> >> --- >> arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c >> index f45957c05f69..0ca3fc238bc2 100644 >> --- a/arch/x86/kernel/cpu/sgx/ioctl.c >> +++ b/arch/x86/kernel/cpu/sgx/ioctl.c >> @@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) >> encl->base = secs->base; >> encl->size = secs->size; >> encl->attributes = secs->attributes; >> - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; >> + encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; > > Alternatively, move the existing code to sgx_open()? Initializing the field > when the encl object is allocated feels more correct. > This seems like a good idea. Thanks for your suggestion. I have sent v2 patch, include the next two patches. Best regards, Tianjia
On Mon, Jan 18, 2021 at 09:33:35PM +0800, Tianjia Zhang wrote: > In function sgx_encl_create(), the logic of directly assigning > value to attributes_mask determines that the call to > SGX_IOC_ENCLAVE_PROVISION must be after the command of > SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to > or operation, the PROVISION command can be executed earlier and > more flexibly. > > Reported-by: Jia Zhang <zhang.jia@linux.alibaba.com> > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > --- Why? > arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c > index f45957c05f69..0ca3fc238bc2 100644 > --- a/arch/x86/kernel/cpu/sgx/ioctl.c > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c > @@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) > encl->base = secs->base; > encl->size = secs->size; > encl->attributes = secs->attributes; > - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; > + encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; > > /* Set only after completion, as encl->lock has not been taken. */ > set_bit(SGX_ENCL_CREATED, &encl->flags); > -- > 2.19.1.3.ge56e4f7 > >
On Wed, Jan 20, 2021 at 11:57:18AM +0800, Tianjia Zhang wrote: > Hi, > > On 1/20/21 4:05 AM, Sean Christopherson wrote: > > On Mon, Jan 18, 2021, Tianjia Zhang wrote: > > > In function sgx_encl_create(), the logic of directly assigning > > > value to attributes_mask determines that the call to > > > SGX_IOC_ENCLAVE_PROVISION must be after the command of > > > SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to > > > or operation, the PROVISION command can be executed earlier and > > > more flexibly. > > > > > > Reported-by: Jia Zhang <zhang.jia@linux.alibaba.com> > > > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > > > --- > > > arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c > > > index f45957c05f69..0ca3fc238bc2 100644 > > > --- a/arch/x86/kernel/cpu/sgx/ioctl.c > > > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c > > > @@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) > > > encl->base = secs->base; > > > encl->size = secs->size; > > > encl->attributes = secs->attributes; > > > - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; > > > + encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; > > > > Alternatively, move the existing code to sgx_open()? Initializing the field > > when the encl object is allocated feels more correct. > > > > > This seems like a good idea. Thanks for your suggestion. I have sent v2 > patch, include the next two patches. Did you ask from Sean about suggested-by's? Now it looks like that doing these patches were originally proposed by Sean. /Jarkko
On Thu, Jan 21, 2021 at 12:34:49AM +0200, Jarkko Sakkinen wrote: > On Wed, Jan 20, 2021 at 11:57:18AM +0800, Tianjia Zhang wrote: > > Hi, > > > > On 1/20/21 4:05 AM, Sean Christopherson wrote: > > > On Mon, Jan 18, 2021, Tianjia Zhang wrote: > > > > In function sgx_encl_create(), the logic of directly assigning > > > > value to attributes_mask determines that the call to > > > > SGX_IOC_ENCLAVE_PROVISION must be after the command of > > > > SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to > > > > or operation, the PROVISION command can be executed earlier and > > > > more flexibly. > > > > > > > > Reported-by: Jia Zhang <zhang.jia@linux.alibaba.com> > > > > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > > > > --- > > > > arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c > > > > index f45957c05f69..0ca3fc238bc2 100644 > > > > --- a/arch/x86/kernel/cpu/sgx/ioctl.c > > > > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c > > > > @@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) > > > > encl->base = secs->base; > > > > encl->size = secs->size; > > > > encl->attributes = secs->attributes; > > > > - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; > > > > + encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; > > > > > > Alternatively, move the existing code to sgx_open()? Initializing the field > > > when the encl object is allocated feels more correct. > > > > > > > > > This seems like a good idea. Thanks for your suggestion. I have sent v2 > > patch, include the next two patches. > > Did you ask from Sean about suggested-by's? Now it looks like > that doing these patches were originally proposed by Sean. Please do not add tags from people *unauthentically*. I do not see anything from Sean to any of the patches that would suggest adding those tags. You are basically just stamping that to all patches, which he has given a code review. Can you stop doing this? /Jarkko
On 1/21/21 6:37 AM, Jarkko Sakkinen wrote: > On Thu, Jan 21, 2021 at 12:34:49AM +0200, Jarkko Sakkinen wrote: >> On Wed, Jan 20, 2021 at 11:57:18AM +0800, Tianjia Zhang wrote: >>> Hi, >>> >>> On 1/20/21 4:05 AM, Sean Christopherson wrote: >>>> On Mon, Jan 18, 2021, Tianjia Zhang wrote: >>>>> In function sgx_encl_create(), the logic of directly assigning >>>>> value to attributes_mask determines that the call to >>>>> SGX_IOC_ENCLAVE_PROVISION must be after the command of >>>>> SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to >>>>> or operation, the PROVISION command can be executed earlier and >>>>> more flexibly. >>>>> >>>>> Reported-by: Jia Zhang <zhang.jia@linux.alibaba.com> >>>>> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> >>>>> --- >>>>> arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- >>>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>>> >>>>> diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c >>>>> index f45957c05f69..0ca3fc238bc2 100644 >>>>> --- a/arch/x86/kernel/cpu/sgx/ioctl.c >>>>> +++ b/arch/x86/kernel/cpu/sgx/ioctl.c >>>>> @@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) >>>>> encl->base = secs->base; >>>>> encl->size = secs->size; >>>>> encl->attributes = secs->attributes; >>>>> - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; >>>>> + encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; >>>> >>>> Alternatively, move the existing code to sgx_open()? Initializing the field >>>> when the encl object is allocated feels more correct. >>>> >>> >>> >>> This seems like a good idea. Thanks for your suggestion. I have sent v2 >>> patch, include the next two patches. >> >> Did you ask from Sean about suggested-by's? Now it looks like >> that doing these patches were originally proposed by Sean. > > Please do not add tags from people *unauthentically*. I do not > see anything from Sean to any of the patches that would suggest > adding those tags. You are basically just stamping that to all > patches, which he has given a code review. Can you stop doing > this? > > /Jarkko > I am very sorry for the trouble caused to you, I have made improvements in the new patch, thanks for your suggestions. Best regards, Tianjia
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index f45957c05f69..0ca3fc238bc2 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) encl->base = secs->base; encl->size = secs->size; encl->attributes = secs->attributes; - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; + encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS; /* Set only after completion, as encl->lock has not been taken. */ set_bit(SGX_ENCL_CREATED, &encl->flags);
In function sgx_encl_create(), the logic of directly assigning value to attributes_mask determines that the call to SGX_IOC_ENCLAVE_PROVISION must be after the command of SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to or operation, the PROVISION command can be executed earlier and more flexibly. Reported-by: Jia Zhang <zhang.jia@linux.alibaba.com> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> --- arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)