[RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Tue Jun 4 11:55:01 UTC 2019
On Fri, May 31, 2019 at 04:31:53PM -0700, Sean Christopherson wrote:
> ...to improve performance when building enclaves by reducing the number
> of user<->system transitions. Rather than provide arbitrary batching,
> e.g. with per-page SECINFO and mrmask, take advantage of the fact that
> any sane enclave will have large swaths of pages with identical
> properties, e.g. code vs. data sections.
>
> For simplicity and stability in the initial implementation, loop over
> the existing add page flow instead of taking a more agressive approach,
> which would require tracking transitions between VMAs and holding
> mmap_sem for an extended duration.
>
> Signed-off-by: Sean Christopherson <sean.j.christopherson at intel.com>
I think this completely ruins the rest of the series. We should first
get the model for security done (including documentation). I would even
send v21 with just that update because this series does not even apply
to the mainline.
I would request an update to the series with just the change to the
security model. Also the very first should be dropped as it is
completely unrelated cosmetic fix.
/Jarkko
More information about the Linux-security-module-archive
mailing list