| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Nov 2017 22:28:35 +0200
From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To: Sean Christopherson <sean.j.christopherson@...el.com>
Cc: intel-sgx-kernel-dev@...ts.01.org, linux-kernel@...r.kernel.org,
platform-driver-x86@...r.kernel.org
Subject: Re: [intel-sgx-kernel-dev] [PATCH v5 06/11] intel_sgx: driver for
Intel Software Guard Extensions
On Tue, Nov 14, 2017 at 09:55:06AM -0800, Sean Christopherson wrote:
> What do you mean by bottlenecks? Assuming you're referring to performance
> bottlenecks, this statement is flat out false. Moving the launch enclave into
> the kernel introduces performance bottlenecks, e.g. as implemented, a single LE
> services all EINIT requests and is protected by a mutex. That is the very
> definition of a bottleneck.
I guess the text does not do a good job describing what I meant. Maybe I
should refine it? Your argument about mutex is correct.
The use of "bottleneck" does not specifically refer to performance. I'm
worried about splitting the tasks needed to launch an enclave between
kernel and user space. It could become difficult to manage when more
SGX features are added. That is what I was referring when I used the
word "bottleneck".
I suppose you think I should refine the commit message?
About the perf bottleneck. Given that all the data is already in
sgx_le_ctx the driver could for example have own LE process for every
opened /dev/sgx. Is your comment also suggesting to refine this or
could it be postponed?
The driver architecture already allows to scale this but it is not
nearly as bad issue as the one Dave pointed out.
/Jarkko
Powered by blists - more mailing lists