Re: [PATCH v19 16/27] x86/sgx: Add the Linux SGX Enclave Driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2019-03-26 22:28, Jarkko Sakkinen wrote:
On Tue, Mar 26, 2019 at 04:58:52PM -0700, Sean Christopherson wrote:
On Tue, Mar 26, 2019 at 03:26:50PM +0200, Jarkko Sakkinen wrote:
On Thu, Mar 21, 2019 at 05:51:11PM +0200, Jarkko Sakkinen wrote:
Yuck.  If we remove the driver specific Makefile then we can eliminate
the "../" prefix here.  E.g. in the main SGX Makefile:

obj-$(CONFIG_INTEL_SGX_DRIVER) += driver/main.o driver/ioctl.o

I think this is a great idea.

On a 2nd thought not gonna do anything to that because it would
require to move driver.h and it is cleaner to keep all the driver
files in the same directory (and separated from the core).

What about collapsing driver/*.c into driver.c and moving driver.{c,h}
to the root sgx directory?  The bulk of driver/main.c is securityfs
and platform driver code, e.g. has a good chance of going away entirely
or being moved out of the "driver".  At that point there probably isn't
a strong reason to have driver/main.c and driver/ioctl.c.

I think doing anything major would require to lock in whether to have
the LKM for the driver at all. If we wipe out the driver, then this is
just matter of moving dev management part to lets say dev.c.

Unless there is some real production use I can wipe it away. For v19
I wanted to fix it namely because in v18 LKM was just broken. It is
always good to make decisions based on working code.

It should be a module because things should be modules when possible. I'm not sure what the "Linux policy" is here but this seems obvious to me.

For example:

* Modules allow users to easily disable functionality that they don't use/is buggy for them/other reasons using blacklisting. * Modules allow users to customize their functionality without having to rebuild the entire kernel. * Modules allow developers to customize their modules without having to rebuild the entire kernel.

Specifically for SGX I can think of the following reasons as well:

* Module-based hypervisors may want to make EPC allocations for their guests.
* Easy experimentation with different EPC interfaces
* Easy experimentation with in-kernel LE

--
Jethro Beekman | Fortanix


/Jarkko


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux