Re: [PATCH v3 07/18] nitro_enclaves: Init misc device providing the ioctl interface

[Alexander Graf]

On 01.06.20 05:04, Benjamin Herrenschmidt wrote:
> On Thu, 2020-05-28 at 15:12 +0200, Greg KH wrote:
> > So at runtime, after all is booted and up and going, you just ripped
> > cores out from under someone's feet?  :)
> >
> > And the code really handles writing to that value while the module is
> > already loaded and up and running?  At a quick glance, it didn't seem
> > like it would handle that very well as it only is checked at ne_init()
> > time.
> >
> > Or am I missing something?
> >
> > Anyway, yes, if you can dynamically do this at runtime, that's great,
> > but it feels ackward to me to rely on one configuration thing as a
> > module parameter, and everything else through the ioctl interface.
> > Unification would seem to be a good thing, right?
>
> I personally still prefer a sysfs file :) I really don't like module
> parameters as a way to do such things.

I think we're going in circles :).

A module parameter initialized with module_param_cb gives us a sysfs 
file that can also have a default parameter set through easily available 
tooling.

The ioctl has two downsides:

  1) It relies on an external application
  2) The permission check would be strictly limited to CAP_ADMIN, sysfs 
files can have different permissions

So I fail to see how a module parameter is *not* giving both of you and 
me what we want? Of course only if it implements the callback. It was 
missing that and apologize for that oversight.


Alex



Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879