On Wed, Dec 19, 2018 at 08:41:12AM +0000, Jethro Beekman wrote:
One weird thing is the departure from the normal mmap behavior that the
memory mapping persists even if the original fd is closed. (See man mmap:
"closing the file descriptor does not unmap the region.")
The mmapped region and enclave would be completely disjoint to start
with. The enclave driver code would assume that an enclave VMA exists
when it maps enclave address space to a process.
I.e. VMA would no longer reference to the enclave or vice versa but
you would still create an enclave VMA with mmap().
This is IMHO very clear and well-defined semantics.
struct sgx_enclave_add_page {
__u64 enclave_fd;
__u64 src;
__u64 secinfo;
__u16 mrmask;
} __attribute__((__packed__));
Wouldn't you just pass enclave_fd as the ioctl fd parameter?
I'm still planning to keep the API in the device fd and use enclave_fd
as handle to the enclave address space. I don't see any obvious reason
to change that behavior.
And if we ever add any "global" ioctls, then we would have to define
APIs to both fd's, which would become a mess.
How to specify the address of the page that is being added?
Yes, that is correct and my bad to remove it (just quickly drafted what
I had in mind).
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature