Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions

[Reinette Chatre]

Hi Jarkko,

On 3/13/2022 8:42 PM, Jarkko Sakkinen wrote:
> On Fri, Mar 11, 2022 at 11:28:27AM -0800, Reinette Chatre wrote:
>> Supporting permission restriction in an ioctl() enables the runtime to manage
>> the enclave memory without needing to map it.
> 
> Which is opposite what you do in EAUG. You can also augment pages without
> needing the map them. Sure you get that capability, but it is quite useless
> in practice.
> 
>> I have considered the idea of supporting the permission restriction with
>> mprotect() but as you can see in this response I did not find it to be
>> practical.
> 
> Where is it practical? What is your application? How is it practical to
> delegate the concurrency management of a split mprotect() to user space?
> How do we get rid off a useless up-call to the host?
> 

The email you responded to contained many obstacles against using mprotect()
but you chose to ignore them and snipped them all from your response. Could
you please address the issues instead of dismissing them? 

Reinette