On 1/6/21 5:42 PM, Kai Huang wrote: >> I understand why this made sense for regular enclaves, but I'm having a >> harder time here. If you mmap(fd, MAP_SHARED), fork(), and then pass >> that mapping through to two different guests, you get to hold the >> pieces, just like if you did the same with normal memory. >> >> Why does the kernel need to enforce this policy? > Does Sean's reply in another email satisfy you? I'm not totally convinced. Please give it a go in the changelog for the next one and try to convince me that this is a good idea. Focus on what the downsides will be if the kernel does not enforce this policy. What will break, and why will it be bad? Why is the kernel in the best position to thwart the badness?
