On Wed, Dec 19, 2018 at 06:45:15AM -0800, Sean Christopherson wrote: > I agree with Jethro, passing the enclave_fd as a param is obnoxious. > And it means the user needs to open /dev/sgx to do anything with an > enclave fd, e.g. the enclave fd might be passed to a builder thread, Please note that this is not really a thing that I care that much in the end of the day because either approach is straight forward to implement. That is why asked from Jethro, which is more superfluous. > Take a look at virt/kvm/kvm_main.c to see how KVM manages anon inodes > and ioctls for VMs and vCPUs. I actually grabbed anon inode code from in-kernel LE code and started to transform it to this framework just because I was familiar with that snippet (because I wrote it) but yeah the idea is similar as in there. /Jarkko