Hi Couple of remarks that are not reasoned in the code too well: 1. Why to allow to mmap() to a range where pages have differing permissions? I think it would be better just to require all pages in a range to have the same permissions. 2. Why not require exact match with the PROT bits? 3. Why don't just store SECINFO flags on EADD? Doing calc_vma_prot_bits() on fly is not expensive. Now data in SECINFO flags is scattered to two different fields (desc and vm_max_prot_bits). I'd just have a field called secinfo_flags. This came up when I noted that SGX_IOC_ENCLAVE_ADD_PAGE documentation was not updated when this permission handling came up. I started to do it but stumped into these questions. I also wonder why the API documentation has not been updated... /Jarkko
