On Tue, Oct 08, 2019 at 11:09:31AM +0200, Borislav Petkov wrote: > On Mon, Oct 07, 2019 at 07:50:11AM -0700, Sean Christopherson wrote: > > The caller is responsible for ensuring EREMOVE can be safely executed, > > e.g. by holding the enclave's lock. > > lockdep_assert_held() here maybe? There are a few flows where a page can be removed without holding a lock, e.g. when the enclave is being released, and for Version Array (VA) pages, which are not associated with a single enclave. We could probably force a lockdep assert with an extra parameter, but I'm not sure that'd be a net positive.