On Wed, Dec 11, 2019 at 01:11:52PM +0200, Jarkko Sakkinen wrote: > On Mon, Dec 09, 2019 at 12:52:55PM -0800, Sean Christopherson wrote: > > Not a fan of making this dependent on -EIO, IMO invalidating iff EEXTEND > > fails is cleaner. In other words, I still think killing the enclave on > > on EADD failure is unnecessary. > > This comes down to whether you consider them as a transaction. I do > and it makes a coherent API. What's your definition of transaction in this context? My interpretation of transaction here would be that each ioctl() should either succeed, fail without modifying persistent (enclave) state, or fail and kill the enclave (because its state modifications are irreversible). EEXTEND falls into the last case because EADD can't be unwound. EADD falls into the middle case because everything up to EADD can be cleanly undone.
