On Fri, Mar 11, 2022 at 11:28:27AM -0800, Reinette Chatre wrote: > Supporting permission restriction in an ioctl() enables the runtime to manage > the enclave memory without needing to map it. Which is opposite what you do in EAUG. You can also augment pages without needing the map them. Sure you get that capability, but it is quite useless in practice. > I have considered the idea of supporting the permission restriction with > mprotect() but as you can see in this response I did not find it to be > practical. Where is it practical? What is your application? How is it practical to delegate the concurrency management of a split mprotect() to user space? How do we get rid off a useless up-call to the host? > Reinette BR, Jarkko
