On 11/4/22 09:26, Sean Christopherson wrote: >> I've been re-thinking about this #MC handle on virtual EPC by stepping back to >> the beginning, and I think we have more problems than this "whether kernel >> should enforce child cannot mmap() virtual EPC". > IMO, virtual EPC should be restricted to a single mm_struct, which is what was > originally proposed many years ago[*]. I should have pushed back harder, but by > that point I had mostly stopped caring about SGX. Considering that we have VM_DONTCOPY set on the vepc VMA, this shouldn't be too hard to pull off. We could just return -EBUSY if another mm comes around and tries to mmap() the fd.
