From: Jarkko Sakkinen
> Sent: 06 November 2018 13:46
>
> Intel Software Guard eXtensions (SGX) is a set of CPU instructions that
> can be used by applications to set aside private regions of code and
> data. The code outside the enclave is disallowed to access the memory
> inside the enclave by the CPU access control.
>
> SGX driver provides a ioctl API for loading and initializing enclaves.
> Address range for enclaves is reserved with mmap() and they are
> destroyed with munmap(). Enclave construction, measurement and
> initialization is done with the provided the ioctl API.
..
> +struct sgx_encl {
> + unsigned int flags;
> + uint64_t attributes;
> + uint64_t xfrm;
> + unsigned int page_cnt;
> + unsigned int secs_child_cnt;
> + struct mutex lock;
> + struct mm_struct *mm;
> + struct file *backing;
> + struct kref refcount;
> + unsigned long base;
> + unsigned long size;
> + unsigned long ssaframesize;
> + struct radix_tree_root page_tree;
> + struct list_head add_page_reqs;
> + struct work_struct add_page_work;
> + struct sgx_encl_page secs;
> + struct pid *tgid;
> + struct mmu_notifier mmu_notifier;
> + struct notifier_block pm_notifier;
> +};
It may not really matter (yet) but there is at least one hole in that strcture.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
