On 12/17/18 11:49 AM, Jarkko Sakkinen wrote:
>> Yeah, the code is built to have one VMA and only one VMA per enclave.
>> You need to go over the origin of this restriction and what enforces this.
> It is before ECREATE but after that you can split it with mprotect().
>
> Lets take an example. I'm not sure how we would acquire mm efficiently
> in sgx_encl_page_reclaim() otherwise than having it as a field in encl.
You're effectively rebuilding reverse-mapping infrastructure here. It's
a frequent thing for the core VM to need to go from 'struct page' back
to the page tables mapping it. For that we go (logically)
page->{anon_vma,mapping}->vma->vm_mm->pagetable.
This, on the other hand, is trying to do page->encl->mm->pagetable. You
could very easily have a VMA analog in there instead of jumping straight
to the mm.
