On Mon, Dec 17, 2018 at 02:20:48PM -0800, Sean Christopherson wrote: > The only potential hiccup I can see is the build flow. Currently, > EADD+EEXTEND is done via a work queue to avoid major performance issues > (10x regression) when userspace is building multiple enclaves in parallel > using goroutines to wrap Cgo (the issue might apply to any M:N scheduler, > but I've only confirmed the Golang case). The issue is that allocating > an EPC page acts like a blocking syscall when the EPC is under pressure, > i.e. an EPC page isn't immediately available. This causes Go's scheduler > to thrash and tank performance[1]. I don't see any major issues having that kthread. All the code that maps the enclave would be removed. I would only allow to map enclave to process address space after the enclave has been initialized i.e. SGX_IOC_ENCLAVE_ATTACH. /Jarkko
