Re: [PATCH for_v23 0/7] x86/sgx: Improve add pages ioctl

["Haitao Huang" <haitao.huang@linux.intel.com>]

On Tue, 08 Oct 2019 23:42:34 -0500, Sean Christopherson  
<sean.j.christopherson@intel.com> wrote:

> Enhance the SGX_IOC_ENCLAVE_ADD_PAGE{S} ioctl so that userspace can add
> multiple pages to an enclave in a single syscall.  Also provide a flag
> that allows replicating a single source page to multiple target pages so
> that userspace doesn't need to allocate a giant chunk of memory when
> initializing things like the enlave's .bss, heap, etc...
>
> People that actually develop runtimes, please weigh in.  Jarkko also
> suggested going with a fully flexible ioctl, e.g. essentially creating an
> array of the existing struct so that mrmask and/or secinfo can be unique
> per page.  AFAICT that's overkill and more cumbersome to use as it forces
> userspace to allocate the full array.  My understanding is that the
> majority of enclaves will have contiguous blocks of pages with identical
> mrmask and secinfo, e.g. code segments, ro data, etc..., thus the less
> flexible but easier-in-theory to use approach proposed here.
>
We think using the same mask for all pages (solution in this patch set) is  
reasonable. Although it seems odd that all pages would apply the same  
mask, this allows enough flexibility we can foresee.

Another option acceptable to us (Intel SGX runtime) is to change it to a  
flag and have bit zero define whether the whole page is measured via  
EEXTEND. This is simpler and allows other bits reserved for future usages.  
However, it would fail any SGX runtime that is measuring partial page for  
optimization purposes.