On Mon, Oct 07, 2019 at 11:10:24AM +0300, Jarkko Sakkinen wrote:
> Actually, maybe like this:
>
> struct sgx_enclave_add_page_desc {
> __u64 addr;
> __u64 offset;
> __u64 secinfo;
> __u16 mrmask;
> __u8 reserved[6];
> };
>
> struct sgx_enclave_add_page {
> __u64 src;
> __u64 nr_pages;
> __u64 pages;
> };
Of course we should remove @addr:
struct sgx_enclave_add_page_desc {
__u64 offset;
__u16 mrmask;
__u8 reserved[6];
};
struct sgx_enclave_add_page {
__u64 src;
__u64 secinfo;
__u64 nr_pages;
__u64 pages;
};
That is something we have forgot to do. We should have started to use
offset instead of address when we moved to fd based API. Anyway I think
this kind of API where you give array of descriptors from one source
would be optimal.
Also, @secinfo is better to be out of the descriptor so that let say
LSM checks could be done with a single callback.
/Jarkko
