ClawSeven commented on code in PR #436: URL: https://github.com/apache/incubator-teaclave-sgx-sdk/pull/436#discussion_r1410414318
########## sgx_trts/src/emm/ema.rs: ########## @@ -0,0 +1,719 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License.. + +use crate::arch::{SE_PAGE_SHIFT, SE_PAGE_SIZE}; +use crate::emm::{PageInfo, PageRange, PageType, ProtFlags}; +use crate::enclave::is_within_enclave; +use alloc::boxed::Box; +use intrusive_collections::{intrusive_adapter, LinkedListLink, UnsafeRef}; +use sgx_tlibc_sys::{c_void, EACCES, EFAULT, EINVAL}; +use sgx_types::error::OsResult; + +use super::alloc::AllocType; +use super::alloc::{RsrvAlloc, StaticAlloc}; +use super::bitmap::BitArray; +use super::ocall; +use super::page::AllocFlags; +use super::pfhandler::PfHandler; + +/// Enclave Management Area +/// +/// Question: should we replace BitArray with pointer +/// to split struct into two pieces of 80 bytes and 32 bytes or an entity of 104 bytes? +#[repr(C)] +pub(crate) struct Ema { + // page aligned start address + start: usize, + // bytes, round to page bytes + length: usize, + alloc_flags: AllocFlags, + info: PageInfo, + // bitmap for EACCEPT status + // FIXME: replace BitArray with pointer + eaccept_map: Option<BitArray>, + // custom PF handler + handler: Option<PfHandler>, + // private data for PF handler + priv_data: Option<*mut c_void>, + alloc: AllocType, + // intrusive linkedlist + link: LinkedListLink, +} + +// Implement ema adapter for the operations of intrusive linkedlist +intrusive_adapter!(pub(crate) EmaAda = UnsafeRef<Ema>: Ema { link: LinkedListLink }); + +#[derive(Clone, Copy)] +/// Options for allocating Emas. +pub struct EmaOptions { + pub addr: Option<usize>, + pub length: usize, + pub alloc_flags: AllocFlags, + pub alloc: AllocType, + info: PageInfo, + handler: Option<PfHandler>, + priv_data: Option<*mut c_void>, +} + +// TODO: remove send and sync +unsafe impl Send for Ema {} +unsafe impl Sync for Ema {} + +impl Ema { + /// Initialize Emanode with null eaccept map, + /// and start address must be page aligned + pub fn new( Review Comment: I used to consider Clone trait, but I think the Clone trait has different semantics with our implemention. The default Clone has the meaning that "Clone all the fields with default allocator". However, in our use case of `split()` function, we just want to "Clone all the fields except bitmap with inner allocator". Initially, I contemplated utilizing the Clone trait, but upon deeper analysis, I've come to realize that its semantics diverge from our implementation. The inherent implication of the default Clone is that it performs a "field-by-field clone using the default allocator." In contrast, within the context of our `split()` function, our objective is to "clone all fields, excluding the bitmap, utilizing the inner allocator." This distinction in behavior necessitates a more tailored approach to suit our specific cloning needs. ########## sgx_trts/src/emm/ema.rs: ########## @@ -0,0 +1,719 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License.. + +use crate::arch::{SE_PAGE_SHIFT, SE_PAGE_SIZE}; +use crate::emm::{PageInfo, PageRange, PageType, ProtFlags}; +use crate::enclave::is_within_enclave; +use alloc::boxed::Box; +use intrusive_collections::{intrusive_adapter, LinkedListLink, UnsafeRef}; +use sgx_tlibc_sys::{c_void, EACCES, EFAULT, EINVAL}; +use sgx_types::error::OsResult; + +use super::alloc::AllocType; +use super::alloc::{RsrvAlloc, StaticAlloc}; +use super::bitmap::BitArray; +use super::ocall; +use super::page::AllocFlags; +use super::pfhandler::PfHandler; + +/// Enclave Management Area +/// +/// Question: should we replace BitArray with pointer +/// to split struct into two pieces of 80 bytes and 32 bytes or an entity of 104 bytes? +#[repr(C)] +pub(crate) struct Ema { + // page aligned start address + start: usize, + // bytes, round to page bytes + length: usize, + alloc_flags: AllocFlags, + info: PageInfo, + // bitmap for EACCEPT status + // FIXME: replace BitArray with pointer + eaccept_map: Option<BitArray>, + // custom PF handler + handler: Option<PfHandler>, + // private data for PF handler + priv_data: Option<*mut c_void>, + alloc: AllocType, + // intrusive linkedlist + link: LinkedListLink, +} + +// Implement ema adapter for the operations of intrusive linkedlist +intrusive_adapter!(pub(crate) EmaAda = UnsafeRef<Ema>: Ema { link: LinkedListLink }); + +#[derive(Clone, Copy)] +/// Options for allocating Emas. +pub struct EmaOptions { + pub addr: Option<usize>, + pub length: usize, + pub alloc_flags: AllocFlags, + pub alloc: AllocType, + info: PageInfo, + handler: Option<PfHandler>, + priv_data: Option<*mut c_void>, +} + +// TODO: remove send and sync +unsafe impl Send for Ema {} +unsafe impl Sync for Ema {} + +impl Ema { + /// Initialize Emanode with null eaccept map, + /// and start address must be page aligned + pub fn new( Review Comment: Initially, I contemplated utilizing the Clone trait, but upon deeper analysis, I've come to realize that its semantics diverge from our implementation. The inherent implication of the default Clone is that it performs a "field-by-field clone using the default allocator." In contrast, within the context of our `split()` function, our objective is to "clone all fields, excluding the bitmap, utilizing the inner allocator." This distinction in behavior necessitates a more tailored approach to suit our specific cloning needs. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org For additional commands, e-mail: notifications-h...@teaclave.apache.org
