Passing Large Structures to an Enclave is not Causing Paging in the Enclave Page Cache (EPC)

Declared ecall in Enclave Definition Language (EDL) file as:

public sgx_status_t ecall_sort_table([in] struct table_t * rel);

The table_t structure is 1.1 GB, which is much larger than the 128-MB EPC. The memory used in the enclave is much less than the allocated memory of the structure in the untrusted application, and there is no paging in the EPC.

The above structure and ecall function definitions result in a shallow copy of the structure. A shallow copy copies only the pointer addresses, not the actual data referenced by the pointers. In this case, the pointer address is copied to the enclave's memory space in the EPC, or trusted domain, but the data remains in the untrusted domain. The EPC is not experiencing paging because the majority of the data remains in the untrusted domain.

Below are structure definitions and declarations that achieve a shallow copy and a deep copy. To deep copy the structure data to the EPC, declare the structures in the EDL file using count and size, which are set by the developer.

After compilation, check enclave_t.c to see the generated proxy functions. The function sgx_ecall_deep_sort_table shows the iterative deep copy of the structure from untrusted memory to trusted memory.

Refer to the Structures, Enums, and Unions section in the Intel® SGX Developer Reference Guide for Linux* for a full explanation of how to achieve a deep copy of the structure elements into the trusted domain.

The edger8 tool automatically generates the proxy functions that marshal data between the untrusted and trusted domains before the code is compiled. The count and size parameters in the EDL file tell the edger8 tool how much memory to copy in the proxy functions.