in src/enclave_proc/resource_manager.rs [627:681]
fn init_memory(&mut self, connection: Option<&Connection>) -> NitroCliResult<()> {
// Allocate the memory regions needed by the enclave.
safe_conn_eprintln(connection, "Start allocating memory...")?;
let requested_mem_mib = self.resource_allocator.requested_mem >> 20;
let regions = self
.resource_allocator
.allocate()
.map_err(|e| e.add_subaction("Failed to allocate enclave memory".to_string()))?;
self.allocated_memory_mib = regions.iter().fold(0, |mut acc, val| {
acc += val.mem_size;
acc
}) >> 20;
if self.allocated_memory_mib < requested_mem_mib {
return Err(new_nitro_cli_failure!(
&format!(
"Failed to allocate sufficient memory (requested {} MB, but got {} MB)",
requested_mem_mib, self.allocated_memory_mib
),
NitroCliErrorEnum::InsufficientMemoryAvailable
)
.add_info(vec!["memory", &requested_mem_mib.to_string()]));
}
let eif_file = self.eif_file.as_mut().ok_or_else(|| {
new_nitro_cli_failure!(
"Failed to get mutable reference to EIF file",
NitroCliErrorEnum::FileOperationFailure
)
})?;
let mut image_load_info = ImageLoadInfo {
flags: NE_EIF_IMAGE,
memory_offset: 0,
};
EnclaveHandle::do_ioctl(self.enc_fd, NE_GET_IMAGE_LOAD_INFO, &mut image_load_info)
.map_err(|e| e.add_subaction("Get image load info ioctl failed".to_string()))?;
debug!("Memory load information: {:?}", image_load_info);
write_eif_to_regions(eif_file, regions, image_load_info.memory_offset as usize)
.map_err(|e| e.add_subaction("Write EIF to enclave memory regions".to_string()))?;
// Provide the regions to the driver for ownership change.
for region in regions {
let mut user_mem_region: UserMemoryRegion = region.into();
EnclaveHandle::do_ioctl(self.enc_fd, NE_SET_USER_MEMORY_REGION, &mut user_mem_region)
.map_err(|e| e.add_subaction("Set user memory region ioctl failed".to_string()))?;
}
info!("Finished initializing memory.");
Ok(())
}