Re: [PATCH v26 10/22] x86/sgx: Linux Enclave Driver

From: Andy Lutomirski
Date: Thu Feb 20 2020 - 19:32:28 EST

> On Feb 20, 2020, at 2:16 PM, Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote:
> ïOn Thu, Feb 20, 2020 at 10:48:42AM -0800, Sean Christopherson wrote:
>> My biggest concern for allowing PROT_EXEC if RIE is that it would result
>> in #PF(SGX) (#GP on Skylake) due to an EPCM violation if the enclave
>> actually tried to execute from such a page. This isn't a problem for the
>> kernel as the fault will be reported cleanly through the vDSO (or get
>> delivered as a SIGSEGV if the enclave isn't entered through the vDSO), but
>> it's a bit weird for userspace as userspace will see the #PF(SGX) and
>> likely assume the EPC was lost, e.g. silently restart the enclave instead
>> of logging an error that the enclave is broken.
> I think right way to fix the current implementation is to -EACCES mmap()
> (and mprotect) when !!(current->personality & READ_IMPLIES_EXEC).
> This way supporting RIE can be reconsidered later on without any
> potential ABI bottlenecks.

Sounds good to me. I see no credible reason why anyone would use RIE and SGX.

> /Jarkko