[RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks

Andy Lutomirski luto at kernel.org
Mon Jul 1 19:36:04 UTC 2019


On Mon, Jul 1, 2019 at 11:31 AM Xing, Cedric <cedric.xing at intel.com> wrote:
> I intended to say the major reason I objected Sean's approach was its inability to support SGX2 smoothly - as #PF driven EAUG requires non-existent pages to be mmap()'ed, otherwise vm_ops->fault wouldn't be dispatched so EAUG couldn't be issued in response to #PF.

I still think that, if the kernel wants to support #PF-driven EAUG, it
should be an opt-in thing.  It would be something like
SGX_IOC_ADD_LAZY_EAUG_PAGES or similar.  If it's done that way, then
the driver needs to learn how to track ranges of pages efficiently,
which is another reason to consider leaving all the fancy page / page
range tracking in the driver.

I don't think it's a good idea for a page fault on any non-EADDed page
in ELRANGE to automatically populate the page.



More information about the Linux-security-module-archive mailing list