[PATCH v26 10/22] x86/sgx: Linux Enclave Driver
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Thu Feb 20 22:16:07 UTC 2020
On Thu, Feb 20, 2020 at 10:48:42AM -0800, Sean Christopherson wrote:
> My biggest concern for allowing PROT_EXEC if RIE is that it would result
> in #PF(SGX) (#GP on Skylake) due to an EPCM violation if the enclave
> actually tried to execute from such a page. This isn't a problem for the
> kernel as the fault will be reported cleanly through the vDSO (or get
> delivered as a SIGSEGV if the enclave isn't entered through the vDSO), but
> it's a bit weird for userspace as userspace will see the #PF(SGX) and
> likely assume the EPC was lost, e.g. silently restart the enclave instead
> of logging an error that the enclave is broken.
I think right way to fix the current implementation is to -EACCES mmap()
(and mprotect) when !!(current->personality & READ_IMPLIES_EXEC).
This way supporting RIE can be reconsidered later on without any
potential ABI bottlenecks.
/Jarkko
More information about the Linux-security-module-archive
mailing list