[PATCH v26 10/22] x86/sgx: Linux Enclave Driver
Andy Lutomirski
luto at amacapital.net
Fri Feb 21 00:32:22 UTC 2020
> On Feb 20, 2020, at 2:16 PM, Jarkko Sakkinen <jarkko.sakkinen at linux.intel.com> wrote:
>
> On Thu, Feb 20, 2020 at 10:48:42AM -0800, Sean Christopherson wrote:
>> My biggest concern for allowing PROT_EXEC if RIE is that it would result
>> in #PF(SGX) (#GP on Skylake) due to an EPCM violation if the enclave
>> actually tried to execute from such a page. This isn't a problem for the
>> kernel as the fault will be reported cleanly through the vDSO (or get
>> delivered as a SIGSEGV if the enclave isn't entered through the vDSO), but
>> it's a bit weird for userspace as userspace will see the #PF(SGX) and
>> likely assume the EPC was lost, e.g. silently restart the enclave instead
>> of logging an error that the enclave is broken.
>
> I think right way to fix the current implementation is to -EACCES mmap()
> (and mprotect) when !!(current->personality & READ_IMPLIES_EXEC).
>
> This way supporting RIE can be reconsidered later on without any
> potential ABI bottlenecks.
>
Sounds good to me. I see no credible reason why anyone would use RIE and SGX.
> /Jarkko
More information about the Linux-security-module-archive
mailing list