On Wed, 2022-04-13 at 14:10 -0700, Reinette Chatre wrote: > With SGX1 an enclave needs to be created with its maximum memory demands > allocated. Pages cannot be added to an enclave after it is initialized. > SGX2 introduces a new function, ENCLS[EAUG], that can be used to add > pages to an initialized enclave. With SGX2 the enclave still needs to > set aside address space for its maximum memory demands during enclave > creation, but all pages need not be added before enclave initialization. > Pages can be added during enclave runtime. > > Add support for dynamically adding pages to an initialized enclave, > architecturally limited to RW permission at creation but allowed to > obtain RWX permissions after trusted enclave runs EMODPE. Add pages > via the page fault handler at the time an enclave address without a > backing enclave page is accessed, potentially directly reclaiming > pages if no free pages are available. > > The enclave is still required to run ENCLU[EACCEPT] on the page before > it can be used. A useful flow is for the enclave to run ENCLU[EACCEPT] > on an uninitialized address. This will trigger the page fault handler > that will add the enclave page and return execution to the enclave to > repeat the ENCLU[EACCEPT] instruction, this time successful. > > If the enclave accesses an uninitialized address in another way, for > example by expanding the enclave stack to a page that has not yet been > added, then the page fault handler would add the page on the first > write but upon returning to the enclave the instruction that triggered > the page fault would be repeated and since ENCLU[EACCEPT] was not run > yet it would trigger a second page fault, this time with the SGX flag > set in the page fault error code. This can only be recovered by entering > the enclave again and directly running the ENCLU[EACCEPT] instruction on > the now initialized address. > > Accessing an uninitialized address from outside the enclave also > triggers this flow but the page will remain inaccessible (access will > result in #PF) until accepted from within the enclave via > ENCLU[EACCEPT]. > > Reviewed-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> > Tested-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> > Signed-off-by: Reinette Chatre <reinette.chatre@xxxxxxxxx> I'm presuming that Haitao tested with this applied, right? BR, Jarkko
