Hi Jarkko, On 4/14/2022 4:20 AM, Jarkko Sakkinen wrote: > On Wed, 2022-04-13 at 14:10 -0700, Reinette Chatre wrote: >> With SGX1 an enclave needs to be created with its maximum memory demands >> allocated. Pages cannot be added to an enclave after it is initialized. >> SGX2 introduces a new function, ENCLS[EAUG], that can be used to add >> pages to an initialized enclave. With SGX2 the enclave still needs to >> set aside address space for its maximum memory demands during enclave >> creation, but all pages need not be added before enclave initialization. >> Pages can be added during enclave runtime. >> >> Add support for dynamically adding pages to an initialized enclave, >> architecturally limited to RW permission at creation but allowed to >> obtain RWX permissions after trusted enclave runs EMODPE. Add pages >> via the page fault handler at the time an enclave address without a >> backing enclave page is accessed, potentially directly reclaiming >> pages if no free pages are available. >> >> The enclave is still required to run ENCLU[EACCEPT] on the page before >> it can be used. A useful flow is for the enclave to run ENCLU[EACCEPT] >> on an uninitialized address. This will trigger the page fault handler >> that will add the enclave page and return execution to the enclave to >> repeat the ENCLU[EACCEPT] instruction, this time successful. >> >> If the enclave accesses an uninitialized address in another way, for >> example by expanding the enclave stack to a page that has not yet been >> added, then the page fault handler would add the page on the first >> write but upon returning to the enclave the instruction that triggered >> the page fault would be repeated and since ENCLU[EACCEPT] was not run >> yet it would trigger a second page fault, this time with the SGX flag >> set in the page fault error code. This can only be recovered by entering >> the enclave again and directly running the ENCLU[EACCEPT] instruction on >> the now initialized address. >> >> Accessing an uninitialized address from outside the enclave also >> triggers this flow but the page will remain inaccessible (access will >> result in #PF) until accepted from within the enclave via >> ENCLU[EACCEPT]. >> >> Reviewed-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> >> Tested-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> >> Signed-off-by: Reinette Chatre <reinette.chatre@xxxxxxxxx> > > I'm presuming that Haitao tested with this applied, right? Yes, I will move his Tested-by to this patch. Reinette
