On Mon, Dec 10, 2018 at 03:21:37PM -0800, Sean Christopherson wrote: > At that point I realized it's a hell of a lot easier to simply provide > an IOCTL via /dev/sgx that allows userspace to register a per-process > ENCLU exception handler. At a high level, the basic idea is the same > as the vDSO approach: provide a hardcoded fixup handler for ENCLU and > attempt to fixup select unhandled exceptions that occurred in user code. So, on the one hand, this is *absolutely* much cleaner than the VDSO approach. On the other hand, this is global process state and has some of the same problems as a signal handler as a result.
