On Thu, Mar 21, 2019 at 09:47:14AM -0700, Sean Christopherson wrote: > Hotplugging what? EPC can't be hotplugged, EPC enumeration through CPUID > won't change post-boot and the ACPI entry can't be relied upon for EPC > base/size information when there are multiple EPC sections. AFAIK still there should be no multiple entries with the same id. > What if we clear vm_private_data? And maybe do a pr_warn_ratelimited() > so that userspace gets some form of notification that forking an enclave > failed. A NULL encl is easy to check in the fault handler and any where > else we consume vmas. That might work. > Ah, I see the flow. If we do keep the enclave killing behavior then I > think it'd make sense to let this be handled by checking SGX_ENCL_DEAD. > But AFAICT things will "just work" if we nullify vm_private_data. Yeah so I would refine this by nullifying vm_private_data as you suggested. This will keep other processes alive having the enclave. #PF handler shoud check that and SIGBUS. /Jarkko
