On Mon, 2019-06-17 at 15:24 -0700, Sean Christopherson wrote: > Do not allow an enclave page to be mapped with PROT_EXEC if the source > vma does not have VM_MAYEXEC. This effectively enforces noexec as > do_mmap() clears VM_MAYEXEC if the vma is being loaded from a noexec > path, i.e. prevents executing a file by loading it into an enclave. > > Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx> Andy, I recall you questioning this earlier. What was your argument and what are your thoughts ATM? /Jarkko
