On 7/9/2019 3:25 PM, Sean Christopherson wrote:
On Tue, Jul 09, 2019 at 01:41:28PM -0700, Xing, Cedric wrote:
On 7/9/2019 10:09 AM, Sean Christopherson wrote:
Translating those to SGX, with a lot of input from Stephen, I ended up
with the following:
- FILE__ENCLAVE_EXECUTE: equivalent to FILE__EXECUTE, required to gain X
on an enclave page loaded from a regular file
- PROCESS2__ENCLAVE_EXECDIRTY: hybrid of EXECMOD and EXECUTE+WRITE,
required to gain W->X on an enclave page
EXECMOD basically indicates a file containing self-modifying code. Your
ENCLAVE_EXECDIRTY is however a process permission, which is illogical.
How is it illogical? If a PROCESS wants to EXECute a DIRTY ENCLAVE page,
then it needs PROCESS2__ENCLAVE_EXECDIRTY
Just think of the purpose of FILE__EXECMOD. It indicates to LSM the file
has self-modifying code, hence W->X transition should be considered
"normal" and allowed, regardless which process that file is loaded into.
The same thing for enclaves here. Whether an enclave contains
self-modifying code is specific to that enclave, regardless which
process it is loaded into.
But what are you doing is quite the opposite, and that's I mean by
"illogical".
