On Mon, Aug 19, 2019 at 10:54:21AM -0700, Sean Christopherson wrote: > On Mon, Aug 19, 2019 at 06:24:31PM +0300, Jarkko Sakkinen wrote: > > I did some backtracking today how the permission flow worked. > > > > With the maximum VM flags defined for a page, what if EADD is done after > > mmap()? E.g. we first do mmap() with RWX and later EADD with lets say > > RW. > > sgx_encl_may_map() returns -EACCESS on any attempt to mmap()/mprotect() a > range that is not fully covered by EADD'd pages with any of PROT_READ, > PROT_WRITE or PROT_EXEC. This is handled in the !page check below. Aah so it was. Can you send me a patch to extend the kdoc with additional paragraph to remark this? /Jarkko
