On Mon, Nov 04, 2019 at 12:54:01PM -0800, Sean Christopherson wrote: > On Mon, Nov 04, 2019 at 10:01:40PM +0200, Jarkko Sakkinen wrote: > > __sgx_encl_add_page() can only fail in the case of EPCM conflict at least > > in non-artificial situations. > > Huh? EADD can fail for a variety of reasons. I can't think of a use case > where userspace _won't_ kill the enclave in response to failure, but that > doesn't justify killing the enclave, e.g. we don't kill the enclave in any > other error path that is just as indicative of a userspace bug. I think it does because it is the only sane metrics to take and it also makes the semantics more sound and coherent. > > Also, it consistent semantics in rollback is something to pursue for. > > I don't follow this at all. How is it inconsistent to state that errors > are handled gracefully unless they're unrecoverable? Always when the user space gets -EIO it will know that enclave ceased to exist. That is very consistent. > > Thus, destroy enclave when the EADD fails as we do when EEXTEND fails > > already. > > > > In the cases it is sane to return -EIO. From this the caller can deduce > > the failure and knows that the enclave was destroyed. The previous > > -EFAULT could happen in numerous situations. > > This should be a separate patch. No it shouldn't because it is so closely connected to the semantics change. /Jarkko
