On Thu, Feb 20, 2020 at 10:48:42AM -0800, Sean Christopherson wrote: > My biggest concern for allowing PROT_EXEC if RIE is that it would result > in #PF(SGX) (#GP on Skylake) due to an EPCM violation if the enclave > actually tried to execute from such a page. This isn't a problem for the > kernel as the fault will be reported cleanly through the vDSO (or get > delivered as a SIGSEGV if the enclave isn't entered through the vDSO), but > it's a bit weird for userspace as userspace will see the #PF(SGX) and > likely assume the EPC was lost, e.g. silently restart the enclave instead > of logging an error that the enclave is broken. I think right way to fix the current implementation is to -EACCES mmap() (and mprotect) when !!(current->personality & READ_IMPLIES_EXEC). This way supporting RIE can be reconsidered later on without any potential ABI bottlenecks. /Jarkko
