On Thu, Feb 20, 2020 at 04:32:22PM -0800, Andy Lutomirski wrote: > > On Feb 20, 2020, at 2:16 PM, Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote: > > > > On Thu, Feb 20, 2020 at 10:48:42AM -0800, Sean Christopherson wrote: > >> My biggest concern for allowing PROT_EXEC if RIE is that it would result > >> in #PF(SGX) (#GP on Skylake) due to an EPCM violation if the enclave > >> actually tried to execute from such a page. This isn't a problem for the > >> kernel as the fault will be reported cleanly through the vDSO (or get > >> delivered as a SIGSEGV if the enclave isn't entered through the vDSO), but > >> it's a bit weird for userspace as userspace will see the #PF(SGX) and > >> likely assume the EPC was lost, e.g. silently restart the enclave instead > >> of logging an error that the enclave is broken. > > > > I think right way to fix the current implementation is to -EACCES mmap() > > (and mprotect) when !!(current->personality & READ_IMPLIES_EXEC). > > > > This way supporting RIE can be reconsidered later on without any > > potential ABI bottlenecks. > > > > Sounds good to me. I see no credible reason why anyone would use RIE and SGX. Great, thanks Andy. /Jarkko
