Given that distributions are converting /dev to noexec, there is no really other option than to use an anonymous inode for the enclave run-time representation. This results the following constraints: 1. Enclave can be fully built and initialized by a process with hno special privileges. 2. To run an initialized enclave, exec-from-mem is required. This patche set segregates these responsibilities by keeping the build interface in the device fd and moving the mapping interface to the newly introduced enclave fd. Cc: luto@xxxxxxxxxx Cc: Stephen Smalley <sds@xxxxxxxxxxxxx> Cc: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> Cc: Haitao Huang <haitao.huang@xxxxxxxxxxxxxxx> Cc: Sean Christopherson <sean.j.christopherson@xxxxxxxxx> Jarkko Sakkinen (4): x86/sgx: Remove PROT_NONE branch from sgx_encl_may_map(). x86/sgx: Put enclaves into anonymous files x86/sgx: Move mmap() to the anonymous enclave file x86/sgx: Hand over the enclave file to the user space Documentation/x86/sgx.rst | 13 ++-- arch/x86/include/uapi/asm/sgx.h | 2 + arch/x86/kernel/cpu/sgx/driver.c | 119 +++++++++++++++++++---------- arch/x86/kernel/cpu/sgx/encl.c | 7 +- arch/x86/kernel/cpu/sgx/ioctl.c | 64 +++++++++------- tools/testing/selftests/sgx/load.c | 19 +++-- tools/testing/selftests/sgx/main.c | 3 +- tools/testing/selftests/sgx/main.h | 3 +- 8 files changed, 136 insertions(+), 94 deletions(-) -- 2.25.1
