On Tue, Feb 22, 2022 at 11:19:11AM -0800, Reinette Chatre wrote: > Hi Jarkko, > > On 2/20/2022 10:40 AM, Jarkko Sakkinen wrote: > ... > > > Do you know if it is possible to do EAUG, EMODPR and the do a single > > EACCEPT for both? Just looking at pseudo-code, it looked doable but > > I need to check this. > > > > I.e. EAUG has this > > > > EPCM(DS:RCX).BLOCKED := 0; > > EPCM(DS:RCX).PENDING := 1; > > EPCM(DS:RCX).MODIFIED := 0; > > EPCM(DS:RCX).PR := 0; > > (* associate the EPCPAGE with the SECS by storing the SECS identifier of DS:TMP_SECS *) > > Update EPCM(DS:RCX) SECS identifier to reference DS:TMP_SECS identifier; > > (* Set EPCM valid fields *) > > EPCM(DS:RCX).VALID := 1; > > > > And EMODPR only checks .VALID. > > After that check there is also: > IF (EPCM(DS:RCX).PENDING is not 0 or (EPCM(DS:RCX).MODIFIED is not 0) ) > THEN > RFLAGS.ZF := 1; > RAX := SGX_PAGE_NOT_MODIFIABLE; > GOTO DONE; > FI; > > Attempting the SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS ioctl() on a recently > added page (EAUG) that has not yet been EACCEPTed is thus expected to fail > with errno of EFAULT (indicating ENCLS[EMODPR] failure) and the returned > structure's result field set to 20 (SGX_PAGE_NOT_MODIFIABLE). > > I confirmed this behavior by modifying the "augment" kselftest test by adding > a SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS call between the new memory access and > the EACCEPT. Thank you, also Mark confirmed this. BR, Jarkko
