This also breaks one of the original rules of SGX as per: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/x86/sgx.rst#n74 "EPCM permissions are separate from the normal page tables. This prevents the kernel from, for instance, allowing writes to data which an enclave wishes to remain read-only." In these changes the kernel allows all dynamically added pages to be executable - even when the enclave wishes them not to be. > Then, remove vm_run_prot_bits. For EADD'd pages the roof is where > it was during construction, for EAUG'd we don't simply care. This > hard to keep in-sync variable adds only a layer of complexity and > nothing else. > > Without vm_run_prot_bits existing, SGX_IOC_ENCLAVE_RELAX_PERMISSIONS > does absolutely nothing. Therefore, it can be safely removed. Removing vm_run_prot_bits cripples SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS. With this removal SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS will support the modification of EPCM permissions but PTE and VMA permissions will continue to allow the maximum access possible for the page, whether the enclave page supports the permission or not. I find it risky to circumvent the kernel's security mechanisms and I am not comfortable signing off on this. Or am I just not understanding it correctly? Reinette
