On Wed, Mar 09, 2022 at 10:52:22AM +0200, Jarkko Sakkinen wrote: > On Fri, Mar 04, 2022 at 11:35:08AM +0200, Jarkko Sakkinen wrote: > > +#define SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS \ > > + _IOWR(SGX_MAGIC, 0x05, struct sgx_enclave_restrict_perm) > > What if this was replaced with just SGX_IOC_ENCLAVE_RESET_PAGES, which > would simply do EMODPR with PROT_NONE? The main ingredient of EMODPR is to > flush out the TLB's, and move a page to pending state, which cannot be done > from inside the enclave. > > It's there because of microarchitecture constraints, and less so to work as > a reasonable permission control mechanism (actually it does terrible job on > that side and only confuses). > > Once you have this magic TLB reset button in place you can just do one > EACCEPT and EMODPE inside the enclave and you're done. > > This is also kind of atomic in the sense that EACCEPT free's a page with no > rights so no misuse can happend before EMODPE has tuned EPCM. I wonder if this type of pattern could be made work out for Graphene: 1. SGX_IOC_ENCLAVE_RESET_PAGES 2. EACCEPT + EMODPE This kind of delivers EMODP that everyone has been looking for. BR, Jarkko
