On Fri, 2022-11-04 at 09:34 -0700, Dave Hansen wrote: > On 11/4/22 09:26, Sean Christopherson wrote: > > > I've been re-thinking about this #MC handle on virtual EPC by stepping back to > > > the beginning, and I think we have more problems than this "whether kernel > > > should enforce child cannot mmap() virtual EPC". > > IMO, virtual EPC should be restricted to a single mm_struct, which is what was > > originally proposed many years ago[*]. I should have pushed back harder, but by > > that point I had mostly stopped caring about SGX. > > Considering that we have VM_DONTCOPY set on the vepc VMA, this shouldn't > be too hard to pull off. We could just return -EBUSY if another mm > comes around and tries to mmap() the fd. Yes. We can record the MM which opens /dev/sgx_vepc and reject mmap() from other MMs.
