On 10/01/2018 07:29 AM, Sean Christopherson wrote: >> Could we perhaps have a little vDSO entry (or syscall, I suppose) that >> runs an enclave an returns an error code, and rig up the #PF handler >> to check if the error happened in the vDSO entry and fix it up rather >> than sending a signal? > > If we want to avoid having to install a signal handler then I'm pretty > sure we'd need to fixup all #GPs and "bad access" #PFs that occur on > EENTER or in the enclave, not just PF_SGX faults. SGX1 hardware takes > a #GP instead of a #PF on EPCM faults, and SGX2 hardware allows enclaves > to allocate/free/adjust EPC pages at runtime, e.g. an enclave runtime > might want to intercept #PFs from within the enclave so that the enclave > can dynamically grow its stack. I think the technique Andy describes can be used for that as well. It basically works for any case where we know which instructions will take an exception (any exception), call the instruction from a fixed location, and know the fault(s) it can throw. To me, it's almost like turning these faulting instructions into mini syscall instructions. They enter the kernel only when they need help, though, instead of always.
