On Mon, Oct 01, 2018 at 07:29:03AM -0700, Sean Christopherson wrote: > On Wed, 2018-09-26 at 14:15 -0700, Andy Lutomirski wrote: > > runs an enclave an returns an error code, and rig up the #PF handler > > to check if the error happened in the vDSO entry and fix it up rather > > than sending a signal? > > > If we want to avoid having to install a signal handler then I'm pretty > sure we'd need to fixup all #GPs and "bad access" #PFs that occur on > EENTER or in the enclave, not just PF_SGX faults. SGX1 hardware takes > a #GP instead of a #PF on EPCM faults, and SGX2 hardware allows enclaves > to allocate/free/adjust EPC pages at runtime, e.g. an enclave runtime > might want to intercept #PFs from within the enclave so that the enclave > can dynamically grow its stack. If I've understood Andy's proposal correctly, the run-time would get the same information as with a signal. The delivery path for this information would be just different. /Jarkko
