On Wed, Jun 19, 2019 at 03:23:52PM -0700, Sean Christopherson wrote: > The SGX enclave loader doesn't need an executable stack, but linkers > will assume it does due to the lack of .note.GNU-stack sections in the > loader's assembly code. As a result, the kernel tags the loader as > having "read implies exec", and so adds PROT_EXEC to all mmap()s, even > those for mapping EPC regions. This will cause problems in the future > when userspace needs to explicit state a page's protection bits when the > page is added to an enclave, e.g. adding TCS pages as R+W will cause > mmap() to fail when the kernel tacks on +X. > > Explicitly tell the linker that an executable stack is not needed. > Alternatively, each .S file could add .note.GNU-stack, but the loader > should never need an executable stack so zap it in one fell swoop. > > Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx> OK, this one is squashed now. Thanks. /Jarkko
