Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()

From: Jarkko Sakkinen
Date: Wed Sep 23 2020 - 09:44:05 EST


On Tue, Sep 22, 2020 at 08:11:14AM -0700, Dave Hansen wrote:
> On 9/22/20 5:58 AM, Jarkko Sakkinen wrote:
> > Intel Sofware Guard eXtensions (SGX) allows creation of executable blobs
> > called enclaves, of which page permissions are defined when the enclave
>
> "of which" => "for which"
>
> > is first loaded. Once an enclave is loaded and initialized, it can be
> > mapped to the process address space.
>
> Could you compare and contrast this a *bit* with existing executables?
> What's special about SGX? ELF executables have page permissions inside
> the binary too. Why don't we use this mechanism for them?

There is no standard file format for enclaves. They are dynamically
built. And the way enclaves are used as part of an app and throwing
container inside enclave differ. A single format would no work too
well for all possible use cases.

I cannot formally prove this of course but it is highly unlikely that
we could ever define such a format. Thus, the security focus is allow
to verify from origin.

And the existing ecosystem around SGX is already too large to suddenly
move to a single format. User base, I guess, is also an argument. This
is not yet mainline code so technically we have zero ABI debt but I
still think this is a valid point because SGX is already widely used.

I'm not really sure what would be the best way to nail this information
to the commit message but I'll try to figure out something before I send
the next version of the patch set.

/Jarkko