Reduce redundant mprotect ocall

2021-02-04 07:24:10 +00:00 · 2021-02-04 07:24:10 +00:00 · a2959c17df
commit a2959c17df
parent 79b264a6c8
3 changed files with 15 additions and 6 deletions
--- a/src/libos/src/vm/user_space_vm.rs
+++ b/src/libos/src/vm/user_space_vm.rs
@ -19,11 +19,11 @@ impl UserSpaceVMManager {
    pub fn alloc(&self, size: usize) -> Result<UserSpaceVMRange> {
        let vm_range = unsafe {
            let ptr = sgx_alloc_rsrv_mem(size);
-            let perm = MemPerm::READ | MemPerm::WRITE | MemPerm::EXEC;
+            let perm = MemPerm::READ | MemPerm::WRITE;
            if ptr.is_null() {
                return_errno!(ENOMEM, "run out of reserved memory");
            }
-            // Change the page permission to RWX
+            // Change the page permission to RW (default)
            assert!(sgx_tprotect_rsrv_mem(ptr, size, perm.bits()) == sgx_status_t::SGX_SUCCESS);

            let addr = ptr as usize;
--- a/src/libos/src/vm/vm_manager.rs
+++ b/src/libos/src/vm/vm_manager.rs
@ -319,7 +319,9 @@ impl VMManager {
            options.initializer.init_slice(buf)?;
        }
        // Set memory permissions
-        Self::apply_perms(&new_vma, new_vma.perms());
+        if !options.perms.is_default() {
+            Self::apply_perms(&new_vma, new_vma.perms());
+        }

        // After initializing, we can safely insert the new VMA
        self.insert_new_vma(insert_idx, new_vma);
@ -371,7 +373,9 @@ impl VMManager {
                Self::flush_file_vma(&intersection_vma);

                // Reset memory permissions
-                Self::apply_perms(&intersection_vma, VMPerms::default());
+                if !&intersection_vma.perms().is_default() {
+                    Self::apply_perms(&intersection_vma, VMPerms::default());
+                }

                vma.subtract(&intersection_vma)
            })
--- a/src/libos/src/vm/vm_perms.rs
+++ b/src/libos/src/vm/vm_perms.rs
@ -6,7 +6,8 @@ bitflags! {
        const READ        = 0x1;
        const WRITE       = 0x2;
        const EXEC        = 0x4;
-        const ALL         = Self::READ.bits | Self::WRITE.bits | Self::EXEC.bits;
+        const DEFAULT     = Self::READ.bits | Self::WRITE.bits;
+        const ALL         = Self::DEFAULT.bits | Self::EXEC.bits;
    }
 }

@ -26,10 +27,14 @@ impl VMPerms {
    pub fn can_execute(&self) -> bool {
        self.contains(VMPerms::EXEC)
    }
+
+    pub fn is_default(&self) -> bool {
+        self.bits == Self::DEFAULT.bits
+    }
 }

 impl Default for VMPerms {
    fn default() -> Self {
-        VMPerms::ALL
+        VMPerms::DEFAULT
    }
 }