From e574ab65d3b21534bb85194eed7d8cb91be0108e Mon Sep 17 00:00:00 2001
From: "Hui, Chunyang" <sanqian.hcy@antfin.com>
Date: Wed, 21 Jun 2023 07:26:41 +0000
Subject: [PATCH] Fix sgx_tprotect_rsrv_mem failure on EDMM-enabled platform

---
 src/libos/src/vm/vm_perms.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/libos/src/vm/vm_perms.rs b/src/libos/src/vm/vm_perms.rs
index 9f65cf0e..41da2d54 100644
--- a/src/libos/src/vm/vm_perms.rs
+++ b/src/libos/src/vm/vm_perms.rs
@@ -14,7 +14,13 @@ bitflags! {
 
 impl VMPerms {
     pub fn from_u32(bits: u32) -> Result<VMPerms> {
-        Self::from_bits(bits).ok_or_else(|| errno!(EINVAL, "invalid bits"))
+        let mut perms = Self::from_bits(bits).ok_or_else(|| errno!(EINVAL, "invalid bits"))?;
+
+        // SGX SDK doesn't accept permissions like write or exec without read.
+        if perms != VMPerms::NONE {
+            perms |= VMPerms::READ
+        }
+        Ok(perms)
     }
 
     pub fn can_read(&self) -> bool {