Incomplete/unsafe signal handling with SGX1

[prp]

Background

With SGX1 enclaves, it is not possible to obtain information inside the enclave about #PF and #GP exceptions.

The current behaviour of OE is therefore to not deliver #PF and #GP exceptions to the enclave. This causes problems for applications running with SGX-LKL that need to register signal handlers for SIGSEGV to work correctly, e.g. the OpenJDK JVM.

Therefore the SGX-LKL OE branch contains a workaround that delivers #PF exceptions to the enclave, even though these exceptions cannot be validated by the enclave. Since this is an attack vector, SGX-LKL now has an enclave_config parameter unsafe_host_signals, which controls if this behaviour is permitted.

Open issues

• [ ] Currently, unsafe_host_signals has a default value of true, as otherwise all Java CI tests and tests that require SIGSEGV to be handled are broken. Due to its security implications, the default for unsafe_host_signals should be false.

• [ ] The current support for SIGSEGVs with unsafe_host_signals exposes the signal to the enclave but it does not relay the address that caused the page fault to the enclave. This results in unstable JVM execution (see #645). It is not clear if there is a way of obtaining the faulting address with SGX1.

• [ ] The OE patch for #PF exception support in the feature/sgx-lkl-support branch of OE is a workaround that cannot be upstreamed to master. It should be redesigned to find a more permanent solution for SGX1 exception handling.

(cc: @mikbras @davidchisnall @letmaik @paulcallen)

The first of these is p1, once this is done the remainder should be marked as p2.