[Pal/Linux-SGX] Allow READ+WRITE mmap of protected files selectively

[lejunzhu]

Mmap() on protected files only allows PROT_READ or PROT_WRITE, not both.
However, when MAP_PRIVATE flag is present, changes to the file do not need
to be written back to the file, essentially makes the behavior of file access
identical to the read only mmap.

By allowing READ+WRITE mmap with MAP_PRIVATE flag, it is now possible to load
executables from the protected FS.

Fixes #196

Signed-off-by: Lejun Zhu [email protected]

---

This change is 

[pwmarcz]

Reviewable status: 0 of 5 files reviewed, 1 unresolved discussion, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @lejunzhu)

a discussion (no related file):
Hi. I'm actually about to replace the whole PAL protected files subsystem with a new version ("encrypted files") that works on all PALs, so unfortunately, the code that you modified will be gone soon. See #371 for background: basically, there were too many design problems to keep developing the current PAL-based design.

The good news is that we just merged support this feature (mapping files, including R+W private and shared mappings), this was done in PR #550.

Could you check if this works for your use case? The new subsystem is not documented yet, but you can take a look at LibOS/shim/test/regression/manifest.template for usage details (basically, instead of using sgx.protected_files, you need to mount a file/directory using { type = "encrypted" }. Later, sgx.protected_files will also use this subsystem).

---

[lejunzhu]

I just tried PR #550 and it is working well. So I'll close this PR.