Re: [PATCH v20 00/28] Intel SGX1 support

From: Thomas Gleixner
Date: Fri Apr 19 2019 - 16:40:13 EST

Next message: Alan Stern: "Re: general protection fault in __dev_printk"
Previous message: Alexandre Belloni: "Re: [PATCH v3 1/1] rtc: ds3232: get SRAM access using NVMEM Framework"
In reply to: Jethro Beekman: "Re: [PATCH v20 00/28] Intel SGX1 support"
Next in thread: Jethro Beekman: "Re: [PATCH v20 00/28] Intel SGX1 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 19 Apr 2019, Jethro Beekman wrote:

> On 2019-04-19 08:27, Andy Lutomirski wrote:
> > There are many,
> > many Linux systems that enforce a policy that *all* executable text
> > needs to come from a verified source. On these systems, you can't
> > mmap some writable memory, write to it, and then change it to
> > executable.
>
> How is this implemented on those systems? AFAIK there's no kernel config
> option that changes the semantics of mmap as you describe.

That has nothing to do with mmap() semantics. You mmap() writeable memory
and then you change the permissions via mprotect(). mprotect() calls into
LSM and depending on policy and security model this will reject the
request.

Andy was pointing out that the SGX ioctl bypasses the LSM mechanics which
is obviously a bad thing.

Thanks,

tglx

Next message: Alan Stern: "Re: general protection fault in __dev_printk"
Previous message: Alexandre Belloni: "Re: [PATCH v3 1/1] rtc: ds3232: get SRAM access using NVMEM Framework"
In reply to: Jethro Beekman: "Re: [PATCH v20 00/28] Intel SGX1 support"
Next in thread: Jethro Beekman: "Re: [PATCH v20 00/28] Intel SGX1 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]