Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()

From: Jarkko Sakkinen
Date: Mon Sep 21 2020 - 09:14:56 EST

Next message: Hans de Goede: "Re: [PATCH 3/3] platform/x86: Intel PMT Crashlog capability driver"
Previous message: Qinglang Miao: "[PATCH -next] crypto: mediatek - simplify the return expression of mtk_dfe_dse_reset()"
In reply to: Jarkko Sakkinen: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 21, 2020 at 03:49:56PM +0300, Jarkko Sakkinen wrote:
> The 2nd part of the answer is the answer to the question: why we want to
> feed LSM hooks enclaves exactly in this state.

The question can be further refined as why: why this is the best
possible set of substates to filter in?

"no holes" part is obvious as the consequence of not surpassing
permissions of any of the pages in range, as you could otherwise
break the state with ioctl(SGX_ENCLAVE_ADD_PAGES) with permssions
that are below the mmap permissions.

/Jarkko

Next message: Hans de Goede: "Re: [PATCH 3/3] platform/x86: Intel PMT Crashlog capability driver"
Previous message: Qinglang Miao: "[PATCH -next] crypto: mediatek - simplify the return expression of mtk_dfe_dse_reset()"
In reply to: Jarkko Sakkinen: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]