Re: [PATCH v20 00/28] Intel SGX1 support
From: Thomas Gleixner
Date: Fri Apr 19 2019 - 16:40:13 EST
On Fri, 19 Apr 2019, Jethro Beekman wrote:
> On 2019-04-19 08:27, Andy Lutomirski wrote:
> > There are many,
> > many Linux systems that enforce a policy that *all* executable text
> > needs to come from a verified source. On these systems, you can't
> > mmap some writable memory, write to it, and then change it to
> > executable.
>
> How is this implemented on those systems? AFAIK there's no kernel config
> option that changes the semantics of mmap as you describe.
That has nothing to do with mmap() semantics. You mmap() writeable memory
and then you change the permissions via mprotect(). mprotect() calls into
LSM and depending on policy and security model this will reject the
request.
Andy was pointing out that the SGX ioctl bypasses the LSM mechanics which
is obviously a bad thing.
Thanks,
tglx