Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()'
From: Jarkko Sakkinen
Date: Fri Sep 18 2020 - 19:25:23 EST
On Fri, Sep 18, 2020 at 08:09:04AM -0700, Andy Lutomirski wrote:
> On Tue, Sep 15, 2020 at 4:28 AM Jarkko Sakkinen
> <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote:
> > From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> > Add vm_ops()->mprotect() for additional constraints for a VMA.
> > Intel Software Guard eXtensions (SGX) will use this callback to add two
> > constraints:
> > 1. Verify that the address range does not have holes: each page address
> > must be filled with an enclave page.
> > 2. Verify that VMA permissions won't surpass the permissions of any enclave
> > page within the address range. Enclave cryptographically sealed
> > permissions for each page address that set the upper limit for possible
> > VMA permissions. Not respecting this can cause #GP's to be emitted.
> It's been awhile since I looked at this. Can you remind us: is this
> just preventing userspace from shooting itself in the foot or is this
> something more important?
Haitao found this:
The way I understand it, for an LSM hook it makes sense that the
mprotect() can deduce a single permission for an enclave address range.
With those constraints it is possible.