Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()

From: Dave Hansen
Date: Thu Sep 24 2020 - 19:09:35 EST

Next message: Jason Gunthorpe: "Re: [PATCH rdma-next 00/10] Prepare drivers to move QP allocation to ib_core"
Previous message: Stanimir Varbanov: "Re: [PATCH 2/2] venus: venc: fix handlig of S_SELECTION and G_SELECTION"
In reply to: Sean Christopherson: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Next in thread: Sean Christopherson: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/24/20 4:05 PM, Sean Christopherson wrote:
> The problem is that enforcing permissions via mprotect() needs to be done
> unconditionally, otherwise we end up with weird behavior where the existence
> of an LSM will change what is/isn't allowed, even if the LSM(s) has no SGX
> policy whatsover.

Could we make this a bit less abstract, please?

Could someone point to code or another examples that demonstrates how
the mere existence of an LSM will change what is/isn't allowed?

I can't seem to wrap my head around it as-is.

Next message: Jason Gunthorpe: "Re: [PATCH rdma-next 00/10] Prepare drivers to move QP allocation to ib_core"
Previous message: Stanimir Varbanov: "Re: [PATCH 2/2] venus: venc: fix handlig of S_SELECTION and G_SELECTION"
In reply to: Sean Christopherson: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Next in thread: Sean Christopherson: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]