Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()

From: Sean Christopherson
Date: Mon Oct 26 2020 - 20:46:47 EST

Next message: Kyle Huey: "Re: [PATCH] Fix compat regression in process_vm_rw()"
Previous message: Sasha Levin: "[PATCH AUTOSEL 5.9 008/147] sparc64: remove mm_cpumask clearing to fix kthread_use_mm race"
In reply to: Andy Lutomirski: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 26, 2020 at 03:59:35PM -0700, Andy Lutomirski wrote:
> > On Oct 26, 2020, at 3:51 AM, Dr. Greg <greg@xxxxxxxxxxxx> wrote:
> > The open question in all of this is that the EDMM paper, as well as
> > the SDM, indicate the effects of an ENCLU[EMODPE] are immediate inside
> > of a running enclave. I'm assuming that this does NOT mean that once
> > a context of execution is running in enclave mode it would be capable
> > of evading standard page protections but the 'immediate' is somewhat
> > disquieting and probably deserves clarification, despite Dave Hansen's
> > adament concerns about discussing the instruction... :-)
>
> If EMODPE writes an entry into the TLB that violates PTE permissions, then we
> have a real problem. I would be very surprised if this were to be the case.

EMODPE only affects the EPCM, it doesn't magically change the PTEs or insert
into the TLB. The "immediate" wording in the whitepaper is differentiating it
from EMODPR and EMODT, where the modifications only take effect after they have
been verified by the enclave via EACCEPT.

Next message: Kyle Huey: "Re: [PATCH] Fix compat regression in process_vm_rw()"
Previous message: Sasha Levin: "[PATCH AUTOSEL 5.9 008/147] sparc64: remove mm_cpumask clearing to fix kthread_use_mm race"
In reply to: Andy Lutomirski: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]