On Tue, Sep 15, 2020 at 02:28:28PM +0300, Jarkko Sakkinen wrote:
> From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
>
> Add vm_ops()->mprotect() for additional constraints for a VMA.
>
> Intel Software Guard eXtensions (SGX) will use this callback to add two
> constraints:
>
> 1. Verify that the address range does not have holes: each page address
> must be filled with an enclave page.
> 2. Verify that VMA permissions won't surpass the permissions of any enclave
> page within the address range. Enclave cryptographically sealed
> permissions for each page address that set the upper limit for possible
> VMA permissions. Not respecting this can cause #GP's to be emitted.
>
> Cc: linux-mm@xxxxxxxxx
> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
> Acked-by: Jethro Beekman <jethro@xxxxxxxxxxxx>
> Reviewed-by: Darren Kenny <darren.kenny@xxxxxxxxxx>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> Co-developed-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
> ---
> include/linux/mm.h | 3 +++
> mm/mprotect.c | 5 ++++-
> 2 files changed, 7 insertions(+), 1 deletion(-)
Needs an ACK from an mm person.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
