On Fri, Sep 18, 2020 at 08:09:04AM -0700, Andy Lutomirski wrote: > On Tue, Sep 15, 2020 at 4:28 AM Jarkko Sakkinen > <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote: > > > > From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx> > > > > Add vm_ops()->mprotect() for additional constraints for a VMA. > > > > Intel Software Guard eXtensions (SGX) will use this callback to add two > > constraints: > > > > 1. Verify that the address range does not have holes: each page address > > must be filled with an enclave page. > > 2. Verify that VMA permissions won't surpass the permissions of any enclave > > page within the address range. Enclave cryptographically sealed > > permissions for each page address that set the upper limit for possible > > VMA permissions. Not respecting this can cause #GP's to be emitted. > > It's been awhile since I looked at this. Can you remind us: is this > just preventing userspace from shooting itself in the foot or is this > something more important? > > --Andy Haitao found this: https://patchwork.kernel.org/patch/10978327/ The way I understand it, for an LSM hook it makes sense that the mprotect() can deduce a single permission for an enclave address range. With those constraints it is possible. /Jarkko
