Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Subject: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
From: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
Date: Mon, 21 Sep 2020 16:14:43 +0300
Cc: Andy Lutomirski <luto@xxxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, linux-sgx@xxxxxxxxxxxxxxx, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Linux-MM <linux-mm@xxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Matthew Wilcox <willy@xxxxxxxxxxxxx>, Jethro Beekman <jethro@xxxxxxxxxxxx>, Darren Kenny <darren.kenny@xxxxxxxxxx>, Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>, asapek@xxxxxxxxxx, Borislav Petkov <bp@xxxxxxxxx>, "Xing, Cedric" <cedric.xing@xxxxxxxxx>, chenalexchen@xxxxxxxxxx, Conrad Parker <conradparker@xxxxxxxxxx>, cyhanish@xxxxxxxxxx, Dave Hansen <dave.hansen@xxxxxxxxx>, "Huang, Haitao" <haitao.huang@xxxxxxxxx>, Josh Triplett <josh@xxxxxxxxxxxxxxxx>, "Huang, Kai" <kai.huang@xxxxxxxxx>, "Svahn, Kai" <kai.svahn@xxxxxxxxx>, Keith Moyer <kmoy@xxxxxxxxxx>, Christian Ludloff <ludloff@xxxxxxxxxx>, Neil Horman <nhorman@xxxxxxxxxx>, Nathaniel McCallum <npmccallum@xxxxxxxxxx>, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>, David Rientjes <rientjes@xxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, yaozhangx@xxxxxxxxxx
In-reply-to: <20200921124946.GF6038@linux.intel.com>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
References: <20200915112842.897265-1-jarkko.sakkinen@linux.intel.com> <20200915112842.897265-11-jarkko.sakkinen@linux.intel.com> <CALCETrX9T1ZUug=M5ba9g4H5B7kV=yL5RzuTaeAEdy3uAieN_A@mail.gmail.com> <20200918235337.GA21189@sjchrist-ice> <20200921124946.GF6038@linux.intel.com>

On Mon, Sep 21, 2020 at 03:49:56PM +0300, Jarkko Sakkinen wrote:
> The 2nd part of the answer is the answer to the question: why we want to
> feed LSM hooks enclaves exactly in this state.

The question can be further refined as why: why this is the best
possible set of substates to filter in?

"no holes" part is obvious as the consequence of not surpassing
permissions of any of the pages in range, as you could otherwise
break the state with ioctl(SGX_ENCLAVE_ADD_PAGES) with permssions
that are below the mmap permissions.

/Jarkko

References:
- [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Jarkko Sakkinen
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Andy Lutomirski
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Sean Christopherson
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Jarkko Sakkinen

Prev by Date: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
Next by Date: [linux-next:pending-fixes] BUILD SUCCESS 3d0d0d2eb359e332fbe7962a5fa62e8c85961243
Previous by thread: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
Next by thread: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Bugtraq] [Linux OMAP] [Linux MIPS] [eCos] [Asterisk Internet PBX] [Linux API]