Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Subject: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
From: Dave Hansen <dave.hansen@xxxxxxxxx>
Date: Thu, 24 Sep 2020 16:09:25 -0700
Cc: Haitao Huang <haitao.huang@xxxxxxxxxxxxxxx>, Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, linux-sgx@xxxxxxxxxxxxxxx, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Linux-MM <linux-mm@xxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Matthew Wilcox <willy@xxxxxxxxxxxxx>, Jethro Beekman <jethro@xxxxxxxxxxxx>, Darren Kenny <darren.kenny@xxxxxxxxxx>, Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>, asapek@xxxxxxxxxx, Borislav Petkov <bp@xxxxxxxxx>, "Xing, Cedric" <cedric.xing@xxxxxxxxx>, chenalexchen@xxxxxxxxxx, Conrad Parker <conradparker@xxxxxxxxxx>, cyhanish@xxxxxxxxxx, "Huang, Haitao" <haitao.huang@xxxxxxxxx>, Josh Triplett <josh@xxxxxxxxxxxxxxxx>, "Huang, Kai" <kai.huang@xxxxxxxxx>, "Svahn, Kai" <kai.svahn@xxxxxxxxx>, Keith Moyer <kmoy@xxxxxxxxxx>, Christian Ludloff <ludloff@xxxxxxxxxx>, Neil Horman <nhorman@xxxxxxxxxx>, Nathaniel McCallum <npmccallum@xxxxxxxxxx>, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>, David Rientjes <rientjes@xxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, yaozhangx@xxxxxxxxxx
In-reply-to: <20200924230501.GA20095@linux.intel.com>
References: <20200922053515.GA97687@linux.intel.com> <20200922164301.GB30874@linux.intel.com> <20200923135056.GD5160@linux.intel.com> <op.0rgp5h0hwjvjmi@mqcpg7oapc828.gar.corp.intel.com> <20200924192853.GA18826@linux.intel.com> <c680f7bd-2d82-6477-707f-cd03aae4b4aa@intel.com> <20200924200156.GA19127@linux.intel.com> <e4bcb25f-581a-da93-502b-b8f73e28286a@intel.com> <20200924202549.GB19127@linux.intel.com> <e25bfeaa-afb4-3928-eb80-50d90815eabb@intel.com> <20200924230501.GA20095@linux.intel.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0

On 9/24/20 4:05 PM, Sean Christopherson wrote:
> The problem is that enforcing permissions via mprotect() needs to be done
> unconditionally, otherwise we end up with weird behavior where the existence
> of an LSM will change what is/isn't allowed, even if the LSM(s) has no SGX
> policy whatsover.

Could we make this a bit less abstract, please?

Could someone point to code or another examples that demonstrates how
the mere existence of an LSM will change what is/isn't allowed?

I can't seem to wrap my head around it as-is.

Follow-Ups:
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Sean Christopherson

References:
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Jarkko Sakkinen
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Sean Christopherson
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Jarkko Sakkinen
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Haitao Huang
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Sean Christopherson
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Dave Hansen
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Sean Christopherson
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Dave Hansen
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Sean Christopherson
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Dave Hansen
- Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
  - From: Sean Christopherson

Prev by Date: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
Next by Date: [linux-next:master] BUILD REGRESSION d1d2220c7f39d0fca302c4ba6cca4ede01660a2b
Previous by thread: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
Next by thread: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Bugtraq] [Linux OMAP] [Linux MIPS] [eCos] [Asterisk Internet PBX] [Linux API]