On Thu, Jun 27, 2019 at 01:29:39PM -0700, Xing, Cedric wrote: > > From: linux-sgx-owner@xxxxxxxxxxxxxxx [mailto:linux-sgx- > > owner@xxxxxxxxxxxxxxx] On Behalf Of Stephen Smalley > > Sent: Tuesday, June 25, 2019 1:48 PM > > > > On 6/21/19 12:54 PM, Xing, Cedric wrote: > > >> From: Christopherson, Sean J > > >> Sent: Wednesday, June 19, 2019 3:24 PM > > >> > > >> diff --git a/security/security.c b/security/security.c index > > >> 613a5c00e602..03951e08bdfc 100644 > > >> --- a/security/security.c > > >> +++ b/security/security.c > > >> @@ -2359,3 +2359,10 @@ void security_bpf_prog_free(struct > > bpf_prog_aux *aux) > > >> call_void_hook(bpf_prog_free_security, aux); > > >> } > > >> #endif /* CONFIG_BPF_SYSCALL */ > > >> + > > >> +#ifdef CONFIG_INTEL_SGX > > >> +int security_enclave_map(unsigned long prot) { > > >> + return call_int_hook(enclave_map, 0, prot); } #endif /* > > >> +CONFIG_INTEL_SGX */ > > > > > > Why is this new security_enclave_map() necessary while > > security_mmap_file() will also be invoked? > > > > security_mmap_file() doesn't know about enclaves. It will just end up > > checking FILE__READ, FILE__WRITE, and FILE__EXECUTE to /dev/sgx/enclave. > > This was noted in the patch description. > > Surely I understand all those. As I mentioned in my other email, > enclave_load() could indicate to LSM that a file is an enclave. Of course > mmap() could be invoked before any pages are loaded so LSM wouldn't know at > the first mmap(), but that doesn't matter as an empty enclave wouldn't post > any threats anyway. security_mmap_file() is invoked before the final address is known, and MAP_FIXED isn't technically required.
