Move mmap() to the internal anonymous enclave file as the latest Linux
distributions tend to map /dev as noexec.
Consequences:
1. Building an enclave requires no special privileges as the device file
has no operations to map the enclave to the address space.
2. Running an enclave requires execu-from-mem privilege as one needs to
be able to map pages with execution rights.
My conclusion is that exec-from-mem is the correct level of privileges
for an enclave because it best represents the actual enclave behaviour.
After this change the mmap()'s will fail expectedly with -ENODEV.
Cc: luto@xxxxxxxxxx
Cc: Stephen Smalley <sds@xxxxxxxxxxxxx>
Cc: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Cc: Haitao Huang <haitao.huang@xxxxxxxxxxxxxxx>
Cc: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
---
arch/x86/kernel/cpu/sgx/driver.c | 45 ++++++++++++++++----------------
1 file changed, 22 insertions(+), 23 deletions(-)
diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/driver.c
index 1c825ef957db..b871dbd1490f 100644
--- a/arch/x86/kernel/cpu/sgx/driver.c
+++ b/arch/x86/kernel/cpu/sgx/driver.c
@@ -57,9 +57,31 @@ static int sgx_encl_file_release(struct inode *inode, struct file *file)
return 0;
}
+static int sgx_encl_file_mmap(struct file *file, struct vm_area_struct *vma)
+{
+ struct sgx_encl *encl = file->private_data;
+ int ret;
+
+ ret = sgx_encl_may_map(encl, vma->vm_start, vma->vm_end,
+ vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC));
+ if (ret)
+ return ret;
+
+ ret = sgx_encl_mm_add(encl, vma->vm_mm);
+ if (ret)
+ return ret;
+
+ vma->vm_ops = &sgx_vm_ops;
+ vma->vm_flags |= VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP | VM_IO;
+ vma->vm_private_data = encl;
+
+ return 0;
+}
+
static const struct file_operations sgx_encl_file_fops = {
.owner = THIS_MODULE,
.release = sgx_encl_file_release,
+ .mmap = sgx_encl_file_mmap,
};
static int sgx_open(struct inode *inode, struct file *file)
@@ -127,28 +149,6 @@ static long sgx_compat_ioctl(struct file *filep, unsigned int cmd,
}
#endif
-static int sgx_mmap(struct file *file, struct vm_area_struct *vma)
-{
- struct file *encl_file = file->private_data;
- struct sgx_encl *encl = encl_file->private_data;
- int ret;
-
- ret = sgx_encl_may_map(encl, vma->vm_start, vma->vm_end,
- vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC));
- if (ret)
- return ret;
-
- ret = sgx_encl_mm_add(encl, vma->vm_mm);
- if (ret)
- return ret;
-
- vma->vm_ops = &sgx_vm_ops;
- vma->vm_flags |= VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP | VM_IO;
- vma->vm_private_data = encl;
-
- return 0;
-}
-
static unsigned long sgx_get_unmapped_area(struct file *file,
unsigned long addr,
unsigned long len,
@@ -172,7 +172,6 @@ static const struct file_operations sgx_encl_dev_fops = {
#ifdef CONFIG_COMPAT
.compat_ioctl = sgx_compat_ioctl,
#endif
- .mmap = sgx_mmap,
.get_unmapped_area = sgx_get_unmapped_area,
};
--
2.25.1
