On Fri, Mar 04, 2022 at 03:25:38AM +0200, Jarkko Sakkinen wrote: > On Fri, Mar 04, 2022 at 03:16:35AM +0200, Jarkko Sakkinen wrote: > > Pre-initialization policy is meant for EADD'd pages because they are > > part of the enclave identity. It's a good practice to not let touch the > > permissions after initialization, and does provide guarantees to e.g. > > LSM's about the enclave. > > > > For EAUG'd pages it should be sufficient to let mmap(), mprotect() and > > SGX opcodes to control the permissions. Thus effectively disable > > pre-initialization policy by setting vm_max_prot_bit and > > vm_run_prot_bits to RWX. > > > > Cc: Reinette Chatre <reinette.chatre@xxxxxxxxx> > > Cc: Nathaniel McCallum <nathaniel@xxxxxxxxxxx> > > Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> > > --- > > arch/x86/kernel/cpu/sgx/encl.c | 8 +------- > > 1 file changed, 1 insertion(+), 7 deletions(-) > > > > diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c > > index 5fe7189eac9d..17feb6fa5578 100644 > > --- a/arch/x86/kernel/cpu/sgx/encl.c > > +++ b/arch/x86/kernel/cpu/sgx/encl.c > > @@ -200,13 +200,7 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, > > encl_page->desc = addr; > > encl_page->encl = encl; > > > > - /* > > - * Adding a regular page that is architecturally allowed to only > > - * be created with RW permissions. > > - * TBD: Interface with user space policy to support max permissions > > - * of RWX. > > - */ > > - prot = PROT_READ | PROT_WRITE; > > + prot = PROT_READ | PROT_WRITE | PROT_EXEC; > > encl_page->vm_run_prot_bits = calc_vm_prot_bits(prot, 0); > > encl_page->vm_max_prot_bits = encl_page->vm_run_prot_bits; > > > > -- > > 2.35.1 > > > > This does not break any existing ABI and at least makes the current > patch set usable. Also it would be a sane limitation to deny EMODPR and EMODT completely for EADD'd pages. Then, you can discard vm_run_prot_bits. It's not needed for anything anymore. This should make implementation considerably less obfuscated. BR, Jarkko
