[RFC PATCH v3 2/4] x86/64: Call LSM hooks from SGX subsystem/module
Sean Christopherson
sean.j.christopherson at intel.com
Tue Jul 9 01:03:15 UTC 2019
On Sun, Jul 07, 2019 at 04:41:32PM -0700, Cedric Xing wrote:
...
> @@ -575,6 +576,46 @@ static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long addr,
> return ret;
> }
>
> +static int sgx_encl_prepare_page(struct file *filp, unsigned long dst,
> + unsigned long src, void *buf)
> +{
> + struct vm_area_struct *vma;
> + unsigned long prot;
> + int rc;
> +
> + if (dst & ~PAGE_SIZE)
> + return -EINVAL;
> +
> + rc = down_read_killable(¤t->mm->mmap_sem);
> + if (rc)
> + return rc;
> +
> + vma = find_vma(current->mm, dst);
> + if (vma && dst >= vma->vm_start)
> + prot = _calc_vm_trans(vma->vm_flags, VM_READ, PROT_READ) |
> + _calc_vm_trans(vma->vm_flags, VM_WRITE, PROT_WRITE) |
> + _calc_vm_trans(vma->vm_flags, VM_EXEC, PROT_EXEC);
> + else
> + prot = 0;
> +
> + vma = find_vma(current->mm, src);
> + if (!vma || src < vma->vm_start || src + PAGE_SIZE > vma->vm_end)
> + rc = -EFAULT;
> +
> + if (!rc && !(vma->vm_flags & VM_MAYEXEC))
> + rc = -EACCES;
Disallowing loading enclave *data* from a noexec file system is an arbitrary
and weird restriction.
> +
> + if (!rc && copy_from_user(buf, (void __user *)src, PAGE_SIZE))
> + rc = -EFAULT;
> +
> + if (!rc)
> + rc = security_enclave_load(filp, dst, PAGE_SIZE, prot, vma);
> +
> + up_read(¤t->mm->mmap_sem);
> +
> + return rc;
> +}
More information about the Linux-security-module-archive
mailing list