[RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Sean Christopherson
sean.j.christopherson at intel.com
Thu Jun 6 02:04:17 UTC 2019
On Tue, Jun 04, 2019 at 02:43:09PM -0700, Xing, Cedric wrote:
> > From: Christopherson, Sean J
> > Sent: Tuesday, June 04, 2019 1:37 PM
> >
> > On Tue, Jun 04, 2019 at 01:29:10PM -0700, Andy Lutomirski wrote:
> > > On Fri, May 31, 2019 at 4:32 PM Sean Christopherson
> > > <sean.j.christopherson at intel.com> wrote:
> > > > static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long
> > > > addr, diff --git a/include/linux/lsm_hooks.h
> > > > b/include/linux/lsm_hooks.h index 47f58cfb6a19..0562775424a0 100644
> > > > --- a/include/linux/lsm_hooks.h
> > > > +++ b/include/linux/lsm_hooks.h
> > > > @@ -1446,6 +1446,14 @@
> > > > * @bpf_prog_free_security:
> > > > * Clean up the security information stored inside bpf prog.
> > > > *
> > > > + * Security hooks for Intel SGX enclaves.
> > > > + *
> > > > + * @enclave_load:
> > > > + * On success, returns 0 and optionally adjusts @allowed_prot
> > > > + * @vma: the source memory region of the enclave page being
> > loaded.
> > > > + * @prot: the initial protection of the enclave page.
> > >
> > > What do you mean "initial"? The page is always mapped PROT_NONE when
> > > this is called, right? I feel like I must be missing something here.
> >
> > Initial protection in the EPCM. Yet another reason to ignore SECINFO.
>
> I know you guys are talking in the background that all pages are mmap()'ed
> PROT_NONE. But that's an unnecessary limitation.
Not all pages have to be mmap()'d PROT_NONE, only pages that do not have
an associated enclave page.
> And @prot here should be @target_vma->vm_flags&(VM_READ|VM_WRITE|VM_EXEC).
I don't follow, there is no target_vma at this point.
More information about the Linux-security-module-archive
mailing list