[RFC PATCH v4 03/12] selftests: x86/sgx: Mark the enclave loader as not needing an exec stack
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Thu Jun 20 21:17:12 UTC 2019
On Wed, Jun 19, 2019 at 03:23:52PM -0700, Sean Christopherson wrote:
> The SGX enclave loader doesn't need an executable stack, but linkers
> will assume it does due to the lack of .note.GNU-stack sections in the
> loader's assembly code. As a result, the kernel tags the loader as
> having "read implies exec", and so adds PROT_EXEC to all mmap()s, even
> those for mapping EPC regions. This will cause problems in the future
> when userspace needs to explicit state a page's protection bits when the
> page is added to an enclave, e.g. adding TCS pages as R+W will cause
> mmap() to fail when the kernel tacks on +X.
>
> Explicitly tell the linker that an executable stack is not needed.
> Alternatively, each .S file could add .note.GNU-stack, but the loader
> should never need an executable stack so zap it in one fell swoop.
>
> Signed-off-by: Sean Christopherson <sean.j.christopherson at intel.com>
OK, this one is squashed now. Thanks.
/Jarkko
More information about the Linux-security-module-archive
mailing list