[RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Dave Hansen
dave.hansen at intel.com
Mon Jun 3 18:45:03 UTC 2019
...
>>> What ensures that the mapping referenced by src can't be changed
>>> to an entirely different one (with a different vm_file) between
>>> the time of check (here) and the time of use?
>>
>> Nothing. Holding mmap_sem across copy_from_user() would suffice,
>> correct?
>
> I don't believe you can do that; copy_from_user() could stall
> indefinitely. Not sure how to do what you want here or if it requires
> changing the interface.
Holding mmap_sem for *read* is OK since you can handle page faults
underneath it. Holding it for write is not.
But, holding it for read also locks out the writers which might be
messing with vm_file or other parts of the VMA.
Holding it for read for a long time is OK. It's obviously not ideal,
but it is something we do widely today.
More information about the Linux-security-module-archive
mailing list