| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Sep 2020 14:28:28 +0300
From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To: x86@...nel.org, linux-sgx@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
Sean Christopherson <sean.j.christopherson@...el.com>,
linux-mm@...ck.org, Andrew Morton <akpm@...ux-foundation.org>,
Matthew Wilcox <willy@...radead.org>,
Jethro Beekman <jethro@...tanix.com>,
Darren Kenny <darren.kenny@...cle.com>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
andriy.shevchenko@...ux.intel.com, asapek@...gle.com, bp@...en8.de,
cedric.xing@...el.com, chenalexchen@...gle.com,
conradparker@...gle.com, cyhanish@...gle.com,
dave.hansen@...el.com, haitao.huang@...el.com,
josh@...htriplett.org, kai.huang@...el.com, kai.svahn@...el.com,
kmoy@...gle.com, ludloff@...gle.com, luto@...nel.org,
nhorman@...hat.com, npmccallum@...hat.com, puiterwijk@...hat.com,
rientjes@...gle.com, tglx@...utronix.de, yaozhangx@...gle.com
Subject: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
From: Sean Christopherson <sean.j.christopherson@...el.com>
Add vm_ops()->mprotect() for additional constraints for a VMA.
Intel Software Guard eXtensions (SGX) will use this callback to add two
constraints:
1. Verify that the address range does not have holes: each page address
must be filled with an enclave page.
2. Verify that VMA permissions won't surpass the permissions of any enclave
page within the address range. Enclave cryptographically sealed
permissions for each page address that set the upper limit for possible
VMA permissions. Not respecting this can cause #GP's to be emitted.
Cc: linux-mm@...ck.org
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Matthew Wilcox <willy@...radead.org>
Acked-by: Jethro Beekman <jethro@...tanix.com>
Reviewed-by: Darren Kenny <darren.kenny@...cle.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@...el.com>
Co-developed-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
---
include/linux/mm.h | 3 +++
mm/mprotect.c | 5 ++++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 97c83773b6f0..717726fcace6 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -547,6 +547,9 @@ struct vm_operations_struct {
void (*close)(struct vm_area_struct * area);
int (*split)(struct vm_area_struct * area, unsigned long addr);
int (*mremap)(struct vm_area_struct * area);
+ int (*mprotect)(struct vm_area_struct *vma,
+ struct vm_area_struct **pprev, unsigned long start,
+ unsigned long end, unsigned long newflags);
vm_fault_t (*fault)(struct vm_fault *vmf);
vm_fault_t (*huge_fault)(struct vm_fault *vmf,
enum page_entry_size pe_size);
diff --git a/mm/mprotect.c b/mm/mprotect.c
index ce8b8a5eacbb..f170f3da8a4f 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -610,7 +610,10 @@ static int do_mprotect_pkey(unsigned long start, size_t len,
tmp = vma->vm_end;
if (tmp > end)
tmp = end;
- error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
+ if (vma->vm_ops && vma->vm_ops->mprotect)
+ error = vma->vm_ops->mprotect(vma, &prev, nstart, tmp, newflags);
+ else
+ error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
if (error)
goto out;
nstart = tmp;
--
2.25.1
Powered by blists - more mailing lists