| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210712061046.497212718@linuxfoundation.org>
Date: Mon, 12 Jul 2021 08:12:52 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Tim Gardner <tim.gardner@...onical.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
Reinette Chatre <reinette.chatre@...el.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Shuah Khan <shuah@...nel.org>, linux-sgx@...r.kernel.org,
linux-kselftest@...r.kernel.org,
Shuah Khan <skhan@...uxfoundation.org>,
Sasha Levin <sashal@...nel.org>
Subject: [PATCH 5.13 749/800] selftests/sgx: remove checks for file execute permissions
From: Dave Hansen <dave.hansen@...ux.intel.com>
[ Upstream commit 4896df9d53ae5521f3ce83751e828ad70bc65c80 ]
The SGX selftests can fail for a bunch of non-obvious reasons
like 'noexec' permissions on /dev (which is the default *EVERYWHERE*
it seems).
A new test mistakenly also looked for +x permission on the
/dev/sgx_enclave. File execute permissions really only apply to
the ability of execve() to work on a file, *NOT* on the ability
for an application to map the file with PROT_EXEC. SGX needs to
mmap(PROT_EXEC), but doesn't need to execve() the device file.
Remove the check.
Fixes: 4284f7acb78b ("selftests/sgx: Improve error detection and messages")
Reported-by: Tim Gardner <tim.gardner@...onical.com>
Cc: Jarkko Sakkinen <jarkko@...nel.org>
Cc: Reinette Chatre <reinette.chatre@...el.com>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Shuah Khan <shuah@...nel.org>
Cc: linux-sgx@...r.kernel.org
Cc: linux-kselftest@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Tested-by: Reinette Chatre <reinette.chatre@...el.com>
Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>
Signed-off-by: Shuah Khan <skhan@...uxfoundation.org>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
tools/testing/selftests/sgx/load.c | 16 +++-------------
1 file changed, 3 insertions(+), 13 deletions(-)
diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c
index f441ac34b4d4..bae78c3263d9 100644
--- a/tools/testing/selftests/sgx/load.c
+++ b/tools/testing/selftests/sgx/load.c
@@ -150,16 +150,6 @@ bool encl_load(const char *path, struct encl *encl)
goto err;
}
- /*
- * This just checks if the /dev file has these permission
- * bits set. It does not check that the current user is
- * the owner or in the owning group.
- */
- if (!(sb.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) {
- fprintf(stderr, "no execute permissions on device file %s\n", device_path);
- goto err;
- }
-
ptr = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_SHARED, fd, 0);
if (ptr == (void *)-1) {
perror("mmap for read");
@@ -169,13 +159,13 @@ bool encl_load(const char *path, struct encl *encl)
#define ERR_MSG \
"mmap() succeeded for PROT_READ, but failed for PROT_EXEC.\n" \
-" Check that current user has execute permissions on %s and \n" \
-" that /dev does not have noexec set: mount | grep \"/dev .*noexec\"\n" \
+" Check that /dev does not have noexec set:\n" \
+" \tmount | grep \"/dev .*noexec\"\n" \
" If so, remount it executable: mount -o remount,exec /dev\n\n"
ptr = mmap(NULL, PAGE_SIZE, PROT_EXEC, MAP_SHARED, fd, 0);
if (ptr == (void *)-1) {
- fprintf(stderr, ERR_MSG, device_path);
+ fprintf(stderr, ERR_MSG);
goto err;
}
munmap(ptr, PAGE_SIZE);
--
2.30.2
Powered by blists - more mailing lists