Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2172257yba; Fri, 19 Apr 2019 13:42:01 -0700 (PDT) X-Google-Smtp-Source: APXvYqwO41f3FteLR49K/PUzKSLV/MiueD3ZkZI1g9lzoio23weaMlV1f2QmEifP44S9xQ3NTSjI X-Received: by 2002:a63:5061:: with SMTP id q33mr5572989pgl.218.1555706521366; Fri, 19 Apr 2019 13:42:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555706521; cv=none; d=google.com; s=arc-20160816; b=uq9g8f+6bEuqjApYFyLS/H767CYTIxOdDmyu8x2O1AnHKY8kSgvNAZpc8KrnlMiIbJ X5Nhr7Xb6uhUNiQr68li7PGJO07xuDa5l/DiEC6EkM4ZZknpB4WEruGb3aY+pn7r/V9B 96BiRiehznlO/nhS+FR8cIdFjDF9nJa2DmCIIMXbqA8HkXOFuGARf4jl7YhHFgLirxMi nLKHudr8Cjs0mYEaF6iJsh9HEONHuJrMLg+akfm/HdGjijALWdMTjuk5CO+uRyy8YZm/ La7IhgiRNrzrOeBZpHwr6Cc3dzJspFdgfrqBxOZTfpYFdjAciQmwNEck/T7dqXy0rg68 jGfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=IBvyrIGDhJ/l1sJZaTiewJL1CVloMauTIEUikKYhFEs=; b=D69C2QpuMcUyLDHtr1/jCNc6zOyXqw3xgYA6/EYYyFjqYworlFuvF38ORchtk9+0nk 9ZcACEfefyr7oV35KsZC4U8BcUhVtC47j5GJHRAdobPPxBtUkUM0Nb9XJKAVGf/6OEJ/ gfaNgJvjwx2pVuOKjgLiJT0qcMHD+r+99GEWNtkA6IJAs70PsvTt4jlVgTNjToW4kqba h88yKjK/4kgvAudDpviUmir1bkPZ5wSX899kMtevKggBlTYBLjuiXQmirOP2uYLEVpRa iMO/oegpINVPhVWKMqJ1YR4Sz3LiW0hZGo0+aJpUE95dWlA4jLrdkEtUUKyE7AJa+Q+o 6AFw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 17si5863205pgk.72.2019.04.19.13.41.46; Fri, 19 Apr 2019 13:42:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727318AbfDSUkL (ORCPT + 99 others); Fri, 19 Apr 2019 16:40:11 -0400 Received: from Galois.linutronix.de ([146.0.238.70]:42312 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725897AbfDSUkL (ORCPT ); Fri, 19 Apr 2019 16:40:11 -0400 Received: from pd9ef12d2.dip0.t-ipconnect.de ([217.239.18.210] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1hHaIl-00069K-8y; Fri, 19 Apr 2019 22:40:03 +0200 Date: Fri, 19 Apr 2019 22:39:57 +0200 (CEST) From: Thomas Gleixner To: Jethro Beekman cc: Andy Lutomirski , "Dr. Greg" , Dave Hansen , Jarkko Sakkinen , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "Christopherson, Sean J" , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes Subject: Re: [PATCH v20 00/28] Intel SGX1 support In-Reply-To: <43aa8fdd-e777-74cb-e3f0-d36805ffa18b@fortanix.com> Message-ID: References: <20190417103938.7762-1-jarkko.sakkinen@linux.intel.com> <20190418171059.GA20819@wind.enjellic.com> <09ebfa1d-c03d-c1fe-ff0f-d99287b6ec3c@intel.com> <20190419141732.GA2269@wind.enjellic.com> <43aa8fdd-e777-74cb-e3f0-d36805ffa18b@fortanix.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 19 Apr 2019, Jethro Beekman wrote: > On 2019-04-19 08:27, Andy Lutomirski wrote: > > There are many, > > many Linux systems that enforce a policy that *all* executable text > > needs to come from a verified source. On these systems, you can't > > mmap some writable memory, write to it, and then change it to > > executable. > > How is this implemented on those systems? AFAIK there's no kernel config > option that changes the semantics of mmap as you describe. That has nothing to do with mmap() semantics. You mmap() writeable memory and then you change the permissions via mprotect(). mprotect() calls into LSM and depending on policy and security model this will reject the request. Andy was pointing out that the SGX ioctl bypasses the LSM mechanics which is obviously a bad thing. Thanks, tglx