Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3138341pxk; Mon, 21 Sep 2020 06:17:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxe3drAknC1dDxrQ2UOYzj+bUlHubMj2Wv8QZUuag5m45AOrqHdrBPyj4vSD/KLcCMm1hTr X-Received: by 2002:aa7:d6ce:: with SMTP id x14mr53463603edr.359.1600694244641; Mon, 21 Sep 2020 06:17:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600694244; cv=none; d=google.com; s=arc-20160816; b=ZJcd5swqR0wWs6/Z+eUV2iXKCgX8IfmL39gNrxTid67U62EE3hHMrxA7omt1SfFz30 rAtMh8dtqnBa62bGw+qHimIywA8vXdtPJJRk5u1sMhNVg7vpRT/0Yb00mLCSvZQk+3Fq Yclot66mfJtJ7C0aOnWom5oHslPWmDm8dbinlU7m1ysy1jg546IfNw+DB7pKtPG1bzCJ Ewjzn+rXn2XYbpLZqNkqBll1jChvv/50Zr+KuZ5BSpEEXUXcISIYTkDkcrgyRAl5TT1M +p8QxW6nQjRyb0FBC0+xACTsB/DfgFQbJKAbEFP10i9YUR1PBmrwwxElDPxQj/yh2xMW TDLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:organization:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :ironport-sdr:ironport-sdr; bh=U6fr3UqB1iwtTCu6A1F4G8KEGwy8BHSDH2NC9s2eqTU=; b=tEBbiSyB88q4FeimpcjNT3FGQNi3sl7g8C/oP0WfoqCadxzbardJTor/eXv8a2C/mI LcwzRXGZkeh7E5TZm7XZML71FVaKuAhZa6h2jHEAuleh23YT0XYNqTh9iEj9PA2gjaCr CMzTsm+bKBDwwDcaGJvUTGbyPdDZIM3/tYu0hUon+HMnDMbNgiOZa7rZhpd3FPGKSikH fbU2cdi9A8W2315ixE4/alMERMYcnOBM/5Gq5VuDLG5YPDAWpswWH5WQNrJ5OEoT5jho KQSzJn3vV3pwJveMTOLc/1hHKvuUtJ+HzJwQGKcs4RjA6R+FpcISLru5kdyXMJ11pT// VQHA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 23si8460194edv.417.2020.09.21.06.17.01; Mon, 21 Sep 2020 06:17:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727338AbgIUNOy (ORCPT + 99 others); Mon, 21 Sep 2020 09:14:54 -0400 Received: from mga18.intel.com ([134.134.136.126]:47378 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727089AbgIUNOy (ORCPT ); Mon, 21 Sep 2020 09:14:54 -0400 IronPort-SDR: 7cMvF3iCWzT9akZcCaF6X3TZJtMFPF3H91sg997TOjxH2WomdEepnG2noYD4wCQ8mHHZNjqhqG 4QrluXMBSTdw== X-IronPort-AV: E=McAfee;i="6000,8403,9750"; a="148123616" X-IronPort-AV: E=Sophos;i="5.77,286,1596524400"; d="scan'208";a="148123616" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Sep 2020 06:14:52 -0700 IronPort-SDR: yTB72ZLr9G/DRITzyy0cQGQbSwlMIDLmP4xpwO0go8Ttu2h+/xM+IfQqM7WM9vRiftbgDbLO1z M/dbLPHldI/A== X-IronPort-AV: E=Sophos;i="5.77,286,1596524400"; d="scan'208";a="485452734" Received: from clairemo-mobl.ger.corp.intel.com (HELO localhost) ([10.252.43.50]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Sep 2020 06:14:45 -0700 Date: Mon, 21 Sep 2020 16:14:43 +0300 From: Jarkko Sakkinen To: Sean Christopherson Cc: Andy Lutomirski , X86 ML , linux-sgx@vger.kernel.org, LKML , Linux-MM , Andrew Morton , Matthew Wilcox , Jethro Beekman , Darren Kenny , Andy Shevchenko , asapek@google.com, Borislav Petkov , "Xing, Cedric" , chenalexchen@google.com, Conrad Parker , cyhanish@google.com, Dave Hansen , "Huang, Haitao" , Josh Triplett , "Huang, Kai" , "Svahn, Kai" , Keith Moyer , Christian Ludloff , Neil Horman , Nathaniel McCallum , Patrick Uiterwijk , David Rientjes , Thomas Gleixner , yaozhangx@google.com Subject: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect() Message-ID: <20200921131443.GH6038@linux.intel.com> References: <20200915112842.897265-1-jarkko.sakkinen@linux.intel.com> <20200915112842.897265-11-jarkko.sakkinen@linux.intel.com> <20200918235337.GA21189@sjchrist-ice> <20200921124946.GF6038@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200921124946.GF6038@linux.intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 21, 2020 at 03:49:56PM +0300, Jarkko Sakkinen wrote: > The 2nd part of the answer is the answer to the question: why we want to > feed LSM hooks enclaves exactly in this state. The question can be further refined as why: why this is the best possible set of substates to filter in? "no holes" part is obvious as the consequence of not surpassing permissions of any of the pages in range, as you could otherwise break the state with ioctl(SGX_ENCLAVE_ADD_PAGES) with permssions that are below the mmap permissions. /Jarkko