Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp3243456pxp;
        Tue, 8 Mar 2022 10:14:48 -0800 (PST)
X-Google-Smtp-Source: ABdhPJx58TRq+DlktA01ayygYM/4Wj/zlla4XLbLnSg7PqI3bnCSVvOGs+sqtI151Q8YF0nkuUCF
X-Received: by 2002:a17:907:728b:b0:6da:97db:b66d with SMTP id dt11-20020a170907728b00b006da97dbb66dmr14249974ejc.636.1646763287997;
        Tue, 08 Mar 2022 10:14:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1646763287; cv=none;
        d=google.com; s=arc-20160816;
        b=UnbDRBtD0Ni3Cb3wisBvjXiLDxJZUFjEMuM0Q2svONRE6EZr6hiKHJEK/DV45T1Tek
         FzpZvg9zUbcn537HoNwm4WQV8rWQWiTxJ6hDfde22tcmoLZbTxIOdLplK0NNci7rtSQD
         D9S4E8mgdxg9Hyg+t9WdYshNErYIy1hvep6lyU6vN8J1YxcEZvly6Acoy+N4Y8k8yGVi
         ulsQ/lQRHdyv50Luvwalnliw4SvmCziHiKVKSB3pTXBOZJPLy8X8xCcnqO6BGz0rbIR3
         PSMPvL4KHPuj3APHAaFduF+TVKoyJ3IzAEyJVHyCi+ZG1vxfWW9oEh4fdONqpUZKzVlq
         fMAQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=6s59wv6P4TA9hR5GGGjBulb8tHvRQjEO1M2i+4OKGFw=;
        b=ap5AFBv89L01oeR0z0EaF7zTIbeMeCbHVbWmwVTbbEF34YeNSpU8x33RMmerxUb9QK
         2NSPI7bfSLv7R7x9MKlpiRfurPZvjKstQNcGQ4uPYcz0Qg48bnQgZIcYS5wgy82V1wTH
         OjmnA8ucB7ZcPdvobLeF3usTx7fnTcakRhA13jnZiDChYp/qrArcsf+9YhFNC6k4Wdd4
         dBvcy/SVGuILkB9zVqPduIpakiUWydRDSQSCZ/sCy5kvpzWVToOfjIHLCcMrhZWZ0gJT
         4Lr42tyTKSCo7IVdesGlDKAkYQrj4XxJ+2ytUbreBaS32CwK+jJB6VBATm3RH+DmaT1M
         SJAQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TQZVPcmN;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id e8-20020a056402190800b0041657e8f60esi3691958edz.289.2022.03.08.10.14.24;
        Tue, 08 Mar 2022 10:14:47 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TQZVPcmN;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S243820AbiCGPgq (ORCPT <rfc822;anthony.2lannoy@gmail.com>
        + 99 others); Mon, 7 Mar 2022 10:36:46 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56534 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235983AbiCGPgo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 7 Mar 2022 10:36:44 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 897BD5C373;
        Mon,  7 Mar 2022 07:35:50 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 36FD5B815E5;
        Mon,  7 Mar 2022 15:35:49 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 50F40C340E9;
        Mon,  7 Mar 2022 15:35:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1646667347;
        bh=JbY5diFr5DxLb353nQpEtMPOmLgwWU265WRVU2Sa3gs=;
        h=From:To:Cc:Subject:Date:From;
        b=TQZVPcmNWFx3KoCVbAtcqbmRxBlREjxRlqgYPDRU+Erw7qGlNkJDbSAgTBy2wzkFq
         BI/wXu31ar6PvEUzPO442Zbn1oeAelVVtdsnd10dI2AVp8OuqsK+PnRx/FQ216yVDZ
         LFFnvbvYe4kXQXZbAznh/2RF1rIiA/X4mWHqPJzmHbgiJhQ7K6mp3uVEN3CrMrs+Qc
         DQJcr7NnRQkK4SD+wblqWNAA8Gphl4orMBRcvlPyUiGc/lsAs9t5IFCBOAevBGiEW2
         G+oz7dajXVHK9hGSQMdWtgmkUk3ZHtnWIsLpYJp0WpuvECsvUD9DhjTSLDe58mFbVr
         ok5uLUOmV6gAA==
From:   Jarkko Sakkinen <jarkko@kernel.org>
To:     linux-sgx@vger.kernel.org
Cc:     Dave Hansen <dave.hansen@linux.intel.com>,
        Nathaniel McCallum <nathaniel@profian.com>,
        Reinette Chatre <reinette.chatre@intel.com>,
        Jarkko Sakkinen <jarkko@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>, linux-kernel@vger.kernel.org
Subject: [PATCH] x86/sgx: Enable PROT_EXEC for EAUG'd pages
Date:   Mon,  7 Mar 2022 17:35:04 +0200
Message-Id: <20220307153504.198112-1-jarkko@kernel.org>
X-Mailer: git-send-email 2.35.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

vm_max_permissions was created to control the pre-initialization content
that contributes to MRSIGNATURE. It was never meant to be as a limit to
dynamically added pages.

E.g. static content could be used as a hook for LSM's to decide whether
certain signature is qualified for EINIT. Dynamic content has nothing to
do with that. The current mechanisms only add to the complexity on how
to control PTE and EPCM permissions, and do not add anything else than
obfuscity to security side of things.

Thus add PROT_EXEC to the permissions assigned by the #PF handler.

Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
 arch/x86/kernel/cpu/sgx/encl.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c
index 79e39bd99c09..0256918b2c2f 100644
--- a/arch/x86/kernel/cpu/sgx/encl.c
+++ b/arch/x86/kernel/cpu/sgx/encl.c
@@ -160,12 +160,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma,
 	encl_page->encl = encl;
 
 	/*
-	 * Adding a regular page that is architecturally allowed to only
-	 * be created with RW permissions.
-	 * TBD: Interface with user space policy to support max permissions
-	 * of RWX.
+	 * Dynamic pages do not contribute to MRSIGNATURE, i.e. they are
+	 * controlled only by PTE and EPCM permissions. Thus, the no limit
+	 * is set here.
 	 */
-	prot = PROT_READ | PROT_WRITE;
+	prot = PROT_READ | PROT_WRITE | PROT_EXEC;
 	encl_page->vm_run_prot_bits = calc_vm_prot_bits(prot, 0);
 	encl_page->vm_max_prot_bits = encl_page->vm_run_prot_bits;
 
-- 
2.35.1