From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,T_DKIMWL_WL_HIGH,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D89B9C28CC6 for ; Tue, 4 Jun 2019 20:32:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id A919C2070B for ; Tue, 4 Jun 2019 20:32:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1559680347; bh=S4TVF7E2iuUumroeAZ+UX1mM+MIND0JGN/wS2NYA7x4=; h=References:In-Reply-To:From:Date:Subject:To:Cc:List-ID:From; b=S0qdhvWn0GNszqM/VtwA4M9Gapr+3xhdT7yKEIPPk/BeKdJRfsNagyyfCYNigjcgN PulgPIT+BrTWJORvZWns3MlcMqZqVFHPa58TeCeEbPo3V+rn0ozyisx7ZVr6x8y0ZH icBW5ZTXCk2H+mEouyi37R1oZUtLCT/IctjE6qAA= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726819AbfFDUc1 (ORCPT ); Tue, 4 Jun 2019 16:32:27 -0400 Received: from mail.kernel.org ([198.145.29.99]:60382 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726295AbfFDUcY (ORCPT ); Tue, 4 Jun 2019 16:32:24 -0400 Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C0D7A21479 for ; Tue, 4 Jun 2019 20:26:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1559679979; bh=S4TVF7E2iuUumroeAZ+UX1mM+MIND0JGN/wS2NYA7x4=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=TZBQqTNxxTzP1mGVaees7RCepfLJrDp5RqAlHnL/Ymc/ao63W7bUZ2+GUYPGLR70H NfXQhyKCul5pGMw0cZZoSHpg0S1JbeoCbhmSuGPei3w66RYX2/ENL8maMPOo/zBUsi cFK3D30x08WNFrS12M+rfNw1TJIvGfAx/SxwGo54= Received: by mail-wr1-f49.google.com with SMTP id m3so1365783wrv.2 for ; Tue, 04 Jun 2019 13:26:18 -0700 (PDT) X-Gm-Message-State: APjAAAWh18dFWuf4kIzVgjvKJ4Lwek+ofbwp7sKlau3KnF7oml+6R/z6 LBHwAn4T6Jb7aXfU3l4OnAKVdy2FCfJ9xOPGF9rUcQ== X-Google-Smtp-Source: APXvYqwa0ftoy0sMT67Ri2vN0Uz4JEOrVwQyRXQKgM3vFKhn6zeRoO/sOuA5vu06dNe8x+pyx4YNLtPF6kNlT7kOoDU= X-Received: by 2002:a5d:610e:: with SMTP id v14mr22433987wrt.343.1559679977366; Tue, 04 Jun 2019 13:26:17 -0700 (PDT) MIME-Version: 1.0 References: <20190531233159.30992-1-sean.j.christopherson@intel.com> <20190531233159.30992-8-sean.j.christopherson@intel.com> <960B34DE67B9E140824F1DCDEC400C0F654ECC53@ORSMSX116.amr.corp.intel.com> In-Reply-To: <960B34DE67B9E140824F1DCDEC400C0F654ECC53@ORSMSX116.amr.corp.intel.com> From: Andy Lutomirski Date: Tue, 4 Jun 2019 13:26:06 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves To: "Xing, Cedric" Cc: "Christopherson, Sean J" , Jarkko Sakkinen , Andy Lutomirski , Stephen Smalley , James Morris , "Serge E . Hallyn" , LSM List , Paul Moore , Eric Paris , "selinux@vger.kernel.org" , Jethro Beekman , "Hansen, Dave" , Thomas Gleixner , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes , "Roberts, William C" , "Tricca, Philip B" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jun 2, 2019 at 11:29 PM Xing, Cedric wrote: > > > From: Christopherson, Sean J > > Sent: Friday, May 31, 2019 4:32 PM > > > > Do not allow an enclave page to be mapped with PROT_EXEC if the source page is backed by a > > file on a noexec file system. > > > > Signed-off-by: Sean Christopherson > > --- > > arch/x86/kernel/cpu/sgx/driver/ioctl.c | 26 ++++++++++++++++++++++++-- > > 1 file changed, 24 insertions(+), 2 deletions(-) > > > > diff --git a/arch/x86/kernel/cpu/sgx/driver/ioctl.c > > b/arch/x86/kernel/cpu/sgx/driver/ioctl.c > > index c30acd3fbbdd..5f71be7cbb01 100644 > > --- a/arch/x86/kernel/cpu/sgx/driver/ioctl.c > > +++ b/arch/x86/kernel/cpu/sgx/driver/ioctl.c > > @@ -576,6 +576,27 @@ static int __sgx_encl_add_page(struct sgx_encl *encl, unsigned long > > addr, > > return ret; > > } > > > > +static int sgx_encl_page_protect(unsigned long src, unsigned long prot, > > + unsigned long *allowed_prot) > > +{ > > + struct vm_area_struct *vma; > > + > > + if (!(*allowed_prot & VM_EXEC)) > > + goto do_check; > > + > > + down_read(¤t->mm->mmap_sem); > > + vma = find_vma(current->mm, src); > > + if (!vma || (vma->vm_file && path_noexec(&vma->vm_file->f_path))) > > + *allowed_prot &= ~VM_EXEC; > > Testing (vma->vm_flags & VM_MAYEXEC) == 0 should be a better approach. I think I agree, although that would need a comment explaining why it works.