Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX

From: Dave Hansen
Date: Mon Jun 03 2019 - 14:49:00 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH] ARM: mm: remove unused variables"
Previous message: Vineet Gupta: "Re: single copy atomicity for double load/stores on 32-bit systems"
In reply to: Stephen Smalley: "Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX"
Next in thread: Andy Lutomirski: "Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

...
>>> What ensures that the mapping referenced by src can't be changed
>>> to an entirely different one (with a different vm_file) between
>>> the time of check (here) and the time of use?
>>
>> Nothing. Holding mmap_sem across copy_from_user() would suffice,
>> correct?
>
> I don't believe you can do that; copy_from_user() could stall
> indefinitely. Not sure how to do what you want here or if it requires
> changing the interface.

Holding mmap_sem for *read* is OK since you can handle page faults
underneath it. Holding it for write is not.

But, holding it for read also locks out the writers which might be
messing with vm_file or other parts of the VMA.

Holding it for read for a long time is OK. It's obviously not ideal,
but it is something we do widely today.

Next message: Krzysztof Kozlowski: "Re: [PATCH] ARM: mm: remove unused variables"
Previous message: Vineet Gupta: "Re: single copy atomicity for double load/stores on 32-bit systems"
In reply to: Stephen Smalley: "Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX"
Next in thread: Andy Lutomirski: "Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]