Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()

From: Sean Christopherson
Date: Thu Sep 24 2020 - 15:29:18 EST

Next message: Roman Gushchin: "[PATCH v2 3/4] mm: introduce page memcg flags"
Previous message: Roman Gushchin: "[PATCH v2 2/4] mm: memcontrol/slab: use helpers to access slab page's memcg_data"
In reply to: Haitao Huang: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Next in thread: Dave Hansen: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 24, 2020 at 02:11:37PM -0500, Haitao Huang wrote:
> On Wed, 23 Sep 2020 08:50:56 -0500, Jarkko Sakkinen
> <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote:
> >I'll categorically deny noexec in the next patch set version.
> >
> >/Jarkko
>
> There are use cases supported currently in which enclave binary is received
> via IPC/RPC and held in buffers before EADD. Denying noexec altogether would
> break those, right?

No. noexec only applies to file-backed VMAs, what you're describing is loading
an enclave from an anon VMA, which will still have VM_MAYEXEC.

I believe you're thinking of SELinux's EXECMEM, which is required to execute
from anonymous memory, and which we talked about (more than once) applying to
SGX enclaves.

That being said, I still dislike the idea of requiring VM_MAYEXEC, it's a hack
that doesn't really buy us much, if anything.

Next message: Roman Gushchin: "[PATCH v2 3/4] mm: introduce page memcg flags"
Previous message: Roman Gushchin: "[PATCH v2 2/4] mm: memcontrol/slab: use helpers to access slab page's memcg_data"
In reply to: Haitao Huang: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Next in thread: Dave Hansen: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]