| Message ID | f69e3d4f96504185054d951c7c85075ebf63e47a.1536356108.git.alison.schofield@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Multi-Key Total Memory Encryption API (MKTME) | expand |
On Fri, 2018-09-07 at 15:37 -0700, Alison Schofield wrote: > Memory encryption is only supported for mappings that are ANONYMOUS. > Test the entire range of VMA's in an encrypt_mprotect() request to > make sure they all meet that requirement before encrypting any. > > The encrypt_mprotect syscall will return -EINVAL and will not encrypt > any VMA's if this check fails. > > Signed-off-by: Alison Schofield <alison.schofield@intel.com> > --- > mm/mprotect.c | 22 ++++++++++++++++++++++ > 1 file changed, 22 insertions(+) > > diff --git a/mm/mprotect.c b/mm/mprotect.c > index 6c2e1106525c..3384b755aad1 100644 > --- a/mm/mprotect.c > +++ b/mm/mprotect.c > @@ -311,6 +311,24 @@ unsigned long change_protection(struct vm_area_struct > *vma, unsigned long start, > return pages; > } > > +/* > + * Encrypted mprotect is only supported on anonymous mappings. > + * All VMA's in the requested range must be anonymous. If this > + * test fails on any single VMA, the entire mprotect request fails. > + */ kdoc > +bool mem_supports_encryption(struct vm_area_struct *vma, unsigned long end) > +{ > + struct vm_area_struct *test_vma = vma; > + > + do { > + if (!vma_is_anonymous(test_vma)) > + return false; > + > + test_vma = test_vma->vm_next; > + } while (test_vma && test_vma->vm_start < end); > + return true; > +} > + > int > mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, > unsigned long start, unsigned long end, unsigned long > newflags, > @@ -491,6 +509,10 @@ static int do_mprotect_ext(unsigned long start, size_t > len, > goto out; > } > } > + if (keyid > 0 && !mem_supports_encryption(vma, end)) { > + error = -EINVAL; > + goto out; > + } > if (start > vma->vm_start) > prev = vma; > /Jarkko
On 09/10/2018 11:21 AM, Sakkinen, Jarkko wrote: >> +/* >> + * Encrypted mprotect is only supported on anonymous mappings. >> + * All VMA's in the requested range must be anonymous. If this >> + * test fails on any single VMA, the entire mprotect request fails. >> + */ > kdoc kdoc what? You want this comment in kdoc format? Why?
On Mon, Sep 10, 2018 at 11:57:49AM -0700, Dave Hansen wrote: > On 09/10/2018 11:21 AM, Sakkinen, Jarkko wrote: > >> +/* > >> + * Encrypted mprotect is only supported on anonymous mappings. > >> + * All VMA's in the requested range must be anonymous. If this > >> + * test fails on any single VMA, the entire mprotect request fails. > >> + */ > > kdoc > > kdoc what? You want this comment in kdoc format? Why? If there is a header comment for a function anyway, why wouldn't you put it to kdoc-format? /Jarkko
On 09/10/2018 02:07 PM, Jarkko Sakkinen wrote: > On Mon, Sep 10, 2018 at 11:57:49AM -0700, Dave Hansen wrote: >> On 09/10/2018 11:21 AM, Sakkinen, Jarkko wrote: >>>> +/* >>>> + * Encrypted mprotect is only supported on anonymous mappings. >>>> + * All VMA's in the requested range must be anonymous. If this >>>> + * test fails on any single VMA, the entire mprotect request fails. >>>> + */ >>> kdoc >> kdoc what? You want this comment in kdoc format? Why? > If there is a header comment for a function anyway, why wouldn't you > put it to kdoc-format? Because this is a shorter and more concise way to document the function. kdoc isn't universally the best thing to do for function comments.
diff --git a/mm/mprotect.c b/mm/mprotect.c index 6c2e1106525c..3384b755aad1 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -311,6 +311,24 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start, return pages; } +/* + * Encrypted mprotect is only supported on anonymous mappings. + * All VMA's in the requested range must be anonymous. If this + * test fails on any single VMA, the entire mprotect request fails. + */ +bool mem_supports_encryption(struct vm_area_struct *vma, unsigned long end) +{ + struct vm_area_struct *test_vma = vma; + + do { + if (!vma_is_anonymous(test_vma)) + return false; + + test_vma = test_vma->vm_next; + } while (test_vma && test_vma->vm_start < end); + return true; +} + int mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, unsigned long start, unsigned long end, unsigned long newflags, @@ -491,6 +509,10 @@ static int do_mprotect_ext(unsigned long start, size_t len, goto out; } } + if (keyid > 0 && !mem_supports_encryption(vma, end)) { + error = -EINVAL; + goto out; + } if (start > vma->vm_start) prev = vma;
Memory encryption is only supported for mappings that are ANONYMOUS. Test the entire range of VMA's in an encrypt_mprotect() request to make sure they all meet that requirement before encrypting any. The encrypt_mprotect syscall will return -EINVAL and will not encrypt any VMA's if this check fails. Signed-off-by: Alison Schofield <alison.schofield@intel.com> --- mm/mprotect.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)