[v36,10/24] mm: Add vm_ops->mprotect()

Message ID	20200716135303.276442-11-jarkko.sakkinen@linux.intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=YHr7=A3=vger.kernel.org=linux-sgx-owner@kernel.org> IronPort-SDR: aIUu1wy8ZCtLFcPtNv7B0ojtJxap6OcF+fNivX3D51V+0Ae2kaSLGSrFbKP9XFxqu9SWpc10JY C6PwqwSv9dgA== IronPort-SDR: B4HalyJrsEM8N/ae32r6qbEtX7zWufdSx74IGi0JnQJHSpsFR6gjSFx7/O/WNot/3dOPe6M1uO 4ShV7/gXMiKg== From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> To: x86@kernel.org, linux-sgx@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Sean Christopherson <sean.j.christopherson@intel.com>, linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>, Matthew Wilcox <willy@infradead.org>, Jethro Beekman <jethro@fortanix.com>, Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>, andriy.shevchenko@linux.intel.com, asapek@google.com, bp@alien8.de, cedric.xing@intel.com, chenalexchen@google.com, conradparker@google.com, cyhanish@google.com, dave.hansen@intel.com, haitao.huang@intel.com, josh@joshtriplett.org, kai.huang@intel.com, kai.svahn@intel.com, kmoy@google.com, ludloff@google.com, luto@kernel.org, nhorman@redhat.com, npmccallum@redhat.com, puiterwijk@redhat.com, rientjes@google.com, tglx@linutronix.de, yaozhangx@google.com Subject: [PATCH v36 10/24] mm: Add vm_ops->mprotect() Date: Thu, 16 Jul 2020 16:52:49 +0300 Message-Id: <20200716135303.276442-11-jarkko.sakkinen@linux.intel.com> In-Reply-To: <20200716135303.276442-1-jarkko.sakkinen@linux.intel.com> References: <20200716135303.276442-1-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk
Series	Intel SGX foundations \| expand [v36,00/24] Intel SGX foundations [v36,01/24] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits [v36,02/24] x86/cpufeatures: x86/msr: Add Intel SGX Launch Control hardware bits [v36,03/24] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX [v36,04/24] x86/sgx: Add SGX microarchitectural data structures [v36,05/24] x86/sgx: Add wrappers for ENCLS leaf functions [v36,06/24] x86/cpu/intel: Detect SGX support [v36,07/24] x86/cpu/intel: Add nosgx kernel parameter [v36,08/24] x86/sgx: Initialize metadata for Enclave Page Cache (EPC) sections [v36,09/24] x86/sgx: Add __sgx_alloc_epc_page() and sgx_free_epc_page() [v36,10/24] mm: Add vm_ops->mprotect() [v36,11/24] x86/sgx: Add SGX enclave driver [v36,12/24] x86/sgx: Add SGX_IOC_ENCLAVE_CREATE [v36,13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES [v36,14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT [v36,15/24] x86/sgx: Allow a limited use of ATTRIBUTE.PROVISIONKEY for attestation [v36,16/24] x86/sgx: Add a page reclaimer [v36,17/24] x86/sgx: ptrace() support for the SGX driver [v36,18/24] x86/vdso: Add support for exception fixup in vDSO functions [v36,19/24] x86/fault: Add helper function to sanitize error code [v36,20/24] x86/traps: Attempt to fixup exceptions in vDSO before signaling [v36,21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call [v36,22/24] selftests/x86: Add a selftest for SGX [v36,23/24] docs: x86/sgx: Document SGX micro architecture and kernel internals [v36,24/24] x86/sgx: Update MAINTAINERS

Message ID

20200716135303.276442-11-jarkko.sakkinen@linux.intel.com (mailing list archive)

State

New, archived

Headers

IronPort-SDR: 
 aIUu1wy8ZCtLFcPtNv7B0ojtJxap6OcF+fNivX3D51V+0Ae2kaSLGSrFbKP9XFxqu9SWpc10JY
 C6PwqwSv9dgA==
IronPort-SDR: 
 B4HalyJrsEM8N/ae32r6qbEtX7zWufdSx74IGi0JnQJHSpsFR6gjSFx7/O/WNot/3dOPe6M1uO
 4ShV7/gXMiKg==
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: x86@kernel.org, linux-sgx@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>,
        Matthew Wilcox <willy@infradead.org>,
        Jethro Beekman <jethro@fortanix.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        andriy.shevchenko@linux.intel.com, asapek@google.com, bp@alien8.de,
        cedric.xing@intel.com, chenalexchen@google.com,
        conradparker@google.com, cyhanish@google.com,
        dave.hansen@intel.com, haitao.huang@intel.com,
        josh@joshtriplett.org, kai.huang@intel.com, kai.svahn@intel.com,
        kmoy@google.com, ludloff@google.com, luto@kernel.org,
        nhorman@redhat.com, npmccallum@redhat.com, puiterwijk@redhat.com,
        rientjes@google.com, tglx@linutronix.de, yaozhangx@google.com
Subject: [PATCH v36 10/24] mm: Add vm_ops->mprotect()
Date: Thu, 16 Jul 2020 16:52:49 +0300
Message-Id: <20200716135303.276442-11-jarkko.sakkinen@linux.intel.com>
In-Reply-To: <20200716135303.276442-1-jarkko.sakkinen@linux.intel.com>
References: <20200716135303.276442-1-jarkko.sakkinen@linux.intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-sgx-owner@vger.kernel.org
Precedence: bulk

Series

Intel SGX foundations | expand

Commit Message

Jarkko Sakkinen July 16, 2020, 1:52 p.m. UTC

From: Sean Christopherson <sean.j.christopherson@intel.com>

Add vm_ops()->mprotect() for additional constraints for a VMA.

Intel Software Guard eXtensions (SGX) will use this callback to add two
constraints:

1. Verify that the address range does not have holes: each page address
   must be filled with an enclave page.
2. Verify that VMA permissions won't surpass the permissions of any enclave
   page within the address range. Enclave cryptographically sealed
   permissions for each page address that set the upper limit for possible
   VMA permissions. Not respecting this can cause #GP's to be emitted.

Cc: linux-mm@kvack.org
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Matthew Wilcox <willy@infradead.org>
Acked-by: Jethro Beekman <jethro@fortanix.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Co-developed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 include/linux/mm.h | 3 +++
 mm/mprotect.c      | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

Comments

Darren Kenny Aug. 6, 2020, 1:35 p.m. UTC | #1

On Thursday, 2020-07-16 at 16:52:49 +03, Jarkko Sakkinen wrote:
> From: Sean Christopherson <sean.j.christopherson@intel.com>
>
> Add vm_ops()->mprotect() for additional constraints for a VMA.
>
> Intel Software Guard eXtensions (SGX) will use this callback to add two
> constraints:
>
> 1. Verify that the address range does not have holes: each page address
>    must be filled with an enclave page.
> 2. Verify that VMA permissions won't surpass the permissions of any enclave
>    page within the address range. Enclave cryptographically sealed
>    permissions for each page address that set the upper limit for possible
>    VMA permissions. Not respecting this can cause #GP's to be emitted.
>
> Cc: linux-mm@kvack.org
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Matthew Wilcox <willy@infradead.org>
> Acked-by: Jethro Beekman <jethro@fortanix.com>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> Co-developed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

Reviewed-by: Darren Kenny <darren.kenny@oracle.com>

> ---
>  include/linux/mm.h | 3 +++
>  mm/mprotect.c      | 5 ++++-
>  2 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/mm.h b/include/linux/mm.h
> index dc7b87310c10..458e8cb99aaf 100644
> --- a/include/linux/mm.h
> +++ b/include/linux/mm.h
> @@ -542,6 +542,9 @@ struct vm_operations_struct {
>  	void (*close)(struct vm_area_struct * area);
>  	int (*split)(struct vm_area_struct * area, unsigned long addr);
>  	int (*mremap)(struct vm_area_struct * area);
> +	int (*mprotect)(struct vm_area_struct *vma,
> +			struct vm_area_struct **pprev, unsigned long start,
> +			unsigned long end, unsigned long newflags);
>  	vm_fault_t (*fault)(struct vm_fault *vmf);
>  	vm_fault_t (*huge_fault)(struct vm_fault *vmf,
>  			enum page_entry_size pe_size);
> diff --git a/mm/mprotect.c b/mm/mprotect.c
> index ce8b8a5eacbb..f170f3da8a4f 100644
> --- a/mm/mprotect.c
> +++ b/mm/mprotect.c
> @@ -610,7 +610,10 @@ static int do_mprotect_pkey(unsigned long start, size_t len,
>  		tmp = vma->vm_end;
>  		if (tmp > end)
>  			tmp = end;
> -		error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
> +		if (vma->vm_ops && vma->vm_ops->mprotect)
> +			error = vma->vm_ops->mprotect(vma, &prev, nstart, tmp, newflags);
> +		else
> +			error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
>  		if (error)
>  			goto out;
>  		nstart = tmp;
> -- 
> 2.25.1

diff --git a/include/linux/mm.h b/include/linux/mm.h
index dc7b87310c10..458e8cb99aaf 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -542,6 +542,9 @@  struct vm_operations_struct {
 	void (*close)(struct vm_area_struct * area);
 	int (*split)(struct vm_area_struct * area, unsigned long addr);
 	int (*mremap)(struct vm_area_struct * area);
+	int (*mprotect)(struct vm_area_struct *vma,
+			struct vm_area_struct **pprev, unsigned long start,
+			unsigned long end, unsigned long newflags);
 	vm_fault_t (*fault)(struct vm_fault *vmf);
 	vm_fault_t (*huge_fault)(struct vm_fault *vmf,
 			enum page_entry_size pe_size);
diff --git a/mm/mprotect.c b/mm/mprotect.c
index ce8b8a5eacbb..f170f3da8a4f 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -610,7 +610,10 @@  static int do_mprotect_pkey(unsigned long start, size_t len,
 		tmp = vma->vm_end;
 		if (tmp > end)
 			tmp = end;
-		error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
+		if (vma->vm_ops && vma->vm_ops->mprotect)
+			error = vma->vm_ops->mprotect(vma, &prev, nstart, tmp, newflags);
+		else
+			error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
 		if (error)
 			goto out;
 		nstart = tmp;

[v36,10/24] mm: Add vm_ops->mprotect()

Commit Message

Comments

Patch