| Message ID | 20190619222401.14942-4-sean.j.christopherson@intel.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | security: x86/sgx: SGX vs. LSM | expand |
On Wed, Jun 19, 2019 at 03:23:52PM -0700, Sean Christopherson wrote: > The SGX enclave loader doesn't need an executable stack, but linkers > will assume it does due to the lack of .note.GNU-stack sections in the > loader's assembly code. As a result, the kernel tags the loader as > having "read implies exec", and so adds PROT_EXEC to all mmap()s, even > those for mapping EPC regions. This will cause problems in the future > when userspace needs to explicit state a page's protection bits when the > page is added to an enclave, e.g. adding TCS pages as R+W will cause > mmap() to fail when the kernel tacks on +X. > > Explicitly tell the linker that an executable stack is not needed. > Alternatively, each .S file could add .note.GNU-stack, but the loader > should never need an executable stack so zap it in one fell swoop. > > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> OK, this one is squashed now. Thanks. /Jarkko
diff --git a/tools/testing/selftests/x86/sgx/Makefile b/tools/testing/selftests/x86/sgx/Makefile index 1fd6f2708e81..10136b73096b 100644 --- a/tools/testing/selftests/x86/sgx/Makefile +++ b/tools/testing/selftests/x86/sgx/Makefile @@ -2,7 +2,7 @@ top_srcdir = ../../../../.. include ../../lib.mk -HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC +HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \ -fno-stack-protector -mrdrnd $(INCLUDES)
The SGX enclave loader doesn't need an executable stack, but linkers will assume it does due to the lack of .note.GNU-stack sections in the loader's assembly code. As a result, the kernel tags the loader as having "read implies exec", and so adds PROT_EXEC to all mmap()s, even those for mapping EPC regions. This will cause problems in the future when userspace needs to explicit state a page's protection bits when the page is added to an enclave, e.g. adding TCS pages as R+W will cause mmap() to fail when the kernel tacks on +X. Explicitly tell the linker that an executable stack is not needed. Alternatively, each .S file could add .note.GNU-stack, but the loader should never need an executable stack so zap it in one fell swoop. Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> --- tools/testing/selftests/x86/sgx/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)