diff mbox series

[3/4] x86/sgx: Move mmap() to the anonymous enclave file

Message ID 20200331114432.7593-4-jarkko.sakkinen@linux.intel.com (mailing list archive)
State New, archived
Headers show
Series Migrate enclave mapping to an anonymous inode | expand

Commit Message

Jarkko Sakkinen March 31, 2020, 11:44 a.m. UTC
Move mmap() to the internal anonymous enclave file as the latest Linux
distributions tend to map /dev as noexec.

Consequences:

1. Building an enclave requires no special privileges as the device file
   has no operations to map the enclave to the address space.
2. Running an enclave requires execu-from-mem privilege as one needs to
   be able to map pages with execution rights.

My conclusion is that exec-from-mem is the correct level of privileges
for an enclave because it best represents the actual enclave behaviour.

After this change the mmap()'s will fail expectedly with -ENODEV.

Cc: luto@kernel.org
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: Haitao Huang <haitao.huang@linux.intel.com>
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 arch/x86/kernel/cpu/sgx/driver.c | 45 ++++++++++++++++----------------
 1 file changed, 22 insertions(+), 23 deletions(-)
diff mbox series

Patch

diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/driver.c
index 1c825ef957db..b871dbd1490f 100644
--- a/arch/x86/kernel/cpu/sgx/driver.c
+++ b/arch/x86/kernel/cpu/sgx/driver.c
@@ -57,9 +57,31 @@  static int sgx_encl_file_release(struct inode *inode, struct file *file)
 	return 0;
 }
 
+static int sgx_encl_file_mmap(struct file *file, struct vm_area_struct *vma)
+{
+	struct sgx_encl *encl = file->private_data;
+	int ret;
+
+	ret = sgx_encl_may_map(encl, vma->vm_start, vma->vm_end,
+			       vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC));
+	if (ret)
+		return ret;
+
+	ret = sgx_encl_mm_add(encl, vma->vm_mm);
+	if (ret)
+		return ret;
+
+	vma->vm_ops = &sgx_vm_ops;
+	vma->vm_flags |= VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP | VM_IO;
+	vma->vm_private_data = encl;
+
+	return 0;
+}
+
 static const struct file_operations sgx_encl_file_fops = {
 	.owner			= THIS_MODULE,
 	.release		= sgx_encl_file_release,
+	.mmap			= sgx_encl_file_mmap,
 };
 
 static int sgx_open(struct inode *inode, struct file *file)
@@ -127,28 +149,6 @@  static long sgx_compat_ioctl(struct file *filep, unsigned int cmd,
 }
 #endif
 
-static int sgx_mmap(struct file *file, struct vm_area_struct *vma)
-{
-	struct file *encl_file = file->private_data;
-	struct sgx_encl *encl = encl_file->private_data;
-	int ret;
-
-	ret = sgx_encl_may_map(encl, vma->vm_start, vma->vm_end,
-			       vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC));
-	if (ret)
-		return ret;
-
-	ret = sgx_encl_mm_add(encl, vma->vm_mm);
-	if (ret)
-		return ret;
-
-	vma->vm_ops = &sgx_vm_ops;
-	vma->vm_flags |= VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP | VM_IO;
-	vma->vm_private_data = encl;
-
-	return 0;
-}
-
 static unsigned long sgx_get_unmapped_area(struct file *file,
 					   unsigned long addr,
 					   unsigned long len,
@@ -172,7 +172,6 @@  static const struct file_operations sgx_encl_dev_fops = {
 #ifdef CONFIG_COMPAT
 	.compat_ioctl		= sgx_compat_ioctl,
 #endif
-	.mmap			= sgx_mmap,
 	.get_unmapped_area	= sgx_get_unmapped_area,
 };