@@ -57,9 +57,31 @@ static int sgx_encl_file_release(struct inode *inode, struct file *file)
return 0;
}
+static int sgx_encl_file_mmap(struct file *file, struct vm_area_struct *vma)
+{
+ struct sgx_encl *encl = file->private_data;
+ int ret;
+
+ ret = sgx_encl_may_map(encl, vma->vm_start, vma->vm_end,
+ vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC));
+ if (ret)
+ return ret;
+
+ ret = sgx_encl_mm_add(encl, vma->vm_mm);
+ if (ret)
+ return ret;
+
+ vma->vm_ops = &sgx_vm_ops;
+ vma->vm_flags |= VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP | VM_IO;
+ vma->vm_private_data = encl;
+
+ return 0;
+}
+
static const struct file_operations sgx_encl_file_fops = {
.owner = THIS_MODULE,
.release = sgx_encl_file_release,
+ .mmap = sgx_encl_file_mmap,
};
static int sgx_open(struct inode *inode, struct file *file)
@@ -127,28 +149,6 @@ static long sgx_compat_ioctl(struct file *filep, unsigned int cmd,
}
#endif
-static int sgx_mmap(struct file *file, struct vm_area_struct *vma)
-{
- struct file *encl_file = file->private_data;
- struct sgx_encl *encl = encl_file->private_data;
- int ret;
-
- ret = sgx_encl_may_map(encl, vma->vm_start, vma->vm_end,
- vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC));
- if (ret)
- return ret;
-
- ret = sgx_encl_mm_add(encl, vma->vm_mm);
- if (ret)
- return ret;
-
- vma->vm_ops = &sgx_vm_ops;
- vma->vm_flags |= VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP | VM_IO;
- vma->vm_private_data = encl;
-
- return 0;
-}
-
static unsigned long sgx_get_unmapped_area(struct file *file,
unsigned long addr,
unsigned long len,
@@ -172,7 +172,6 @@ static const struct file_operations sgx_encl_dev_fops = {
#ifdef CONFIG_COMPAT
.compat_ioctl = sgx_compat_ioctl,
#endif
- .mmap = sgx_mmap,
.get_unmapped_area = sgx_get_unmapped_area,
};
Move mmap() to the internal anonymous enclave file as the latest Linux distributions tend to map /dev as noexec. Consequences: 1. Building an enclave requires no special privileges as the device file has no operations to map the enclave to the address space. 2. Running an enclave requires execu-from-mem privilege as one needs to be able to map pages with execution rights. My conclusion is that exec-from-mem is the correct level of privileges for an enclave because it best represents the actual enclave behaviour. After this change the mmap()'s will fail expectedly with -ENODEV. Cc: luto@kernel.org Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: Haitao Huang <haitao.huang@linux.intel.com> Cc: Sean Christopherson <sean.j.christopherson@intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> --- arch/x86/kernel/cpu/sgx/driver.c | 45 ++++++++++++++++---------------- 1 file changed, 22 insertions(+), 23 deletions(-)