From patchwork Tue Jul  7 03:37:33 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
X-Patchwork-Id: 11647505
Return-Path: <SRS0=oiSc=AS=kvack.org=owner-linux-mm@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 70C1213B4
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Tue,  7 Jul 2020 03:40:08 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 3DDDE20772
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Tue,  7 Jul 2020 03:40:08 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3DDDE20772
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=linux.intel.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 5AA236B0002; Mon,  6 Jul 2020 23:40:07 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 55BFC6B0003; Mon,  6 Jul 2020 23:40:07 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4237D6B0005; Mon,  6 Jul 2020 23:40:07 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0229.hostedemail.com
 [216.40.44.229])
	by kanga.kvack.org (Postfix) with ESMTP id 2A7AD6B0002
	for <linux-mm@kvack.org>; Mon,  6 Jul 2020 23:40:07 -0400 (EDT)
Received: from smtpin01.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id D41518248047
	for <linux-mm@kvack.org>; Tue,  7 Jul 2020 03:40:06 +0000 (UTC)
X-FDA: 77009876412.01.angle08_280d38526eb1
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin01.hostedemail.com (Postfix) with ESMTP id 958131000A0B84F8
	for <linux-mm@kvack.org>; Tue,  7 Jul 2020 03:40:06 +0000 (UTC)
X-Spam-Summary: 
 1,0,0,,d41d8cd98f00b204,jarkko.sakkinen@linux.intel.com,,RULES_HIT:30003:30054:30055:30064:30069,0,RBL:192.55.52.88:@linux.intel.com:.lbl8.mailshell.net-64.95.201.95
 62.18.0.100;04y86c53hpedsffdsna1tsydhcw8wycu148k4w6zjn5aj7kwtbs6qziqrb8xd3g.i9quuwidpuu4nrjx71t1ep5odk4zngp8cnsnfpm337fbtgqs5ponki4u9gefbe5.c-lbl8.mailshell.net-223.238.255.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not
 bulk,SPF:fn,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:24,LUA_SUMMARY:none
X-HE-Tag: angle08_280d38526eb1
X-Filterd-Recvd-Size: 4666
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
	by imf42.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Tue,  7 Jul 2020 03:40:05 +0000 (UTC)
IronPort-SDR: 
 42dd+xlRwGjvk6DKg+enfPxRLjLQ8gQw7DP9aprQC5tyExl1TGvc5yUQZrkKkuHi6r6vmkSU/7
 V3oo/xsbuGhw==
X-IronPort-AV: E=McAfee;i="6000,8403,9674"; a="165606992"
X-IronPort-AV: E=Sophos;i="5.75,321,1589266800";
   d="scan'208";a="165606992"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Jul 2020 20:40:05 -0700
IronPort-SDR: 
 hHcW9QrB98Kv5wQtBy3s1zY0CJGdPoksCXtarw6VJ0Cw6vAcBeGtoUGoJ6N3Kypf4F2Y2jTCCR
 aH5JPKk0kH4A==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.75,321,1589266800";
   d="scan'208";a="427314540"
Received: from apiccion-mobl1.ger.corp.intel.com (HELO localhost)
 ([10.249.45.178])
  by orsmga004.jf.intel.com with ESMTP; 06 Jul 2020 20:39:53 -0700
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: x86@kernel.org,
	linux-sgx@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	Sean Christopherson <sean.j.christopherson@intel.com>,
	linux-mm@kvack.org,
	Andrew Morton <akpm@linux-foundation.org>,
	Matthew Wilcox <willy@infradead.org>,
	Jethro Beekman <jethro@fortanix.com>,
	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
	andriy.shevchenko@linux.intel.com,
	asapek@google.com,
	bp@alien8.de,
	cedric.xing@intel.com,
	chenalexchen@google.com,
	conradparker@google.com,
	cyhanish@google.com,
	dave.hansen@intel.com,
	haitao.huang@intel.com,
	josh@joshtriplett.org,
	kai.huang@intel.com,
	kai.svahn@intel.com,
	kmoy@google.com,
	ludloff@google.com,
	luto@kernel.org,
	nhorman@redhat.com,
	npmccallum@redhat.com,
	puiterwijk@redhat.com,
	rientjes@google.com,
	tglx@linutronix.de,
	yaozhangx@google.com
Subject: [PATCH v35 10/24] mm: Add vm_ops->mprotect()
Date: Tue,  7 Jul 2020 06:37:33 +0300
Message-Id: <20200707033747.142828-11-jarkko.sakkinen@linux.intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200707033747.142828-1-jarkko.sakkinen@linux.intel.com>
References: <20200707033747.142828-1-jarkko.sakkinen@linux.intel.com>
MIME-Version: 1.0
X-Rspamd-Queue-Id: 958131000A0B84F8
X-Spamd-Result: default: False [0.00 / 100.00]
X-Rspamd-Server: rspam05
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

From: Sean Christopherson <sean.j.christopherson@intel.com>

Add vm_ops()->mprotect() for additional constraints for a VMA.

Intel Software Guard eXtensions (SGX) will use this callback to add two
constraints:

1. Verify that the address range does not have holes: each page address
   must be filled with an enclave page.
2. Verify that VMA permissions won't surpass the permissions of any enclave
   page within the address range. Enclave cryptographically sealed
   permissions for each page address that set the upper limit for possible
   VMA permissions. Not respecting this can cause #GP's to be emitted.

Cc: linux-mm@kvack.org
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Matthew Wilcox <willy@infradead.org>
Acked-by: Jethro Beekman <jethro@fortanix.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 include/linux/mm.h |  2 ++
 mm/mprotect.c      | 13 ++++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/include/linux/mm.h b/include/linux/mm.h
index dc7b87310c10..fc0e3ef28873 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -542,6 +542,8 @@ struct vm_operations_struct {
 	void (*close)(struct vm_area_struct * area);
 	int (*split)(struct vm_area_struct * area, unsigned long addr);
 	int (*mremap)(struct vm_area_struct * area);
+	int (*mprotect)(struct vm_area_struct *vma, unsigned long start,
+			unsigned long end, unsigned long prot);
 	vm_fault_t (*fault)(struct vm_fault *vmf);
 	vm_fault_t (*huge_fault)(struct vm_fault *vmf,
 			enum page_entry_size pe_size);
diff --git a/mm/mprotect.c b/mm/mprotect.c
index ce8b8a5eacbb..e23dfd8d18bc 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -603,13 +603,20 @@ static int do_mprotect_pkey(unsigned long start, size_t len,
 			goto out;
 		}
 
+		tmp = vma->vm_end;
+		if (tmp > end)
+			tmp = end;
+
 		error = security_file_mprotect(vma, reqprot, prot);
 		if (error)
 			goto out;
 
-		tmp = vma->vm_end;
-		if (tmp > end)
-			tmp = end;
+		if (vma->vm_ops && vma->vm_ops->mprotect) {
+			error = vma->vm_ops->mprotect(vma, nstart, tmp, prot);
+			if (error)
+				goto out;
+		}
+
 		error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
 		if (error)
 			goto out;