Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX

[RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Sean Christopherson <hidden> · 2019-05-31
[RFC PATCH 1/9] x86/sgx: Remove unused local variable in sgx_encl_release() · Sean Christopherson <hidden> · 2019-05-31
Re: [RFC PATCH 1/9] x86/sgx: Remove unused local variable in sgx_encl_release() · Jarkko Sakkinen <hidden> · 2019-06-04
[RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-03
RE: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-04
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Andy Lutomirski <luto@kernel.org> · 2019-06-04
RE: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Dave Hansen <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Dave Hansen <hidden> · 2019-06-03
RE: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-04
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Jarkko Sakkinen <hidden> · 2019-06-04
[RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Andy Lutomirski <luto@kernel.org> · 2019-06-04
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Jarkko Sakkinen <hidden> · 2019-06-04
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Andy Lutomirski <luto@kernel.org> · 2019-06-04
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Sean Christopherson <hidden> · 2019-06-04
RE: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Jarkko Sakkinen <hidden> · 2019-06-05
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Sean Christopherson <hidden> · 2019-06-06
[RFC PATCH 9/9] security/selinux: Add enclave_load() implementation · Sean Christopherson <hidden> · 2019-05-31
Re: [RFC PATCH 9/9] security/selinux: Add enclave_load() implementation · Stephen Smalley <hidden> · 2019-06-03
Re: [RFC PATCH 9/9] security/selinux: Add enclave_load() implementation · Sean Christopherson <hidden> · 2019-06-03
[RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Stephen Smalley <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Sean Christopherson <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Stephen Smalley <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Dave Hansen <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Andy Lutomirski <luto@kernel.org> · 2019-06-04
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Sean Christopherson <hidden> · 2019-06-04
RE: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Sean Christopherson <hidden> · 2019-06-06
[RFC PATCH 5/9] x86/sgx: Restrict mapping without an enclave page to PROT_NONE · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 5/9] x86/sgx: Restrict mapping without an enclave page to PROT_NONE · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 5/9] x86/sgx: Restrict mapping without an enclave page to PROT_NONE · Jarkko Sakkinen <hidden> · 2019-06-04
[RFC PATCH 4/9] mm: Introduce vm_ops->mprotect() · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 4/9] mm: Introduce vm_ops->mprotect() · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 4/9] mm: Introduce vm_ops->mprotect() · Jarkko Sakkinen <hidden> · 2019-06-04
Re: [RFC PATCH 4/9] mm: Introduce vm_ops->mprotect() · Andy Lutomirski <luto@kernel.org> · 2019-06-04
[RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Jarkko Sakkinen <hidden> · 2019-06-04
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Sean Christopherson <hidden> · 2019-06-04
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Jarkko Sakkinen <hidden> · 2019-06-05
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Andy Lutomirski <luto@kernel.org> · 2019-06-04
RE: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Ayoun, Serge <hidden> · 2019-06-05
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Sean Christopherson <hidden> · 2019-06-05
[RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Sean Christopherson <hidden> · 2019-05-31
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-04
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Andy Lutomirski <luto@kernel.org> · 2019-06-04
RE: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Sean Christopherson <hidden> · 2019-06-05
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-05
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Andy Lutomirski <luto@amacapital.net> · 2019-06-05
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-06
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-13
RE: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Xing, Cedric <hidden> · 2019-06-13
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Sean Christopherson <hidden> · 2019-06-13
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-14
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-05
RE: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Xing, Cedric <hidden> · 2019-06-02
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Sean Christopherson <hidden> · 2019-06-03
RE: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Sean Christopherson <hidden> · 2019-06-04
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Stephen Smalley <hidden> · 2019-06-04
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Sean Christopherson <hidden> · 2019-06-04
RE: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Stephen Smalley <hidden> · 2019-06-03
RE: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Jarkko Sakkinen <hidden> · 2019-06-04

From: Dave Hansen <hidden>
Date: 2019-06-03 18:45:10
Also in: lkml, selinux

...

quoted

What ensures that the mapping referenced by src can't be changed
to an entirely different one (with a different vm_file) between
the time of check (here) and the time of use?

Nothing.  Holding mmap_sem across copy_from_user() would suffice, 
correct?

I don't believe you can do that; copy_from_user() could stall 
indefinitely.  Not sure how to do what you want here or if it requires
changing the interface.

Holding mmap_sem for *read* is OK since you can handle page faults
underneath it.  Holding it for write is not.

But, holding it for read also locks out the writers which might be
messing with vm_file or other parts of the VMA.

Holding it for read for a long time is OK.  It's obviously not ideal,
but it is something we do widely today.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help