Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address

[RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Sean Christopherson <hidden> · 2019-05-31
[RFC PATCH 1/9] x86/sgx: Remove unused local variable in sgx_encl_release() · Sean Christopherson <hidden> · 2019-05-31
Re: [RFC PATCH 1/9] x86/sgx: Remove unused local variable in sgx_encl_release() · Jarkko Sakkinen <hidden> · 2019-06-04
[RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-03
RE: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-04
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Andy Lutomirski <luto@kernel.org> · 2019-06-04
RE: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Dave Hansen <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Dave Hansen <hidden> · 2019-06-03
RE: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-04
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Jarkko Sakkinen <hidden> · 2019-06-04
[RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Andy Lutomirski <luto@kernel.org> · 2019-06-04
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Jarkko Sakkinen <hidden> · 2019-06-04
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Andy Lutomirski <luto@kernel.org> · 2019-06-04
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Sean Christopherson <hidden> · 2019-06-04
RE: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Jarkko Sakkinen <hidden> · 2019-06-05
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Sean Christopherson <hidden> · 2019-06-06
[RFC PATCH 9/9] security/selinux: Add enclave_load() implementation · Sean Christopherson <hidden> · 2019-05-31
Re: [RFC PATCH 9/9] security/selinux: Add enclave_load() implementation · Stephen Smalley <hidden> · 2019-06-03
Re: [RFC PATCH 9/9] security/selinux: Add enclave_load() implementation · Sean Christopherson <hidden> · 2019-06-03
[RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Stephen Smalley <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Sean Christopherson <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Stephen Smalley <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Dave Hansen <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Andy Lutomirski <luto@kernel.org> · 2019-06-04
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Sean Christopherson <hidden> · 2019-06-04
RE: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Sean Christopherson <hidden> · 2019-06-06
[RFC PATCH 5/9] x86/sgx: Restrict mapping without an enclave page to PROT_NONE · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 5/9] x86/sgx: Restrict mapping without an enclave page to PROT_NONE · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 5/9] x86/sgx: Restrict mapping without an enclave page to PROT_NONE · Jarkko Sakkinen <hidden> · 2019-06-04
[RFC PATCH 4/9] mm: Introduce vm_ops->mprotect() · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 4/9] mm: Introduce vm_ops->mprotect() · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 4/9] mm: Introduce vm_ops->mprotect() · Jarkko Sakkinen <hidden> · 2019-06-04
Re: [RFC PATCH 4/9] mm: Introduce vm_ops->mprotect() · Andy Lutomirski <luto@kernel.org> · 2019-06-04
[RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Jarkko Sakkinen <hidden> · 2019-06-04
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Sean Christopherson <hidden> · 2019-06-04
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Jarkko Sakkinen <hidden> · 2019-06-05
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Andy Lutomirski <luto@kernel.org> · 2019-06-04
RE: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Ayoun, Serge <hidden> · 2019-06-05
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Sean Christopherson <hidden> · 2019-06-05
[RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Sean Christopherson <hidden> · 2019-05-31
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-04
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Andy Lutomirski <luto@kernel.org> · 2019-06-04
RE: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Sean Christopherson <hidden> · 2019-06-05
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-05
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Andy Lutomirski <luto@amacapital.net> · 2019-06-05
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-06
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-13
RE: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Xing, Cedric <hidden> · 2019-06-13
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Sean Christopherson <hidden> · 2019-06-13
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-14
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-05
RE: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Xing, Cedric <hidden> · 2019-06-02
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Sean Christopherson <hidden> · 2019-06-03
RE: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Sean Christopherson <hidden> · 2019-06-04
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Stephen Smalley <hidden> · 2019-06-04
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Sean Christopherson <hidden> · 2019-06-04
RE: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Stephen Smalley <hidden> · 2019-06-03
RE: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Jarkko Sakkinen <hidden> · 2019-06-04

From: Jarkko Sakkinen <hidden>
Date: 2019-06-14 15:18:42
Also in: lkml, selinux

On Thu, Jun 13, 2019 at 10:14:51AM -0700, Sean Christopherson wrote:

quoted

I don't get this. The swapper takes a read lock on mm->mmap_sem, which locks
the vma, which in turn reference counts vma->vm_file. Why is the internal
refcount still needed?

mmap_sem is only held when reclaim is touching PTEs, e.g. to test/clear
its accessed bit and to zap the PTE.  The liveliness of the enclave needs
to be guaranteed for the entire duration of reclaim, e.g. we can't have
the enclave disappearing when we go to do EWB.  It's also worth nothing
that a single reclaim may operate on more than one mmap_sem, as enclaves
can be shared across processes (mm_structs).

Anyway, the takeaway I got from this is that encl->refcount does not
need to be updated for VMAs (sent a patch to linux-sgx that I plan
merge).

/Jarkko

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help