On Tue, Sep 15, 2020 at 02:28:28PM +0300, Jarkko Sakkinen wrote:
> From: Sean Christopherson <[email protected]>
>
> Add vm_ops()->mprotect() for additional constraints for a VMA.
>
> Intel Software Guard eXtensions (SGX) will use this callback to add two
> constraints:
>
> 1. Verify that the address range does not have holes: each page address
> must be filled with an enclave page.
> 2. Verify that VMA permissions won't surpass the permissions of any enclave
> page within the address range. Enclave cryptographically sealed
> permissions for each page address that set the upper limit for possible
> VMA permissions. Not respecting this can cause #GP's to be emitted.
>
> Cc: [email protected]
> Cc: Andrew Morton <[email protected]>
> Cc: Matthew Wilcox <[email protected]>
> Acked-by: Jethro Beekman <[email protected]>
> Reviewed-by: Darren Kenny <[email protected]>
> Signed-off-by: Sean Christopherson <[email protected]>
> Co-developed-by: Jarkko Sakkinen <[email protected]>
> Signed-off-by: Jarkko Sakkinen <[email protected]>
> ---
> include/linux/mm.h | 3 +++
> mm/mprotect.c | 5 ++++-
> 2 files changed, 7 insertions(+), 1 deletion(-)
Needs an ACK from an mm person.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
