From: Dave Hansen <dave.hansen@intel.com>
To: "Dr. Greg" <greg@enjellic.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
x86@kernel.org, linux-sgx@vger.kernel.org,
linux-kernel@vger.kernel.org,
Sean Christopherson <sean.j.christopherson@intel.com>,
linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>,
Matthew Wilcox <willy@infradead.org>,
Jethro Beekman <jethro@fortanix.com>,
Darren Kenny <darren.kenny@oracle.com>,
andriy.shevchenko@linux.intel.com, asapek@google.com,
bp@alien8.de, cedric.xing@intel.com, chenalexchen@google.com,
conradparker@google.com, cyhanish@google.com,
haitao.huang@intel.com, kai.huang@intel.com, kai.svahn@intel.com,
kmoy@google.com, ludloff@google.com, luto@kernel.org,
nhorman@redhat.com, npmccallum@redhat.com, puiterwijk@redhat.com,
rientjes@google.com, tglx@linutronix.de, yaozhangx@google.com,
mikko.ylinen@intel.com
Subject: Re: [PATCH v40 10/24] mm: Add 'mprotect' hook to struct vm_operations_struct
Date: Sat, 7 Nov 2020 11:16:25 -0800 [thread overview]
Message-ID: <c7157bc6-8a65-11f4-e961-17163730df5d@intel.com> (raw)
In-Reply-To: <20201107150930.GA29530@wind.enjellic.com>
On 11/7/20 7:09 AM, Dr. Greg wrote:
> In all of these discussions there hasn't been a refutation of my point
> that the only reason this hook is needed is to stop the potential for
> anonymous code execution on SGX2 capable hardware. So we will assume,
> that while unspoken, this is the rationale for the hook.
Unspoken? See from the cover letter:
> 3. Enclave page permissions are dynamic (just like normal permissions) and
> can be adjusted at runtime with mprotect().
I explicitly chose not to name the instructions, nor the exact version
of the SGX ISA that introduces them. They're supported in the series,
and that's all that matters.
If you want to advocate for something different to be done, patches are
accepted.
next prev parent reply other threads:[~2020-11-07 19:16 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20201104145430.300542-1-jarkko.sakkinen@linux.intel.com>
2020-11-04 14:54 ` Jarkko Sakkinen
2020-11-05 16:04 ` Borislav Petkov
2020-11-05 17:33 ` Dave Hansen
2020-11-06 10:04 ` Mel Gorman
2020-11-06 16:51 ` Jarkko Sakkinen
2020-11-06 20:37 ` Borislav Petkov
2020-11-06 22:04 ` Jarkko Sakkinen
2020-11-06 22:31 ` Borislav Petkov
2020-11-06 17:43 ` Dr. Greg
2020-11-06 17:54 ` Dave Hansen
2020-11-07 15:09 ` Dr. Greg
2020-11-07 19:16 ` Dave Hansen [this message]
2020-11-12 20:58 ` Dr. Greg
2020-11-12 21:31 ` Dave Hansen
2020-11-12 22:41 ` Andy Lutomirski
2020-11-16 18:00 ` Dr. Greg
2020-11-19 1:39 ` Haitao Huang
2020-11-20 17:31 ` Dr. Greg
2020-11-15 18:59 ` Dr. Greg
2020-11-06 21:13 ` Matthew Wilcox
2020-11-06 21:23 ` Dave Hansen
2020-11-07 15:27 ` Dr. Greg
2020-11-04 14:54 ` [PATCH v40 11/24] x86/sgx: Add SGX misc driver interface Jarkko Sakkinen
[not found] ` <20201105011043.GA700495@kernel.org>
[not found] ` <20201105011615.GA701257@kernel.org>
2020-11-05 16:05 ` Borislav Petkov
2020-11-05 17:57 ` Jarkko Sakkinen
2020-11-05 18:10 ` Borislav Petkov
2020-11-06 16:07 ` Jarkko Sakkinen
2020-11-06 17:09 ` Borislav Petkov
2020-11-06 22:01 ` Jarkko Sakkinen
2020-11-04 14:54 ` [PATCH v40 21/24] x86/sgx: Add a page reclaimer Jarkko Sakkinen
2020-11-08 3:56 ` Hillf Danton
2020-11-09 19:59 ` Jarkko Sakkinen
2020-11-04 14:54 ` [PATCH v40 22/24] x86/sgx: Add ptrace() support for the SGX driver Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c7157bc6-8a65-11f4-e961-17163730df5d@intel.com \
--to=dave.hansen@intel.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=asapek@google.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=chenalexchen@google.com \
--cc=conradparker@google.com \
--cc=cyhanish@google.com \
--cc=darren.kenny@oracle.com \
--cc=greg@enjellic.com \
--cc=haitao.huang@intel.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jethro@fortanix.com \
--cc=kai.huang@intel.com \
--cc=kai.svahn@intel.com \
--cc=kmoy@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-sgx@vger.kernel.org \
--cc=ludloff@google.com \
--cc=luto@kernel.org \
--cc=mikko.ylinen@intel.com \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=puiterwijk@redhat.com \
--cc=rientjes@google.com \
--cc=sean.j.christopherson@intel.com \
--cc=tglx@linutronix.de \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
--cc=yaozhangx@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox