From: Jarkko Sakkinen <jarkko@kernel.org>
To: Dave Hansen <dave.hansen@intel.com>
Cc: Tim Gardner <tim.gardner@canonical.com>,
dave.hansen@linux.intel.com, shuah@kernel.org,
linux-sgx@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: Subject: [PATCH 0/1] SGX self test fails
Date: Tue, 4 May 2021 01:37:01 +0300 [thread overview]
Message-ID: <YJB7DZHDeNujIY+F@kernel.org> (raw)
In-Reply-To: <6645d579-57f9-7adf-8a3d-f4fb2316b324@intel.com>
On Mon, May 03, 2021 at 09:39:05AM -0700, Dave Hansen wrote:
> On 5/3/21 8:41 AM, Jarkko Sakkinen wrote:
> >> $ ls -l /dev/sgx_enclave
> >> crw------- 1 dave dave 10, 125 Apr 28 11:32 /dev/sgx_enclave
> >> $ ./test_sgx
> >> 0x0000000000000000 0x0000000000002000 0x03
> >> 0x0000000000002000 0x0000000000001000 0x05
> >> 0x0000000000003000 0x0000000000003000 0x03
> >> SUCCESS
> >>
> >> *But*, is that OK? Should we be happily creating a PROT_EXEC mapping on
> >> a ugo-x file? Why were we respecting noexec on the filesystem but not
> >> ugo-x on the file?
> > Yeah, this supports my earlier response:
> >
> > "EPERM The prot argument asks for PROT_EXEC but the mapped area
> > belongs to a file on a filesystem that was mounted no-exec."
> > https://man7.org/linux/man-pages/man2/mmap.2.html
> >
> > I guess the right model is to think just as "anonymous memory"
> > with equivalent access control semantics after succesfully
> > opened for read and write.
>
> I guess I'll answer my own question: The "x" bit on file permissions
> really only controls the ability for the file to be execve()'d, but has
> no bearing on the ability for an executable *mapping* to be created.
> This is existing VFS behavior and is not specific to SGX.
Yeah, that's nicely put it into one sentence :-)
> I think I'll just send a patch to pull that warning out.
/Jarkko
next prev parent reply other threads:[~2021-05-03 22:37 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-29 18:39 Subject: [PATCH 0/1] SGX self test fails Tim Gardner
2021-04-29 18:39 ` [PATCH] selftests/sgx: Defeat execute permissions test Tim Gardner
2021-04-29 18:55 ` Subject: [PATCH 0/1] SGX self test fails Dave Hansen
2021-04-30 9:25 ` Dr. Greg
2021-05-03 15:41 ` Jarkko Sakkinen
2021-05-03 16:39 ` Dave Hansen
2021-05-03 22:37 ` Jarkko Sakkinen [this message]
2021-05-03 15:38 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YJB7DZHDeNujIY+F@kernel.org \
--to=jarkko@kernel.org \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=shuah@kernel.org \
--cc=tim.gardner@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.