x86/sgx: Support loading enclave page without VMA permissions check
mainline inclusion from mainline-6.0-rc1 commit b3fb517d category: feature bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I5USAM CVE: NA Intel-SIG: commit b3fb517d x86/sgx: Support loading enclave page without VMA permissions check. Backport for SGX EDMM support. -------------------------------- sgx_encl_load_page() is used to find and load an enclave page into enclave (EPC) memory, potentially loading it from the backing storage. Both usages of sgx_encl_load_page() are during an access to the enclave page from a VMA and thus the permissions of the VMA are considered before the enclave page is loaded. SGX2 functions operating on enclave pages belonging to an initialized enclave requiring the page to be in EPC. It is thus required to support loading enclave pages into the EPC independent from a VMA. Split the current sgx_encl_load_page() to support the two usages: A new call, sgx_encl_load_page_in_vma(), behaves exactly like the current sgx_encl_load_page() that takes VMA permissions into account, while sgx_encl_load_page() just loads an enclave page into EPC. VMA, PTE, and EPCM permissions continue to dictate whether the pages can be accessed from within an enclave. Signed-off-by:Reinette Chatre <reinette.chatre@intel.com> Signed-off-by:
Loading
Please sign in to comment