Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()

From: Sean Christopherson
Date: Mon Oct 19 2020 - 17:31:16 EST

Next message: Ben Gardon: "Re: [PATCH v2 07/20] kvm: x86/mmu: Support zapping SPTEs in the TDP MMU"
Previous message: Arvind Sankar: "Re: [PATCH 3/5] x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path"
In reply to: Dr. Greg: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Next in thread: Dr. Greg: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Oct 18, 2020 at 03:49:20AM -0500, Dr. Greg wrote:
> Is this even a relevant control if we cede the notion of dynamically
> loadable enclave code, which is the objective of SGX2 hardware, which
> will in all likelihood be the only relevant hardware implementation in
> the future?

Yes, it's still relevant. Giving the thumbs up to dynamically loadable code is
not a purely binary decision, e.g. a user/admin can allow RW->RX transitions
but still disallow full RWX permissions.

Next message: Ben Gardon: "Re: [PATCH v2 07/20] kvm: x86/mmu: Support zapping SPTEs in the TDP MMU"
Previous message: Arvind Sankar: "Re: [PATCH 3/5] x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path"
In reply to: Dr. Greg: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Next in thread: Dr. Greg: "Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]