Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp206745imu; Thu, 8 Nov 2018 07:12:47 -0800 (PST) X-Google-Smtp-Source: AJdET5dH3aIpx6rZixYo3B1OHry/QF9Q5RPgYbmmibUBxYj2DCZVHeJ0c/P+Gpj/5WyivnTc4BWJ X-Received: by 2002:a62:250:: with SMTP id 77-v6mr5066664pfc.16.1541689967835; Thu, 08 Nov 2018 07:12:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541689967; cv=none; d=google.com; s=arc-20160816; b=XrSM6BIljxqqLEXf88dzC0hXU4e4W7t29j6UnIl6RUEYzH72eZfXBpoIhQHPLE5RSm GqDCy6ItyG8DYWelqgUy/m13rxmmzwPUGJOYruX2WLjL4x1DYy7I6z7KV+S1AR1CwwoM kPii8SjjzAYntRJ0uo0EcHMlHf7lOR0Nq3jSHBQexTj11nn8bd6F1sUZqwuYIQDYSlTV RJ3BVBhy9ADtPA1NU5vPF6tcignO3fwRXfzxOw3UW0L+bBhQNpVX6fVWHeFa5lhcyPh0 d1Ftqh231X6AbplHNOqdEwZRsz3NdrC6cO5lS9XfRyU9LY2MbwbALchW1sixMznDXkC9 A1Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=3bOGrnxCQhoWWaCEnvpVuVtgFLNPIiMgE+rIajGYSsg=; b=LAPtDbpXtUaSx/Iciz/+ZivH5kEkqp0JfqBgNm0Ut9RcVc9JZo7bEfDuQMAZKCyj5v KEHNjUfLv5ye7YT6RqEmgUvP/YK0+Ix4awdQT5Zt7vXb7oVTD6LmtncBmkpA20rEv0rT YIOAkGjYm23XgU5RoSP+E7P1/I3U7E/LW6lSlPKJTrqHuiINuTuXLUFpyA74/4I8Z1EP MXbOJXNzHO8LllH0SX3RiHKnPM7rI1eUgPzgE6FoMXvuzSGlWKqWi1ZVPF76nokCpz2Q BLJUnxEvBkHUsTmHrB2QJOE+lI/OVX4M7wEWPl+nc6NgOoaPNWggorpcZ5DbBZlC6L03 JcRQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w21-v6si4365047pll.283.2018.11.08.07.12.31; Thu, 08 Nov 2018 07:12:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727255AbeKIAsG (ORCPT + 99 others); Thu, 8 Nov 2018 19:48:06 -0500 Received: from mga04.intel.com ([192.55.52.120]:13191 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726421AbeKIAsG (ORCPT ); Thu, 8 Nov 2018 19:48:06 -0500 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Nov 2018 07:12:09 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,480,1534834800"; d="scan'208";a="278183129" Received: from ibanaga-mobl1.ger.corp.intel.com (HELO localhost) ([10.249.254.75]) by fmsmga005.fm.intel.com with ESMTP; 08 Nov 2018 07:11:58 -0800 Date: Thu, 8 Nov 2018 17:11:56 +0200 From: Jarkko Sakkinen To: Sean Christopherson Cc: Rich Felker , Andy Lutomirski , Dave Hansen , Jann Horn , Linus Torvalds , Dave Hansen , Jethro Beekman , Florian Weimer , Linux API , X86 ML , linux-arch , LKML , Peter Zijlstra , nhorman@redhat.com, npmccallum@redhat.com, "Ayoun, Serge" , shay.katz-zamir@intel.com, linux-sgx@vger.kernel.org, Andy Shevchenko , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Carlos O'Donell , adhemerval.zanella@linaro.org Subject: Re: RFC: userspace exception fixups Message-ID: <20181108151156.GC14072@linux.intel.com> References: <1541518670.7839.31.camel@intel.com> <1541524750.7839.51.camel@intel.com> <22596E35-F5D1-4935-86AB-B510DCA0FABE@amacapital.net> <20181106231730.GR5150@brightrain.aerifal.cx> <20181106232616.GA11101@linux.intel.com> <20181107212758.GU5150@brightrain.aerifal.cx> <20181107214058.GG27170@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181107214058.GG27170@linux.intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 07, 2018 at 01:40:59PM -0800, Sean Christopherson wrote: > > In that case it seems like the only way to use SGX that's not a gaping > > security hole is to run the SGX enclave in its own fully-seccomp (or > > equivalent) process, with no host application in the same address > > space. Since the host application can't see the contents of the > > enclave to make any determination of whether it's safe to run, running > > it in the same address space only makes sense if the cpu provides > > protection against unwanted accesses to the host's memory from the > > enclave -- and according to you, it doesn't. > > The enclave's code (and any initial data) isn't encrypted until the > pages are loaded into the Enclave Page Cache (EPC), which can only > be done by the kernel (via ENCLS[EADD]). In other words, both the > kernel and userspace can vet the code/data before running an enclave. > > Practically speaking, an enclave will be coupled with an untrusted > userspace runtime, i.e. it's loader. Enclaves are also measured > as part of their build process, and so the enclave loader needs to > know which pages to add to the measurement, and in what order. I > guess technically speaking an enclave could have zero pages added > to its measurement, but that'd probably be a big red flag that said > enclave is up to something fishy. IMHO the whole idea adds too much policy into kernel even if it would be doable. You can easily spawn untrusted run-time and enclave to its own process. Seccomp limits the syscall space and enclaves cannot do syscalls in the first place. It is the URT that will do them behalf of the enclave. /Jarkko