Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2178721yba; Fri, 19 Apr 2019 13:52:01 -0700 (PDT) X-Google-Smtp-Source: APXvYqxccr9T0F/jV88kKY6jXjytgu01epj287ne77lxR6qYSmtikCm82t4dN26QQ4d5MITDNxEN X-Received: by 2002:a62:6c6:: with SMTP id 189mr6059529pfg.36.1555707121582; Fri, 19 Apr 2019 13:52:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555707121; cv=none; d=google.com; s=arc-20160816; b=BAHrpfc+qmnus9F3jPzpxtKaxC3lussdsui8yZBpjJpRN+BhBQ1DPGzX89n2bhAx9k 4i8x+CvQN+poet8g6YZJ7UORPQv3Zj7s2nG8az6bYAinhkALUpHi4CnF72VxuH/aRcHV /CbukpysotwiMSDE8Kan0UeKjh67pscC2gF1Nm3xHBvRif6btVGeGts3UMaZ63QbRE8m P4O9/1BLaa4h3zBgXs8KlXYJfxnszlbH6oBSusLOUvtt9w52kEYDNVMFEf/eWFSR1ur6 6Pyp0vLQJwmboBbgXW7M9qX2WSuwrT9E+GlGD4hfUe0tj0HU5zA71autwYXML9bHCq9j 0oOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=i9BYyg48rVvK/ajmc4GMuKQIfH0AI7YVDPbA/hQdjic=; b=FW3W5RU3DP0BEQMC2DNHxzSluSN8W/EfMibaiKkAEu4pT8nTSsmXYwNoDI+g/4VsVA g2vFZ8OfW2WyH+piN08V2jmcy2HBYfyRltZ/dpSgNkt0vOUONSdbuKqdPQnwAIPeXKLu Iawa+dA0jDTvg/cBjQ7OubO+3cIadVlheOt+vuiMTR/CM3zjJs0i8EUSKpzVDYCtDZmw isoyG7djp59d8bvxEentFrEDgkGndszwMrGgZo9iENoT0ySLOzkcB60rGiuEpUNZWUqz fiS+Fm9cRmUve95D5sD7UACqnZsFM63K+YQJzCk6/WInpOpQ+EliOTo2+uO2n4F2MduO nqRw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q1si6488510pfb.68.2019.04.19.13.51.46; Fri, 19 Apr 2019 13:52:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726961AbfDSUu5 (ORCPT + 99 others); Fri, 19 Apr 2019 16:50:57 -0400 Received: from Galois.linutronix.de ([146.0.238.70]:42346 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725839AbfDSUu5 (ORCPT ); Fri, 19 Apr 2019 16:50:57 -0400 Received: from pd9ef12d2.dip0.t-ipconnect.de ([217.239.18.210] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1hHaTD-0007hu-E7; Fri, 19 Apr 2019 22:50:51 +0200 Date: Fri, 19 Apr 2019 22:50:50 +0200 (CEST) From: Thomas Gleixner To: Jethro Beekman cc: Andy Lutomirski , "Dr. Greg" , Dave Hansen , Jarkko Sakkinen , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "Christopherson, Sean J" , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes Subject: Re: [PATCH v20 00/28] Intel SGX1 support In-Reply-To: <8c5133bc-1301-24ca-418d-7151a6eac0e2@fortanix.com> Message-ID: References: <20190417103938.7762-1-jarkko.sakkinen@linux.intel.com> <20190418171059.GA20819@wind.enjellic.com> <09ebfa1d-c03d-c1fe-ff0f-d99287b6ec3c@intel.com> <20190419141732.GA2269@wind.enjellic.com> <43aa8fdd-e777-74cb-e3f0-d36805ffa18b@fortanix.com> <8c5133bc-1301-24ca-418d-7151a6eac0e2@fortanix.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 19 Apr 2019, Jethro Beekman wrote: > On 2019-04-19 13:39, Thomas Gleixner wrote: > > On Fri, 19 Apr 2019, Jethro Beekman wrote: > > > >> On 2019-04-19 08:27, Andy Lutomirski wrote: > >>> There are many, > >>> many Linux systems that enforce a policy that *all* executable text > >>> needs to come from a verified source. On these systems, you can't > >>> mmap some writable memory, write to it, and then change it to > >>> executable. > >> > >> How is this implemented on those systems? AFAIK there's no kernel config > >> option that changes the semantics of mmap as you describe. > > > > That has nothing to do with mmap() semantics. You mmap() writeable memory > > and then you change the permissions via mprotect(). mprotect() calls into > > LSM and depending on policy and security model this will reject the > > request. > > > > Andy was pointing out that the SGX ioctl bypasses the LSM mechanics which > > is obviously a bad thing. > > We could modify the driver such that when you call ioctl EADD, the page > table permissions need to be the PAGEINFO.SECINFO.FLAGS | PROT_WRITE, > otherwise you get EPERM or so. After EADD, if you want, you can restrict > the page table permissions again using mprotect but the page table > permissions don't really matter for SGX. And the point of that is? That you still can cirumvent LSM for feeding executable code into SGX. No, we are not making special cases and exceptions for SGX. Thanks, tglx