Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2209400yba; Fri, 19 Apr 2019 14:33:10 -0700 (PDT) X-Google-Smtp-Source: APXvYqz6A+lYSIN1eb90CY/bIFn9sIqBUkegjIPHePQAPsrCdRzeZ3zs8mT9fJNwr//NY3JeF0RL X-Received: by 2002:a63:7885:: with SMTP id t127mr5892761pgc.338.1555709589999; Fri, 19 Apr 2019 14:33:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555709589; cv=none; d=google.com; s=arc-20160816; b=OnUQW0ZYNZAX5RchUbZFHvYeJZ5L5CteDlULFnOXOCu0whnae3bPs1DHL+ytGEU4B/ JP52g4VyG8un8nGiUMyqfzT3CNS6wd6HwCr4uznAjzvSWPkwlUJCptAB1HtpcQYrwsvL LEmq/tXwm6PGmV/cOVtLe3nnEru3v/UlMIsXc8t+LwiHnODAnptRUXGXtOxbBJ1taI30 OaXwIgIAaNIvsVfvMW01bYYYgInpEGm6puBk07w9pvNNTXzYn/Ck7wK7NJAX9oIRNlOl hocSAlfj5OTagBFUAOBGXjV4vp1Rkyhv2dqk9oDdfOzL8+WDhBBdq0tiCLHUvJirVMP8 nqHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=bmO/3Maw7aHDxRDaoZRK9eF6ggF4wRbd5WJejIe/fMI=; b=m9wnC7ux5rF2kp5UG13DNRfd0FPxCmTnbljnqL1eAYcwDgjt0o5Iuh59Pu3FZGSopf B0+wWWFh9uVqJQareH80XGNjl2/QW8Zh/D0hxk7lu2SIBVm68L+ClCompJ48PrsXQgb2 +3auIZwp4VkpcfzSHbK9cISFOXNBCSOAZOtV+AxiTyFHr6D9WVtGAeCKKUtVer1LXHkE tmxmwi/CwUjGWsTFFctjX/PQ4k5X8VpReM+BlUrypkasXSNma5WYwU+LXOZ6dKBg8jLJ +iBVYrj1e8NL7Bo4E61GpiJ/Ebt5nEiZeI0Pi1y7RYyvPk04cUgTsX6WayGoMjNiTk6K jXjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=AmPgExiN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j10si6054797plb.346.2019.04.19.14.32.54; Fri, 19 Apr 2019 14:33:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=AmPgExiN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727294AbfDSVcC (ORCPT + 99 others); Fri, 19 Apr 2019 17:32:02 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:34578 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726088AbfDSVcB (ORCPT ); Fri, 19 Apr 2019 17:32:01 -0400 Received: by mail-pg1-f196.google.com with SMTP id v12so3168229pgq.1 for ; Fri, 19 Apr 2019 14:32:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=bmO/3Maw7aHDxRDaoZRK9eF6ggF4wRbd5WJejIe/fMI=; b=AmPgExiN511iVaIgkj7nImZY53VNLKYx7Trjy8jvbdRoOjhNt/JlQvTs+0Da8Ik6ky kLjSlvXT6uYKxki9oT8aKp7CXFcAJXC9Ete5rzskV2tsysBNqV3rS+uTVf7c32ZeWwtN HSOhZfkBV9RnRg/vSalH8Te2qkIJVN5OIaQIhDpoIdF4oEwYP8xH7ozQHH3J9I+nlKwb w/90YCSx5Qqq1gXlbxoEGNeCJkuNiNVYdCqNwL3VyG/0sTJ1uyLdkXCO6JiEPDbl7QRg 2TlHogx2JRXzifYYWVOhXpDuXj3hDiUQmmSqT5tk7j93AGujFaTfxeb1aDX/JPkCes1u mbAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=bmO/3Maw7aHDxRDaoZRK9eF6ggF4wRbd5WJejIe/fMI=; b=dGrYGe3ti1TXBzcfdPclRr3nl5uaPuyN1/19/GoePoczHhSJiG68kCkMPCm4jZ5QvZ x7u8ZCQkUVXQVcGEPILZQX12Q4P2/fg6XPvxquCEI7sjj63zoKJMvcX9Qm1q9dXe4Wvx xq3AcK+m/IRYUQZHLe/RwvIjlEGWvTfnoWhjLNw9wEJZp03ReJQ8ZlCnc9LMfFkqKFyO cka5BiOvnUAFYYhvN4KdtjyIr7vFvMUHywFJ2m7CT4D8WdmaS1lUFqN2AYDMK2ReYNG5 M9fpNw/IrLDYphxUkq/9/READZLd+OFT9haXBy7RL5eYvHI9HNGMYMFRyB3BWKceRQ1s rM2A== X-Gm-Message-State: APjAAAUInivjxHQthEGJdKd6YNoTflVqJ8yEzg5KWGu8hT3CSrQewkRf bm4ammnugdVuROUWX2uSnDEV2Q== X-Received: by 2002:a62:b61a:: with SMTP id j26mr6091794pff.203.1555709521007; Fri, 19 Apr 2019 14:32:01 -0700 (PDT) Received: from [10.249.171.50] (163.sub-97-33-128.myvzw.com. [97.33.128.163]) by smtp.gmail.com with ESMTPSA id 71sm16191755pfs.36.2019.04.19.14.31.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Apr 2019 14:31:59 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v20 00/28] Intel SGX1 support From: Andy Lutomirski X-Mailer: iPhone Mail (16E227) In-Reply-To: <49b28ca1-6e66-87d9-2202-84c58f13fb99@fortanix.com> Date: Fri, 19 Apr 2019 14:31:57 -0700 Cc: Thomas Gleixner , Andy Lutomirski , "Dr. Greg" , Dave Hansen , Jarkko Sakkinen , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "Christopherson, Sean J" , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes Content-Transfer-Encoding: quoted-printable Message-Id: <444537E3-4156-41FB-83CA-57C5B660523F@amacapital.net> References: <20190417103938.7762-1-jarkko.sakkinen@linux.intel.com> <20190418171059.GA20819@wind.enjellic.com> <09ebfa1d-c03d-c1fe-ff0f-d99287b6ec3c@intel.com> <20190419141732.GA2269@wind.enjellic.com> <43aa8fdd-e777-74cb-e3f0-d36805ffa18b@fortanix.com> <8c5133bc-1301-24ca-418d-7151a6eac0e2@fortanix.com> <2AE80EA3-799E-4808-BBE4-3872F425BCF8@amacapital.net> <49b28ca1-6e66-87d9-2202-84c58f13fb99@fortanix.com> To: Jethro Beekman Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Apr 19, 2019, at 2:19 PM, Jethro Beekman wrote: >=20 >> . >>=20 >> If we start enforcing equivalent rules on SGX, then the current API will s= imply not allow enclaves to be loaded =E2=80=94 no matter how you slice it, l= oading an enclave with the current API is indistinguishable from making arbi= trary data executable. >=20 > Yes this is exactly what I intended here: a very simple change that > stops SGX from confusing LSM. Just by enforcing that everything that > looks like a memory write (EADD, EAUG, EDBGWR, etc.) actually requires > write permissions, reality and LSM should be on the same page. >=20 > If you want to go further and actually allow this behavior when your LSM > would otherwise prohibit it, presumably the same workarounds that exist > for JITs can be used for SGX. >=20 >=20 I do think we need to follow LSM rules. But my bigger point is that there a= re policies that don=E2=80=99t allow JIT at all. I think we should arrange t= he SGX API so it=E2=80=99s still usable when such a policy is in effect.=