Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2605463yba; Mon, 22 Apr 2019 09:41:20 -0700 (PDT) X-Google-Smtp-Source: APXvYqwYZf7FwLI1dp6q67cmUekfs/l/1yIvKXLjad4fNMLhql4o3G2xWD7djPPuiMkqo5pcEfcH X-Received: by 2002:a62:6490:: with SMTP id y138mr21872306pfb.230.1555951279927; Mon, 22 Apr 2019 09:41:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555951279; cv=none; d=google.com; s=arc-20160816; b=c7tO6aXoM8Fe33SGMuXruauFXIVQrC12+meN3VDQyCdFjs/e+oN9azf3VBpP9po4Ln puRjl+yS2L2VeINR30Eti2LjHpDhYT2BORRSrhZ1hKKI9q1Sba/KOc5S+naNPK2df6Pb BFvldN1x7UpAuEeWeDpXMzQxIZsyFq6FRaoOvlM/zjp6KeOD00dr6SLPF1PI8A7S3mjp H+hJ5/3Y7ljO/WmDiZW9jGJvAX16CyDD6WpBCQqzpNqaTYFdeWhrn+eCxJYqx9x39rfP ++VmNSmNuysiBS3/wo9YZ1JsLy8P1WoLzD66ratq8RlB/RtPx5uSAORze9zKye9AQJmV pDVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=j2QN4ZhiZU4bWwI91h8zgnGmRLxlceBemg9wySebBus=; b=Y2nE3qzqPEPB51FtTkFlZ+jttW2i+0o7B+DTnzoyl5rm2HoOh9mmu6RB8JB67W0jsB 8xIWnYBA40XLpUsEAqUawPh4w40Wjc/vn0MgkfR9ec9oHlwnq64tGlU5kldtk5OUFbHy N/ooVunQFozukveTjL0fUBUJxaksbf53yBjau1rnfOdgab0G4eoevqj/CuIdBBA85kwM fXZpoVoysQ+jvBD8uEgmZL38JlYqy6sxNP1lbK8m4hWNJ6eTkR49F+ozxC6mEvG+CcLO 2QgUo4oa3gET5Ed+KSTjlaG1JWqpRDv1mIkCkZK0jatextbsG9RFP2Xm6D40Adf4LW9i Uxmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=gjoMnb6o; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k19si13919459pfb.139.2019.04.22.09.41.02; Mon, 22 Apr 2019 09:41:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=gjoMnb6o; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727765AbfDVQ0j (ORCPT + 99 others); Mon, 22 Apr 2019 12:26:39 -0400 Received: from mail.kernel.org ([198.145.29.99]:44272 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727014AbfDVQ0i (ORCPT ); Mon, 22 Apr 2019 12:26:38 -0400 Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 03C94218CD for ; Mon, 22 Apr 2019 16:26:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1555950397; bh=JEMFjRO0Pa+ynEuxrcJbn2OMjypI2OJSx48qtGPrCtQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=gjoMnb6oimB1UXsP+q67JhT9/D0zS5v1UAcav8Jbc04y8VHhDSijqiHIVZPFgO4NB hHgqrMALUnXhqapnqOzCQV899+aibi2rEi8de+l8w43aqsIm0IsA9oZx0FFUz7tZbW WeHY2JENlcB6R1VU5x4CmTiXb3Te7gGeRrR+OysQ= Received: by mail-wr1-f54.google.com with SMTP id t17so16349160wrw.13 for ; Mon, 22 Apr 2019 09:26:36 -0700 (PDT) X-Gm-Message-State: APjAAAXak7wOIFnzGLGgfX6/TMi73MfrG5PtqyDpt2QKeT5CJ6wN0gdR 1Nwh6iwbCYy1oAJ06DqwbAf4M+hzpe2QkfXDwkg7Ug== X-Received: by 2002:a5d:474b:: with SMTP id o11mr7809394wrs.309.1555950395519; Mon, 22 Apr 2019 09:26:35 -0700 (PDT) MIME-Version: 1.0 References: <20190417103938.7762-1-jarkko.sakkinen@linux.intel.com> <20190418171059.GA20819@wind.enjellic.com> <09ebfa1d-c03d-c1fe-ff0f-d99287b6ec3c@intel.com> <20190419141732.GA2269@wind.enjellic.com> <43aa8fdd-e777-74cb-e3f0-d36805ffa18b@fortanix.com> <8c5133bc-1301-24ca-418d-7151a6eac0e2@fortanix.com> <2AE80EA3-799E-4808-BBE4-3872F425BCF8@amacapital.net> <49b28ca1-6e66-87d9-2202-84c58f13fb99@fortanix.com> <444537E3-4156-41FB-83CA-57C5B660523F@amacapital.net> <5854e66a-950e-1b12-5393-d9cdd15367dc@fortanix.com> In-Reply-To: <5854e66a-950e-1b12-5393-d9cdd15367dc@fortanix.com> From: Andy Lutomirski Date: Mon, 22 Apr 2019 09:26:23 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v20 00/28] Intel SGX1 support To: Jethro Beekman Cc: Thomas Gleixner , Andy Lutomirski , "Dr. Greg" , Dave Hansen , Jarkko Sakkinen , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "Christopherson, Sean J" , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Apr 19, 2019, at 2:56 PM, Jethro Beekman wrote: > >> On 2019-04-19 14:34, Thomas Gleixner wrote: >> And how so? You create writeable AND executable memory. That's a nono an= d >> you can argue in circles, that's not going to change with any of your >> proposed changes. > >> On 2019-04-19 14:38, Thomas Gleixner wrote: >> You are working around LSM nothing else and that's just not going to fly= . > > Based on your comments, I'm still unsure if we're on the same page with > regards to what I'm proposing. > > Here's a regular non-SGX flow that LSM would likely prevent: > > mmap(PROT_READ|PROT_WRITE) > memcpy() > mmap(PROT_READ|PROT_EXEC) <-- denied by LSM > > Or just something based on regular PT permissions: > > mmap(PROT_READ|PROT_EXEC) > memcpy() <-- SIGSEGV > > Now, the equivalent for SGX: > > mmap(PROT_READ|PROT_WRITE) > ioctl(EADD) > mmap(PROT_READ|PROT_EXEC) <-- denied by LSM > > This works fine with v20 as-is. However, consider the equivalent of the > PT-based flow: > > mmap(PROT_READ|PROT_EXEC) > ioctl(EADD) <-- no error! Indeed! > > It's not me that's working around the LSM, it's the SGX driver! It's > writing to memory that's not marked writable! The fundamental issue here > is that the SGX instruction set has several instructions that bypass the > page table permission bits, and this is (naturally) confusing to any > kind of reference monitor like the LSM framework. You can come up with > similar scenarios that involve PROT_READ|PROT_WRITE|PROT_EXEC or > ptrace(PTRACE_POKETEXT). So, clearly, the proper way to fix this failure > of complete mediation is by enforcing appropriate page-table permissions > even on the SGX instructions that don't do it themselves. Just make any > implicit memory access look like a regular memory access and now > everyone is on the same page (pun intended). > I agree that we should do this. But then what? Once this gets fixed, the ioctl(EADD) fails and the driver becomes rather less useful, and we feel rather silly if we=E2=80=99ve merged it in this state. So I think we need a better EADD ioctl that explicitly does work on PROT_READ|PROT_EXEC enclave memory but makes up for by validating the *source* of the data. The effect will be similar to mapping a labeled, appraised, etc file as PROT_EXEC. Maybe, in extreme pseudocode: fd =3D open(=E2=80=9C/dev/sgx/enclave=E2=80=9D); ioctl(fd, SGX_CREATE_FROM_FILE, file_fd); // fd now inherits the LSM label from the file, or is otherwise marked. mmap(fd, PROT_READ|PROT_EXEC, ...); I suppose that an alternative would be to delegate all the EADD calls to a privileged daemon, but that=E2=80=99s nasty.