Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2605463yba;
        Mon, 22 Apr 2019 09:41:20 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwYZf7FwLI1dp6q67cmUekfs/l/1yIvKXLjad4fNMLhql4o3G2xWD7djPPuiMkqo5pcEfcH
X-Received: by 2002:a62:6490:: with SMTP id y138mr21872306pfb.230.1555951279927;
        Mon, 22 Apr 2019 09:41:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1555951279; cv=none;
        d=google.com; s=arc-20160816;
        b=c7tO6aXoM8Fe33SGMuXruauFXIVQrC12+meN3VDQyCdFjs/e+oN9azf3VBpP9po4Ln
         puRjl+yS2L2VeINR30Eti2LjHpDhYT2BORRSrhZ1hKKI9q1Sba/KOc5S+naNPK2df6Pb
         BFvldN1x7UpAuEeWeDpXMzQxIZsyFq6FRaoOvlM/zjp6KeOD00dr6SLPF1PI8A7S3mjp
         H+hJ5/3Y7ljO/WmDiZW9jGJvAX16CyDD6WpBCQqzpNqaTYFdeWhrn+eCxJYqx9x39rfP
         ++VmNSmNuysiBS3/wo9YZ1JsLy8P1WoLzD66ratq8RlB/RtPx5uSAORze9zKye9AQJmV
         pDVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=j2QN4ZhiZU4bWwI91h8zgnGmRLxlceBemg9wySebBus=;
        b=Y2nE3qzqPEPB51FtTkFlZ+jttW2i+0o7B+DTnzoyl5rm2HoOh9mmu6RB8JB67W0jsB
         8xIWnYBA40XLpUsEAqUawPh4w40Wjc/vn0MgkfR9ec9oHlwnq64tGlU5kldtk5OUFbHy
         N/ooVunQFozukveTjL0fUBUJxaksbf53yBjau1rnfOdgab0G4eoevqj/CuIdBBA85kwM
         fXZpoVoysQ+jvBD8uEgmZL38JlYqy6sxNP1lbK8m4hWNJ6eTkR49F+ozxC6mEvG+CcLO
         2QgUo4oa3gET5Ed+KSTjlaG1JWqpRDv1mIkCkZK0jatextbsG9RFP2Xm6D40Adf4LW9i
         Uxmw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=gjoMnb6o;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k19si13919459pfb.139.2019.04.22.09.41.02;
        Mon, 22 Apr 2019 09:41:19 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=gjoMnb6o;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727765AbfDVQ0j (ORCPT <rfc822;zjuysxie86@gmail.com>
        + 99 others); Mon, 22 Apr 2019 12:26:39 -0400
Received: from mail.kernel.org ([198.145.29.99]:44272 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727014AbfDVQ0i (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 22 Apr 2019 12:26:38 -0400
Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 03C94218CD
        for <linux-kernel@vger.kernel.org>; Mon, 22 Apr 2019 16:26:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1555950397;
        bh=JEMFjRO0Pa+ynEuxrcJbn2OMjypI2OJSx48qtGPrCtQ=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=gjoMnb6oimB1UXsP+q67JhT9/D0zS5v1UAcav8Jbc04y8VHhDSijqiHIVZPFgO4NB
         hHgqrMALUnXhqapnqOzCQV899+aibi2rEi8de+l8w43aqsIm0IsA9oZx0FFUz7tZbW
         WeHY2JENlcB6R1VU5x4CmTiXb3Te7gGeRrR+OysQ=
Received: by mail-wr1-f54.google.com with SMTP id t17so16349160wrw.13
        for <linux-kernel@vger.kernel.org>; Mon, 22 Apr 2019 09:26:36 -0700 (PDT)
X-Gm-Message-State: APjAAAXak7wOIFnzGLGgfX6/TMi73MfrG5PtqyDpt2QKeT5CJ6wN0gdR
        1Nwh6iwbCYy1oAJ06DqwbAf4M+hzpe2QkfXDwkg7Ug==
X-Received: by 2002:a5d:474b:: with SMTP id o11mr7809394wrs.309.1555950395519;
 Mon, 22 Apr 2019 09:26:35 -0700 (PDT)
MIME-Version: 1.0
References: <20190417103938.7762-1-jarkko.sakkinen@linux.intel.com>
 <20190418171059.GA20819@wind.enjellic.com> <09ebfa1d-c03d-c1fe-ff0f-d99287b6ec3c@intel.com>
 <20190419141732.GA2269@wind.enjellic.com> <CALCETrV=wAsyWxtxQJ7y0xNrzkE863hTfU6Ysej48Gk9yPFJZw@mail.gmail.com>
 <43aa8fdd-e777-74cb-e3f0-d36805ffa18b@fortanix.com> <alpine.DEB.2.21.1904192233390.3174@nanos.tec.linutronix.de>
 <8c5133bc-1301-24ca-418d-7151a6eac0e2@fortanix.com> <alpine.DEB.2.21.1904192248550.3174@nanos.tec.linutronix.de>
 <e1478f70-7e44-6e3e-2aaf-1b12a96328ed@fortanix.com> <2AE80EA3-799E-4808-BBE4-3872F425BCF8@amacapital.net>
 <49b28ca1-6e66-87d9-2202-84c58f13fb99@fortanix.com> <444537E3-4156-41FB-83CA-57C5B660523F@amacapital.net>
 <f9d93291-9b59-7b66-de9f-af92246f1c9c@fortanix.com> <alpine.DEB.2.21.1904192337160.3174@nanos.tec.linutronix.de>
 <5854e66a-950e-1b12-5393-d9cdd15367dc@fortanix.com>
In-Reply-To: <5854e66a-950e-1b12-5393-d9cdd15367dc@fortanix.com>
From:   Andy Lutomirski <luto@kernel.org>
Date:   Mon, 22 Apr 2019 09:26:23 -0700
X-Gmail-Original-Message-ID: <CALCETrV7CcDnx1hVtmBnDNABG11GuMqyspJMMpV+zHpVeFu3ow@mail.gmail.com>
Message-ID: <CALCETrV7CcDnx1hVtmBnDNABG11GuMqyspJMMpV+zHpVeFu3ow@mail.gmail.com>
Subject: Re: [PATCH v20 00/28] Intel SGX1 support
To:     Jethro Beekman <jethro@fortanix.com>
Cc:     Thomas Gleixner <tglx@linutronix.de>,
        Andy Lutomirski <luto@kernel.org>,
        "Dr. Greg" <greg@enjellic.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
        "linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        "Christopherson, Sean J" <sean.j.christopherson@intel.com>,
        "nhorman@redhat.com" <nhorman@redhat.com>,
        "npmccallum@redhat.com" <npmccallum@redhat.com>,
        "Ayoun, Serge" <serge.ayoun@intel.com>,
        "Katz-zamir, Shay" <shay.katz-zamir@intel.com>,
        "Huang, Haitao" <haitao.huang@intel.com>,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        "Svahn, Kai" <kai.svahn@intel.com>, Borislav Petkov <bp@alien8.de>,
        Josh Triplett <josh@joshtriplett.org>,
        "Huang, Kai" <kai.huang@intel.com>,
        David Rientjes <rientjes@google.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

> On Apr 19, 2019, at 2:56 PM, Jethro Beekman <jethro@fortanix.com> wrote:
>
>> On 2019-04-19 14:34, Thomas Gleixner wrote:
>> And how so? You create writeable AND executable memory. That's a nono an=
d
>> you can argue in circles, that's not going to change with any of your
>> proposed changes.
>
>> On 2019-04-19 14:38, Thomas Gleixner wrote:
>> You are working around LSM nothing else and that's just not going to fly=
.
>
> Based on your comments, I'm still unsure if we're on the same page with
> regards to what I'm proposing.
>
> Here's a regular non-SGX flow that LSM would likely prevent:
>
> mmap(PROT_READ|PROT_WRITE)
> memcpy()
> mmap(PROT_READ|PROT_EXEC) <-- denied by LSM
>
> Or just something based on regular PT permissions:
>
> mmap(PROT_READ|PROT_EXEC)
> memcpy() <-- SIGSEGV
>
> Now, the equivalent for SGX:
>
> mmap(PROT_READ|PROT_WRITE)
> ioctl(EADD)
> mmap(PROT_READ|PROT_EXEC) <-- denied by LSM
>
> This works fine with v20 as-is. However, consider the equivalent of the
> PT-based flow:
>
> mmap(PROT_READ|PROT_EXEC)
> ioctl(EADD) <-- no error!

Indeed!

>
> It's not me that's working around the LSM, it's the SGX driver! It's
> writing to memory that's not marked writable! The fundamental issue here
> is that the SGX instruction set has several instructions that bypass the
> page table permission bits, and this is (naturally) confusing to any
> kind of reference monitor like the LSM framework. You can come up with
> similar scenarios that involve PROT_READ|PROT_WRITE|PROT_EXEC or
> ptrace(PTRACE_POKETEXT). So, clearly, the proper way to fix this failure
> of complete mediation is by enforcing appropriate page-table permissions
> even on the SGX instructions that don't do it themselves. Just make any
> implicit memory access look like a regular memory access and now
> everyone is on the same page (pun intended).
>

I agree that we should do this.  But then what?  Once this gets fixed,
the ioctl(EADD) fails and the driver becomes rather less useful, and
we feel rather silly if we=E2=80=99ve merged it in this state.

So I think we need a better EADD ioctl that explicitly does work on
PROT_READ|PROT_EXEC enclave memory but makes up for by validating the
*source* of the data.  The effect will be similar to mapping a
labeled, appraised, etc file as PROT_EXEC.  Maybe, in extreme
pseudocode:

fd =3D open(=E2=80=9C/dev/sgx/enclave=E2=80=9D);
ioctl(fd, SGX_CREATE_FROM_FILE, file_fd);
// fd now inherits the LSM label from the file, or is otherwise marked.
mmap(fd, PROT_READ|PROT_EXEC, ...);

I suppose that an alternative would be to delegate all the EADD calls
to a privileged daemon, but that=E2=80=99s nasty.