Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp6485213yba; Tue, 14 May 2019 08:19:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqxs5pzRo7e0sf4Zq2mj4ogNtEzHKIZpb5w/+Z0U5tKsbZUORerh3SBSXaV+mX4IVWqimuuI X-Received: by 2002:a62:1b85:: with SMTP id b127mr13121149pfb.165.1557847159737; Tue, 14 May 2019 08:19:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557847159; cv=none; d=google.com; s=arc-20160816; b=ddO3QjbZpeE7jhZi1FYGrW79XHPFUIgW0RTCOb6UCYdXdU675vutkPbY0AwV8A9gBI R7VI9JUWBDHKiVsJB/A1OB8fKs3V1AaF+BZJtuAhEmq8sCIS/T0kxNaWY0MPXr4a1eVg dbMGwPO2Pf/2vklu/RKfXbK2gEPbw5wyGNrcRnBcxHNWXpk9YbK6DCwT9gNpRr9lqlBN aw7v1T73WGGpx7QUtu1P5+62ueplpCxw4/mOD1T+oRZSEdpp/1pxKHkMQ5yXjXAJOmBE ifj5khpdkTjh6wK0AW5Jt56DTgzrJBg0VlLY4LTBYnaqSLEXOefwefz6EB1OkUCXeS4h jScw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=yasTZcrDzAnOfZ5xWAO4TwtNCEZ0mNPprPW5lGik49w=; b=csXCf5dgHiCI461r2jt6Aqh4SnFbuQKhDfSUELoLsI3+9Onmp/FQ22VQ4sn7m5CEC4 yJQ3+eOE2nRhcdS+5hL5M5fs9m4m8rWVjiIWEb+cwy5/V7cs75qdE27qYcw6nsDhMliE n4Zgx4Okh1vOs93I6g91jOZxrj2TFEAQok2PsJPiIXE3vp5veuxbyVAInhr9kvdqA46M U1ukmMm+vAVtQU6pvq3H6dFxyrNKsgwbrCcQ4gkzDOHqoSxjRKV2nzciYRoxTvWiIk+E e0rQAympFbUU8WCSSW45Q478bsdbg/DKYJh0Hj+cXkrVOTvfOFb9ZIeuaZgwTzS1cdXE s32g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=oUX6k3i6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y10si8235251pfl.130.2019.05.14.08.19.03; Tue, 14 May 2019 08:19:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=oUX6k3i6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726584AbfENPRo (ORCPT + 99 others); Tue, 14 May 2019 11:17:44 -0400 Received: from mail.kernel.org ([198.145.29.99]:49000 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726571AbfENPRn (ORCPT ); Tue, 14 May 2019 11:17:43 -0400 Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BA704218B8 for ; Tue, 14 May 2019 15:17:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1557847063; bh=YFy/nYWt/1wDeI6Wes9DRgCpXcOCSwz4D6RK9vtdIWM=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=oUX6k3i6A6UNmz5a6v0uvyPtjIEgSWCKycA+MNBAJUmXt+OPgLl/milCDUvwzu+/M OXGS0G8SsUc6sHoxO9+SqjrKas/YiZfqNRT2xP4uXSNIWDsnlbqFx+OFiyJTeCCQNA YYGf+ZwVto+GNnW0S9y/M/GvfLQJh9yNtodgoCYA= Received: by mail-wr1-f53.google.com with SMTP id h4so19688121wre.7 for ; Tue, 14 May 2019 08:17:42 -0700 (PDT) X-Gm-Message-State: APjAAAUdKSZ9g9joQsREtA7R2NLWc2yXY82rZrqdJ/lxeAeANuz+kA/G T+dvXsnQbJdVngXaoSYNzCHLbwBiIS8j0KgTaa7Kbg== X-Received: by 2002:adf:ec42:: with SMTP id w2mr21139901wrn.77.1557847061170; Tue, 14 May 2019 08:17:41 -0700 (PDT) MIME-Version: 1.0 References: <20190417103938.7762-1-jarkko.sakkinen@linux.intel.com> <8c5133bc-1301-24ca-418d-7151a6eac0e2@fortanix.com> <2AE80EA3-799E-4808-BBE4-3872F425BCF8@amacapital.net> <49b28ca1-6e66-87d9-2202-84c58f13fb99@fortanix.com> <444537E3-4156-41FB-83CA-57C5B660523F@amacapital.net> <5854e66a-950e-1b12-5393-d9cdd15367dc@fortanix.com> <960B34DE67B9E140824F1DCDEC400C0F4E885F9D@ORSMSX116.amr.corp.intel.com> <979615a8-fd03-e3fd-fbdb-65c1e51afd93@fortanix.com> <8fe520bb-30bd-f246-a3d8-c5443e47a014@intel.com> <358e9b36-230f-eb18-efdb-b472be8438b4@fortanix.com> <960B34DE67B9E140824F1DCDEC400C0F4E886094@ORSMSX116.amr.corp.intel.com> <6da269d8-7ebb-4177-b6a7-50cc5b435cf4@fortanix.com> In-Reply-To: From: Andy Lutomirski Date: Tue, 14 May 2019 08:17:29 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v20 00/28] Intel SGX1 support To: Haitao Huang Cc: Jethro Beekman , Andy Lutomirski , "Xing, Cedric" , "Hansen, Dave" , Thomas Gleixner , "Dr. Greg" , Jarkko Sakkinen , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "Christopherson, Sean J" , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 14, 2019 at 7:33 AM Haitao Huang wrote: > > On Fri, 10 May 2019 14:22:34 -0500, Andy Lutomirski > wrote: > > > On Fri, May 10, 2019 at 12:04 PM Jethro Beekman > > wrote: > >> > >> On 2019-05-10 11:56, Xing, Cedric wrote: > >> > Hi Jethro, > >> > > >> >> ELF files are explicitly designed such that you can map them (with > >> mmap) > >> >> in 4096-byte chunks. However, sometimes there's overlap and you will > >> >> sometimes see that a particular offset is mapped twice because the > >> first > >> >> half of the page in the file belongs to an RX range and the second > >> half > >> >> to an R-only range. Also, ELF files don't (normally) describe stack, > >> >> heap, etc. which you do need for enclaves. > >> > > >> > You have probably misread my email. By mmap(), I meant the enclave > >> file would be mapped via *multiple* mmap() calls, in the same way as > >> what dlopen() would do in loading regular shared object. The intention > >> here is to make the enclave file subject to the same checks as regular > >> shared objects. > >> > >> No, I didn't misread your email. My original point still stands: > >> requiring that an enclave's memory is created from one or more mmap > >> calls of a file puts significant restrictions on the enclave's on-disk > >> representation. > >> > > > > For a tiny bit of background, Linux (AFAIK*) makes no effort to ensure > > the complete integrity of DSOs. What Linux *does* do (if so > > configured) is to make sure that only approved data is mapped > > executable. So, if you want to have some bytes be executable, those > > bytes have to come from a file that passes the relevant LSM and IMA > > checks. > > Given this, I just want to step back a little to understand the exact > issue that SGX is causing here for LSM/IMA. Sorry if I missed points > discussed earlier. > > By the time of EADD, enclave file is opened and should have passed IMA and > SELinux policy enforcement gates if any. We really don't need extra mmaps > on the enclave files to be IMA and SELinux compliant. The problem, as i see it, is that they passed the *wrong* checks, because, as you noticed: > We are loading > enclave files as RO and copying those into EPC. Which is, semantically, a lot like loading a normal file as RO and then mprotecting() it to RX, which is disallowed under quite a few LSM policies. > An IMA policy can enforce > RO files (or any file). And SELinux policy can say which processes can > open the file for what permissions. No extra needed here. If SELinux says a process may open a file as RO, that does *not* mean that it can be opened as RX. > > And sgx enclaves are always signed and integrity protected and verified at > the time of EINIT. So if EINIT passes, we know the content loaded > (including permission flags) is matching the sigstruct. But > sigstruct/signature is part of the file, should be accounted for in IMA > measurement of the whole file, so it is also verified by IMA during file > open, right? This does work, but only if the kernel parses that file so that the kernel can trust that the enclave data actually came from the file as intended. And moving the parsing to the kernel seems like a mess that no one really wants to do.