Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1266824yba; Thu, 16 May 2019 18:02:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqxFO0FXI/PXF6nCwXv/ZQssdA2gw7WSLXHvcj+jyIgRVFF5EU340/N2yKWhuFISxrSE51vl X-Received: by 2002:aa7:8683:: with SMTP id d3mr12576333pfo.145.1558054974936; Thu, 16 May 2019 18:02:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558054974; cv=none; d=google.com; s=arc-20160816; b=v1pydYnqh0Tr5v8J1KBv/XQZ5VTOC88WkElek0ykps3q8I1jkL8muVP95f4AyS2vS8 1JR+clJTdBTfWXjWnVQu6XQl6t6T/vi0gxA3r2UEep+EEQ6Nv2CxMmEGV7TsVA+Me7nK a+dg410UEcL3qWcXZw9Z/t8eUsu3C1RFznUXDInUsncOALuuYL2huuvheI1v4X5KkEMe PRLJr25mQ3zVsn4kSOSlDPeFiXm05G82sEvqjVCGR3y04jS7dxmP5wKCkW/taKAO2QC/ oBW6UNek4Z5a7+Aer+2c1EPTAn1dIlY5omhzDoV7P9M5nd+H0MEY7x8cWyyWG4irtziD Y9EQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :dlp-reaction:dlp-version:dlp-product:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from; bh=PaPoUI+oIeOjsGEHaW25ZRmQvQ4idlnPoUD6xoCRDo4=; b=eeE+qgdwjzGjoLHIb20GtdrfKDPpzZ9aPrEfsrxLmlkky8QsstoQiECnp7neI3VUjc u8J81D8zYlQgSyIKHAcXCvnYRv98/6se7Py94V/cifOss9RWDcEm6olemqkclTBCFmxe 0KzMw7G4oZxhr2f1xrBfmUcKTtFaRDD0H63rKvTrzKsGTTqKqgNzPmBC4sdGF8JY03nF yJri/tQFfRAXtnSDchS6bzgy/ZEiHgZ4/Wu9peo0wziuuek9hAIjmI9QChKPS4lXsPTE whnPSuXiAuadHBwJT3Xlsc01LHSR3PMbyIWUckuIiEvF8TKh6LABhZAaaoOfNHFObmSM qkWQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o15si6633959pgh.181.2019.05.16.18.02.39; Thu, 16 May 2019 18:02:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727149AbfEPX3u convert rfc822-to-8bit (ORCPT + 99 others); Thu, 16 May 2019 19:29:50 -0400 Received: from mga01.intel.com ([192.55.52.88]:32380 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726441AbfEPX3u (ORCPT ); Thu, 16 May 2019 19:29:50 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 May 2019 16:29:49 -0700 X-ExtLoop1: 1 Received: from orsmsx107.amr.corp.intel.com ([10.22.240.5]) by orsmga006.jf.intel.com with ESMTP; 16 May 2019 16:29:48 -0700 Received: from orsmsx116.amr.corp.intel.com ([169.254.7.165]) by ORSMSX107.amr.corp.intel.com ([169.254.1.194]) with mapi id 14.03.0415.000; Thu, 16 May 2019 16:29:48 -0700 From: "Xing, Cedric" To: "Christopherson, Sean J" , "Andy Lutomirski" CC: Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , LSM List , Paul Moore , Stephen Smalley , Eric Paris , "selinux@vger.kernel.org" , Jethro Beekman , "Hansen, Dave" , "Thomas Gleixner" , "Dr. Greg" , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , "Andy Shevchenko" , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes Subject: RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) Thread-Topic: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) Thread-Index: AQHVC0vUmIXibKT8TUm/EUnHn2XAfqZtq8EAgAEIegCAABy+AP//k24g Date: Thu, 16 May 2019 23:29:47 +0000 Message-ID: <960B34DE67B9E140824F1DCDEC400C0F654E4026@ORSMSX116.amr.corp.intel.com> References: <20190513102926.GD8743@linux.intel.com> <20190514104323.GA7591@linux.intel.com> <20190514204527.GC1977@linux.intel.com> <20190515013031.GF1977@linux.intel.com> <20190516051622.GC6388@linux.intel.com> <20190516224550.GC11204@linux.intel.com> In-Reply-To: <20190516224550.GC11204@linux.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNjZkOTZkMmYtMTdhOC00MmNiLThjNDItOWM5MDEyMDhiYmUyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiM1kyR0FjWVJFcFVLODRSeFVoZVN1aXFWYitybDJRTHpoOHA4ZVpcL0pkUjFRRUFFemZGN05cL0JWZkpCdXlpSnlMIn0= x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.22.254.139] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > > There is a problem here though. Usually the enclave itself is just a > > > loader that then loads the application from outside source and > > > creates the executable pages from the content. > > > > > > A great example of this is Graphene that bootstraps unmodified Linux > > > applications to an enclave: > > > > > > https://github.com/oscarlab/graphene > > > > > > > ISTM you should need EXECMEM or similar to run Graphene, then. > > Agreed, Graphene is effectively running arbitrary enclave code. I'm > guessing there is nothing that prevents extending/reworking Graphene to > allow generating the enclave ahead of time so as to avoid populating the > guts of the enclave at runtime, i.e. it's likely possible to run an > unmodified application in an enclave without EXECMEM if that's something > Graphene or its users really care about. Inefficient use of memory is a problem of running Graphene on SGX1, from at least 2 aspects: 1) heaps/stacks have to be pre-allocated but only a small portion of those pages will be actually used; and 2) dynamic linking is commonly used in *unmodified* applications and all dependent libraries have to be loaded, but only a subset of those pages will actually be used - e.g. most applications use only a small set of functions in libc.so but the whole library still has to be loaded. Hence a practical/efficient solution will require/involve EDMM features available in SGX2. I guess we shall look a bit further into future in order to address this problem properly. And I think it necessary to distinguish enclave virtual ranges from regular ones (probably at VMA level) before we could have a practical solution.