Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2163449yba; Fri, 17 May 2019 11:36:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqxPLkqg3OztSH1FptV4wcljuIaMAp7oM9JlFTq3URnyZX8uAXE495aVqqoKXg5k8pvu9mSR X-Received: by 2002:a17:902:2808:: with SMTP id e8mr32061714plb.244.1558118190648; Fri, 17 May 2019 11:36:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558118190; cv=none; d=google.com; s=arc-20160816; b=Q8+J5riEbaAXtvHskq98jqIsp2/4tvdCb0xhLfbwNETPXt4QpTkVqF4GTaB2Fw7BAE zf8jL2gd8uoP/NMy5JysXfYubp6GOIySSHxVKE6Sb4N5+oy50b2UmfQ1N6myP0Wgb6NS wz/rVE5zV9vNBB0bRKggBvOMJs9Qwhw522dk3XQmcA62h0B1wQ4Put0IIq1Dwkk791n0 j54m1DLm0cqRVyf7Iif43bid+W+kFL7epO65zf4uj0bzoTnNjMfG0lL/ZvSL89U4NXza ib62WXq6ec6qJ4x6Q4YX0bNYdtuvHNztJDkRZPMtGzoc0GneYUTVbVPb+rwibe9+Ovnn BqOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=1MUUr8jHi4nWwWTQmbf4zT7ImlITOzRRt/eE8Yg+dlo=; b=L7vamLKxMEIC8hgwQzpSJv2xGE1Cg7p2TxAzOH05GS9Rcl/hFX64FkNB48Ibd0jvVw PLcXQrAos+H8IEPgZnBZidyncUv2uI+jVJG9ieNHJtk7ib+Y0vd3ps7Mfi2saI8nokXP DXVSU2faD1M0ze8M4bYDecrQv9sKZqInq9q0jNLNtb57/6bpq9DbeJ0OSUqSl7D3x2l0 SnC6wN2z72bcMuZgeKTfdyJAfZUoaG3dlOogw9g9hXT1qqgUO0qMk+6/G90dwBrGRT9n mPwDc0KRs0dQBcgpjsNIlnY+GjG0A0HrA/U0qWKQ6Rjnjze3ibWVXtvoGY61TWphimHt WJjw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=BVBxteTJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m8si2861589pgt.140.2019.05.17.11.36.15; Fri, 17 May 2019 11:36:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=BVBxteTJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728825AbfEQRnG (ORCPT + 99 others); Fri, 17 May 2019 13:43:06 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:35379 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728810AbfEQRnE (ORCPT ); Fri, 17 May 2019 13:43:04 -0400 Received: by mail-pf1-f193.google.com with SMTP id t87so4025856pfa.2 for ; Fri, 17 May 2019 10:43:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=1MUUr8jHi4nWwWTQmbf4zT7ImlITOzRRt/eE8Yg+dlo=; b=BVBxteTJfnnrWyI4aUT5rRv1PGo8Y6m41oQyOQLQ9wBx/DmrNo0J1mMUNowheLYiJT gKvk0uAVsiCTt8tVYuQ/pPtHQRdoElbWppBomwzttM4Js8uMnrX6vMxuzBVdPGlkzr1Y GWgaqh0R1jib28O3eRsR7C1RlVrLz24MYG6PHBQeMy/xQd+hNChzOEonkPhE32Vf59wb 7UvLuxW3yeufL91nnzFXK7bPLzbuJoICh6lMFWftYxpVMVdrREc5ELLOGPhhU6Rkfnmb N6e0/7k/HQexEZEcncU6dBmw4ONKENMHpsbRqYdQPxnFGL1UkVVe23OrBSEk4arvt6iX OJ7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=1MUUr8jHi4nWwWTQmbf4zT7ImlITOzRRt/eE8Yg+dlo=; b=opbhfvcxRhGQReBrBSZ3tA3iSur0boXJOoHoQcz/TOpugMqy6CnJNX23DC+avY9OKj Zus7hXX2UfcAmV6xZDbfuwvomd/A7QsDr5DgV0zfVQP1kwaKHPDZ2njAL3RR9GT4lp6S TffD/jIqFam8ViCSWzDPteMuUkWs+Vl4fYEO8hudJTOz0KQIajFprKPoXZxzso1RN4rL CLq0TkXwi48gj/ijoR+RlwWrnu5FimstMzNIhhepePfSU49Gz+7nbDewXrTopmm/vf7s UsjkyfTls3ZjSRsfsNO8eVX5KcK4QvT4TKEB+fjubizt2f/mRtAF6+dz4fu1FUbQ6goi Zbaw== X-Gm-Message-State: APjAAAW8SXgvILeB8pcZJ7pHdBDOx064f1zU++BSThWHd7lWgxeC2cT2 bJtZ2fi3L2H/wdWvMutuxOLc0g== X-Received: by 2002:aa7:93c6:: with SMTP id y6mr8796393pff.0.1558114983336; Fri, 17 May 2019 10:43:03 -0700 (PDT) Received: from ?IPv6:2600:1010:b00c:b1d8:2521:afcd:cb07:a739? ([2600:1010:b00c:b1d8:2521:afcd:cb07:a739]) by smtp.gmail.com with ESMTPSA id 10sm12185936pft.100.2019.05.17.10.43.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 May 2019 10:43:02 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) From: Andy Lutomirski X-Mailer: iPhone Mail (16E227) In-Reply-To: <20190517172953.GC15006@linux.intel.com> Date: Fri, 17 May 2019 10:43:01 -0700 Cc: Stephen Smalley , "Xing, Cedric" , Andy Lutomirski , James Morris , "Serge E. Hallyn" , LSM List , Paul Moore , Eric Paris , "selinux@vger.kernel.org" , Jarkko Sakkinen , Jethro Beekman , "Hansen, Dave" , Thomas Gleixner , "Dr. Greg" , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes Content-Transfer-Encoding: quoted-printable Message-Id: References: <960B34DE67B9E140824F1DCDEC400C0F654E38CD@ORSMSX116.amr.corp.intel.com> <960B34DE67B9E140824F1DCDEC400C0F654E3FB9@ORSMSX116.amr.corp.intel.com> <6a97c099-2f42-672e-a258-95bc09152363@tycho.nsa.gov> <20190517150948.GA15632@linux.intel.com> <80013cca-f1c2-f4d5-7558-8f4e752ada76@tycho.nsa.gov> <20190517172953.GC15006@linux.intel.com> To: Sean Christopherson Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On May 17, 2019, at 10:29 AM, Sean Christopherson wrote: >=20 >> On Fri, May 17, 2019 at 12:37:40PM -0400, Stephen Smalley wrote: >>> On 5/17/19 12:20 PM, Stephen Smalley wrote: >>>> On 5/17/19 11:09 AM, Sean Christopherson wrote: >>>> I think we may want to change the SGX API to alloc an anon inode for ea= ch >>>> enclave instead of hanging every enclave off of the /dev/sgx/enclave >>>> inode. >>>> Because /dev/sgx/enclave is NOT private, SELinux's file_map_prot_check(= ) >>>> will only require FILE__WRITE and FILE__EXECUTE to mprotect() enclave >>>> VMAs >>>> to RWX. Backing each enclave with an anon inode will make SELinux trea= t >>>> EPC memory like anonymous mappings, which is what we want (I think), e.= g. >>>> making *any* EPC page executable will require PROCESS__EXECMEM (SGX is >>>> 64-bit only at this point, so SELinux will always have default_noexec).= >>>=20 >>> I don't think we want to require EXECMEM (or equivalently both FILE__WRI= TE >>> and FILE__EXECUTE to /dev/sgx/enclave) for making any EPC page executabl= e, >>> only if the page is also writable or previously modified. The intent is= >>> to prevent arbitrary code execution without EXECMEM (or >>> FILE__WRITE|FILE__EXECUTE), while still allowing enclaves to be created >>> without EXECMEM as long as the EPC page mapping is only ever mapped RX a= nd >>> its initial contents came from an unmodified file mapping that was >>> PROT_EXEC (and hence already checked via FILE__EXECUTE). >=20 > The idea is that by providing an SGX ioctl() to propagate VMA permissions > from a source VMA, EXECMEM wouldn't be required to make an EPC page > executable. E.g. userspace establishes an enclave in non-EPC memory from > an unmodified file (with FILE__EXECUTE perms), and the uses the SGX ioctl(= ) > to copy the contents and permissions into EPC memory. >=20 >> Also, just to be clear, there is nothing inherently better about checking= >> EXECMEM instead of checking both FILE__WRITE and FILE__EXECUTE to the >> /dev/sgx/enclave inode, so I wouldn't switch to using anon inodes for tha= t >> reason. Using anon inodes also unfortunately disables SELinux inode-base= d >> checking since we no longer have any useful inode information, so you'd l= ose >> out on SELinux ioctl whitelisting on those enclave inodes if that matters= . >=20 > The problem is that all enclaves are associated with a single inode, i.e. > /dev/sgx/enclave. /dev/sgx/enclave is a char device whose purpose is to > provide ioctls() and to allow mmap()'ing EPC memory. In no way is it > associated with the content that actually gets loaded into EPC memory. >=20 > The actual file that contains the enclave's contents (assuming the enclave= > came from a file) is a separate regular file that the SGX subsystem never > sees. >=20 > AIUI, having FILE__WRITE and FILE__EXECUTE on /dev/sgx/enclave would allow= > *any* enclave/process to map EPC as RWX. Moving to anon inodes and thus > PROCESS__EXECMEM achieves per-process granularity. How does anon_inode make any difference? Anon_inode is not the same thing a= s anon_vma.=