Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2199619yba; Fri, 17 May 2019 12:18:49 -0700 (PDT) X-Google-Smtp-Source: APXvYqwvBxsZaU5OSRzfWbcZ1NrBBCOQe9fdI5Qj4sgDomlQoeA6XO/jUpEEY/CqOC9h+ty5DL9m X-Received: by 2002:a17:902:b106:: with SMTP id q6mr4472209plr.215.1558120729098; Fri, 17 May 2019 12:18:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558120729; cv=none; d=google.com; s=arc-20160816; b=X2qqCrNbd6YL9e0oo5AVI3FUrVjyxSxx75+zkTlS68ItSvsZIvbTttsLLbDKBhFEYD 38nlpGG7hZwDXzyNXqFMKnaresAJxemhnguQFfKrULz+j2T3bnWQJfCp1tO5q06IKjXA 8eIGzfbMtKXarK7nRj+4SL63Olw78iW8jQxJaMW6yaFd3pBDJ8kV8WYao8zhO8ZkJe8y 2CryDRZUyi5gbCLQQ9NyppNL54NPKag7wa/M/XOYR4IFSfOrJzL5ZMaSPpcBvAFQx2ZH sq26LnkkNVP8FZ0aaHjCHQETN05htycZkrI2rAHon1DESKHViA2rliJT/hdXHI+qIsfp Hxxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:ironport-phdr :dkim-signature; bh=+Nr/ea0LVvf2SH/YGtchwepdBQO9XHrskL5uTjGZl5s=; b=E5Ag7YjH2pSQ80+su70dfWLKU4dPlWvgYK9U37Lt6VeZaUSAI/5AWYrBacpwp3pBuj 4aan/5wkn1NGqzOKx/6ZiH0nXyz7wviryMgejrahe+8lF8x0r80AhxfTvUCcDgP0VTPl inRKQZvOyuwDnRHZuFDCywAet+p9w9hDwjTMbC5YIahpMi2PV8kI0DzG0yVQcbIaMasD oo9Faxr2qbBM0nuGk7UNLzeO3grpvtNYYfFNKg2giS9n45h1GhMouw3G3MlLCd/Fdz6G jBq7HydTQqM2Zjxlm9/LjvZ4SfSbIVhMT7OgSWVNCejyDfJGcf4hn4EyMI1AchLdT9gT zlCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@tycho.nsa.gov header.s=tycho.nsa.gov header.b=cP7NVaoK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=tycho.nsa.gov Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k1si8627457pgl.66.2019.05.17.12.18.34; Fri, 17 May 2019 12:18:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@tycho.nsa.gov header.s=tycho.nsa.gov header.b=cP7NVaoK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=tycho.nsa.gov Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729220AbfEQSQU (ORCPT + 99 others); Fri, 17 May 2019 14:16:20 -0400 Received: from ucol19pa14.eemsg.mail.mil ([214.24.24.87]:64142 "EHLO ucol19pa14.eemsg.mail.mil" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728305AbfEQSQU (ORCPT ); Fri, 17 May 2019 14:16:20 -0400 X-EEMSG-check-017: 706659040|UCOL19PA14_EEMSG_MP12.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.60,480,1549929600"; d="scan'208";a="706659040" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by ucol19pa14.eemsg.mail.mil with ESMTP/TLS/DHE-RSA-AES256-SHA256; 17 May 2019 18:16:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho.nsa.gov; i=@tycho.nsa.gov; q=dns/txt; s=tycho.nsa.gov; t=1558116973; x=1589652973; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to:content-transfer-encoding; bh=+Nr/ea0LVvf2SH/YGtchwepdBQO9XHrskL5uTjGZl5s=; b=cP7NVaoKBN72VqZenfJQ+F2WBe5TmAFH85s8fbspeJHAFN/1eSD8ZtjN janwlEIk0gBSCe3cjOVCtnzSSIcELAWSAH0tTzBU+oPdRaChvE2o5lPJx JddkjW7uuMsPf2hpXgsUBEq3sqEgnlNbShfBV9zGBzm8Hpm/35S48YFJb /me8ZkYnP7ZdwOO8DPSwC9wNlx4QwsooUv/X6OfsQFqVCqznsflUQvEWN UDpg4QMiRf3Tru/ZHpHc+yh9zZ5CZgIm0GwgGulWVEYPHWqdHMpZAHZzl I1Z6ykmZ5cRqSUdztXMYHGvo6byAxFGYSvQkt25NR/kllFXf3QmILjpVI A==; X-IronPort-AV: E=Sophos;i="5.60,480,1549929600"; d="scan'208";a="23846762" IronPort-PHdr: =?us-ascii?q?9a23=3AQsCCpB+hZponVv9uRHKM819IXTAuvvDOBiVQ1K?= =?us-ascii?q?B91uwXIJqq85mqBkHD//Il1AaPAdyCrasc0aGP6fuocFdDyK7JiGoFfp1IWk?= =?us-ascii?q?1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBA?= =?us-ascii?q?j0OxZrKeTpAI7SiNm82/yv95HJbAhEmSexbalvIBmqswndudQajZVsJ60s1h?= =?us-ascii?q?bHv3xEdvhMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW?= =?us-ascii?q?874s3rrgTDQhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VD?= =?us-ascii?q?q+46t3ThLjlTwKPCAl/m7JlsNwjbpboBO/qBx5347Ue5yeOP5ncq/AYd8WWW?= =?us-ascii?q?9NU8BfWCxbBoO3cpUBAewPM+1Fq4XxvlsDoB+7CQSqGejhyCJHhmXu0KMnze?= =?us-ascii?q?ohHwHI0g8uEd0Av3vbrsn6OqgJXOCpzqTF1ynPY+9Y1Dr/7oXDbxAvoeuLXb?= =?us-ascii?q?J1acff1FUvGB3djlWQt4PlOS6e2PkIs2eB6+pgUfygim46oAx2uTig29wsh5?= =?us-ascii?q?LVhoMV1l/E9SJ5zJwzJd2jUkF3e9GkEJxOtyyDMYZ9X8AsQ3lwtSonxbALto?= =?us-ascii?q?S3cSgXxJg92RLSZOKLf5KV7h/lSe2fOy13hGh/d7K6nxuy9E+gxfDiWcSsy1?= =?us-ascii?q?ZKqzZFksHLtnAQyxzf8siHReV5/kemwTuPyxrc6vtFIUApjqrXMYIhw74smZ?= =?us-ascii?q?oTtkTPBCn2l1ntjKCKbEkk/+mo6+D/brXnoJ+TKZN0hxnjPqkhlcGzG+Q1Ph?= =?us-ascii?q?UUU2SF9umwyqfv8VDhTLVPlPI2k63ZsJ7AJcQco660GxRV3Zs46xukEzen0M?= =?us-ascii?q?gXnXkALF5ffhKHlJLmN0vBIPD/E/ezm06snytzx/DaIr3hBY3ALmPdn7j7e7?= =?us-ascii?q?Zx8UxcxBAvwtBf/ZJUC6oBIO70Wk/ptNzXEAU5Mxezw+bhE9h914UeWX6RDa?= =?us-ascii?q?+dKq/drViI5uc3KemWeIAVoCr9K+Qi5/P2kXA2h0ISfbOo3ZQLcny5EfVmI0?= =?us-ascii?q?OWYXf3g9cBF3sKsRQ6TODwlFKCVjtTbW6oX60g/jE7FJ6mDYDbS4CpnbyBwC?= =?us-ascii?q?C7E4ZVZm9YEFCMF2nnd4GeV/cLciKSLddrkiYYWri5V48hyRauuRf4y7piKe?= =?us-ascii?q?rU4DcYtZP41NVu4e3cjxQy+iJ1D8iH1GGNVW50lHsSRzAqxKB/vVB9ylCb3K?= =?us-ascii?q?hjnfNYD9NT6O1SXwc6L5Hcy+h6CtD0Wg7bYtiJT1OmSM28AT4tVtIx38MOY0?= =?us-ascii?q?FlFtWmjxDD2TeqArAMm7yQGpM77r/c32LwJ8Zhy3fKzawhj147TctSMW2pmL?= =?us-ascii?q?Vy9xbcB4HXiUWVjaWqeroG3C7L6miDyXCCvEZCUA5/Sa/FR2wQZlPKrdTl4U?= =?us-ascii?q?PPV6euBq46MgtF0sOCMrFFasDtjVlfQffjP9PeY3ivlGuqGRmIwbaMZpLwe2?= =?us-ascii?q?oBxCXdFFQEkwcL8HmYLQgxHD2ho2PFDDF1DVLgeVns8ehlqHOjSk871R2FYF?= =?us-ascii?q?N727qy4B4ViuSWS+kP0bIcpCchtzJ0EU6m393ID9qApgxhfLhTYN4m/ldH2n?= =?us-ascii?q?zWtxZnMpyjMa9inFgefBpzv0/00BV3EIpAm9AwrHw21ApyNb6Y0FRZejOax5?= =?us-ascii?q?/wIL7XKmr1/By1cK7ZwFLe0NWX+qcJ9vs4rU7uvAWoFkok7nVm3MNZ03qa5p?= =?us-ascii?q?XWEgUSVYj9XVow9xh/v7vaeDUy55vI1X1wNqm5qj3C1Mw1BOsl0BageMxSMK?= =?us-ascii?q?2DFA/oD80VHc6uKO0lmlSzch0EO+VS/rYuP8y6b/uGxLKrPOF4kT27l2tH/p?= =?us-ascii?q?5y3liM9yVmTO7IxIgKw/eD0wuGUTf8kEmussTtlY9YYjESG3K1yTL4C45Jeq?= =?us-ascii?q?1yYYELBH+yI824wtV/iIXgW3pZ9F6lGlMGxNWpeR2Ub1z80gxcz1kYrmK/ky?= =?us-ascii?q?ui0zN0iy0prraY3CHWzOTibgQIOmFQSWZ8i1fsI5a7j9QeXEipcwcljgeq5U?= =?us-ascii?q?H/x6JDvqRwM3HTQVtUfyjxN2xiTqywtqCcY8FV7JMnrD5XXf+4YVCbTL79vh?= =?us-ascii?q?Qb3zrtH2tZ2TA7cSyltY/lnxx7j2KdKmx/rH3DecF/3R3f/sDTReZN3joaQy?= =?us-ascii?q?l1kT3XBlm6P9m08tSYjpTDvf6kV2KnSJJTdTLmzZ2PtCSl/21mGx6/kO6pmt?= =?us-ascii?q?3hDwc61TX3195wVSXHtBz8eJXk17ymMeJ7eUllHFD95sl7F4xlkYs/mosQ2X?= =?us-ascii?q?4EiZWR53YHln3zMdpD06LkcHUNXSILw8LS4AX93E1jL3SJx5/2V3mE2cthaN?= =?us-ascii?q?a7b3gI2iIy8c9KEr2Y7L9akitvpFq3swbRbeJ6njcHxvsk8GQajP0RuAox0i?= =?us-ascii?q?WdBagfElNbPSz0khSF9NS+rKRRZGayfrm8zUR+nde8DLGEvw5TQmr5epYlHS?= =?us-ascii?q?929Ml/N0jM0HLr4IH+ZNbQdc4TtgGTkxrYiehVKJUxluAPhSV9P2LwpmclxP?= =?us-ascii?q?Amghxux566oJKLJHlq/KK8GhRYLCH6Z9sP+jHxiqZThsCW35iqHpp9BjoERp?= =?us-ascii?q?/oTfa1EDIXrvnnLRiBHyA8qniBBbrTBxOQ6EBjr3jXCZCkK2mXJGUFzdVlXB?= =?us-ascii?q?SdP1JQgBobXDokhJI2DACrxMv8cEd//T0R51j4qgdSxeJsLRXwTmDfpAKwYD?= =?us-ascii?q?cuVJefNAZW7h1F50rNKsye7vh8HiFC8p2itgONNm2aax1JDG4TX0yEBkrjM6?= =?us-ascii?q?Kv5dnG7+iXGO6+I+HSbrWJrOxUT+2Iyo630ot64zaMMd2CPnl4AP06xkpMR3?= =?us-ascii?q?d5F97ZmzUSUSMXkS3NYtWapBe65i14sMS//O73VwLo4IuFE6FSPsl3+xCqna?= =?us-ascii?q?eDMPadizx/KTlFzJMMxH/JxKIE3F4SlS5uaSWiEbQeui7LT6LQnbRaDxoaay?= =?us-ascii?q?N1KctJ4Lgw3ghLOc7HlNz10qR0geIyC1dATVbhgN2mZdQWI2GhM1PKHEWLO6?= =?us-ascii?q?6HJTHR2MH3f7mzSb1WjOhPth2wvyqbHFHnPjiZizbpUBWvO/lWjC6HJBxepJ?= =?us-ascii?q?29chF1BGf4VNLrcQe0MNt2jTIox705hWnGOnMCPjJkaUNCsqWQ7T9EgvV4A2?= =?us-ascii?q?FB7H1lLfKEmyuC7enYLY0Wsft3AiRuluJa+HA6xKVJ7CFYXvB1nzHSrtF2qV?= =?us-ascii?q?G8juaP0iZnUAZJqjtTh4KEp0RiNb/Z9pldQ3nE+h0N4H6RCxQMu9tqFNnvt7?= =?us-ascii?q?pMxdjIkaL5MC1C/M7M/csAG8jUL9qKMGAgMRX3Hj7UEAkFQiCwNWzEiExdl/?= =?us-ascii?q?aS9nKRrpcksJTjhJ0OSroIHGAyQ8gXA0ItN9wYIYxrWSsknKSAi8hAsWGzpR?= =?us-ascii?q?+XRoNRvorGTe6VGfXiMi2ei5FFYQcFxfXzKoFFZaPh3Ek3UUV3hITHHQLrWN?= =?us-ascii?q?lJpiBwJlsvrF5l7Gl1Tmp13VnsLAyq/ilARraPghcqh14mMqwW/zD27gJyfw?= =?us-ascii?q?ebqQ=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2AbAACU+d5c/wHyM5BkGwEBAQEDAQEBBwMBAQGBUwQBA?= =?us-ascii?q?QELAYFmKoE7MoQ6kwtQAQEGgQgtiU6PB4F7CQEBAQEBAQEBATQBAgEBhEACg?= =?us-ascii?q?jQjNgcOAQMBAQEEAQEBAQMBAWwogjopAYJmAQEBAQIBIxVBBQsLGAICJgICV?= =?us-ascii?q?wYNCAEBgl8/gXcFD6sMgS+FSIMogUaBDCgBi1AXeIEHgREngms+h06CWASNR?= =?us-ascii?q?IV8lFYJgg2CD5BmBhuWGKQGDSSBVysIAhgIIQ+DKJBsIwOBNgEBj10BAQ?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 17 May 2019 18:16:12 +0000 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id x4HIGBqr015987; Fri, 17 May 2019 14:16:11 -0400 Subject: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) To: Sean Christopherson Cc: "Xing, Cedric" , Andy Lutomirski , James Morris , "Serge E. Hallyn" , LSM List , Paul Moore , Eric Paris , "selinux@vger.kernel.org" , Jarkko Sakkinen , Jethro Beekman , "Hansen, Dave" , Thomas Gleixner , "Dr. Greg" , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes References: <960B34DE67B9E140824F1DCDEC400C0F654E38CD@ORSMSX116.amr.corp.intel.com> <960B34DE67B9E140824F1DCDEC400C0F654E3FB9@ORSMSX116.amr.corp.intel.com> <6a97c099-2f42-672e-a258-95bc09152363@tycho.nsa.gov> <20190517150948.GA15632@linux.intel.com> <80013cca-f1c2-f4d5-7558-8f4e752ada76@tycho.nsa.gov> <20190517172953.GC15006@linux.intel.com> <7de94229-f223-64bd-de11-7a601ec26938@tycho.nsa.gov> <20190517175036.GD15006@linux.intel.com> From: Stephen Smalley Message-ID: Date: Fri, 17 May 2019 14:16:11 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20190517175036.GD15006@linux.intel.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/17/19 1:50 PM, Sean Christopherson wrote: > On Fri, May 17, 2019 at 01:42:50PM -0400, Stephen Smalley wrote: >> On 5/17/19 1:29 PM, Sean Christopherson wrote: >>> AIUI, having FILE__WRITE and FILE__EXECUTE on /dev/sgx/enclave would allow >>> *any* enclave/process to map EPC as RWX. Moving to anon inodes and thus >>> PROCESS__EXECMEM achieves per-process granularity. >>> >> >> No, FILE__WRITE and FILE__EXECUTE are a check between a process and a file, >> so you can ensure that only whitelisted processes are allowed both to >> /dev/sgx/enclave. > > Ah, so each process has its own FILE__* permissions for a specific set of > files? That's correct. > Does that allow differentiating between a process making an EPC page RWX > and a process making two separate EPC pages RW and RX? Not if they are backed by the same inode, nor if they are all backed by anon inodes, at least not as currently implemented.