Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2312461yba; Fri, 17 May 2019 14:41:58 -0700 (PDT) X-Google-Smtp-Source: APXvYqwOX+8n+sN411Ht5edhpd14HEOicgvmb8ZUWqktTFv19jEru5AloA9zEnEBe6m1Gi+l3t0z X-Received: by 2002:a17:902:b606:: with SMTP id b6mr60642591pls.100.1558129318864; Fri, 17 May 2019 14:41:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558129318; cv=none; d=google.com; s=arc-20160816; b=XF0EwtUDNqecLndi9zUlxC0QY/C3te4qDVGWyzAW10V3R386BIM6eQraGVh+SVywjj Tdz2FhjcrZ0OzURcKrc+QqiqishNWOtD5Ckgj8proJ2mAZNGfczshQTnDYUugchh+XLW 0aUCqZxa/V/7L0FmJ4Y8XhOS14LTmtHEfxPVUWDGZtanZCvfFyPM5IZIfFNPpYD/Jx2V WkZ2Jgt1ZzC+fAITkAa0bmDTJ8ODxzwf7EldJs98v5ySZE8WToB5bLDyrAU8HlSVKvYs o6k/pWZXihL0lQRvwaK/pYYZwn2jUcVbuHB9Nx97Y+7osIRYq3l8DgXhIcm3ow06eshk avNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=07uK+bWyRTly8ZiVFZ1gKqClxPLhSSUIjpTHg6jfitY=; b=MWNVp6kKcGR02tza+fCQZzuQ8kyi/7a38/57mn5rmaikakkyHoK8pM0nsr42IK481J r3+ThgMwnM7KogCfcNQ+8Ijy+XWnY4eqyWwTk0vwz0DWWGEkrO/wJxKgn3U471XGn3Rn Sg0+8TyjfeKZGXB7RP/F+mjs5mdsaCXqUzR1R8I/Z43Ce9qMcOd0buMtFzBGYY72GMeb rlk09r4QExqDiS4CWk7/ID79OQTopMVe2Nh54XLOSWkQCLmaaU965ZBg1g7M5QzI46Vo +3yPhV2hK8k9AnEcQQ0HUbRRYza83rk9z6AdpF6n9Rfro+chEkj1528pK3VlCRc0LspJ /K4g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f22si9076024pgk.376.2019.05.17.14.41.43; Fri, 17 May 2019 14:41:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729444AbfEQVgj (ORCPT + 99 others); Fri, 17 May 2019 17:36:39 -0400 Received: from mga04.intel.com ([192.55.52.120]:19145 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726960AbfEQVgj (ORCPT ); Fri, 17 May 2019 17:36:39 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 May 2019 14:36:38 -0700 X-ExtLoop1: 1 Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.36]) by fmsmga004.fm.intel.com with ESMTP; 17 May 2019 14:36:37 -0700 Date: Fri, 17 May 2019 14:36:37 -0700 From: Sean Christopherson To: Stephen Smalley Cc: Andy Lutomirski , "Xing, Cedric" , Andy Lutomirski , James Morris , "Serge E. Hallyn" , LSM List , Paul Moore , Eric Paris , "selinux@vger.kernel.org" , Jarkko Sakkinen , Jethro Beekman , "Hansen, Dave" , Thomas Gleixner , "Dr. Greg" , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes Subject: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) Message-ID: <20190517213637.GM15006@linux.intel.com> References: <960B34DE67B9E140824F1DCDEC400C0F654E3FB9@ORSMSX116.amr.corp.intel.com> <6a97c099-2f42-672e-a258-95bc09152363@tycho.nsa.gov> <20190517150948.GA15632@linux.intel.com> <80013cca-f1c2-f4d5-7558-8f4e752ada76@tycho.nsa.gov> <837CE33B-A636-4BF8-B46E-0A8A40C5A563@amacapital.net> <6d083885-1880-f33d-a54f-23518d56b714@tycho.nsa.gov> <20190517192823.GG15006@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 17, 2019 at 04:09:22PM -0400, Stephen Smalley wrote: > On 5/17/19 3:28 PM, Sean Christopherson wrote: > >On Fri, May 17, 2019 at 02:05:39PM -0400, Stephen Smalley wrote: > >Yep, and that's by design in the overall proposal. The trick is that > >ENCLAVE_ADD takes a source VMA and copies the contents *and* the > >permissions from the source VMA. The source VMA points at regular memory > >that was mapped and populated using existing mechanisms for loading DSOs. > > > >E.g. at a high level: > > > >source_fd = open("/home/sean/path/to/my/enclave", O_RDONLY); > >for_each_chunk { > > > >} > > > >enclave_fd = open("/dev/sgx/enclave", O_RDWR); /* allocs anon inode */ > >enclave_addr = mmap(NULL, size, PROT_READ, MAP_SHARED, enclave_fd, 0); > > > >ioctl(enclave_fd, ENCLAVE_CREATE, {enclave_addr}); > >for_each_chunk { > > struct sgx_enclave_add ioctlargs = { > > .offset = chunk.offset, > > .source = chunk.addr, > > .size = chunk.size, > > .type = chunk.type, /* SGX specific metadata */ > > } > > ioctl(fd, ENCLAVE_ADD, &ioctlargs); /* modifies enclave's VMAs */ > >} > >ioctl(fd, ENCLAVE_INIT, ...); > > > > > >Userspace never explicitly requests PROT_EXEC on enclave_fd, but SGX also > >ensures userspace isn't bypassing LSM policies by virtue of copying the > >permissions for EPC VMAs from regular VMAs that have already gone through > >LSM checks. > > Is O_RDWR required for /dev/sgx/enclave or would O_RDONLY suffice? Do you > do anything other than ioctl() calls on it? Hmm, in the current implementation, yes, O_RDWR is required. An enclave and its associated EPC memory are represented and referenced by its fd, which is backed by /dev/sgx/enclave. An enclave is not just code, e.g. also has a heap, stack, variables, etc..., which need to be mapped accordingly. In the current implementation, userspace directly does mprotect() or mmap() on EPC VMAs, and so setting PROT_WRITE for the heap and whatnot requires opening /dev/sgx/enclave with O_RDWR. I *think* /dev/sgx/enclave could be opened O_RDONLY if ENCLAVE_ADD stuffed the EPC VMA permissions, assuming the use case doesn't require changing permissions after the enclave has been created. The other reason userspace would need to open /dev/sgx/enclave O_RDWR would be to debug an enclave, e.g. pwrite() works on the enclave fd due to SGX restrictions on modifying EPC memory from outside the enclave. But that's an obvious case where FILE__WRITE should be required. > What's the advantage of allocating an anon inode in the above? At present > anon inodes are exempted from inode-based checking, thereby losing the > ability to perform SELinux ioctl whitelisting, unlike the file-backed > /dev/sgx/enclave inode. Purely to trigger the EXECMEM check on any PROT_EXEC mapping. However, the motiviation for that was due to my bad assumption that FILE__WRITE and FILE__EXECUTE are global and not per process. If we can do as you suggest and allow creation of enclaves with O_RDONLY, then keeping a file-backed inode is definitely better as it means most processes only need FILE__READ and FILE__* in general has actual meaning. Thanks a bunch for your help!