Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp502154ybm; Wed, 22 May 2019 06:59:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqw5V95yjzUo2fhWgMItxmw9Il/hSsX9MEoaSdWzrcFFoSyDy94pSLskHJapjw2jVCGil6pU X-Received: by 2002:a17:902:1126:: with SMTP id d35mr55352601pla.82.1558533580139; Wed, 22 May 2019 06:59:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558533580; cv=none; d=google.com; s=arc-20160816; b=reoZ2u2H4y6ODwF18w1KtzLZ026sqJNcrJytE9z7FPBcky3Y88k7HQE5emGiXzCKzg r3EOmNN+NebMDamnODpgm7YidJyXAgCLjFY9dlT9DOmrpUdsumkD+VihmFC4B3qTM5YN 2s6AI+kHDMlVhssss97fJqKp5tq+/7Nd20IqKEY3hOSs4BaefutSdCoO20Z6+m1s8t8N r+8bTfUf5caHPZsJ7ksT3Dr6tf30nq7unlcZhcudxrPYvkxPH9ultdwoS0qZ5Hm5Z8lo W6P0NqUpbaR5BtANhS50kWpmYvOKaVXi+VDXxbOMVyn+KuVE6P7AxqpnlaLy+OgRUlqC fhew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:ironport-phdr :dkim-signature; bh=EbYf9ZJ5ydiQRU2r91F4Jt2Wejkf+cUQo/5Tro5IduY=; b=jc3g9oKS7HqjLUYD5+iouxDVWgU4JS2RbsgqNrd1FMQWAe5Xo41vfRvtSt0/qRTSqY Fbb5quJiYxSwXi7z4pb7nHjDGlZsE+kcocunSOkexud9YbZSaB89xkOjbp8LcmAAfouH 66tN0q5JU90GVmdG/eBaHx3Bf+SZIoHsbhjE20W+U30zLBxWUugEdOSF7hiZPwdx/CNF sueBf1GJD+K4El2UmIGkp20PNN4R+YJeKT8xzB3qcwDJ6NTYvUsj4riq55E/O8o4hKyi 6kJDjb3mYOuvj/oXjTcwkBoF+GEnqncavvh8KVGqj3mwpRCCWkQGGpKx82kWqulwLSfj 6c3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@tycho.nsa.gov header.s=tycho.nsa.gov header.b=PcuFhzfu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=tycho.nsa.gov Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p91si24921230plb.165.2019.05.22.06.59.24; Wed, 22 May 2019 06:59:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@tycho.nsa.gov header.s=tycho.nsa.gov header.b=PcuFhzfu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=tycho.nsa.gov Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729167AbfEVN4m (ORCPT + 99 others); Wed, 22 May 2019 09:56:42 -0400 Received: from ucol19pa10.eemsg.mail.mil ([214.24.24.83]:9928 "EHLO UCOL19PA10.eemsg.mail.mil" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726770AbfEVN4l (ORCPT ); Wed, 22 May 2019 09:56:41 -0400 X-EEMSG-check-017: 678690706|UCOL19PA10_EEMSG_MP8.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.60,499,1549929600"; d="scan'208";a="678690706" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by UCOL19PA10.eemsg.mail.mil with ESMTP/TLS/DHE-RSA-AES256-SHA256; 22 May 2019 13:56:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho.nsa.gov; i=@tycho.nsa.gov; q=dns/txt; s=tycho.nsa.gov; t=1558533399; x=1590069399; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to:content-transfer-encoding; bh=EbYf9ZJ5ydiQRU2r91F4Jt2Wejkf+cUQo/5Tro5IduY=; b=PcuFhzfuZL8x+xM0DDe0/cmEJk/xodfZnI2rwnmBe4JXMWtvyjUbbaCw e8UGpFu3H63IS8RqiHCaN4pkcIVjbYVmnGySYXtf/ZOBpDVp4fAPQqN1Y BEZH73xsB43BQHfeNC5qv/vk/xrivsmxWw7lC0IqO4fl2NtLJ5PidpO3s foWudK0zs9cydjsB8DHzbYflxGSCXcnjCacdX4QaSCG2CU6AiENwl8JDE f05odx6b/2dIGjOmX6Fro8bOJJOQzdAp5ROq3zr3V9YHRrht44PgiBLzF nX9ILGbFsEiektTfAFn7nhI65xMKPZeSGl52L4NabdvJoDbw7DhsSmV1K g==; X-IronPort-AV: E=Sophos;i="5.60,499,1549929600"; d="scan'208";a="23976963" IronPort-PHdr: =?us-ascii?q?9a23=3AChLVCx3RCgD91IhYsmDT+DRfVm0co7zxezQtwd?= =?us-ascii?q?8ZsegQKvXxwZ3uMQTl6Ol3ixeRBMOHsqsC0rOM+P6xEUU7or+5+EgYd5JNUx?= =?us-ascii?q?JXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQ?= =?us-ascii?q?viPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCegbb9oMRm6sBvdusYXjIZmN6081g?= =?us-ascii?q?bHrnxUdupM2GhmP0iTnxHy5sex+J5s7SFdsO8/+sBDTKv3Yb02QaRXAzo6PW?= =?us-ascii?q?814tbrtQTYQguU+nQcSGQWnQFWDAXD8Rr3Q43+sir+tup6xSmaIcj7Rq06VD?= =?us-ascii?q?i+86tmTgLjhTwZPDAl7m7Yls1wjLpaoB2/oRx/35XUa5yROPZnY6/RYc8WSW?= =?us-ascii?q?9HU8lfTSxBBp63YZUJAeQPIO1Uq5DxqlsKoBe7AwSnGeHhxSJShnLuwKM0ze?= =?us-ascii?q?ohHwHF0gIuEd0Bv3bbo8n6OqoJTeC4zrPFwSnfY/5Y2zrw7pXDfBA7ofGLWL?= =?us-ascii?q?J9adffyVUxGAPdjlWft4rlNC6I2OQIqWeb6+5gWvyvimU6rAxxuSWgxtw3h4?= =?us-ascii?q?nVhoMa1lDE9SJjzIYzPt23UlR3YdGjEJtOriyXMZZ9TMA6Q2xwpSo3xbILtY?= =?us-ascii?q?S7cSQX0pgr2RHSZ+Kdf4SV5B/oSfyfLi1ihH1/fbKynxOy8U+9xeLiTsS0y1?= =?us-ascii?q?NKrjZdktnLq3ANywTf6siZRft5+UeswSqP2BrJ6uFFPEA0jrDXK4Ihw7Eslp?= =?us-ascii?q?oTtl7PHinql0XtkKCabEAk+ums6+j/Y7XmoIGTN5Nshw3jPakjldazDOQlPg?= =?us-ascii?q?QUQWSW9vqw2Kf+8UHhRbVFlPw2kq3XsJDAIsQbo7a0AxRI3YY48Bu/Ezen38?= =?us-ascii?q?gYnXkANl5FfgmHgJLzN1HBJ/D4E++zg06wnzdz2/DGIrrhD43PLnfZirfhfr?= =?us-ascii?q?V960lGxAoo199f5JFUCrAHIP3tXE/8r9jYDh4/MwypzOfrEtR91oUCWW2RBq?= =?us-ascii?q?+VKr/dsViN5ug3OemDeJcVuCrhK/gi//PulmE2lkUbfaWz35sbcmy3HvR8I0?= =?us-ascii?q?WYenrsntABEX8KvgUgVuzqk1qCUThIanazWaI8+i80CIa8AYjfQYCthaSL3D?= =?us-ascii?q?2nEZ1OemBGFleMHG/sd4WZR/cMbzmfIsx/nTweU7iuVYsh2QuptA/gxLptNv?= =?us-ascii?q?DU9TEAtZL/yNh14PXelRM39TxzFcSdyWCNT3pvk2MOXTA22b5woU1nxleEy6?= =?us-ascii?q?h4jORSFcZP6PNRTgc6KZncwvRhC9/sQALBccmGRU2mQtq8BTExStIww9kUb0?= =?us-ascii?q?lhHNWiiwjJ3zC2DL8Ni7yLGJs0/7rY33jwIcZ91nnH2LA6j1Y4XsRPKHemhq?= =?us-ascii?q?9j9wnTHoLJlkKZmLu3daQYwiHA73mDzWWQs0FCSgJwUrvKXWoZZkTIqdT1/E?= =?us-ascii?q?TCT6WhCb4/KAtO1daCKrdWat3ulVhGXO3sOMnaY2+qg2e/HwuIxreVYIrvfG?= =?us-ascii?q?Ud2z/dB1Yenw8P+naGMBA0Bj29rGLGEDxuCVXvblvy/ulmsny7VE40zxqRYk?= =?us-ascii?q?15zbW14B8VheeES/MXxL0LpDkupy9zHFan0NLcE8CAqBZ5fKVAfdM9509K1X?= =?us-ascii?q?nHuAx5P5ygKb1ih1EFfgRpsEPhyQ93Bp9Dkcc0tnMqyhR9KaaC3FNGbTOY0o?= =?us-ascii?q?j6OqfLJWnq4BCvd6nW10nc0NmI5qcP6O44q1L4sQGnEUoi6Wln3MNT03ud6Z?= =?us-ascii?q?TGFhYdUZX0Ukwv7Rh1u6naYjUh54PTzXBjLbe7vSLY29IoGOQp0Bmhf9ZZMK?= =?us-ascii?q?OLDwLyEssaB9SwJ+wugVSmchUEPOVK/q4uI8ymb+eG2LKsPOt4gT2pl3pH75?= =?us-ascii?q?5n3kKM7SV8TPXI0IgDw/yD3wuHUSv8g0mlsszthY9EYjQSFHKlySf4HI5Rer?= =?us-ascii?q?FyfYETBGeyLM23wtp/ioXpW35Z8l6jGk8G2NWueRqUblz80hdc2lkJrna/gy?= =?us-ascii?q?u30yR0ky01rqqYxCHOzP7iewQIOmNQWmZii1XsLpawj9AeXUincxIlmwei5U?= =?us-ascii?q?b/36JbvrhwL3HPQUdUeCj7N31iUqyqtrqcecFP7I4nsT5MXeS4YFCaTKP9oh?= =?us-ascii?q?QD3yPtGGte2TY7eCywtZXlnhx6j2SdIGx0rHrDdsF63Q3f68DERf5NwjoGQz?= =?us-ascii?q?F1iT3WBli6Itmo8syYl5TdveCkUWKuSJlTfDL1zYOPqiS7/3dmAR6hkPCpnN?= =?us-ascii?q?3oDww63TX819lwWiXCtAz8bZXz16SmLeJneVFlBVD/5sd7AYx+kZU/hIsW2X?= =?us-ascii?q?cEgpWZ530HkX38Md9Dw6LxcGINRSIXw97S+AXl3ExjLnSUx4P2T3md2cRhZt?= =?us-ascii?q?ahb2MI1SIy8dpKBL2X7LNahyt1pES3rQbLbfh6hDcdxuMk6GQGjOERpAot0i?= =?us-ascii?q?KdD6gIEklbJSzskg+F79S/rKVReWaufqG81ER5ndC8CrGNvxtTWGr4epclGy?= =?us-ascii?q?989MJ/MEjD0Hfr8IHrZMHQbc4Pth2TixrAiehVKJUrlvoPnyVnP3nwvWc7xO?= =?us-ascii?q?EmjRxhx426sJKbJGVq+aKzGgRYOSHtZ8MP5jHtir5TnsCO34CqAppuBi8EXJ?= =?us-ascii?q?/sTfK1FTIfru7nOBiTHz08sHibBaDTEhOY6Edjt3jPCYykN2mLJHkFytVvXA?= =?us-ascii?q?KdK1JFgAAbQjo2hIQ2FwCtxMz8dkd0/TER5ljkqhRSzuJkLQXwUmDapA2wcD?= =?us-ascii?q?c7VICfLAZK7gFF/0rVKsye4fhzHi1C/Z2uthCNK22CawVJF24JX02EB0r4M7?= =?us-ascii?q?mv49nA7/aXBu6kI/TSZrWOrPRUV+2UypK3zotm4zGMO92PPnZ4Dv07xlBMXX?= =?us-ascii?q?djF8TZhjUAUSoXly3WYs6aohe85jN4rsSl/Pv3XwLv4JOFC6FOPtV35xC2na?= =?us-ascii?q?CDOvaKiyZ/NDlYzJIMxH/SxLgE3F4dlT9ueCWtEbsesy7NT6XQl7RTDx4abS?= =?us-ascii?q?NzKcRJ47g93glLJc7UlNf12qRkgf4yDldPTUbhld2xZcwWP2G9M0vKBEWRO7?= =?us-ascii?q?SHPzHL2N/3brm8Sb1Wl+hUthuwuSqFHE/nJDiMiz7pVxW3O+FWkC6bJABeuJ?= =?us-ascii?q?26cht1EmfjVMnrZQe/MN92kzI2x745imnXOmECKTJ8aV9CrqWM7SNEhfVyA2?= =?us-ascii?q?5B7n1+LemEgCuZ7e7YKo0Wsft3GCR0lvpa4HAkxLtJ8CFIXvt1mDHdrtR2uV?= =?us-ascii?q?GpjvGPyiZ7UBpJsjtLh5iEvUR4NaXZ65lPQ3DE/B0W4GWRDRQKu8VqCtn1t6?= =?us-ascii?q?9MzdjPkbr5KC1e/NLM4cscG8/UJdqdMHogLxXpHiLUDAkbQj6wLmzfiEtdkP?= =?us-ascii?q?ad9n2RsJc2sITjmJ0LSuwTaFtgNPoACUdiVOcLI5R2WD4i2eqZhdQL5n34tx?= =?us-ascii?q?DSR8Rcs5bvUvOUHOWpKTCFgL0CbBwNl/ewFokaMMXQ21ZjcUV9hITHAVHXW5?= =?us-ascii?q?gZuSBoaEk25k5N6nllUmor20//cQSryH4VCfOw2BUxj10tT/4q8WLX/1ovJl?= =?us-ascii?q?fM7BA1mU01lMSt1SudaxbtPaywWsdQECOyuE8vZMCoCz1pZBG/yBQ3fAzPQK?= =?us-ascii?q?hc2v45KDFm?= X-IPAS-Result: =?us-ascii?q?A2BGAAAwU+Vc/wHyM5BlHAEBAQQBAQcEAQGBUwUBAQsBg?= =?us-ascii?q?WEFKoE7MoQ7k1oGgTWJTo8JgXsJAQEBAQEBAQEBNAECAQGEQAKCMSM2Bw4BA?= =?us-ascii?q?wEBAQQBAQEBAwEBbCiCOikBgmcBBSMEETQKAxALGAICJgICVwYBDAgBAYJfP?= =?us-ascii?q?4F3FKgsfDOFR4MkgUaBDCgBi1AXeIEHgREngms+h06CWASNToV9lGYJgg+CE?= =?us-ascii?q?ZBvBhuWMoxdl1MNJIFXKwgCGAghD4MokGwjA4E2AQGNagEB?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 22 May 2019 13:56:38 +0000 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id x4MDuUko015996; Wed, 22 May 2019 09:56:30 -0400 Subject: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) To: Jarkko Sakkinen , Sean Christopherson Cc: Andy Lutomirski , James Morris , "Serge E. Hallyn" , LSM List , Paul Moore , Eric Paris , selinux@vger.kernel.org, Jethro Beekman , "Xing, Cedric" , "Hansen, Dave" , Thomas Gleixner , "Dr. Greg" , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes References: <20190514204527.GC1977@linux.intel.com> <20190515013031.GF1977@linux.intel.com> <20190517000331.GD11204@linux.intel.com> <20190520114105.GD27805@linux.intel.com> <20190521151836.GA4843@linux.intel.com> <20190521155140.GE22089@linux.intel.com> <20190522132022.GC31176@linux.intel.com> <20190522132227.GD31176@linux.intel.com> From: Stephen Smalley Message-ID: <0e183cce-c4b4-0e10-dbb6-bd81bea58b66@tycho.nsa.gov> Date: Wed, 22 May 2019 09:56:30 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20190522132227.GD31176@linux.intel.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/22/19 9:22 AM, Jarkko Sakkinen wrote: > On Wed, May 22, 2019 at 04:20:22PM +0300, Jarkko Sakkinen wrote: >> On Tue, May 21, 2019 at 08:51:40AM -0700, Sean Christopherson wrote: >>> Except that mmap() is more or less required to guarantee that ELRANGE >>> established by ECREATE is available. And we want to disallow mmap() as >>> soon as the first EADD is done so that userspace can't remap the enclave's >>> VMAs via munmap()->mmap() and gain execute permissions to pages that were >>> EADD'd as NX. >> >> We don't want to guarantee such thing and it is not guaranteed. It does >> not fit at all to the multi process work done. Enclaves are detached >> from any particular process addresse spaces. It is responsibility of >> process to open windows to them. >> >> That would be completely against work that we've done lately. > > Example use case: you have a process that just constructs an enclave > and sends it to another process or processes for use. The constructor > process could have basically anything on that range. This was the key > goal of the fd based enclave work. What exactly happens in the constructor versus the recipient processes? Which process performs each of the necessary open(), mmap(), and ioctl() calls for setting up the enclave? Can you provide a high level overview of the sequence of userspace calls by the constructor and by the recipient similar to what Sean showed earlier for just a single process?