Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp708525ybi; Fri, 24 May 2019 10:08:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqz6jqOc3qiOXPuyAGpRwdQRAGYD7V79DAaMmb/XmmDEj9+WPDs8rKuLeJSrLUP3fAVyklo5 X-Received: by 2002:a17:902:8b8a:: with SMTP id ay10mr98672916plb.74.1558717736477; Fri, 24 May 2019 10:08:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558717736; cv=none; d=google.com; s=arc-20160816; b=Oj7SPY4PJ2tMVV/7e38NrpxL4b4r7tAYtHOPUIiy2fSzP8m6LQCvSzRuFFFdPbyynw LNC3nFxWhTrH5o+u0dwj/o9W70SMNmjyhL3hevPpqC5kC7qU/Hto8sS319C9vVhB47WS r40VLOou0MAG8/2ncGVblTGhIoLnEwAqLgnuLI2L84sAAQ5yCW7ou7ygNRUpHi6HZ/iz NpYSpB2kJ93Lcqbfza835RTGF1zX37SqJeCmjaWgSMvCs/3jDOnAoQRORzC094pEZoEs /scJhaRA0Ruc8b0rZ1xpZBhC4MuRzwOySGw+FoMNPIvUkYt2fsniwBr64AdXIR3/gvJQ p1tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=w7fyrQBDJnQQV1kat+6qKxCJJNAJt27YOKPG77eM9WQ=; b=No1keLw8fio9b8hxcEKRKeM4LLkBpoDcbdNUH8sfUfCV/Rw4MPzEWW/rc3voVJvp7q b9VVK7BkZDCQizcvVv4r01PkTz2Sf+xoNdxtGcCZiKpqd/b4lydMgY1yBnXWcFzwqgF3 YrXyh9Ue9/iK6W4kru5s8ylNYz8vvThtMjzuz8lIXJrIGtnb2Yzi05m1KRe6BMnIBxpD Dcxcgu1Ttk2Xv+QWpVCK3FRzxo44VrYvBPX3qVXx54/+59HF9l4OlfEcPBuos+RFG1qK MYW7j54jRQ28irdAdj0ICHPixOiIbejca4dyOMxwBTbpJ8MZm4k5l1YM0EeG89EFX+N9 PJbg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f13si4776241pga.385.2019.05.24.10.08.40; Fri, 24 May 2019 10:08:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731929AbfEXRHG (ORCPT + 99 others); Fri, 24 May 2019 13:07:06 -0400 Received: from mga05.intel.com ([192.55.52.43]:37043 "EHLO mga05.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731468AbfEXRHF (ORCPT ); Fri, 24 May 2019 13:07:05 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 May 2019 10:07:05 -0700 X-ExtLoop1: 1 Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.36]) by orsmga005.jf.intel.com with ESMTP; 24 May 2019 10:07:04 -0700 Date: Fri, 24 May 2019 10:07:04 -0700 From: Sean Christopherson To: Andy Lutomirski Cc: "Xing, Cedric" , Jarkko Sakkinen , Stephen Smalley , James Morris , "Serge E. Hallyn" , LSM List , Paul Moore , Eric Paris , "selinux@vger.kernel.org" , Jethro Beekman , "Hansen, Dave" , Thomas Gleixner , "Dr. Greg" , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes Subject: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) Message-ID: <20190524170704.GA3401@linux.intel.com> References: <20190522153836.GA24833@linux.intel.com> <20190523023517.GA31950@linux.intel.com> <20190523102628.GC10955@linux.intel.com> <20190523141752.GA12078@linux.intel.com> <20190523234044.GC12078@linux.intel.com> <960B34DE67B9E140824F1DCDEC400C0F654E8956@ORSMSX116.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 24, 2019 at 09:43:27AM -0700, Andy Lutomirski wrote: > On Fri, May 24, 2019 at 12:24 AM Xing, Cedric wrote: > > /** > > * Summary: > > * - The enclave file resembles a shared object that contains RO/RX/RW segments > > * - FILE__* are assigned to /dev/sgx/enclave, to determine acceptable permissions to mmap()/mprotect(), valid combinations are > > * + FILE__READ - Allow SGX1 enclaves only > > * + FILE__READ|FILE__WRITE - Allow SGX2 enclaves to expand data segments (e.g. heaps, stacks, etc.) > > I think this is a non-starter :( FILE__WRITE also means that you can > write to the file, and the admin / policy author will almost never > want to allow that. Why would FILE__WRITE on /dev/sgx/enclave be a problem? An actual write to /dev/sgx/enclave would yield -EINVAL, no?