Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp752786ybi;
        Fri, 24 May 2019 10:52:31 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwfhnwRb2NTsG5Bp9GQR9G+wY1QmzBXyc4E4ziY9rQRwWN3YoAhu9wkxXsIOeI1vkLYYRua
X-Received: by 2002:a63:f410:: with SMTP id g16mr3130959pgi.428.1558720351686;
        Fri, 24 May 2019 10:52:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1558720351; cv=none;
        d=google.com; s=arc-20160816;
        b=pFmTpl/bYT3qdHtMGbqxJs7BmYhh3IcOyLGLKKE24pmd4hiXA/GvC5gSRppDIs70pT
         BVtcVsumHH1MHJis96NcRXfPE71Dm+CpmJCal1YxOvXlpFEeHrUHw2SLNM4DBTVWWST5
         yEqogAs4mvOPdkFxzdFCLyREHG9jMu8rTtfZKWRuXtfUcVZuqruR8o1vh1yuFNPnLp9V
         8zwc7IJaC3Neh0aH80ZsqPe0tdvwmBt/Ws736LkkdKErDdXe6zrdgYSAnIZkFmHQtWmn
         Z4uy4pz8rcLhw8DJs+AITICRgHAMFMSKKAGNstKQu6uz1jaNWFO/GgPHwjRTpMrBsnSQ
         TV4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version:dkim-signature;
        bh=ocLpeABc0HQG8VakKMn2nzLynuB7SdZa/fkKOnImdKM=;
        b=sTp1Jmpo9d9zSKAMjq7pPJeYoeEDSzTgsxUcFfkjW1RiiecX+2YsrKTjuBjLWBAbxS
         7DtncVizzeJduZOxHNkfHmkCI2amD7DsTmsJ9drm5LWnV6/1QLMoL/Lg3x+3YgJgWpMY
         2r6CFlQZehgS5kr4YCjOX0GP5cbp9dtPpkhFvV0DXIRNNUPyhRYpCwo4OiqNLHOPhxh/
         a+IKGGRlS6LUQbD4YdGeLv7UicEyjZ1Qkd2nJZZd/HXoJJYCW8RBicsJwRmOvihKGLka
         AfFXGOb+dXhjtiBPf5sRh1EeQlQdCBmJjj6zFlJLohQwdI+HRJhJGs6/Ql5Ox/jbU2wF
         EA0Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b="e4/CpAO0";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d16si4997384pfr.229.2019.05.24.10.52.15;
        Fri, 24 May 2019 10:52:31 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b="e4/CpAO0";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2391672AbfEXRvF (ORCPT <rfc822;charleyewang@gmail.com>
        + 99 others); Fri, 24 May 2019 13:51:05 -0400
Received: from mail-pl1-f195.google.com ([209.85.214.195]:40041 "EHLO
        mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726139AbfEXRvE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 24 May 2019 13:51:04 -0400
Received: by mail-pl1-f195.google.com with SMTP id g69so4453838plb.7
        for <linux-kernel@vger.kernel.org>; Fri, 24 May 2019 10:51:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=ocLpeABc0HQG8VakKMn2nzLynuB7SdZa/fkKOnImdKM=;
        b=e4/CpAO0cLXVFJXkjwP4Q7OvrYfhoyHJdNe2WEcZMZJnJDciggEGccrFo8JVoGXtb5
         b+zlU3vEDkzcWrUZTvrPARbOM8V3XuERPwDfVYLz3nWYcwpRJtEcMv9ONyyYFXSyTIpg
         m4VAyWJawqnztcr3Ph4Y4uyNnv7qZkXYF2a+jg4eC/vvGD8tWIArlWDDO/1L4cy2Qbyi
         CK/+ImPgjQegUn/M/oIkFxI6j4XduMpxad9NQmsJwVRPlODAOfilPBrHk4icV0RFXCA4
         uhas3dPiAbiPZXa+hw/CwbyhY7fx+X6PmhYKDuTJwMyZU50MFV80XP55bCuIjzGlG9EK
         tMNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=ocLpeABc0HQG8VakKMn2nzLynuB7SdZa/fkKOnImdKM=;
        b=Yu1GFWu8LO0xQaZjzs+qIqvli+A5HP3/u2SKojGdmL39Hg9mXYvEqqKG70azNAacaB
         OKd9aG+d79z6yPO8622NwGXDR0Tve+6vTYJPCL9NDAWNfs2FWvly8xm0qavZQtZL/ZaM
         oNFN/hpazKVwO6/iwUSQTtP/xijK88xhTQEAGkd1CAiB91H60bf4kxjky+NthPrKJ86m
         275gycKtKPNeTSBV7JIbgt5fEddIzW0U2qpQ9eD4ve2sYUv4fbLGiAO4loRUN0I3vllZ
         SMwQFRoaghijr+MCIsLRRPOcN9358ZgQ1nMDwFY5ytY6X1TcCsf6F8LsX5LXMyRfPMpM
         Q1dA==
X-Gm-Message-State: APjAAAVBauLuGo8F+2Rms0/GRphFhHlF2Oj6GI+DHa+C8vZ4ZxvBnxEx
        O0VLV19Mt9pZfkemijcvJdHfRA==
X-Received: by 2002:a17:902:10c:: with SMTP id 12mr107916591plb.61.1558720264308;
        Fri, 24 May 2019 10:51:04 -0700 (PDT)
Received: from ?IPv6:2601:646:c200:1ef2:25e7:e273:cc72:2b04? ([2601:646:c200:1ef2:25e7:e273:cc72:2b04])
        by smtp.gmail.com with ESMTPSA id 12sm8835425pfs.106.2019.05.24.10.51.03
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 24 May 2019 10:51:03 -0700 (PDT)
Content-Type: text/plain;
        charset=utf-8
Mime-Version: 1.0 (1.0)
Subject: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
From:   Andy Lutomirski <luto@amacapital.net>
X-Mailer: iPhone Mail (16E227)
In-Reply-To: <20190524170704.GA3401@linux.intel.com>
Date:   Fri, 24 May 2019 10:51:02 -0700
Cc:     Andy Lutomirski <luto@kernel.org>,
        "Xing, Cedric" <cedric.xing@intel.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        LSM List <linux-security-module@vger.kernel.org>,
        Paul Moore <paul@paul-moore.com>,
        Eric Paris <eparis@parisplace.org>,
        "selinux@vger.kernel.org" <selinux@vger.kernel.org>,
        Jethro Beekman <jethro@fortanix.com>,
        "Hansen, Dave" <dave.hansen@intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        "Dr. Greg" <greg@enjellic.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
        "linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        "nhorman@redhat.com" <nhorman@redhat.com>,
        "npmccallum@redhat.com" <npmccallum@redhat.com>,
        "Ayoun, Serge" <serge.ayoun@intel.com>,
        "Katz-zamir, Shay" <shay.katz-zamir@intel.com>,
        "Huang, Haitao" <haitao.huang@intel.com>,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        "Svahn, Kai" <kai.svahn@intel.com>, Borislav Petkov <bp@alien8.de>,
        Josh Triplett <josh@joshtriplett.org>,
        "Huang, Kai" <kai.huang@intel.com>,
        David Rientjes <rientjes@google.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D1F8869E-7431-4D73-8571-8F4F187B8632@amacapital.net>
References: <20190522153836.GA24833@linux.intel.com> <CALCETrUS8xyF1JJmQs18BGTDhPRXf+s81BkMZCZwmY73r7M+zg@mail.gmail.com> <20190523023517.GA31950@linux.intel.com> <20190523102628.GC10955@linux.intel.com> <20190523141752.GA12078@linux.intel.com> <CALCETrUzx3LPAKCLFf75P-XshAkRcr+JLET3LA_kHDs9MA11FA@mail.gmail.com> <20190523234044.GC12078@linux.intel.com> <CALCETrV4DVEfW6EJ6DnQGGYDJAiA5M1QcuYJTiroumOM+D6Jjg@mail.gmail.com> <960B34DE67B9E140824F1DCDEC400C0F654E8956@ORSMSX116.amr.corp.intel.com> <CALCETrX0WqouSWgdM+LNxMzypa0ZHZXTmJ+nNkuPuL8UOF_f2w@mail.gmail.com> <20190524170704.GA3401@linux.intel.com>
To:     Sean Christopherson <sean.j.christopherson@intel.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


> On May 24, 2019, at 10:07 AM, Sean Christopherson <sean.j.christopherson@i=
ntel.com> wrote:
>=20
>> On Fri, May 24, 2019 at 09:43:27AM -0700, Andy Lutomirski wrote:
>>> On Fri, May 24, 2019 at 12:24 AM Xing, Cedric <cedric.xing@intel.com> wr=
ote:
>>> /**
>>> * Summary:
>>> * - The enclave file resembles a shared object that contains RO/RX/RW se=
gments
>>> * - FILE__* are assigned to /dev/sgx/enclave, to determine acceptable pe=
rmissions to mmap()/mprotect(), valid combinations are
>>> *   + FILE__READ - Allow SGX1 enclaves only
>>> *   + FILE__READ|FILE__WRITE - Allow SGX2 enclaves to expand data segmen=
ts (e.g. heaps, stacks, etc.)
>>=20
>> I think this is a non-starter :(  FILE__WRITE also means that you can
>> write to the file, and the admin / policy author will almost never
>> want to allow that.
>=20
> Why would FILE__WRITE on /dev/sgx/enclave be a problem?  An actual
> write to /dev/sgx/enclave would yield -EINVAL, no?

Bah, read it wrong =E2=80=94 FILE__WRITE on the enclave file on disk is no g=
ood.=