Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp842098ybi; Thu, 30 May 2019 07:34:58 -0700 (PDT) X-Google-Smtp-Source: APXvYqyqwAt2f4PGJzFxfuOMOPVLYF8xxxS7CQZ+DhaOb9vQdSxUGvQbYhoBCbaYwVfmHbp9tup9 X-Received: by 2002:a63:d816:: with SMTP id b22mr3954978pgh.16.1559226898512; Thu, 30 May 2019 07:34:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559226898; cv=none; d=google.com; s=arc-20160816; b=l97eHLfCFnrE3+DmHvga+lWXm5FNTrHQpEZ7ljuiZ0c0FuM8twIYxIGxkvnLjp1dpi /KCSxFyQVyGz4l4unqvxoQjMKr+zsPL8lWSWQfj3026ue4mNkmgeXE/ekwEr9j+wmKgi kzojLp0SZOK5npr+76PiuBmWQCB4G27OtVPCIqGfIqOQs/9/uuDvNnfK+VMwys1HTDOP hvF7BRa3JPO5UABzAfZEegMLFiAYRnkLB88cEtF+MoHKi1O+VKD9cLFcWJ0OjJ+p0maK 3srq6vNOM5foZd/kITlwfMGaF93GJGcjOYTSLZkPMn9TwO55iJTJr5P/rL4irHwnWQ71 s1jA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=CfFCEiBUFrnJIST9+8Gf5xU2hNkgtKzBPqlTCJPnBD0=; b=cZSZXQqRyNzANrbm1izsAR1vwXukC3yBqXVXuVy86HhS157Qd13abS71EU2NVDZrMt 1EbxFBnW/o/BuB3HUeI+N4PxOdymYGO4K9j7/15fFopI2P/P7G9BHZm3n8X8OgLwrCA3 6a9L0i8kWCv/A2pVVQMomfGkbq1/3V+DpWrpWIcBqGAQJMtjX69PPQtsQGaxVr6MYB4y Lou0sV2wWOnQTIFgSeM+boIZlSa+y4jHt0Y77zT9pwzKu4Z12wawF9G82muVRtj9jlQL dnNGZxf1/TwPJJ+hcyzMMtjbrI/D2QOZrDJclb5K4b0dP2FQpE03XZNkwxBb57ia9hw0 jiNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=TanxQO2e; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x21si3198649pll.85.2019.05.30.07.34.41; Thu, 30 May 2019 07:34:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=TanxQO2e; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727001AbfE3Ob3 (ORCPT + 99 others); Thu, 30 May 2019 10:31:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:43950 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726640AbfE3Ob2 (ORCPT ); Thu, 30 May 2019 10:31:28 -0400 Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F36F825AF8 for ; Thu, 30 May 2019 14:31:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1559226688; bh=t9FNMyuHdKiRj7lNbCFjHjSQ+ossF6GJx2uNN/K/Nqk=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=TanxQO2eHs1jPHFF+ujiL9pPGiOw95ZuR5Jw7GbGZDBmPGvKg79QrhOPYwjJpAmng PtMth2Fx9PdPORT4hPl2E7d5uXJgqsrnQ7hrg1bYALSH368KM2xJ2LQojfMc+xL+DP Wo16AAsUzlwoqhqdLm8zOLdmPi4jeJYk2N2rmrXs= Received: by mail-wm1-f42.google.com with SMTP id u78so4115685wmu.5 for ; Thu, 30 May 2019 07:31:27 -0700 (PDT) X-Gm-Message-State: APjAAAWNrehOtFVTrPf0/r2c3LVyHmpBqnonzTXlfiyUt5HVoOwOVTu9 Qn0i8U0IrbM4M4SYz3AFau/rqId40zoQiBud+6WCGg== X-Received: by 2002:a7b:c450:: with SMTP id l16mr2110219wmi.0.1559226686610; Thu, 30 May 2019 07:31:26 -0700 (PDT) MIME-Version: 1.0 References: <20190524175458.GB365@linux.intel.com> <960B34DE67B9E140824F1DCDEC400C0F654E8E1D@ORSMSX116.amr.corp.intel.com> <20190524200333.GF365@linux.intel.com> <20190524224107.GJ365@linux.intel.com> <683B5E3D-AFB6-4B45-8D39-B00847312209@amacapital.net> <960B34DE67B9E140824F1DCDEC400C0F654E965F@ORSMSX116.amr.corp.intel.com> <960B34DE67B9E140824F1DCDEC400C0F654E9824@ORSMSX116.amr.corp.intel.com> <20190528202407.GB13158@linux.intel.com> <285f279f-b500-27f0-ab42-fb1dbcc5ab18@tycho.nsa.gov> <960B34DE67B9E140824F1DCDEC400C0F654EB487@ORSMSX116.amr.corp.intel.com> <678a37af-797d-7bd5-a406-32548a270e3d@tycho.nsa.gov> In-Reply-To: <678a37af-797d-7bd5-a406-32548a270e3d@tycho.nsa.gov> From: Andy Lutomirski Date: Thu, 30 May 2019 07:31:14 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) To: Stephen Smalley Cc: "Xing, Cedric" , "Christopherson, Sean J" , William Roberts , Andy Lutomirski , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , LSM List , Paul Moore , Eric Paris , "selinux@vger.kernel.org" , Jethro Beekman , "Hansen, Dave" , Thomas Gleixner , "Dr. Greg" , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi all- After an offline discussion with Sean yesterday, here are some updates to the user API parts of my proposal. Unfortunately, Sean convinced me that MAXPERM doesn't work the way I described it because, for SGX2, the enclave loader won't know at load time whether a given EAUG-ed page will ever be executed. So here's an update. First, here are the requrements as I see them, where EXECUTE, EXECMOD, and EXECMEM could be substituted with other rules at the LSM's discretion: - You can create a WX or RWX mapping if and only if you have EXECMEM. - To create an X mapping of an enclave page that has ever been W, you need EXECMOD. - To create an X mapping of an enclave page that came from EADD, you need EXECUTE on the source file. Optionally, we could also permit this if you have EXECMOD. And I have two design proposals. One is static and one is dynamic. To implement either one, we will probably need a new .may_mprotect vm operation, and that operation can call an LSM hook. Or we can give LSMs a way to detect that a given vm_area_struct is an enclave. As I see it, this is an implementation detail that is certainly solveable. Static proposal: EADD takes an execute_intent flag. It calls a new hook: int security_enclave_load(struct vm_area_struct *source, bool execute_intent); This hook will fail if execute_intent==true and the caller has neither EXECUTE, EXECMOD, nor EXECMEM. EAUG sets execute_intent = false. EINIT takes a sigstruct pointer. SGX can (when initially upstreamed or later on once there's demand) call a new hook: security_enclave_init(struct sigstruct *sigstruct, struct vm_area_struct *source); mmap() and mprotect() will require EXECMEM to create WX or RWX mappings. They will require EXECMOD to create RX or X mappings of an execute_intent==false page. They require no permissions in the other cases. Dynamic proposal: EADD does not take any special flags. It does something like this internally: bool execute_intent = true; int security_enclave_load(struct vm_area_struct *source, bool *execute_intent); The implementation of security_enclave_load() may set *execute_intent to false. The driver records execute_intent after the LSM is done. mmap() and mprotect() will require EXECMEM to create WX or RWX mappings. They will require EXECMOD to create RX or X mappings of an execute_intent==false page. They require no permissions in the other cases. A benefit of the static proposal is that audit failures due to a lack of EXECUTE permission are easy to implement and to understand in the lods. With the dynamic model, we can only really audit the lack of EXECMOD or EXECMEM. A benefit of the dynamic model is that we hide what is arguably a decently large wart from the API.