Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1028665ybi; Thu, 30 May 2019 10:23:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqzS0ZPF+rx0Cur0pH7WLI2mB/RDXMWwN5jDbjFCggSu+VXZBEa2wpnJRztBq9SLaDDEWU6Z X-Received: by 2002:a17:902:a508:: with SMTP id s8mr4600599plq.186.1559237018328; Thu, 30 May 2019 10:23:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559237018; cv=none; d=google.com; s=arc-20160816; b=rgNsfgcJvk+/5XpsPRE5+62tmHinsUrDfJVbKwWATJ9Kt5EgkgHm6xULe7Wz7ntUq8 21qu4WWYUny1R+T81Hpow3ZMgA10yahl9kg1HnfFaethcUvUcPzSWWf0y5lBVBsgA+ol RA1i5k3GYY99zQvBfJ+9pexfGgJ31sTZOhw/yNWgbBwbVhl0lTtadi8E+NPUkMFE7Yg9 9wLvdu/K9d2hZOr7sWf6UNXAxZ2SGZ2V7X4lAw8SIU91wty0AjS0kxgau0fhpeHdOaI8 tFWvMz+7VmQuJxrwgD+r+ORu+wDYajBPGWpmQa4uVorNgdA6rhyMCk4tCpD/r2vCm240 dcaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=D+zbyJVTQV/ALtNhlqCPmHYaCFd4seaU4iQextPDNbI=; b=zeXk+thvuIae+05F2mbI+Me8kI8KpketijwRFNdTLk5t1I6131VMsABZRv3LaLzZ64 F2rYXJwalovJJNzjqd67WDx1oXsWEKblBW63LomAyVrKdznlzCjGSoNWLV4H+7gyxvSF FM8W430cZ4IzR+lqxEF101n8IEuT0IPVnn0JkEyihGvC469K+AWt0cw02zPAusJVU39d 9ssCKF9PMLTgw2KrxSB73eNbjNaib2aKMxfJ9oHFwlxizJ2qSlYGjQYIIUdxtBiupRTa 8A0l+CJO8JdmBSkJ/9KE6/XByUlGqCjqjxyF4LQ/fG/i1+Tf8+jf+2GpwdWvW+JYMku7 TNpg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o4si3476923pgg.49.2019.05.30.10.23.22; Thu, 30 May 2019 10:23:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726879AbfE3RVx (ORCPT + 99 others); Thu, 30 May 2019 13:21:53 -0400 Received: from mga12.intel.com ([192.55.52.136]:15132 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726566AbfE3RVw (ORCPT ); Thu, 30 May 2019 13:21:52 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 May 2019 10:21:51 -0700 X-ExtLoop1: 1 Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.36]) by orsmga004.jf.intel.com with ESMTP; 30 May 2019 10:21:51 -0700 Date: Thu, 30 May 2019 10:21:51 -0700 From: Sean Christopherson To: "Xing, Cedric" Cc: Andy Lutomirski , Stephen Smalley , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , LSM List , Paul Moore , Eric Paris , "selinux@vger.kernel.org" , Jethro Beekman , "Hansen, Dave" , Thomas Gleixner , "Dr. Greg" , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes Subject: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) Message-ID: <20190530172150.GA23930@linux.intel.com> References: <20190524224107.GJ365@linux.intel.com> <683B5E3D-AFB6-4B45-8D39-B00847312209@amacapital.net> <960B34DE67B9E140824F1DCDEC400C0F654E965F@ORSMSX116.amr.corp.intel.com> <960B34DE67B9E140824F1DCDEC400C0F654E9824@ORSMSX116.amr.corp.intel.com> <20190528202407.GB13158@linux.intel.com> <20190528214107.GD13158@linux.intel.com> <960B34DE67B9E140824F1DCDEC400C0F654EB439@ORSMSX116.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <960B34DE67B9E140824F1DCDEC400C0F654EB439@ORSMSX116.amr.corp.intel.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 29, 2019 at 10:38:06PM -0700, Xing, Cedric wrote: > > From: Christopherson, Sean J > > Sent: Tuesday, May 28, 2019 2:41 PM > > > > On Tue, May 28, 2019 at 01:48:02PM -0700, Andy Lutomirski wrote: > > > On Tue, May 28, 2019 at 1:24 PM Sean Christopherson > > > wrote: > > > > > > > > Actually, I think we do have everything we need from an LSM perspective. > > > > LSMs just need to understand that sgx_enclave_load() with a NULL vma > > > > implies a transition from RW. For example, SELinux would interpret > > > > sgx_enclave_load(NULL, RX) as requiring FILE__EXECMOD. > > > > > > You lost me here. What operation triggers this callback? And > > > wouldn't sgx_enclave_load(NULL, RX) sometimes be a transition from RO > > > or just some fresh executable zero bytes? > > > > An explicit ioctl() after EACCEPTCOPY to update the allowed permissions. > > For all intents and purposes, the EAUG'd page must start RW. Maybe a better way to phrase > > it is that at some point the page must be writable to have any value whatsover. > > EACCEPTCOPY explicitly requires the page to be at least RW. EACCEPT technically doesn't > > require RW, but a RO or RX zero page is useless. Userspace could still EACCEPT with RO or > > RX, but SGX would assume a minimum of RW for the purposes of the LSM check. > > Why is an explicit ioctl() necessary after EACCEPTCOPY? Or why is mprotect() not sufficient? Ignore this, I was trying to avoid having to add a vm_ops mprotect(), which Andy pointed out was silly. > > In theory, it's still your MAXPERM model, but with the unnecessary states removed and the > > others enforced/handled by the natural SGX transitions instead of explictly in ioctls. > > Underneath the hood the SGX driver would still need to track the MAXPERM. > > What are the "unnecessary states" removed? Andy proposed taking full RWX in MAXPERMs, but really we only need "can writes ever happen to this page", as that allows the SGX driver to avoid having to track if a page has been mapped PROT_WRITE by any VMA in any process. > I'm not sure understand the proposal fully. The whole thing looks to me like > the driver is undertaking things that should/would otherwise be done by > mmap()/mprotect() syscalls. It also imposes unnecessary restrictions on user > mode code, such as mmap(PROT_NONE), ACTIVATE_REGION can be called only once, > etc. What'd happen if ACTIVATE_REGION is called with a range spanning > multiple/partial VMAs? What'd happen if an enclave was unmapped than mapped > again? I'd say the proposal is unintuitive at least. > > In theory, if the driver can keep track of MAXPERM for all pages within an > enclave, then it could fail mmap() if the requested prot conflicts with any > page's MAXPERM within that range. Otherwise, MAXPERM could be copied into > VM_MAY* flags then mprotect() will just follow through. Wouldn't that be a > much simpler and more intuitive approach? Ignore all this, again I was trying to avoid hooking mprotect().