Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp5634444ybi; Tue, 4 Jun 2019 09:32:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqwkj8dSZkKhuwloCTgY98GuBpI7lDEM8A9IMnvxhigVAEEh5AvdE89su+D4O00CqgguxhPz X-Received: by 2002:a17:902:521:: with SMTP id 30mr38350849plf.62.1559665968158; Tue, 04 Jun 2019 09:32:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559665968; cv=none; d=google.com; s=arc-20160816; b=QZBBqqg0qV4+M3GKCop6U1oK7uwqHcKaWvIQDfh9a7c2f+avehahMXoeeBXNVCrn42 G6HpxjTUF76SYCxtvNOFMUmDoAtwE3zG20QxIjDPqDD7A8JONWImnNiuePirniP+0CrD Hvc074T5lE9V/77Ms6OY7zYq5loo7um8z8CLf9rtjZFVtybgmvQBd3npHPg8rfIzDNyk gZOiwoHf1eYU1umhsSEik2ReTkgAL+VviIlMS7e7cgfit/ikr0RmgzP7gKMD6yTpBFZA vk76tZY92Y5OerlzgYdemWLqIs67IbDgdATIk/dNOqozm33/UL7epSC1DACojrRcxSN0 Viww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=8lDF7McTHmI6CwMN/YfwUlwa5ayes16P1nuNXFPHucQ=; b=fAZdWG2w1n1nztx6laMykpHDRKCGF7eJ5+ALE6xlFg3l/P0lLDRMCN2vuxIxgvKpLe dUOFTkg+ywu3MReABd1/YrNP0LTV4rZTM7+FcFSIwvnXukwvJFXoqjfLr2eebRkPjrWG EdbCU1tYnkb4kL6mro+a+RvKH4ifFdkoeSqb1U9ai1ii2wa8qmmriJxeN0UK9g0GmwI5 W2g/ZzDrsbVYRDYrPeyh/wjWV/jD9qL75stCYH2pPOMi0VuAkYntogzYXZMM2TSnS7Il 8Rzvi5Cg1RqO4kR2vwxXKS6dt5uU/KZq7Mnj4rrk/e+eeALqhgy8XYuj67Rh2PeCTS5o ZR8w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 32si24158763plc.152.2019.06.04.09.32.32; Tue, 04 Jun 2019 09:32:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728073AbfFDQaz (ORCPT + 99 others); Tue, 4 Jun 2019 12:30:55 -0400 Received: from mga05.intel.com ([192.55.52.43]:37305 "EHLO mga05.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728043AbfFDQaw (ORCPT ); Tue, 4 Jun 2019 12:30:52 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Jun 2019 09:30:51 -0700 X-ExtLoop1: 1 Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.36]) by fmsmga007.fm.intel.com with ESMTP; 04 Jun 2019 09:30:50 -0700 Date: Tue, 4 Jun 2019 09:30:50 -0700 From: Sean Christopherson To: Stephen Smalley Cc: "Xing, Cedric" , Jarkko Sakkinen , Andy Lutomirski , James Morris , "Serge E . Hallyn" , LSM List , Paul Moore , Eric Paris , "selinux@vger.kernel.org" , Jethro Beekman , "Hansen, Dave" , Thomas Gleixner , Linus Torvalds , LKML , X86 ML , "linux-sgx@vger.kernel.org" , Andrew Morton , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Ayoun, Serge" , "Katz-zamir, Shay" , "Huang, Haitao" , Andy Shevchenko , "Svahn, Kai" , Borislav Petkov , Josh Triplett , "Huang, Kai" , David Rientjes , "Roberts, William C" , "Tricca, Philip B" Subject: Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM Message-ID: <20190604163050.GA32350@linux.intel.com> References: <20190531233159.30992-1-sean.j.christopherson@intel.com> <960B34DE67B9E140824F1DCDEC400C0F654EC5FD@ORSMSX116.amr.corp.intel.com> <20190603171549.GE13384@linux.intel.com> <960B34DE67B9E140824F1DCDEC400C0F654ED042@ORSMSX116.amr.corp.intel.com> <10a49f97-b3be-ed09-2821-68157f01aebe@tycho.nsa.gov> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <10a49f97-b3be-ed09-2821-68157f01aebe@tycho.nsa.gov> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 04, 2019 at 11:33:44AM -0400, Stephen Smalley wrote: > The RFC series seemed to dispense with the use of the sigstruct file and > just used the source file throughout IIUC. That allowed for reuse of > FILE__* permissions without ambiguity rather than introducing separate > ENCLAVE__* permissions or using /dev/sgx/enclave inode as the target of all > checks. Drat, I meant to explicitly call that out in the cover letter. Yes, the concept of using sigstruct as a proxy was dropped for this RFC. The primary motivation was to avoid having to take a hold a reference to the sigstruct file for the lifetime of the enclave, and in general so that userspace isn't forced to put sigstruct into a file. > Regardless, IIUC, your approach requires that we always check FILE__EXECMOD, > and FILE__EXECUTE up front during security_enclave_load() irrespective of > prot so that we can save the result in the f_security for later use by the > mprotect hook. Correct, this approach requires up front checks. > This may generate many spurious audit messages for cases > where PROT_EXEC will never be requested, and users will be prone to just > always allowing it since they cannot tell when it was actually needed. Userspace will be able to understand when PROT_EXEC is actually needed as mprotect() will (eventually) fail. Of course that assumes userspace is being intelligent and isn't blindly declaring permissions they don't need, e.g. declaring RWX on all pages even though the enclave never actually maps a RWX or RW->RX page. One thought for handling this in a more user friendly fashion would be to immediately return -EACCES instead of modifying @allowed_prot. An enclave that truly needs the permission would fail immediately. An enclave loader that wants/needs to speculatively declare PROT_EXEC, e.g. because the exact requirements of the enclave are unknown, could handle -EACCESS gracefully by retrying the SGX ioctl() with different @allowed_prot, e.g.: region.flags = SGX_ALLOW_READ | SGX_ALLOW_WRITE | SGX_ALLOW_EXEC; ret = ioctl(fd, SGX_IOC_ENCLAVE_ADD_REGION, ®ion); if (ret && errno == EACCES && !(prot & PROT_EXEC)) { region.flags &= ~SGX_ALLOW_EXEC; ret = ioctl(fd, SGX_IOC_ENCLAVE_ADD_REGION, ®ion); } This type of enclave loader would still generate spurious audit messages, but the spurious messages would be limited to enclave loaders that are deliberately probing the allowed permissions. > >The noexec case should be addressed in IOC_ADD_PAGES by testing > >@source_vma->vm_flags & VM_MAYEXEC. > > > >> > >>>* In hook security_file_free(), if @file is an enclave, free storage > >>> allocated for WRITTEN flags. >