Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3208063ybi; Mon, 17 Jun 2019 19:13:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqweMgB0FhHLzVMMYcUHnfU/nOHbHO7iUMsWEUf9DY2m6t42Tw4XQ8Q3d6lnxvLqkJG2QuTp X-Received: by 2002:a17:90a:9f08:: with SMTP id n8mr2458048pjp.102.1560824019562; Mon, 17 Jun 2019 19:13:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560824019; cv=none; d=google.com; s=arc-20160816; b=GwWa/U/6NEPhbIi2Kai5cxLbbqTgvpY/VNRgA2c7c8mmzqn3wlzd1SvJfr3fJH9MAh THvUooygnuYWgB9J6tn4yd+pZiQnEcvMMjhLeOb5X1CXwkbmDA/DO+f/l6BBdpRkT/Ie r4dysmudTEWTpiX/TUgF5cA6eSho+fYRj+RSBaKpn5vbkjWLCJlqoGyQd350mjPLaa1g z8SCONS3mxk0ZQO9b1NN7Hx0I5zcm8rucP7ECaXaPdFMIRnh01nsiJ+H8BymvnPxtVfY 8ZL+E4olk3IHOJuhmsnM284UoKAXiEBeerxauBAPPj5NZD+oP7dLrSpAedsAWqLZAHoK Y8NA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id; bh=/qRrtZpGhZiqcSMbIelit7eCV6f8fyD0Ii+VzrhiE3U=; b=mEfcu++B5vHZuMsdS5Y0BtqgyW7Dl8P2o2nRLyHJ+tYou/1P55ZAvOZAgbH9qWGdbu koDwHn5y+9Hqwt+vPNe75ipXDESMldOq6OXPF9Q1Kp0fxJXntXQFYM5uAcL4n04r1e4M xhpfa3Ka6/XQa9/7BNHUdKiLU0xJp2HOZzhLgUhVuIv6lK/heWWzr6kfwcyaJl9W+Tzs ojFqEaHubBBlFZJlgVhD2lYwJIRLT+Sap4U+NGgOsVOciY6ZPY6M2BCfpovV6Euw15v7 mXfbG/NgBBiF4/LxEP1DzOYF9OxEiQY4Jqqv6/fJXhsusPck1tMZjMTpWvEdcY3qUAmk 2kew== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b6si12021566pgq.465.2019.06.17.19.13.23; Mon, 17 Jun 2019 19:13:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728048AbfFRCLr (ORCPT + 99 others); Mon, 17 Jun 2019 22:11:47 -0400 Received: from mga12.intel.com ([192.55.52.136]:31762 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725829AbfFRCLq (ORCPT ); Mon, 17 Jun 2019 22:11:46 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jun 2019 19:11:45 -0700 X-ExtLoop1: 1 Received: from khuang2-desk.gar.corp.intel.com ([10.255.91.82]) by orsmga004.jf.intel.com with ESMTP; 17 Jun 2019 19:11:40 -0700 Message-ID: <1560823899.5187.92.camel@linux.intel.com> Subject: Re: [PATCH, RFC 45/62] mm: Add the encrypt_mprotect() system call for MKTME From: Kai Huang To: Andy Lutomirski Cc: Dave Hansen , "Kirill A. Shutemov" , Andrew Morton , X86 ML , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , David Howells , Kees Cook , Jacob Pan , Alison Schofield , Linux-MM , kvm list , keyrings@vger.kernel.org, LKML , Tom Lendacky Date: Tue, 18 Jun 2019 14:11:39 +1200 In-Reply-To: References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> <20190508144422.13171-46-kirill.shutemov@linux.intel.com> <3c658cce-7b7e-7d45-59a0-e17dae986713@intel.com> <5cbfa2da-ba2e-ed91-d0e8-add67753fc12@intel.com> <1560818931.5187.70.camel@linux.intel.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.6 (3.24.6-1.fc26) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2019-06-17 at 18:50 -0700, Andy Lutomirski wrote: > On Mon, Jun 17, 2019 at 5:48 PM Kai Huang wrote: > > > > > > > > > > > And another silly argument: if we had /dev/mktme, then we could > > > > possibly get away with avoiding all the keyring stuff entirely. > > > > Instead, you open /dev/mktme and you get your own key under the hook. > > > > If you want two keys, you open /dev/mktme twice. If you want some > > > > other program to be able to see your memory, you pass it the fd. > > > > > > We still like the keyring because it's one-stop-shopping as the place > > > that *owns* the hardware KeyID slots. Those are global resources and > > > scream for a single global place to allocate and manage them. The > > > hardware slots also need to be shared between any anonymous and > > > file-based users, no matter what the APIs for the anonymous side. > > > > MKTME driver (who creates /dev/mktme) can also be the one-stop-shopping. I think whether to > > choose > > keyring to manage MKTME key should be based on whether we need/should take advantage of existing > > key > > retention service functionalities. For example, with key retention service we can > > revoke/invalidate/set expiry for a key (not sure whether MKTME needs those although), and we > > have > > several keyrings -- thread specific keyring, process specific keyring, user specific keyring, > > etc, > > thus we can control who can/cannot find the key, etc. I think managing MKTME key in MKTME driver > > doesn't have those advantages. > > > > Trying to evaluate this with the current proposed code is a bit odd, I > think. Suppose you create a thread-specific key and then fork(). The > child can presumably still use the key regardless of whether the child > can nominally access the key in the keyring because the PTEs are still > there. Right. This is a little bit odd, although virtualization (Qemu, which is the main use case of MKTME at least so far) doesn't use fork(). > > More fundamentally, in some sense, the current code has no semantics. > Associating a key with memory and "encrypting" it doesn't actually do > anything unless you are attacking the memory bus but you haven't > compromised the kernel. There's no protection against a guest that > can corrupt its EPT tables, there's no protection against kernel bugs > (*especially* if the duplicate direct map design stays), and there > isn't even any fd or other object around by which you can only access > the data if you can see the key. I am not saying managing MKTME key/keyID in key retention service is definitely better, but it seems all those you mentioned are not related to whether to choose key retention service to manage MKTME key/keyID? Or you are saying it doesn't matter we manage key/keyID in key retention service or in MKTME driver, since MKTME barely have any security benefits (besides physical attack)? > > I'm also wondering whether the kernel will always be able to be a > one-stop shop for key allocation -- if the MKTME hardware gains > interesting new uses down the road, who knows how key allocation will > work? I by now don't have any use case which requires to manage key/keyID specifically for its own use, rather than letting kernel to manage keyID allocation. Please inspire us if you have any potential. Thanks, -Kai