Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp984265ybv; Thu, 20 Feb 2020 10:53:20 -0800 (PST) X-Google-Smtp-Source: APXvYqzjn1N6GGGMzjYjSlwvW4igySnqlhJ1v2M5TZVv7RMUIJdmcp1YJH6vpucrqCti0paz9uEO X-Received: by 2002:a9d:6d1a:: with SMTP id o26mr23822076otp.141.1582224800662; Thu, 20 Feb 2020 10:53:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582224800; cv=none; d=google.com; s=arc-20160816; b=XXzqFkWvQhP6hKnIwaHV6REorpqu5poSsDznN0IEnyfPlWs9HsSDw1/Cu0bWGMzmNG VECDR1R/h4h5PF5BmDJzlpiZSOxivFvqRPrFoL8qfe6f1SF/8KhpoWDunHZ/c+e/zj0X kekSp0IpkdavDkDRYtDPuE0fSGYEEDjHCPJtDdfPREUU2wMe9sM7MhuY2kibhb83rlUy baDqNwCIItOmW6foGaiTYXhg4hAZsYm3wkk6yO7rGpSpThMUeoZIQiCEf57xzoxqQ870 nVmxG/rxVQyx+ZpM/gIpaQSqyfzK14dampXDgMl0feFfGX97+kAa5IYyiOlFYg1xAmeN RIWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=zknRHNe7e1iLc/Ue1l2d84CcYHcx43fZQE1vksMWj4I=; b=p4WlhiCmKnqD13VDEISaG+TyoGdcSZn0pG3RigCgA4eTJC+waCNA4imNbz3syxbmS7 sBXDL0Om4G5lFyV4mAtVhj8lS7XRDJnufSjp2jKLmeF8zMvLIrwAATW+M5FLpvxvcZUz dTKxCyXTOGPAeJ0UQMH+gZuTtr03KstebH/pRc2F9k6iW32iQou6lkwK7PuLDWb2Rj5L J7iEsx2hhZoCekyikiDm2fkbBwV+PVx6mQhXFb7WUz1+4JGIk4VMMFc0Ah8aw8b69Hks cHgk1edAcsZtARQ9WAXLCc2mNblw8qUziWfIgJzGEBmItZognyuW+uRSaVdY7x3P4dP/ 46eg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=IgQMqpwe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z73si88340oia.40.2020.02.20.10.53.08; Thu, 20 Feb 2020 10:53:20 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=IgQMqpwe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728931AbgBTSvw (ORCPT + 99 others); Thu, 20 Feb 2020 13:51:52 -0500 Received: from mail.kernel.org ([198.145.29.99]:48424 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728217AbgBTSvw (ORCPT ); Thu, 20 Feb 2020 13:51:52 -0500 Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C0C6024687 for ; Thu, 20 Feb 2020 18:51:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582224711; bh=BIb7muBRiTMmDaTPFIJ2G/FP0hMlkSebaL/qJ/Le4dQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=IgQMqpweoIv/kUDzsl9CIjVqxdzBRhoNct5ut+/3c/1W+bp4IzRC93ES5d/Q6qJp/ LUBa1hF5XZyH4Y7787+lNucQDReqAwCt2GAEglW2y7I/GPE7vuVwwYgCsJzO8WPHkb j3rBW+QzM8+0tyzkAB3FCqGRt6XWTAYNgHWFMFpk= Received: by mail-wr1-f54.google.com with SMTP id r11so5783484wrq.10 for ; Thu, 20 Feb 2020 10:51:50 -0800 (PST) X-Gm-Message-State: APjAAAWwcDvhtwQ9W/o9GCrk2ZuDMTSvcHKjUbGZDPQ0SAm00FhI5+AG 38RtPSDj9HLVeKqfUmiNe+LlmanraEkIRhL89uk0LQ== X-Received: by 2002:adf:a354:: with SMTP id d20mr43299256wrb.257.1582224709127; Thu, 20 Feb 2020 10:51:49 -0800 (PST) MIME-Version: 1.0 References: <20200209212609.7928-1-jarkko.sakkinen@linux.intel.com> <20200209212609.7928-11-jarkko.sakkinen@linux.intel.com> <15074c16-4832-456d-dd12-af8548e46d6d@linux.microsoft.com> <20200220181345.GD3972@linux.intel.com> In-Reply-To: <20200220181345.GD3972@linux.intel.com> From: Andy Lutomirski Date: Thu, 20 Feb 2020 10:51:37 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v26 10/22] x86/sgx: Linux Enclave Driver To: Sean Christopherson Cc: Jordan Hand , Jarkko Sakkinen , LKML , X86 ML , linux-sgx@vger.kernel.org, Andrew Morton , Dave Hansen , Neil Horman , npmccallum@redhat.com, "Huang, Haitao" , Andy Shevchenko , Thomas Gleixner , "Svahn, Kai" , Borislav Petkov , Josh Triplett , Andrew Lutomirski , "Huang, Kai" , David Rientjes , "Xing, Cedric" , puiterwijk@redhat.com, LSM List , Suresh Siddha , Haitao Huang Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 20, 2020 at 10:13 AM Sean Christopherson wrote: > > On Tue, Feb 18, 2020 at 07:26:31PM -0800, Jordan Hand wrote: > > I ran our validation tests for the Open Enclave SDK against this patch > > set and came across a potential issue. > > > > On 2/9/20 1:25 PM, Jarkko Sakkinen wrote: > > > +/** > > > + * sgx_encl_may_map() - Check if a requested VMA mapping is allowed > > > + * @encl: an enclave > > > + * @start: lower bound of the address range, inclusive > > > + * @end: upper bound of the address range, exclusive > > > + * @vm_prot_bits: requested protections of the address range > > > + * > > > + * Iterate through the enclave pages contained within [@start, @end) to verify > > > + * the permissions requested by @vm_prot_bits do not exceed that of any enclave > > > + * page to be mapped. Page addresses that do not have an associated enclave > > > + * page are interpreted to zero permissions. > > > + * > > > + * Return: > > > + * 0 on success, > > > + * -EACCES if VMA permissions exceed enclave page permissions > > > + */ > > > +int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start, > > > + unsigned long end, unsigned long vm_prot_bits) > > > +{ > > > + unsigned long idx, idx_start, idx_end; > > > + struct sgx_encl_page *page; > > > + > > > + /* PROT_NONE always succeeds. */ > > > + if (!vm_prot_bits) > > > + return 0; > > > + > > > + idx_start = PFN_DOWN(start); > > > + idx_end = PFN_DOWN(end - 1); > > > + > > > + for (idx = idx_start; idx <= idx_end; ++idx) { > > > + mutex_lock(&encl->lock); > > > + page = radix_tree_lookup(&encl->page_tree, idx); > > > + mutex_unlock(&encl->lock); > > > + > > > + if (!page || (~page->vm_max_prot_bits & vm_prot_bits)) > > > + return -EACCES; > > > + } > > > + > > > + return 0; > > > +} > > > +static struct sgx_encl_page *sgx_encl_page_alloc(struct sgx_encl *encl, > > > + unsigned long offset, > > > + u64 secinfo_flags) > > > +{ > > > + struct sgx_encl_page *encl_page; > > > + unsigned long prot; > > > + > > > + encl_page = kzalloc(sizeof(*encl_page), GFP_KERNEL); > > > + if (!encl_page) > > > + return ERR_PTR(-ENOMEM); > > > + > > > + encl_page->desc = encl->base + offset; > > > + encl_page->encl = encl; > > > + > > > + prot = _calc_vm_trans(secinfo_flags, SGX_SECINFO_R, PROT_READ) | > > > + _calc_vm_trans(secinfo_flags, SGX_SECINFO_W, PROT_WRITE) | > > > + _calc_vm_trans(secinfo_flags, SGX_SECINFO_X, PROT_EXEC); > > > + > > > + /* > > > + * TCS pages must always RW set for CPU access while the SECINFO > > > + * permissions are *always* zero - the CPU ignores the user provided > > > + * values and silently overwrites them with zero permissions. > > > + */ > > > + if ((secinfo_flags & SGX_SECINFO_PAGE_TYPE_MASK) == SGX_SECINFO_TCS) > > > + prot |= PROT_READ | PROT_WRITE; > > > + > > > + /* Calculate maximum of the VM flags for the page. */ > > > + encl_page->vm_max_prot_bits = calc_vm_prot_bits(prot, 0); > > > > During mprotect (in mm/mprotect.c line 525) the following checks if > > READ_IMPLIES_EXECUTE and a PROT_READ is being requested. If so and > > VM_MAYEXEC is set, it also adds PROT_EXEC to the request. > > > > if (rier && (vma->vm_flags & VM_MAYEXEC)) > > prot |= PROT_EXEC; > > > > But if we look at sgx_encl_page_alloc(), we see vm_max_prot_bits is set > > without taking VM_MAYEXEC into account: > > > > encl_page->vm_max_prot_bits = calc_vm_prot_bits(prot, 0); > > > > sgx_encl_may_map() checks that the requested protection can be added with: > > > > if (!page || (~page->vm_max_prot_bits & vm_prot_bits)) > > return -EACCESS > > > > This means that for any process where READ_IMPLIES_EXECUTE is set and > > page where (vma->vm_flags & VM_MAYEXEC) == true, mmap/mprotect calls to > > that request PROT_READ on a page that was not added with PROT_EXEC will > > fail. > > I could've sworn this was discussed on the SGX list at one point, but > apparently we only discussed it internally. Anyways... > > More than likely, the READ_IMPLIES_EXECUTE (RIE) crud rears its head > because part of the enclave loader is written in assembly. Unless > explicitly told otherwise, the linker assumes that any program with > assembly code may need an executable stack, which leads to the RIE > personality being set for the process. Here's a fantastic write up for > more details: https://www.airs.com/blog/archives/518 > > There are essentially two paths we can take: > > 1) Exempt EPC pages from RIE during mmap()/mprotect(), i.e. don't add > PROT_EXEC for enclaves. Seems reasonable. Honestly, it probably makes sense to try to exempt almost everything from RIE. I'd be a bit surprised if RIE is actually useful for anything other than plain anonymous pages and private file mappings.