Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1257716ybv; Thu, 20 Feb 2020 16:32:43 -0800 (PST) X-Google-Smtp-Source: APXvYqzaPLpxYITei/DwbQJqOjQcIX8uuJ7jmvmA6xW7QlviVw02iEnErEpWpIby5zou36uN3idA X-Received: by 2002:a05:6830:610:: with SMTP id w16mr26283399oti.239.1582245162971; Thu, 20 Feb 2020 16:32:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582245162; cv=none; d=google.com; s=arc-20160816; b=1Kj0GisWbJwPcD7qqDT5JMur/8z7LTrC+eZJKDrbpHzC1MZw1SIwP8pCCFxKXGLZ3P pEqek1OIIKYU8WS3gXkZQQFb1tw83nvtbM8FzrDVz8RJIGm5ANNifpzRK6qA9nAdRl4u VC3AjZ62HuaDXbld5UjQGPl+mkQyib4jrEC8rWLBTrokZpWJx8mMH7ea/SjNRlv10JlT v0f2OFx03qKe5AxutzLEXUn6xCTFxQlA1x6LU6LfkjR9RWr6jPhHuLgpachUvgjJLFbH WBmByeyUGAl/uWijGRO+BSfclA/8GcsWPRrClYOaz4/MjMUofYjkXhah/wd+EJKxng1p zr7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:in-reply-to:cc:references:message-id :date:subject:mime-version:from:content-transfer-encoding :dkim-signature; bh=z2DSekIXnkX9eU39ZMxeSaJ+Ey4ada2j/LjI3viMpe8=; b=lDDCnFL8jAYsH128rcWD2yYjoNqUurhTrVEAEwUZJPK5BKhS1qRnr87hzALLJMv+Dj 9HVcd1rp8yTexM24FR6KzU7FZ/GBxHSd1//itG9L5r6tOeWpcB0JBB0wzILhgR1aLPTU PMlif43OY2EGw4i4GxtLPzsbEkd4knoc5boaINsUjdvoL0Hthf/eYeCtvmrpAbesxAim kY25WlqrMJP2BzEBWNYUCZ7c+Jec2iAUw+xD46P05fFQo6SoKmlAAAZ9YcvoxGW25Hdi pihh8jjOTJS8ET6rDQ3k+y4eNiZJ5QCK9IYsgQIMjKFBMS+WA6X6wcMXEcHiLMOQEy0X Mvag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=L2xq9Vle; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b3si577661otf.141.2020.02.20.16.32.30; Thu, 20 Feb 2020 16:32:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=L2xq9Vle; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729455AbgBUAc1 (ORCPT + 99 others); Thu, 20 Feb 2020 19:32:27 -0500 Received: from mail-pf1-f196.google.com ([209.85.210.196]:32933 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729419AbgBUAc0 (ORCPT ); Thu, 20 Feb 2020 19:32:26 -0500 Received: by mail-pf1-f196.google.com with SMTP id n7so287033pfn.0 for ; Thu, 20 Feb 2020 16:32:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=z2DSekIXnkX9eU39ZMxeSaJ+Ey4ada2j/LjI3viMpe8=; b=L2xq9Vle6jxp9WXJix/nJ1E6aNq25XGRDldBnE6uRfHPTKAZidzklN+ABPMmf6twdj 9iF+ezVYOWPSBqEKGBFsP667oRit4McJEgy0SnPH61oD5WigzY6ow9ds+A4YVkKCg71+ isZ9j8P++FFMlx1PqFw2gd5fAr2ryaDc1lybA8W/uuAZFCMG/J6CL3EM1K8nQ/sEMLMr R4yNGXen8b9ERC8Inh1eMrA9zbbvEY7KBfc0E7lwgRjD71sZku0KLC5Wub0HyEN+1azo A7y9Aq2fiHX8eP7WA9XiUVTh11d13PprbklWSMPwnVUjKJeB7br7pZScqcu/sxf5hmEZ ZLsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=z2DSekIXnkX9eU39ZMxeSaJ+Ey4ada2j/LjI3viMpe8=; b=mcD//FvrWezquY4OJm9uhg27Xg/i215toyFCaHLsdlDWB3FZn555cRU6d8MPan/s+G j66bleDvcyXRpoHeZ6cLkqScXssNpp4Owxd7u1inuGIZ0D3rUdOcLdp1es1vAFxnN6Qm fCQvG4L0uk+TDepBLz4BLrtuMcRArd6XhV7j7oMsdw22g3/wTeiRr//bUUhbLKsTn23W LfDsAmS72DYDcfoxNWrVWxW7tE4P1Mz8sM1Rcf/gCMb0jLmzsjQuqfiffjMTV+q8ug4Z QMAQftz8A9iGfw9j/ltw3beOw9EEM3at50+YWTSN2jMzAjuLvv7hDyi6IRuiLDWhQrpj jLew== X-Gm-Message-State: APjAAAWVmlGbaVqRzJ3boQ2HOMK4ls7GC5dHtt017MM/nsU6RL7tIZyE 1k+ytyoiXAIg+EQ+pApo+C3S5g== X-Received: by 2002:a63:9919:: with SMTP id d25mr35049553pge.22.1582245146084; Thu, 20 Feb 2020 16:32:26 -0800 (PST) Received: from ?IPv6:2601:646:c200:1ef2:511c:ebc0:d124:b4a0? ([2601:646:c200:1ef2:511c:ebc0:d124:b4a0]) by smtp.gmail.com with ESMTPSA id f43sm540853pje.23.2020.02.20.16.32.24 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 20 Feb 2020 16:32:25 -0800 (PST) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Andy Lutomirski Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v26 10/22] x86/sgx: Linux Enclave Driver Date: Thu, 20 Feb 2020 16:32:22 -0800 Message-Id: <6AE5891F-FC0D-4062-A6CA-01C78C2D5A1A@amacapital.net> References: <20200220221607.GB26618@linux.intel.com> Cc: Sean Christopherson , Jordan Hand , linux-kernel@vger.kernel.org, x86@kernel.org, linux-sgx@vger.kernel.org, akpm@linux-foundation.org, dave.hansen@intel.com, nhorman@redhat.com, npmccallum@redhat.com, haitao.huang@intel.com, andriy.shevchenko@linux.intel.com, tglx@linutronix.de, kai.svahn@intel.com, bp@alien8.de, josh@joshtriplett.org, luto@kernel.org, kai.huang@intel.com, rientjes@google.com, cedric.xing@intel.com, puiterwijk@redhat.com, linux-security-module@vger.kernel.org, Suresh Siddha , Haitao Huang In-Reply-To: <20200220221607.GB26618@linux.intel.com> To: Jarkko Sakkinen X-Mailer: iPhone Mail (17D50) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Feb 20, 2020, at 2:16 PM, Jarkko Sakkinen wrote: >=20 > =EF=BB=BFOn Thu, Feb 20, 2020 at 10:48:42AM -0800, Sean Christopherson wro= te: >> My biggest concern for allowing PROT_EXEC if RIE is that it would result >> in #PF(SGX) (#GP on Skylake) due to an EPCM violation if the enclave >> actually tried to execute from such a page. This isn't a problem for the= >> kernel as the fault will be reported cleanly through the vDSO (or get >> delivered as a SIGSEGV if the enclave isn't entered through the vDSO), bu= t >> it's a bit weird for userspace as userspace will see the #PF(SGX) and >> likely assume the EPC was lost, e.g. silently restart the enclave instead= >> of logging an error that the enclave is broken. >=20 > I think right way to fix the current implementation is to -EACCES mmap() > (and mprotect) when !!(current->personality & READ_IMPLIES_EXEC). >=20 > This way supporting RIE can be reconsidered later on without any > potential ABI bottlenecks. >=20 Sounds good to me. I see no credible reason why anyone would use RIE and SG= X. > /Jarkko