Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp1377228pxu;
        Sat, 24 Oct 2020 08:47:58 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxISz3IZtAspeQrHO3KJ7P6fBuibFSuvJUSioFxdXPqHhkn7EXeevTZgiBf0D9TQiiEe4fc
X-Received: by 2002:a17:906:7157:: with SMTP id z23mr7601739ejj.474.1603554478176;
        Sat, 24 Oct 2020 08:47:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1603554478; cv=none;
        d=google.com; s=arc-20160816;
        b=IGli5hiCMDsV3jtgtgQ4MOeBjeARcb9LEY/szmKEWWikSheRbIxsRcPoBOzCqQBSzk
         2BGp7AZlqoihQOJZTU8of9hBi1hbF+6E5sUVh3boyD3ZEj5pH75sXWln2xUGM/uV4IlI
         4KYeG6Y3u4kRYgO8mq1lsJmMYQ3bMk6nFthntoA6XeAr31KUSu+3qy2PCe1pymqMon+9
         LuQOshig/ghqWnUhqxNkOqC462YQwFJTi2zuDl+so23pFyLC4a/j6bfJUxyPr70tcS1t
         60iwakEtLK7lF1zBBZsyFQyc8eEwZu5ZLlp0lZY3p1DP2BECtHMwigK5PTkLLgqB0gxB
         oXOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:to:in-reply-to:cc:references:message-id:date
         :subject:mime-version:from:content-transfer-encoding:dkim-signature;
        bh=ib38EIy6KqLbCzhDsFX9vIfwgtD2o848KUSoNeoy71c=;
        b=jC23fpCIdRomoGcFg2tT2kXHcX8UU99WqWCD6LMcLat1NTQl771JkkOueuznunbN7x
         Wi6LJQmFNU1Qm2OX9mvewsfTlxD687cfRd72YnmZ3e756885GLtoFa9Vwt8o1UGN/wyR
         1eQ9Dn2jxbdAE5CYQLAvllpx3Q7/n1Bn5Vr0vMSr0mE23zl1EwJnehmboqDZICtggzEq
         oUx1dknmJhyKQBPXkyMVPnpMSN8Rab5FPo/FagnOik/QmCINi+ulqta6rNcf8hzKTREt
         TeuBAggpMwZ0yw/MPpEhS6Y93vRRiqb2pEBYtm1yKFGTg3dLyQK6bSyTFQCPQ8ohtCI3
         69hg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=dnxfuBjw;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id dt10si3317795ejb.461.2020.10.24.08.47.36;
        Sat, 24 Oct 2020 08:47:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=dnxfuBjw;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1761734AbgJXPd1 (ORCPT <rfc822;crosarcplusplustest@gmail.com>
        + 99 others); Sat, 24 Oct 2020 11:33:27 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35002 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1761722AbgJXPd0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 24 Oct 2020 11:33:26 -0400
Received: from mail-pj1-x1044.google.com (mail-pj1-x1044.google.com [IPv6:2607:f8b0:4864:20::1044])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 37BC0C0613CE
        for <linux-kernel@vger.kernel.org>; Sat, 24 Oct 2020 08:33:25 -0700 (PDT)
Received: by mail-pj1-x1044.google.com with SMTP id lt2so782495pjb.2
        for <linux-kernel@vger.kernel.org>; Sat, 24 Oct 2020 08:33:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=content-transfer-encoding:from:mime-version:subject:date:message-id
         :references:cc:in-reply-to:to;
        bh=ib38EIy6KqLbCzhDsFX9vIfwgtD2o848KUSoNeoy71c=;
        b=dnxfuBjwv5FMkjO6AewL+ulzI0aF/VKrEXZJMr5COvNpsmDT169bdMvM7NAFMy0AIP
         0cezUlAz0CdahUo02n5yI84ygZcW1WzrfudsjVjy2QhGQDcYEBHYMUEA4XX45C+72HZZ
         IX2k9rwBSrfDIkWxLLEnSgidw4Dn7VrnIUQmJOJFx3ZzrYyJ5teVXBFatRNCLdBFwPYD
         v3Gg8TmHdCOkTiD1waFy2JeJ3ybGwd8THrbi5b7w4f3pW731xWrvSHtV101NC/4hXHti
         C/OwfdP+LB+qYDi3Smw4SRTYyH35q5L6ZUX28af4OWofwyLnsPXNJMySEhXS3stk3u4X
         Dajg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:content-transfer-encoding:from:mime-version
         :subject:date:message-id:references:cc:in-reply-to:to;
        bh=ib38EIy6KqLbCzhDsFX9vIfwgtD2o848KUSoNeoy71c=;
        b=lzPdnLbIifTW/RZQTdQUZiwi1mDPxOUI0ZN1AKsE8YWnPqo90nJTGgiou/wmLrKJFn
         Hvm3cqOFgmRDc8/Q+AuKQecMzrBw+VHnisYn+dFej1+IYQemFlWlSbngfxTPtjS357p7
         Px7bPZEtsHoVrFr0MQCqs7thxIuXmfRRTYYFFDAO/otZShA8zrZ6GI+AW+rXiuHPy2f0
         lXN6ORjuCciGXdb/5RufK63DA1UA2jm4Xs5tHM2Vy/aawOFVa1xi3T2rjq1bC0helI54
         6U24GGsOyxv3SzKGSAx5yvIIP5zdhOTQb4n4On0zo13l+zW2k0UwcgysYUNWvYBpSsqu
         DXPg==
X-Gm-Message-State: AOAM531Yi8JuPv+DTlaus0jPgQYHLIcUx13KSjo9ZwiUYmUKLY4tnx0v
        t2q1oZreDPhtKtxvUPK8LdKOFg==
X-Received: by 2002:a17:90a:191b:: with SMTP id 27mr9285727pjg.115.1603553604710;
        Sat, 24 Oct 2020 08:33:24 -0700 (PDT)
Received: from ?IPv6:2601:646:c200:1ef2:21c5:78e1:e2a4:4021? ([2601:646:c200:1ef2:21c5:78e1:e2a4:4021])
        by smtp.gmail.com with ESMTPSA id 8sm6351973pfn.54.2020.10.24.08.33.23
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Sat, 24 Oct 2020 08:33:23 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From:   Andy Lutomirski <luto@amacapital.net>
Mime-Version: 1.0 (1.0)
Subject: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
Date:   Sat, 24 Oct 2020 08:33:21 -0700
Message-Id: <3655FF47-15D7-4433-81B7-FC070E32B541@amacapital.net>
References: <20201024143744.GA17727@wind.enjellic.com>
Cc:     Sean Christopherson <sean.j.christopherson@intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        Haitao Huang <haitao.huang@linux.intel.com>,
        Andy Lutomirski <luto@kernel.org>, X86 ML <x86@kernel.org>,
        linux-sgx@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
        Linux-MM <linux-mm@kvack.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Matthew Wilcox <willy@infradead.org>,
        Jethro Beekman <jethro@fortanix.com>,
        Darren Kenny <darren.kenny@oracle.com>,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        asapek@google.com, Borislav Petkov <bp@alien8.de>,
        "Xing, Cedric" <cedric.xing@intel.com>, chenalexchen@google.com,
        Conrad Parker <conradparker@google.com>, cyhanish@google.com,
        "Huang, Haitao" <haitao.huang@intel.com>,
        Josh Triplett <josh@joshtriplett.org>,
        "Huang, Kai" <kai.huang@intel.com>,
        "Svahn, Kai" <kai.svahn@intel.com>, Keith Moyer <kmoy@google.com>,
        Christian Ludloff <ludloff@google.com>,
        Neil Horman <nhorman@redhat.com>,
        Nathaniel McCallum <npmccallum@redhat.com>,
        Patrick Uiterwijk <puiterwijk@redhat.com>,
        David Rientjes <rientjes@google.com>,
        Thomas Gleixner <tglx@linutronix.de>, yaozhangx@google.com
In-Reply-To: <20201024143744.GA17727@wind.enjellic.com>
To:     "Dr. Greg" <greg@enjellic.com>
X-Mailer: iPhone Mail (18A393)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> On Oct 24, 2020, at 7:38 AM, Dr. Greg <greg@enjellic.com> wrote:
>=20

>=20
> I can't bring myself to believe that LSM's are going to be written
> that will be making enclave security decisions on a page by page
> basis.  Given what I have written above, I think all of this comes
> down to giving platform administrators one of three decisions, in
> order of most to least secure:
>=20
> 1.) Block dynamic code loading and execution.
>=20

I don=E2=80=99t understand what you=E2=80=99re trying to say. Unless we=E2=80=
=99re going to split enclaves into multiple VMAs with different permissions,=
 how do you expect to block dynamic code loading unless you have separate RW=
 and RX pages?  That would be =E2=80=9Cpage-by-page=E2=80=9D, right?

> 2.) Block access to RWX pages.
>=20
> 3.) The wild west - no restrictions on enclave page protection manipulatio=
n.
>=20
> =46rom a security perspective I would argue for the wisdom of making
> option 1 unconditional via a kernel command-line parameter.
>=20
> It may be that ->mprotect is the right mechanism to implement this.
> If that is the case, frame the discussion and documentation so that it
> reflects the actual security threat and the consideration and means
> for dealing with it.
>=20
> Hopefully all of this is useful to the stakeholders in this
> technology.
>=20
> Have a good weekend.
>=20
> Dr. Greg
>=20
> As always,
> Dr. Greg Wettstein, Ph.D, Worker      Autonomously self-defensive
> Enjellic Systems Development, LLC     IOT platforms and edge devices.
> 4206 19th Ave. N.
> Fargo, ND  58102
> PH: 701-281-1686                      EMAIL: greg@enjellic.com
> --------------------------------------------------------------------------=
----
> "Politics is the business of getting power and privilege without possessin=
g
> merit."
>                                -- P.J. O'Rourke