Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp1377228pxu; Sat, 24 Oct 2020 08:47:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxISz3IZtAspeQrHO3KJ7P6fBuibFSuvJUSioFxdXPqHhkn7EXeevTZgiBf0D9TQiiEe4fc X-Received: by 2002:a17:906:7157:: with SMTP id z23mr7601739ejj.474.1603554478176; Sat, 24 Oct 2020 08:47:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603554478; cv=none; d=google.com; s=arc-20160816; b=IGli5hiCMDsV3jtgtgQ4MOeBjeARcb9LEY/szmKEWWikSheRbIxsRcPoBOzCqQBSzk 2BGp7AZlqoihQOJZTU8of9hBi1hbF+6E5sUVh3boyD3ZEj5pH75sXWln2xUGM/uV4IlI 4KYeG6Y3u4kRYgO8mq1lsJmMYQ3bMk6nFthntoA6XeAr31KUSu+3qy2PCe1pymqMon+9 LuQOshig/ghqWnUhqxNkOqC462YQwFJTi2zuDl+so23pFyLC4a/j6bfJUxyPr70tcS1t 60iwakEtLK7lF1zBBZsyFQyc8eEwZu5ZLlp0lZY3p1DP2BECtHMwigK5PTkLLgqB0gxB oXOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:in-reply-to:cc:references:message-id:date :subject:mime-version:from:content-transfer-encoding:dkim-signature; bh=ib38EIy6KqLbCzhDsFX9vIfwgtD2o848KUSoNeoy71c=; b=jC23fpCIdRomoGcFg2tT2kXHcX8UU99WqWCD6LMcLat1NTQl771JkkOueuznunbN7x Wi6LJQmFNU1Qm2OX9mvewsfTlxD687cfRd72YnmZ3e756885GLtoFa9Vwt8o1UGN/wyR 1eQ9Dn2jxbdAE5CYQLAvllpx3Q7/n1Bn5Vr0vMSr0mE23zl1EwJnehmboqDZICtggzEq oUx1dknmJhyKQBPXkyMVPnpMSN8Rab5FPo/FagnOik/QmCINi+ulqta6rNcf8hzKTREt TeuBAggpMwZ0yw/MPpEhS6Y93vRRiqb2pEBYtm1yKFGTg3dLyQK6bSyTFQCPQ8ohtCI3 69hg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=dnxfuBjw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dt10si3317795ejb.461.2020.10.24.08.47.36; Sat, 24 Oct 2020 08:47:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=dnxfuBjw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1761734AbgJXPd1 (ORCPT + 99 others); Sat, 24 Oct 2020 11:33:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35002 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1761722AbgJXPd0 (ORCPT ); Sat, 24 Oct 2020 11:33:26 -0400 Received: from mail-pj1-x1044.google.com (mail-pj1-x1044.google.com [IPv6:2607:f8b0:4864:20::1044]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 37BC0C0613CE for ; Sat, 24 Oct 2020 08:33:25 -0700 (PDT) Received: by mail-pj1-x1044.google.com with SMTP id lt2so782495pjb.2 for ; Sat, 24 Oct 2020 08:33:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=ib38EIy6KqLbCzhDsFX9vIfwgtD2o848KUSoNeoy71c=; b=dnxfuBjwv5FMkjO6AewL+ulzI0aF/VKrEXZJMr5COvNpsmDT169bdMvM7NAFMy0AIP 0cezUlAz0CdahUo02n5yI84ygZcW1WzrfudsjVjy2QhGQDcYEBHYMUEA4XX45C+72HZZ IX2k9rwBSrfDIkWxLLEnSgidw4Dn7VrnIUQmJOJFx3ZzrYyJ5teVXBFatRNCLdBFwPYD v3Gg8TmHdCOkTiD1waFy2JeJ3ybGwd8THrbi5b7w4f3pW731xWrvSHtV101NC/4hXHti C/OwfdP+LB+qYDi3Smw4SRTYyH35q5L6ZUX28af4OWofwyLnsPXNJMySEhXS3stk3u4X Dajg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=ib38EIy6KqLbCzhDsFX9vIfwgtD2o848KUSoNeoy71c=; b=lzPdnLbIifTW/RZQTdQUZiwi1mDPxOUI0ZN1AKsE8YWnPqo90nJTGgiou/wmLrKJFn Hvm3cqOFgmRDc8/Q+AuKQecMzrBw+VHnisYn+dFej1+IYQemFlWlSbngfxTPtjS357p7 Px7bPZEtsHoVrFr0MQCqs7thxIuXmfRRTYYFFDAO/otZShA8zrZ6GI+AW+rXiuHPy2f0 lXN6ORjuCciGXdb/5RufK63DA1UA2jm4Xs5tHM2Vy/aawOFVa1xi3T2rjq1bC0helI54 6U24GGsOyxv3SzKGSAx5yvIIP5zdhOTQb4n4On0zo13l+zW2k0UwcgysYUNWvYBpSsqu DXPg== X-Gm-Message-State: AOAM531Yi8JuPv+DTlaus0jPgQYHLIcUx13KSjo9ZwiUYmUKLY4tnx0v t2q1oZreDPhtKtxvUPK8LdKOFg== X-Received: by 2002:a17:90a:191b:: with SMTP id 27mr9285727pjg.115.1603553604710; Sat, 24 Oct 2020 08:33:24 -0700 (PDT) Received: from ?IPv6:2601:646:c200:1ef2:21c5:78e1:e2a4:4021? ([2601:646:c200:1ef2:21c5:78e1:e2a4:4021]) by smtp.gmail.com with ESMTPSA id 8sm6351973pfn.54.2020.10.24.08.33.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 24 Oct 2020 08:33:23 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Andy Lutomirski Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect() Date: Sat, 24 Oct 2020 08:33:21 -0700 Message-Id: <3655FF47-15D7-4433-81B7-FC070E32B541@amacapital.net> References: <20201024143744.GA17727@wind.enjellic.com> Cc: Sean Christopherson , Dave Hansen , Jarkko Sakkinen , Haitao Huang , Andy Lutomirski , X86 ML , linux-sgx@vger.kernel.org, LKML , Linux-MM , Andrew Morton , Matthew Wilcox , Jethro Beekman , Darren Kenny , Andy Shevchenko , asapek@google.com, Borislav Petkov , "Xing, Cedric" , chenalexchen@google.com, Conrad Parker , cyhanish@google.com, "Huang, Haitao" , Josh Triplett , "Huang, Kai" , "Svahn, Kai" , Keith Moyer , Christian Ludloff , Neil Horman , Nathaniel McCallum , Patrick Uiterwijk , David Rientjes , Thomas Gleixner , yaozhangx@google.com In-Reply-To: <20201024143744.GA17727@wind.enjellic.com> To: "Dr. Greg" X-Mailer: iPhone Mail (18A393) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Oct 24, 2020, at 7:38 AM, Dr. Greg wrote: >=20 >=20 > I can't bring myself to believe that LSM's are going to be written > that will be making enclave security decisions on a page by page > basis. Given what I have written above, I think all of this comes > down to giving platform administrators one of three decisions, in > order of most to least secure: >=20 > 1.) Block dynamic code loading and execution. >=20 I don=E2=80=99t understand what you=E2=80=99re trying to say. Unless we=E2=80= =99re going to split enclaves into multiple VMAs with different permissions,= how do you expect to block dynamic code loading unless you have separate RW= and RX pages? That would be =E2=80=9Cpage-by-page=E2=80=9D, right? > 2.) Block access to RWX pages. >=20 > 3.) The wild west - no restrictions on enclave page protection manipulatio= n. >=20 > =46rom a security perspective I would argue for the wisdom of making > option 1 unconditional via a kernel command-line parameter. >=20 > It may be that ->mprotect is the right mechanism to implement this. > If that is the case, frame the discussion and documentation so that it > reflects the actual security threat and the consideration and means > for dealing with it. >=20 > Hopefully all of this is useful to the stakeholders in this > technology. >=20 > Have a good weekend. >=20 > Dr. Greg >=20 > As always, > Dr. Greg Wettstein, Ph.D, Worker Autonomously self-defensive > Enjellic Systems Development, LLC IOT platforms and edge devices. > 4206 19th Ave. N. > Fargo, ND 58102 > PH: 701-281-1686 EMAIL: greg@enjellic.com > --------------------------------------------------------------------------= ---- > "Politics is the business of getting power and privilege without possessin= g > merit." > -- P.J. O'Rourke