Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp641241pxx; Mon, 26 Oct 2020 17:49:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw8PKBqj3TswW1th8kTkAJ9YNYy8bdaMxT3qC826QNwJooyi0X/JjqwSTIYTfruYClA/XYw X-Received: by 2002:aa7:c7d9:: with SMTP id o25mr19127987eds.318.1603759754737; Mon, 26 Oct 2020 17:49:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603759754; cv=none; d=google.com; s=arc-20160816; b=VZVXOweOWMnr7Xz4P3v6XHx5G7Rz7pZv6MyZ+MppAEytAb8suAAMOF/RiOKLaBF2Kw urIVrtBEuZ9kihj8mTnSuJ9704uevwWQPGhLSBcKfJCwFLSXw01KA8acVOII3VbLj9EP MtUSyqw2zVNjXaUrRVZhVEYYHnnsQFcJTM1LCAWgokiSjurZ13ZPKF/+4Zr9+VDKmHcW qpNvFnYmwc+NZmCoVJQ2A9ACXmSqBHjFBGkKTQZw7b+wkpLRi/FaGky0MeiscPLfrLJN XRfC+rJsT9vJ7QHtlQDK7tv5fG4VD7JZHv5Ie0ZbH4OMUl0xIxejmWX8SNYYzuOrOqkG VNww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :ironport-sdr:ironport-sdr; bh=5EUUTrm4TwSrXPcU0eBvoDyvDaa+sJIUm+oIgcXUm2w=; b=iROaSurhnsi5/vHR0VWXyEhXaiu7cyrzg1dbsYsMqDYewjZl67OC96j/UxLqX/whNq RLZPQEqgyh8dB0LhxFxBUwgip7gDUG4cYgoOUefXWrYZvPEEkTmiYH/I/Zdsvh/kH16A IFlgp6rzLpiR/DPyXA0A5U1gQ30v5V/219DEd3OwP4bwXcBjt0qGeNFMbQXGciP00Nbo QfpfhjATOhYe1ebYJ9z9T3cb3+suPskYwPkF4FWA8pRM6J3L3SAlKt1drheCZD3FKuXf Y0InMymPmNz4dz5nzBkU7uzylHFW38ZE4//NHkm6lcO7NjAmabeASbU9W0YreiAzb1Ee r8eA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g1si11137880edn.100.2020.10.26.17.48.53; Mon, 26 Oct 2020 17:49:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2502219AbgJ0Aly (ORCPT + 99 others); Mon, 26 Oct 2020 20:41:54 -0400 Received: from mga11.intel.com ([192.55.52.93]:46229 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2502186AbgJ0Akw (ORCPT ); Mon, 26 Oct 2020 20:40:52 -0400 IronPort-SDR: cGpjSswb0eCKVeqfg0FtFmABXxq8+3f6yrSNERdiXOPp46DlYSG3uGKrj4cnlLU8126Wnz0Vwh OTXFxlIhV5vg== X-IronPort-AV: E=McAfee;i="6000,8403,9786"; a="164509022" X-IronPort-AV: E=Sophos;i="5.77,421,1596524400"; d="scan'208";a="164509022" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2020 17:40:51 -0700 IronPort-SDR: os461CjYNM3H4l2jv7ewAZ4j2EOy4Rs+7Bp43uIB9IyeLcIxtvzxY2ip6+5KItGClBh6ZQbLuR E4LNYcB7UQGw== X-IronPort-AV: E=Sophos;i="5.77,421,1596524400"; d="scan'208";a="322739919" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.160]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2020 17:40:50 -0700 Date: Mon, 26 Oct 2020 17:40:49 -0700 From: Sean Christopherson To: Andy Lutomirski Cc: "Dr. Greg" , Dave Hansen , Jarkko Sakkinen , Haitao Huang , Andy Lutomirski , X86 ML , linux-sgx@vger.kernel.org, LKML , Linux-MM , Andrew Morton , Matthew Wilcox , Jethro Beekman , Darren Kenny , Andy Shevchenko , asapek@google.com, Borislav Petkov , "Xing, Cedric" , chenalexchen@google.com, Conrad Parker , cyhanish@google.com, "Huang, Haitao" , Josh Triplett , "Huang, Kai" , "Svahn, Kai" , Keith Moyer , Christian Ludloff , Neil Horman , Nathaniel McCallum , Patrick Uiterwijk , David Rientjes , Thomas Gleixner , yaozhangx@google.com Subject: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect() Message-ID: <20201027004048.GC28122@linux.intel.com> References: <20201026105128.GA30004@wind.enjellic.com> <4B39703F-280C-4AED-B4BB-047BD216B792@amacapital.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4B39703F-280C-4AED-B4BB-047BD216B792@amacapital.net> User-Agent: Mutt/1.5.24 (2015-08-30) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 26, 2020 at 03:59:35PM -0700, Andy Lutomirski wrote: > > On Oct 26, 2020, at 3:51 AM, Dr. Greg wrote: > > The open question in all of this is that the EDMM paper, as well as > > the SDM, indicate the effects of an ENCLU[EMODPE] are immediate inside > > of a running enclave. I'm assuming that this does NOT mean that once > > a context of execution is running in enclave mode it would be capable > > of evading standard page protections but the 'immediate' is somewhat > > disquieting and probably deserves clarification, despite Dave Hansen's > > adament concerns about discussing the instruction... :-) > > If EMODPE writes an entry into the TLB that violates PTE permissions, then we > have a real problem. I would be very surprised if this were to be the case. EMODPE only affects the EPCM, it doesn't magically change the PTEs or insert into the TLB. The "immediate" wording in the whitepaper is differentiating it from EMODPR and EMODT, where the modifications only take effect after they have been verified by the enclave via EACCEPT.