Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp208297pxp;
        Wed, 9 Mar 2022 01:01:05 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzUVNbai/5uN7nm1blakf7EiGeBdS/fVDL1XnhIOQ57NAW1nBPrQI732W5dpM9smtHdchgz
X-Received: by 2002:a17:906:2811:b0:6ce:eacf:5210 with SMTP id r17-20020a170906281100b006ceeacf5210mr17489621ejc.618.1646816464841;
        Wed, 09 Mar 2022 01:01:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1646816464; cv=none;
        d=google.com; s=arc-20160816;
        b=qYkYvJZlxos5mcVKxFCVJ4aez0S4Q7HQx1dL+KfxKw3ifmFC0abxiVhIUUO8/xUQ9h
         3kQZg9Qkw+iGFVEwCM7i4SMa2enYfILci5v2yXzlLFssusw6ZZlFVdNW6s+FxJC0rmGH
         LfpN4PLROf1VkE+frcN7+UwpGIzo+Q8rJwjtQV1vHM+LW7dN0FYd9mZF1SfFGp+g0dNA
         mSRhFEzYJzw0/Chejcpwdq/1l9+bOec7NelaczDC5YpMCnRlUnqAdiHdeIG1fPO4LLeY
         Kkl1tshgQ3fDPB5gD1e99hPHNG8wff5DS+7Ca2DrlZ+DDy/t2Wh2IbH9wD83s1JkjSOW
         ZEgg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=d8P5QGLFQ52bJPUP6j1frdhkHhSggnJJDGTpxd0PeGU=;
        b=WBeuVmP8ejlWLEP5LdC9NqQMkV9yH0gEPHE3X7y3yi8BTd9xt5fcG4wZyfj7VrDdNf
         T3Dpr9rsD+x3slD0Wttj4r+y5PKux0wgMlbuqyyu2hU9xbnfRln2+x4/5xl0MrUklNQs
         2jw4sUyIi0er21CZtZwIW7uXvxOUroWadNQ7TnepXq9othtBu9a2q/trNGpafVRgPqZH
         u0BUc4g7wXj+KHd37dfO0sIjoec3MVhNMM3eov11fhDSMCV7mSqEKzdJrAg9Obl+la+Y
         O68vBSslUhr6WvDxxZd3Xna3gfldRSRI20/REiOMKpHJSxruyrgoY6mF9zGoIzmQdc2h
         SCfg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=elGmIHCl;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id bk19-20020a170906b0d300b006cb4fa23664si780676ejb.880.2022.03.09.01.00.41;
        Wed, 09 Mar 2022 01:01:04 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=elGmIHCl;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231551AbiCIIyG (ORCPT <rfc822;antony.sucheston@gmail.com>
        + 99 others); Wed, 9 Mar 2022 03:54:06 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52474 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231527AbiCIIyF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Mar 2022 03:54:05 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1F98624BC3;
        Wed,  9 Mar 2022 00:53:05 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 59E61B81EAB;
        Wed,  9 Mar 2022 08:53:04 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6A855C340E8;
        Wed,  9 Mar 2022 08:53:02 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1646815982;
        bh=wpEIW3SwPpEISRwjNCu5yxdFfn1cnwyk3HFiMUGaj9w=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=elGmIHCl6AlCPZYydvwXmo45L0wIvPpHHIWHBojLETnoaZ9uFe5Wxh3pT8miC8a+r
         yswjkGA+w51Dr+kUhpwu6VTRwJZacWx8V3BQGbsaNqA26SBhYe9lDp1ls32Kfd/Lp5
         jGTWFEAu/FvuSu9hfBYGVWoNOJwRCoDnxifFeu7S73qwh1QryU8ufIaZK8OnITOa76
         oT9pp2g4XiHlsoBisPlVI1KVm/Wnnx22aQfNfg1J7OM/6XTI8kOCOADhgdwPk0Pc7U
         /f9TNyBjO1PvSmBgG+BQrAHQAuAPdW5RmS0bHME9yxL4t8Ms6qQS4VMAi/kehdvW00
         nlvpVY2zdakzQ==
Date:   Wed, 9 Mar 2022 10:52:18 +0200
From:   Jarkko Sakkinen <jarkko@kernel.org>
To:     linux-sgx@vger.kernel.org
Cc:     Nathaniel McCallum <nathaniel@profian.com>,
        Reinette Chatre <reinette.chatre@intel.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>,
        "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" 
        <linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH v2.1 14/30] x86/sgx: Support restricting of enclave
 page permissions
Message-ID: <YihqwiU3Dr5mvMQx@iki.fi>
References: <20220304093524.397485-1-jarkko@kernel.org>
 <20220304093524.397485-14-jarkko@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20220304093524.397485-14-jarkko@kernel.org>
X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Mar 04, 2022 at 11:35:08AM +0200, Jarkko Sakkinen wrote:
> +#define SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS \
> +	_IOWR(SGX_MAGIC, 0x05, struct sgx_enclave_restrict_perm)

What if this was replaced with just SGX_IOC_ENCLAVE_RESET_PAGES, which
would simply do EMODPR with PROT_NONE? The main ingredient of EMODPR is to
flush out the TLB's, and move a page to pending state, which cannot be done
from inside the enclave.

It's there because of microarchitecture constraints, and less so to work as
a reasonable permission control mechanism (actually it does terrible job on
that side and only confuses).

Once you have this magic TLB reset button in place you can just do one
EACCEPT and EMODPE inside the enclave and you're done.

This is also kind of atomic in the sense that EACCEPT free's a page with no
rights so no misuse can happend before EMODPE has tuned EPCM.

BR, Jarkko