Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp789412pxp; Fri, 11 Mar 2022 15:10:50 -0800 (PST) X-Google-Smtp-Source: ABdhPJz1q3GE8GEaGAtDR4K6HRkr8oppYdeeP4Hn0ddHb2klrKyEHs5uA357UP2FVdTsGz7I3C3j X-Received: by 2002:a17:90b:4b4a:b0:1bf:83d:6805 with SMTP id mi10-20020a17090b4b4a00b001bf083d6805mr24864944pjb.174.1647040249976; Fri, 11 Mar 2022 15:10:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1647040249; cv=none; d=google.com; s=arc-20160816; b=uNWagM+L9Vo8L7kCp8pY02yrd+73vq4pWf/llBzpkHiVHGRxJUyaqoyslR2XIiyMeV PAGJcZyvdX5bQdCQMHwjd5rRn4I5/uDZGKIfkXhZVC5A9nzpvU7N4eLaKKb5LAiVve5z LTRro7n6gron2XsR2WQtmkDVWSmFoMpa+qmsXEcflH0236VAl8CYGi3RQ0W/zZX8a9EU ITBs6PYnPDBgofs58rWOUCa9IAX8QYgvxSt7k+kVNRIUDSKjv22RVebwJ9Y+ABQA5lPv HQHxpsWori/9c9z5bMGcupwEb7b0jX4VkRxpk6YxfLlwwQ1T7NHCALSFnotHqar3VyYg N1QQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Llgzu+dFTeSZfQpiKcovgTmhQr2oAhKo8uNAOqROiM8=; b=guCVkfO3fDpotVJWQZZnSVUygQHifqxQ7gVffyd5Kgb3VzEdjYR/oTdJh/DAse8BDm UMg+Mvq7DMJnFYD6CUiU6IcZrmVp8L6knFHRbKUd7aOjRqmlrQCXgpy69Mnjn1z981kj LSAKcLzTuNSkeqlDqKwkCZ/sI4DKUIDbSnxjFg/WSu4B2fnnGgDjWKY4C+3C4RbMAb91 VVMboPGSJrwo1xbV56FcLCnL30fuEp3SXRYVNQg3w5qx6dFV9+WhXEBtHonCdLn7Sn6u vc1JjubNb+rJHqgi2vBYLc3nRUUN3DxptwvGXehPXaR1R8bVjwVF9RcFtwlxUxEuaq9S Plcw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=N3RFX+qa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id m14-20020a170902f64e00b0014f66f6d7a3si9196959plg.536.2022.03.11.15.10.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Mar 2022 15:10:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=N3RFX+qa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 26EE13A81F0; Fri, 11 Mar 2022 14:08:38 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348383AbiCKMSh (ORCPT + 99 others); Fri, 11 Mar 2022 07:18:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38288 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244159AbiCKMSf (ORCPT ); Fri, 11 Mar 2022 07:18:35 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D6992E9; Fri, 11 Mar 2022 04:17:31 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id D9A10B82BBB; Fri, 11 Mar 2022 12:17:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 13A95C340E9; Fri, 11 Mar 2022 12:17:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1647001048; bh=4KR79/QFpD8D6jIFOAVYVeGueEymFaQwSUDEPtaldDg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=N3RFX+qaYpipuybfDs6N9zcNssI3ASq/gyfZ3LHq4FG7zY/xaaMLvPkM4BbN6pEfz wGOZEm3bihAwtg7SvPK4KbJfkLzt0YcpC52GReWn993rRH+gwZfXwc5B+KeTDiCJJ1 wlx/Whvj3q0NKwUVnzCKgZjY0V4gGmBhj8PUC4Tkc2qPLNd+hW4e4aXjjbox3JNmFN xUP8VujRsGsZ2pGcFK5fze744XGIWKNegpMS1sf+ooir1pyZY7zzOc8NzXLuyWn8Jz P1BEjrJJxoY3WH1PM3P8vJXCqUmx30UGjpYMKHDrpW+hp3FXwwCGw9Pk/GgZSRbG1r KvYaI3hUG4ChQ== Date: Fri, 11 Mar 2022 14:16:44 +0200 From: Jarkko Sakkinen To: Haitao Huang , "Chatre, Reinette" Cc: "Dhanraj, Vijay" , "dave.hansen@linux.intel.com" , "tglx@linutronix.de" , "bp@alien8.de" , "Lutomirski, Andy" , "mingo@redhat.com" , "linux-sgx@vger.kernel.org" , "x86@kernel.org" , "Christopherson,, Sean" , "Huang, Kai" , "Zhang, Cathy" , "Xing, Cedric" , "Huang, Haitao" , "Shanahan, Mark" , "hpa@zytor.com" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH V2 16/32] x86/sgx: Support restricting of enclave page permissions Message-ID: References: <4ce06608b5351f65f4e6bc6fc87c88a71215a2e7.1644274683.git.reinette.chatre@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 11, 2022 at 02:10:24PM +0200, Jarkko Sakkinen wrote: > On Thu, Mar 10, 2022 at 12:33:20PM -0600, Haitao Huang wrote: > > Hi Jarkko > > > > I have some trouble understanding the sequences below. > > > > On Thu, 10 Mar 2022 00:10:48 -0600, Jarkko Sakkinen > > wrote: > > > > > On Wed, Feb 23, 2022 at 07:21:50PM +0000, Dhanraj, Vijay wrote: > > > > Hi All, > > > > > > > > Regarding the recent update of splitting the page permissions change > > > > request into two IOCTLS (RELAX and RESTRICT), can we combine them into > > > > one? That is, revert to how it was done in the v1 version? > > > > > > > > Why? Currently in Gramine (a library OS for unmodified applications, > > > > https://gramineproject.io/) with the new proposed change, one needs to > > > > store the page permission for each page or range of pages. And for every > > > > request of `mmap` or `mprotect`, Gramine would have to do a lookup > > > > of the > > > > page permissions for the request range and then call the respective > > > > IOCTL > > > > either RESTRICT or RELAX. This seems a little overwhelming. > > > > > > > > Request: Instead, can we do `MODPE`, call `RESTRICT` IOCTL, and then do > > > > an `EACCEPT` irrespective of RELAX or RESTRICT page permission request? > > > > With this approach, we can avoid storing page permissions and simplify > > > > the implementation. > > > > > > > > I understand RESTRICT IOCTL would do a `MODPR` and trigger `ETRACK` > > > > flows > > > > to do TLB shootdowns which might not be needed for RELAX IOCTL but I am > > > > not sure what will be the performance impact. Is there any data point to > > > > see the performance impact? > > > > > > > > Thanks, > > > > -Vijay > > > > > > This should get better in the next versuin. "relax" is gone. And for > > > dynamic EAUG'd pages only VMA and EPCM permissions matter, i.e. > > > internal vm_max_prot_bits is set to RWX. > > > > > > I patched the existing series eno > > > > > > For Enarx I'm using the following patterns. > > > > > > Shim mmap() handler: > > > 1. Ask host for mmap() syscall. > > > 2. Construct secinfo matching the protection bits. > > > 3. For each page in the address range: EACCEPTCOPY with a > > > zero page. > > > > For EACCEPTCOPY to work, I believe PTE.RW is required for the target page. > > So this only works for mmap(..., RW) or mmap(...,RWX). > > I use it only with EAUG. > > > So that gives you pages with RW/RWX. > > > > To change permissions of any of those pages from RW/RWX to R/RX , you need > > call ENCLAVE_RESTRICT_PERMISSIONS ioctl with R or with PROT_NONE. you can't > > just do EMODPE. > > > > so for RW->R, you either: > > > > 1)EMODPR(EPCM.NONE) > > 2)EACCEPT(EPCM.NONE) > > 3)EMODPE(R) -- not sure this would work as spec says EMODPE requires "Read > > access permitted by enclave" > > > > or: > > > > 1)EMODPR(EPCM.PROT_R) > > 2)EACCEPT(EPCM.PROT_R) > > I checked from SDM and you're correct. > > Then the appropriate thing is to reset to R. > > > > Shim mprotect() handler: > > > 1. Ask host for mprotect() syscall. > > > 2. For each page in the address range: EACCEPT with PROT_NONE > > > secinfo and EMODPE with the secinfo having the prot bits. > > > > EACCEPT requires PTE.R. And EAUG'd pages will always initialized with > > EPCM.RW, > > so EACCEPT(EPCM.PROT_NONE) will fail with SGX_PAGE_ATTRIBUTES_MISMATCH. > > Ditto. > > > > Backend mprotect() handler: > > > 1. Invoke ENCLAVE_RESTRICT_PERMISSIONS ioctl for the address > > > range with PROT_NONE. > > > 2. Invoke real mprotect() syscall. > > > > > Note #1 can only be done after EACCEPT. MODPR is not allowed for pending > > pages. > > Yes, and that's what I'm doing. After that shim does EACCEPT's in a loop. > > Reinette, the ioctl should already check that either R or W is set in > secinfo and return -EACCES. > > I.e. > > (* Check for misconfigured SECINFO flags*) > IF ( (SCRATCH_SECINFO reserved fields are not zero ) or > (SCRATCH_SECINFO.FLAGS.R is 0 and SCRATCH_SECINFO.FLAGS.W is not 0) ) > THEN #GP(0); FI; > > I was testing this and wondering why my enclave #GP's, and then I checked > SDM after reading Haitao's response. So clearly check in kernel side is > needed. I would consider also adding such check "add pages". It's our least common denominator. If we can assume that at least R is there for every enclave page, then it gives invariant that enables EMODPR with R all the time. BR, Jarkko