From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Dave Hansen <dave.hansen@intel.com>
Cc: Haitao Huang <haitao.huang@linux.intel.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>, X86 ML <x86@kernel.org>,
linux-sgx@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>,
Andrew Morton <akpm@linux-foundation.org>,
Matthew Wilcox <willy@infradead.org>,
Jethro Beekman <jethro@fortanix.com>,
Darren Kenny <darren.kenny@oracle.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
asapek@google.com, Borislav Petkov <bp@alien8.de>,
"Xing, Cedric" <cedric.xing@intel.com>,
chenalexchen@google.com, Conrad Parker <conradparker@google.com>,
cyhanish@google.com, "Huang, Haitao" <haitao.huang@intel.com>,
Josh Triplett <josh@joshtriplett.org>,
"Huang, Kai" <kai.huang@intel.com>,
"Svahn, Kai" <kai.svahn@intel.com>, Keith Moyer <kmoy@google.com>,
Christian Ludloff <ludloff@google.com>,
Neil Horman <nhorman@redhat.com>,
Nathaniel McCallum <npmccallum@redhat.com>,
Patrick Uiterwijk <puiterwijk@redhat.com>,
David Rientjes <rientjes@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
yaozhangx@google.com
Subject: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
Date: Fri, 25 Sep 2020 12:43:04 -0700 [thread overview]
Message-ID: <20200925194304.GE31528@linux.intel.com> (raw)
In-Reply-To: <32fc9df4-d4aa-6768-aa06-0035427b7535@intel.com>
On Fri, Sep 25, 2020 at 10:18:28AM -0700, Dave Hansen wrote:
> Thanks for the walkthrough. The thing that clicked for me seeing those
> examples was how the earlier ioctl(ADD_PAGE) is "bound" to later
> enforcement actions at enclave PTE creation time.
>
> On 9/24/20 5:00 PM, Sean Christopherson wrote:
> > My concern is that if we merge this
> >
> > ioctl(sgx_fd, ENCLAVE_ADD_PAGE, SGX_PROT_READ | SGX_PROT_EXEC, ptr, size);
> >
> > without ->mprotect(), we can't actually enforce the declared protections. And
> > if we drop the field altogether:
> >
> > ioctl(sgx_fd, ENCLAVE_ADD_PAGE, ptr, size);
> >
> > then we can't implement security_enclave_load().
>
> To me, it's perfectly OK to have parts of the ABI which are unused. It
> sure makes them harder to test if there are no actual users in the code,
> but if it solves a real problem with the ABI, I'm fine with it.
>
> Let's see if I can put all the pieces together.
>
> Background:
>
> 1. SGX enclave pages are populated with data by copying data to them
> from normal memory via: ioctl(sgx_fd, ENCLAVE_ADD_PAGE, src_ptr...);
> 2. We want to be able to restrict those normal memory data sources. For
> instance, before copying data to an executable enclave page, we might
> ensure that the source is executable.
> 3. Enclave page permissions are dynamic just like normal permissions and
> can be adjusted at runtime with mprotect() (along with a
> corresponding special instruction inside the enclave)
> 4. The original data source may have have long since vanished at the
> time when enclave page permission are established (mmap() or
> mprotect())
>
> Solution:
>
> The solution is to force enclaves creators to declare their intent up
> front to ioctl(ENCLAVE_ADD_PAGE). This intent can me immediately
> compared to the source data mapping (and rejected if necessary). It is
> also stashed off and then later compared with enclave PTEs to ensure
> that any future mmap()/mprotect() operations performed by the enclave
> creator or the enclave itself are consistent with the earlier declared
> permissions.
>
> Essentially, this means that whenever the kernel is asked to change an
> enclave PTE, it needs to ensure the change is consistent with that
> stashed intent. There is an existing vm_ops->mmap() hook which allows
> SGX to do that for mmap(). However, there is no ->mprotect() hook. Add
> a vm_ops->mprotect() hook so that mprotect() operations which are
> inconsistent with any page's stashed intent can be rejected by the driver.
Yes to all of the above.
> Implications:
>
> However, there is currently no implementation of the intent checks at
> the time of ioctl(ENCLAVE_ADD_PAGE).
Correct.
> That means that the intent argument (SGX_PROT_*) is currently unused.
No, the intent argument is used (eventually) by SGX's ->mprotect()
implementation, i.e. sgx_mprotect() enforces that the actual protections are a
subset of the declared/intended protections.
If ->mprotect() is not merged, then it yes, it will be unused. And therein
lies the problem as the kernel can't start using/enforcing the intent without
breaking userspace. E.g. an enclave loaded with SGX_PROT_READ but mprotect()'d
with PROT_READ | PROT_EXEC would break if sgx_mprotect() came along.
One way to avoid introducing ->mprotect() would be to require all enclaves to
declare all pages with READ|WRITE|EXEC. Then we could drop sgx_mprotect()
since the mprotect() permissions are guaranteed to be a subset of the declared
permissions. That would have the added bonus of eliminating the per-page
checks in sgx_mmap()/sgx_mprotect(), though I've no idea if that is a
meaningful optmization or it's lost in the noise.
The big downside of requiring READ|WRITE|EXEC is that it will make life hell
for a LSM policy owner if they ever want to apply EXECMEM or EXECMOD style
restritions on enclaves, i.e. if SELinux folks want to add
security_enclave_load().
I find that I'm more or less ok with that approach, in no small part because
introducing security_enclave_load() might be a pretty big "if", e.g. security
folks may decide that they'd rather allow/deny enclaves based on the
measurement or signer of the enclave and eschew per-page checks entirely.
> --
>
> Is that all correct? Did I miss anything?
next prev parent reply other threads:[~2020-09-25 22:45 UTC|newest]
Thread overview: 187+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-15 11:28 [PATCH v38 00/24] Intel SGX foundations Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 01/24] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 02/24] x86/cpufeatures: x86/msr: Add Intel SGX Launch Control " Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 03/24] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX Jarkko Sakkinen
2020-09-16 11:44 ` Borislav Petkov
2020-09-16 20:30 ` Jarkko Sakkinen
2020-09-16 20:32 ` Borislav Petkov
2020-09-15 11:28 ` [PATCH v38 04/24] x86/sgx: Add SGX microarchitectural data structures Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 05/24] x86/sgx: Add wrappers for ENCLS leaf functions Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 06/24] x86/cpu/intel: Detect SGX support Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 07/24] x86/cpu/intel: Add nosgx kernel parameter Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 08/24] x86/sgx: Initialize metadata for Enclave Page Cache (EPC) sections Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 09/24] x86/sgx: Add __sgx_alloc_epc_page() and sgx_free_epc_page() Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 10/24] mm: Add vm_ops->mprotect() Jarkko Sakkinen
2020-09-18 12:44 ` Borislav Petkov
2020-09-18 15:09 ` Andy Lutomirski
2020-09-18 23:24 ` [PATCH v38 10/24] mm: Add vm_ops->mprotect()' Jarkko Sakkinen
2020-09-18 23:53 ` [PATCH v38 10/24] mm: Add vm_ops->mprotect() Sean Christopherson
2020-09-19 0:15 ` Andy Lutomirski
2020-09-22 12:58 ` Jarkko Sakkinen
2020-09-22 15:11 ` Dave Hansen
2020-09-23 13:30 ` Jarkko Sakkinen
2020-09-23 13:43 ` Jarkko Sakkinen
2020-09-23 14:33 ` Jarkko Sakkinen
2020-09-24 14:50 ` Dave Hansen
2020-09-24 16:27 ` Sean Christopherson
2020-09-24 19:35 ` Jarkko Sakkinen
2020-09-21 12:49 ` Jarkko Sakkinen
2020-09-21 12:51 ` Jarkko Sakkinen
2020-09-21 13:14 ` Jarkko Sakkinen
2020-09-21 16:57 ` Sean Christopherson
2020-09-21 21:07 ` Jarkko Sakkinen
2020-09-21 21:18 ` Sean Christopherson
2020-09-22 5:29 ` Jarkko Sakkinen
2020-09-22 5:35 ` Jarkko Sakkinen
2020-09-22 16:43 ` Sean Christopherson
2020-09-23 13:50 ` Jarkko Sakkinen
2020-09-24 19:11 ` Haitao Huang
2020-09-24 19:28 ` Sean Christopherson
2020-09-24 19:39 ` Dave Hansen
2020-09-24 20:01 ` Sean Christopherson
2020-09-24 20:10 ` Dave Hansen
2020-09-24 20:25 ` Sean Christopherson
2020-09-24 20:54 ` Dave Hansen
2020-09-24 22:10 ` Jarkko Sakkinen
2020-09-24 23:05 ` Sean Christopherson
2020-09-24 23:09 ` Dave Hansen
2020-09-25 0:00 ` Sean Christopherson
2020-09-25 17:18 ` Dave Hansen
2020-09-25 19:43 ` Sean Christopherson [this message]
2020-09-25 19:53 ` Dave Hansen
2020-09-26 4:15 ` Andy Lutomirski
2020-09-28 0:53 ` Jarkko Sakkinen
2020-09-28 14:04 ` Dave Hansen
2020-09-28 16:19 ` Jarkko Sakkinen
2020-09-28 16:48 ` Dave Hansen
2020-09-28 19:32 ` Jarkko Sakkinen
2020-09-28 19:45 ` Dave Hansen
2020-09-28 20:19 ` Jarkko Sakkinen
2020-09-29 1:37 ` Andy Lutomirski
2020-09-29 4:05 ` Jarkko Sakkinen
2020-09-29 14:24 ` Dave Hansen
2020-09-30 0:20 ` Jarkko Sakkinen
2020-09-30 14:35 ` Dave Hansen
2020-09-28 20:18 ` Jarkko Sakkinen
2020-10-18 8:49 ` Dr. Greg
2020-10-19 21:31 ` Sean Christopherson
2020-10-20 10:01 ` Dr. Greg
2020-10-20 16:40 ` Sean Christopherson
2020-10-24 14:37 ` Dr. Greg
2020-10-24 15:33 ` Andy Lutomirski
2020-10-26 10:51 ` Dr. Greg
2020-10-26 22:59 ` Andy Lutomirski
2020-10-27 0:40 ` Sean Christopherson
2020-09-24 22:07 ` Jarkko Sakkinen
2020-09-24 21:58 ` Jarkko Sakkinen
2020-09-24 21:55 ` Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 11/24] x86/sgx: Add SGX enclave driver Jarkko Sakkinen
2020-09-21 9:30 ` Borislav Petkov
2020-09-21 12:09 ` Jarkko Sakkinen
2020-10-01 17:36 ` Sean Christopherson
2020-10-01 18:49 ` Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 12/24] x86/sgx: Add SGX_IOC_ENCLAVE_CREATE Jarkko Sakkinen
2020-09-21 10:03 ` Borislav Petkov
2020-09-21 12:28 ` Jarkko Sakkinen
2020-09-21 13:51 ` Borislav Petkov
2020-09-21 19:29 ` Jarkko Sakkinen
2020-10-03 0:23 ` Haitao Huang
2020-10-03 3:24 ` Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT Jarkko Sakkinen
2020-09-21 17:35 ` Borislav Petkov
2020-09-21 18:10 ` Sean Christopherson
2020-09-21 18:27 ` Borislav Petkov
[not found] ` <20200921191658.GA24823@linux.intel.com>
2020-09-22 8:29 ` Borislav Petkov
2020-09-22 11:50 ` Jarkko Sakkinen
2020-09-22 12:56 ` Jethro Beekman
2020-09-22 14:29 ` Borislav Petkov
2020-09-23 14:47 ` Jarkko Sakkinen
2020-09-23 15:55 ` Borislav Petkov
2020-09-24 12:23 ` Jarkko Sakkinen
2020-09-22 16:29 ` Sean Christopherson
2020-09-21 19:22 ` Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 15/24] x86/sgx: Enable provisioning for remote attestation Jarkko Sakkinen
2020-09-21 18:07 ` Borislav Petkov
2020-09-21 19:27 ` Jarkko Sakkinen
2020-09-21 19:41 ` Borislav Petkov
2020-09-21 21:26 ` Jarkko Sakkinen
2020-09-22 8:30 ` Borislav Petkov
2020-09-15 11:28 ` [PATCH v38 16/24] x86/sgx: Add a page reclaimer Jarkko Sakkinen
2020-09-22 10:45 ` Borislav Petkov
2020-09-22 14:03 ` Jarkko Sakkinen
2020-09-22 14:24 ` Borislav Petkov
2020-09-23 14:52 ` Jarkko Sakkinen
2020-09-29 1:14 ` Sean Christopherson
2020-09-29 3:50 ` Jarkko Sakkinen
2020-09-29 8:35 ` Sean Christopherson
2020-09-22 16:24 ` Sean Christopherson
2020-09-22 18:02 ` Borislav Petkov
2020-09-23 15:25 ` Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 17/24] x86/sgx: ptrace() support for the SGX driver Jarkko Sakkinen
2020-09-22 15:44 ` Borislav Petkov
2020-09-23 13:20 ` Jarkko Sakkinen
2020-09-23 16:17 ` Borislav Petkov
2020-09-24 11:51 ` Jarkko Sakkinen
2020-09-24 15:57 ` Borislav Petkov
2020-09-24 20:38 ` [PATCH v38 17/24] x86/sgx: ptrace() support for the SGX driver' Jarkko Sakkinen
2020-09-24 20:40 ` Jarkko Sakkinen
2020-09-25 7:53 ` Borislav Petkov
2020-09-25 11:00 ` Jarkko Sakkinen
2020-09-25 7:51 ` Borislav Petkov
2020-09-25 11:21 ` Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 18/24] x86/vdso: Add support for exception fixup in vDSO functions Jarkko Sakkinen
2020-09-23 22:07 ` Borislav Petkov
2020-09-24 12:09 ` Jarkko Sakkinen
2020-09-24 16:00 ` Borislav Petkov
2020-09-24 21:07 ` Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 19/24] x86/fault: Add helper function to sanitize error code Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 20/24] x86/traps: Attempt to fixup exceptions in vDSO before signaling Jarkko Sakkinen
2020-09-24 16:31 ` Borislav Petkov
2020-09-24 23:11 ` Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call Jarkko Sakkinen
2020-09-24 18:04 ` Borislav Petkov
2020-09-25 1:00 ` Jarkko Sakkinen
2020-09-25 8:28 ` Borislav Petkov
2020-09-27 23:37 ` Jarkko Sakkinen
2020-09-28 8:30 ` Borislav Petkov
2020-09-28 15:02 ` Jarkko Sakkinen
2020-09-25 8:39 ` Jethro Beekman
2020-09-25 11:17 ` Jarkko Sakkinen
2020-09-25 11:43 ` Jethro Beekman
[not found] ` <20200925003808.GB20333@linux.intel.com>
2020-09-25 1:04 ` Jarkko Sakkinen
2020-09-25 8:14 ` Borislav Petkov
2020-09-25 10:59 ` Jarkko Sakkinen
2020-09-28 14:36 ` Jarkko Sakkinen
2020-09-25 18:23 ` Andrew Cooper
2020-09-28 0:58 ` Jarkko Sakkinen
2020-09-28 16:44 ` Andrew Cooper
2020-09-28 18:07 ` H.J. Lu
2020-09-28 18:12 ` Andy Lutomirski
2020-09-28 18:17 ` Dave Hansen
2020-09-28 22:07 ` Jarkko Sakkinen
2020-09-28 21:56 ` Jarkko Sakkinen
2020-09-28 22:06 ` H.J. Lu
2020-09-28 22:18 ` Dave Hansen
2020-09-28 22:41 ` Andy Lutomirski
2020-09-28 23:38 ` Andrew Cooper
2020-09-29 14:10 ` Dave Hansen
2020-09-29 15:01 ` Andrew Cooper
2020-09-28 21:41 ` Jarkko Sakkinen
2020-09-28 20:42 ` Jarkko Sakkinen
2020-09-28 23:52 ` Andrew Cooper
2020-09-30 0:52 ` Jarkko Sakkinen
2020-09-28 15:43 ` Yu, Yu-cheng
2020-09-28 15:54 ` H.J. Lu
2020-09-28 16:40 ` Yu, Yu-cheng
2020-09-28 21:36 ` Jarkko Sakkinen
2020-09-28 20:56 ` Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 22/24] selftests/x86: Add a selftest for SGX Jarkko Sakkinen
2020-09-15 11:28 ` [PATCH v38 23/24] docs: x86/sgx: Document SGX micro architecture and kernel internals Jarkko Sakkinen
2020-09-23 13:50 ` Borislav Petkov
2020-09-24 11:28 ` Jarkko Sakkinen
2020-09-24 15:54 ` Borislav Petkov
2020-09-15 11:28 ` [PATCH v38 24/24] x86/sgx: Update MAINTAINERS Jarkko Sakkinen
2020-09-25 22:37 ` Sean Christopherson
2020-09-28 0:44 ` Jarkko Sakkinen
-- strict thread matches above, loose matches on Subject: below --
2020-09-15 11:04 [PATCH v38 00/24] Intel SGX foundations Jarkko Sakkinen
2020-09-15 11:05 ` [PATCH v38 10/24] mm: Add vm_ops->mprotect() Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200925194304.GE31528@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=asapek@google.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=chenalexchen@google.com \
--cc=conradparker@google.com \
--cc=cyhanish@google.com \
--cc=darren.kenny@oracle.com \
--cc=dave.hansen@intel.com \
--cc=haitao.huang@intel.com \
--cc=haitao.huang@linux.intel.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jethro@fortanix.com \
--cc=josh@joshtriplett.org \
--cc=kai.huang@intel.com \
--cc=kai.svahn@intel.com \
--cc=kmoy@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-sgx@vger.kernel.org \
--cc=ludloff@google.com \
--cc=luto@kernel.org \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=puiterwijk@redhat.com \
--cc=rientjes@google.com \
--cc=tglx@linutronix.de \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
--cc=yaozhangx@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.