From: Jarkko Sakkinen <jarkko@kernel.org>
To: linux-sgx@vger.kernel.org
Cc: Reinette Chatre <reinette.chatre@intel.com>,
Nathaniel McCallum <nathaniel@profian.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
"open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] x86/sgx: Do not limit EAUG'd pages by pre-initialization policy
Date: Fri, 4 Mar 2022 03:32:28 +0200 [thread overview]
Message-ID: <YiFsLLEfZgsavKWD@iki.fi> (raw)
In-Reply-To: <YiFqj/Y+Nor/TJND@iki.fi>
On Fri, Mar 04, 2022 at 03:25:38AM +0200, Jarkko Sakkinen wrote:
> On Fri, Mar 04, 2022 at 03:16:35AM +0200, Jarkko Sakkinen wrote:
> > Pre-initialization policy is meant for EADD'd pages because they are
> > part of the enclave identity. It's a good practice to not let touch the
> > permissions after initialization, and does provide guarantees to e.g.
> > LSM's about the enclave.
> >
> > For EAUG'd pages it should be sufficient to let mmap(), mprotect() and
> > SGX opcodes to control the permissions. Thus effectively disable
> > pre-initialization policy by setting vm_max_prot_bit and
> > vm_run_prot_bits to RWX.
> >
> > Cc: Reinette Chatre <reinette.chatre@intel.com>
> > Cc: Nathaniel McCallum <nathaniel@profian.com>
> > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> > ---
> > arch/x86/kernel/cpu/sgx/encl.c | 8 +-------
> > 1 file changed, 1 insertion(+), 7 deletions(-)
> >
> > diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c
> > index 5fe7189eac9d..17feb6fa5578 100644
> > --- a/arch/x86/kernel/cpu/sgx/encl.c
> > +++ b/arch/x86/kernel/cpu/sgx/encl.c
> > @@ -200,13 +200,7 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma,
> > encl_page->desc = addr;
> > encl_page->encl = encl;
> >
> > - /*
> > - * Adding a regular page that is architecturally allowed to only
> > - * be created with RW permissions.
> > - * TBD: Interface with user space policy to support max permissions
> > - * of RWX.
> > - */
> > - prot = PROT_READ | PROT_WRITE;
> > + prot = PROT_READ | PROT_WRITE | PROT_EXEC;
> > encl_page->vm_run_prot_bits = calc_vm_prot_bits(prot, 0);
> > encl_page->vm_max_prot_bits = encl_page->vm_run_prot_bits;
> >
> > --
> > 2.35.1
> >
>
> This does not break any existing ABI and at least makes the current
> patch set usable.
Also it would be a sane limitation to deny EMODPR and EMODT completely for
EADD'd pages.
Then, you can discard vm_run_prot_bits. It's not needed for anything
anymore.
This should make implementation considerably less obfuscated.
BR, Jarkko
prev parent reply other threads:[~2022-03-04 1:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-04 1:16 [PATCH] x86/sgx: Do not limit EAUG'd pages by pre-initialization policy Jarkko Sakkinen
2022-03-04 1:25 ` Jarkko Sakkinen
2022-03-04 1:32 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YiFsLLEfZgsavKWD@iki.fi \
--to=jarkko@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nathaniel@profian.com \
--cc=reinette.chatre@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.