From: Sean Christopherson <sean.j.christopherson@intel.com>
To: "Xing, Cedric" <cedric.xing@intel.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
Andy Lutomirski <luto@kernel.org>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
LSM List <linux-security-module@vger.kernel.org>,
Paul Moore <paul@paul-moore.com>,
Eric Paris <eparis@parisplace.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
Jethro Beekman <jethro@fortanix.com>,
"Hansen, Dave" <dave.hansen@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
"Dr. Greg" <greg@enjellic.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
"linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
"nhorman@redhat.com" <nhorman@redhat.com>,
"npmccallum@redhat.com" <npmccallum@redhat.com>,
"Ayoun, Serge" <serge.ayoun@intel.com>,
"Katz-zamir, Shay" <shay.katz-zamir@intel.com>,
"Huang, Haitao" <haitao.huang@intel.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
"Svahn, Kai" <kai.svahn@intel.com>,
Borislav Petkov <bp@alien8.de>,
Josh Triplett <josh@joshtriplett.org>,
"Huang, Kai" <kai.huang@intel.com>,
David Rientjes <rientjes@google.com>
Subject: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Date: Fri, 24 May 2019 14:11:11 -0700 [thread overview]
Message-ID: <20190524211111.GI365@linux.intel.com> (raw)
In-Reply-To: <960B34DE67B9E140824F1DCDEC400C0F654E8FC2@ORSMSX116.amr.corp.intel.com>
On Fri, May 24, 2019 at 01:42:13PM -0700, Xing, Cedric wrote:
> > From: linux-sgx-owner@vger.kernel.org [mailto:linux-sgx-
> > owner@vger.kernel.org] On Behalf Of Sean Christopherson
> > Sent: Friday, May 24, 2019 12:14 PM
> >
> > My point is that enclaves have different properties than shared objects.
> >
> > Normal LSM behavior with regard to executing files is to label files
> > with e.g. FILE__EXECUTE. Because an enclave must be built to the exact
> > specifications of .sigstruct, requring FILE__EXECUTE on the .sigstruct
> > is effectively the same as requiring FILE__EXECUTE on the enclave itself.
> >
> > Addressing your scenario of loading an executable page in EPC, doing so
> > would require one of the following:
> >
> > - Ability to install a .sigstruct with FILE__EXECUTE
> >
> > - PROCESS__EXECMEM
> >
> > - FILE__EXECMOD and SGX2 support
>
> Now I got your point. It sounds a great idea to me!
>
> But instead of using .sigstruct file, I'd still recommend using file mapping
> (i.e. SIGSTRUCT needs to reside in executable memory). But then there'll be a
Why? Even in the Graphene case the final .sigstruct can be known ahead of
time. Userspace can always use memfd() if it's generating SIGSTRUCT on
the fly.
> hole - a process having FILE__EXECMOD on any file could use that file as a
> SIGSTRUCT. Probably we'll need a new type in SELinux to label
> enclave/sigstruct files.
>
> > I don't see a fundamental difference between having RWX in an enclave
> > and RWX in normal memory, either way the process can execute arbitrary
> > code, i.e. PROCESS__EXECMEM is appropriate. Yes, an enclave will #UD on
> > certain instructions, but that's easily sidestepped by having a
> > trampoline in the host (marked RX) and piping arbitrary code into the
> > enclave. Or using EEXIT to do a bit of ROP.
>
> I'm with you.
>
> With your proposal only FILE__EXECMOD is needed on /dev/sgx/enclave to launch
> Graphene enclaves or the like.
It wouldn't even need FILE__EXECMOD, assuming Graphene does all of its
libc rewriting before building the enclave, i.e. doesn't EADD RWX pages.
> > > > > No changes are required to LSMs, SGX1 has a single LSM touchpoint
> > > > > in
> > > > its
> > > > > mmap(), and I *think* the only required userspace change is to
> > > > > mmap() PROT_NONE when allocating the enclave's virtual address
> > range.
> > >
> > > I'm not sure I understand the motivation behind this proposal to
> > > decouple initial EPC permissions from source pages.
> >
> > Pulling permissions from source pages means userspace needs to fully map
> > the in normal memory, including marking pages executable. That exposes
> > the loader to having executable pages in its address space that it has
> > no intention of executing (outside of the enclave). And for Graphene,
> > it means having to actively avoid PROCESS__EXECMEM, e.g. by using a
> > dummy backing file to build the enclave instead of anon memory.
>
> Agreed.
>
> >
> > > I don't think it a big deal to fully mmap() enclave files, which have
> > > to be parsed by user mode anyway to determine various things including
> > > but not limited to the size of heap(s), size and number of
> > > TCSs/stacks/TLS areas, and the overall enclave size. So with PHDRs
> > > parsed, it's trivial to mmap() each segment with permissions from its
> > PHDR.
> > >
> > > > > As for Graphene, it doesn't need extra permissions to run its
> > > > > enclaves, it just needs a way to install .sigstruct, which is a
> > > > > generic permissions problem and not SGX specific.
> > > > >
> > > > >
> > > > > For SGX2 maybe:
> > > > >
> > > > > - No additional requirements to map an EAUG'd page as RW page.
> > Not
> > > > > aligned with standard MAP_SHARED behavior, but we really don't
> > want
> > > > > to require FILE__WRITE, and thus allow writes to .sigstruct.
> > > > >
> > > > > - Require FILE__EXECMOD on the .sigstruct to map previously
> > writable
> > > > > page as executable (which indirectly includes all EAUG'd
> > pages).
> > > > > Wiring this up will be a little funky, but we again we don't
> > want
> > > > > to require FILE__WRITE on .sigstruct.
> > > > >
> > >
> > > I'm lost. Why is EAUG tied to permissions on .sigstruct?
> >
> > Because for the purposes of LSM checks, .sigstruct is the enclave's
> > backing file, and mapping a previously writable enclave page as
> > exectuable is roughly equivalent to mapping a CoW'd page as exectuable.
>
> I think I've got your idea. You are trying to use permissions on .sigstruct
> to determine whether EAUG will be available to that specific enclave. Am I
> right?
Yep.
> I'd tie EAUG to the permissions of /dev/sgx/enclave instead. But why? There
> are couple of reasons. For one, a SIGSTRUCT identifies the behavior of the
> enclave, hence the SGX features needed by that enclave. So if an enclave
> requires EAUG, the .sigstruct has to allow EAUG or the enclave wouldn't work.
> That means the system admin wouldn't have a choice but to match up what's
> needed by the enclave. For two, whether to allow, say loading code
> dynamically into an enclave, depends on whether the host process can tolerate
> the inherent risk. And that decision is seldom made on individual enclaves
> but to the host process as a whole. And /dev/sgx/enclave serves that purpose.
I think I'd be ok either way? What I really care about is having line of
sight to a sane way to support for SGX2, and both seem sane. I.e. we can
hash this detail out when SGX2 goes in.
next prev parent reply other threads:[~2019-05-24 21:11 UTC|newest]
Thread overview: 127+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <8fe520bb-30bd-f246-a3d8-c5443e47a014@intel.com>
[not found] ` <358e9b36-230f-eb18-efdb-b472be8438b4@fortanix.com>
[not found] ` <960B34DE67B9E140824F1DCDEC400C0F4E886094@ORSMSX116.amr.corp.intel.com>
[not found] ` <6da269d8-7ebb-4177-b6a7-50cc5b435cf4@fortanix.com>
[not found] ` <CALCETrWCZQwg-TUCm58DVG43=xCKRsMe1tVHrR8vdt06hf4fWA@mail.gmail.com>
[not found] ` <20190513102926.GD8743@linux.intel.com>
[not found] ` <20190514104323.GA7591@linux.intel.com>
[not found] ` <CALCETrVbgTCnPo=PAq0-KoaRwt--urrPzn==quAJ8wodCpkBkw@mail.gmail.com>
[not found] ` <20190514204527.GC1977@linux.intel.com>
[not found] ` <CALCETrX6aL367mMJh5+Y1Seznfu-AvhPV6P7GkWF4Dhu0GV8cw@mail.gmail.com>
[not found] ` <20190515013031.GF1977@linux.intel.com>
2019-05-15 18:27 ` SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) Andy Lutomirski
2019-05-15 19:58 ` James Morris
2019-05-15 20:35 ` Andy Lutomirski
2019-05-15 22:46 ` James Morris
2019-05-15 23:13 ` Andy Lutomirski
2019-05-16 3:03 ` Xing, Cedric
2019-05-16 4:40 ` Andy Lutomirski
2019-05-16 22:23 ` Xing, Cedric
2019-05-17 0:35 ` Andy Lutomirski
2019-05-17 1:06 ` Xing, Cedric
2019-05-17 1:21 ` Andy Lutomirski
2019-05-17 16:05 ` Sean Christopherson
2019-05-17 13:53 ` Stephen Smalley
2019-05-17 15:09 ` Sean Christopherson
2019-05-17 16:20 ` Stephen Smalley
2019-05-17 16:24 ` Andy Lutomirski
2019-05-17 16:37 ` Stephen Smalley
2019-05-17 17:12 ` Andy Lutomirski
2019-05-17 18:05 ` Stephen Smalley
2019-05-17 19:20 ` Stephen Smalley
2019-05-17 19:28 ` Sean Christopherson
2019-05-17 20:09 ` Stephen Smalley
2019-05-17 20:14 ` Andy Lutomirski
2019-05-17 20:34 ` Stephen Smalley
2019-05-17 21:36 ` Sean Christopherson
2019-05-17 17:29 ` Sean Christopherson
2019-05-17 17:42 ` Stephen Smalley
2019-05-17 17:50 ` Sean Christopherson
2019-05-17 18:16 ` Stephen Smalley
2019-05-17 17:43 ` Andy Lutomirski
2019-05-17 17:55 ` Sean Christopherson
2019-05-17 18:04 ` Linus Torvalds
2019-05-17 18:21 ` Sean Christopherson
2019-05-17 18:33 ` Linus Torvalds
2019-05-17 18:52 ` Sean Christopherson
2019-05-17 18:53 ` Andy Lutomirski
2019-05-16 7:24 ` James Morris
2019-05-16 21:00 ` Andy Lutomirski
2019-05-20 9:38 ` Dr. Greg
2019-05-15 21:38 ` Sean Christopherson
2019-05-16 1:19 ` Haitao Huang
2019-05-16 5:16 ` Jarkko Sakkinen
2019-05-16 21:02 ` Andy Lutomirski
2019-05-16 22:45 ` Sean Christopherson
2019-05-16 23:29 ` Xing, Cedric
2019-05-20 11:29 ` Jarkko Sakkinen
2019-05-20 11:33 ` Jarkko Sakkinen
2019-05-17 0:03 ` Sean Christopherson
2019-05-17 0:26 ` Andy Lutomirski
2019-05-17 15:41 ` Sean Christopherson
2019-05-20 11:42 ` Jarkko Sakkinen
2019-05-20 11:41 ` Jarkko Sakkinen
2019-05-21 15:19 ` Jarkko Sakkinen
2019-05-21 15:24 ` Jethro Beekman
2019-05-22 13:10 ` Jarkko Sakkinen
2019-05-21 15:51 ` Sean Christopherson
2019-05-22 13:20 ` Jarkko Sakkinen
2019-05-22 13:22 ` Jarkko Sakkinen
2019-05-22 13:56 ` Stephen Smalley
2019-05-22 15:38 ` Sean Christopherson
2019-05-22 22:42 ` Andy Lutomirski
2019-05-23 2:35 ` Sean Christopherson
2019-05-23 10:26 ` Jarkko Sakkinen
2019-05-23 14:17 ` Sean Christopherson
2019-05-23 15:38 ` Andy Lutomirski
2019-05-23 23:40 ` Sean Christopherson
2019-05-24 1:17 ` Andy Lutomirski
2019-05-24 7:24 ` Xing, Cedric
2019-05-24 15:41 ` Stephen Smalley
2019-05-24 16:57 ` Xing, Cedric
2019-05-24 17:42 ` Sean Christopherson
2019-05-24 17:54 ` Andy Lutomirski
2019-05-24 17:56 ` Sean Christopherson
2019-05-24 17:54 ` Sean Christopherson
2019-05-24 18:34 ` Xing, Cedric
2019-05-24 19:13 ` Sean Christopherson
2019-05-24 19:30 ` Andy Lutomirski
2019-05-24 20:42 ` Xing, Cedric
2019-05-24 21:11 ` Sean Christopherson [this message]
2019-05-24 19:37 ` Andy Lutomirski
2019-05-24 20:03 ` Sean Christopherson
2019-05-24 20:58 ` Xing, Cedric
2019-05-24 21:27 ` Andy Lutomirski
2019-05-24 22:41 ` Sean Christopherson
2019-05-24 23:42 ` Andy Lutomirski
2019-05-25 22:40 ` Xing, Cedric
2019-05-26 0:57 ` Andy Lutomirski
2019-05-26 6:09 ` Xing, Cedric
2019-05-28 20:24 ` Sean Christopherson
2019-05-28 20:48 ` Andy Lutomirski
2019-05-28 21:41 ` Sean Christopherson
2019-05-30 5:38 ` Xing, Cedric
2019-05-30 17:21 ` Sean Christopherson
2019-05-29 14:08 ` Stephen Smalley
2019-05-30 6:12 ` Xing, Cedric
2019-05-30 14:22 ` Stephen Smalley
2019-05-30 14:31 ` Andy Lutomirski
2019-05-30 15:04 ` Stephen Smalley
2019-05-30 16:14 ` Andy Lutomirski
2019-05-30 18:01 ` Sean Christopherson
2019-05-30 19:20 ` Andy Lutomirski
2019-05-30 21:16 ` Sean Christopherson
2019-05-30 21:23 ` Andy Lutomirski
2019-05-30 21:36 ` Sean Christopherson
2019-06-03 9:12 ` Dr. Greg
2019-06-03 21:08 ` Jarkko Sakkinen
2019-05-30 21:48 ` Xing, Cedric
2019-05-30 22:24 ` Sean Christopherson
2019-06-03 21:05 ` Jarkko Sakkinen
2019-06-03 20:54 ` Jarkko Sakkinen
2019-06-03 21:23 ` Sean Christopherson
2019-06-04 11:39 ` Jarkko Sakkinen
2019-06-03 21:37 ` Andy Lutomirski
2019-06-03 20:47 ` Jarkko Sakkinen
2019-06-03 20:43 ` Jarkko Sakkinen
2019-05-25 17:31 ` Dr. Greg
2019-05-24 16:43 ` Andy Lutomirski
2019-05-24 17:07 ` Sean Christopherson
2019-05-24 17:51 ` Andy Lutomirski
2019-05-24 14:44 ` Stephen Smalley
2019-05-27 13:48 ` Jarkko Sakkinen
2019-05-23 19:58 ` Sean Christopherson
2019-05-27 13:34 ` Jarkko Sakkinen
2019-05-27 13:38 ` Jarkko Sakkinen
2019-05-23 8:10 ` Jarkko Sakkinen
2019-05-23 8:23 ` Jarkko Sakkinen
2019-05-20 11:36 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190524211111.GI365@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=dave.hansen@intel.com \
--cc=eparis@parisplace.org \
--cc=greg@enjellic.com \
--cc=haitao.huang@intel.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jethro@fortanix.com \
--cc=jmorris@namei.org \
--cc=josh@joshtriplett.org \
--cc=kai.huang@intel.com \
--cc=kai.svahn@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=luto@kernel.org \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=paul@paul-moore.com \
--cc=rientjes@google.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
--cc=serge.ayoun@intel.com \
--cc=serge@hallyn.com \
--cc=shay.katz-zamir@intel.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).