From: Jarkko Sakkinen <jarkko@kernel.org>
To: linux-sgx@vger.kernel.org
Cc: Dave Hansen <dave.hansen@linux.intel.com>,
Nathaniel McCallum <nathaniel@profian.com>,
Reinette Chatre <reinette.chatre@intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] x86/sgx: Enable PROT_EXEC for EAUG'd pages
Date: Mon, 7 Mar 2022 18:02:00 +0200 [thread overview]
Message-ID: <YiYseF3aKI70x3d8@iki.fi> (raw)
In-Reply-To: <20220307153504.198112-1-jarkko@kernel.org>
On Mon, Mar 07, 2022 at 05:35:04PM +0200, Jarkko Sakkinen wrote:
> vm_max_permissions was created to control the pre-initialization content
> that contributes to MRSIGNATURE. It was never meant to be as a limit to
> dynamically added pages.
>
> E.g. static content could be used as a hook for LSM's to decide whether
> certain signature is qualified for EINIT. Dynamic content has nothing to
> do with that. The current mechanisms only add to the complexity on how
> to control PTE and EPCM permissions, and do not add anything else than
> obfuscity to security side of things.
>
> Thus add PROT_EXEC to the permissions assigned by the #PF handler.
>
> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> ---
> arch/x86/kernel/cpu/sgx/encl.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c
> index 79e39bd99c09..0256918b2c2f 100644
> --- a/arch/x86/kernel/cpu/sgx/encl.c
> +++ b/arch/x86/kernel/cpu/sgx/encl.c
> @@ -160,12 +160,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma,
> encl_page->encl = encl;
>
> /*
> - * Adding a regular page that is architecturally allowed to only
> - * be created with RW permissions.
> - * TBD: Interface with user space policy to support max permissions
> - * of RWX.
> + * Dynamic pages do not contribute to MRSIGNATURE, i.e. they are
> + * controlled only by PTE and EPCM permissions. Thus, the no limit
> + * is set here.
> */
> - prot = PROT_READ | PROT_WRITE;
> + prot = PROT_READ | PROT_WRITE | PROT_EXEC;
> encl_page->vm_run_prot_bits = calc_vm_prot_bits(prot, 0);
> encl_page->vm_max_prot_bits = encl_page->vm_run_prot_bits;
>
> --
> 2.35.1
>
This is really a show stopper. I think here's a logical mistake on for what
purpose vm_max_prot_bits are used for. They are meant for the static and
also signed content of the enclave.
These changes in the patch set that are related to vm_max_prot_bits only
messes up what already exists, and make incredibly hard to implement
anything decent on top of SGX2 features.
BR, Jarkko
next prev parent reply other threads:[~2022-03-07 16:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-07 15:35 [PATCH] x86/sgx: Enable PROT_EXEC for EAUG'd pages Jarkko Sakkinen
2022-03-07 16:02 ` Jarkko Sakkinen [this message]
2022-03-07 16:09 ` Jarkko Sakkinen
2022-03-07 17:13 ` Reinette Chatre
2022-03-07 17:22 ` Jarkko Sakkinen
2022-03-07 23:39 ` Reinette Chatre
2022-03-08 7:48 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YiYseF3aKI70x3d8@iki.fi \
--to=jarkko@kernel.org \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=nathaniel@profian.com \
--cc=reinette.chatre@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox