From: "Dr. Greg" <greg@enjellic.com>
To: Dave Hansen <dave.hansen@intel.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
x86@kernel.org, linux-sgx@vger.kernel.org,
linux-kernel@vger.kernel.org,
Sean Christopherson <sean.j.christopherson@intel.com>,
linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>,
Matthew Wilcox <willy@infradead.org>,
Jethro Beekman <jethro@fortanix.com>,
Darren Kenny <darren.kenny@oracle.com>,
andriy.shevchenko@linux.intel.com, asapek@google.com,
bp@alien8.de, cedric.xing@intel.com, chenalexchen@google.com,
conradparker@google.com, cyhanish@google.com,
haitao.huang@intel.com, kai.huang@intel.com, kai.svahn@intel.com,
kmoy@google.com, ludloff@google.com, luto@kernel.org,
nhorman@redhat.com, npmccallum@redhat.com, puiterwijk@redhat.com,
rientjes@google.com, tglx@linutronix.de, yaozhangx@google.com,
mikko.ylinen@intel.com
Subject: Re: [PATCH v40 10/24] mm: Add 'mprotect' hook to struct vm_operations_struct
Date: Sun, 15 Nov 2020 12:59:50 -0600 [thread overview]
Message-ID: <20201115185950.GA26542@wind.enjellic.com> (raw)
In-Reply-To: <5c22300c-0956-48ed-578d-00cf62cb5c09@intel.com>
On Thu, Nov 12, 2020 at 01:31:19PM -0800, Dave Hansen wrote:
Good afternoon to everyone.
> On 11/12/20 12:58 PM, Dr. Greg wrote:
> > @@ -270,11 +270,10 @@ static int sgx_vma_mprotect(struct vm_area_struct *vma,
> > struct vm_area_struct **pprev, unsigned long start,
> > unsigned long end, unsigned long newflags)
> > {
> > - int ret;
> > + struct sgx_encl *encl = vma->vm_private_data;
> >
> > - ret = sgx_encl_may_map(vma->vm_private_data, start, end, newflags);
> > - if (ret)
> > - return ret;
> > + if ( test_bit(SGX_ENCL_INITIALIZED, &encl->flags) )
> > + return -EACCES;
> >
> > return mprotect_fixup(vma, pprev, start, end, newflags);
> > }
> This rules out mprotect() on running enclaves. Does that break any
> expectations from enclave authors, or take away capabilities that
> folks need?
As I mentioned an hour or so ago when I posted our updated patch, Sean
and Jarkko have specifically indicated that there is no intention to
support Enclave Dynamic Memory Management (EDMM) at this stage of the
driver. I believe the intent is to open that can of worms after the
driver is mainlined.
Since the stated intent of the driver is to only implement SGX1
semantics there is no need to allow page permission changes of any
type after the enclave is initialized. If mmap/mprotect are taken off
the table for an initialized enclave, there is no need to walk the
enclave page permissions since the hardware itself will enforce those
intents.
Runtime support is critical to implementing EDMM. It seems premature
to place code into the kernel until there is agreement from the
runtime developers as to how page permission intent should be
communicated into the kernel. Current EDMM implementations simply
allocate a sparse aperture which can be further extended, for example,
to increase heap space or the number of Task Control Structures.
As I've stated previously, there is an open question at this point as
to how useful a mainline driver will be without EDMM support, unless
the distributions or cloud providers are going to patch it in on top
of the mainline driver. Those players have been copied on all of
these e-mails so I would assume they could/would pipe up with comments
on what type of security architecture should be implemented.
As I've stated before, I believe in the final analysis that the only
relevant question is yes or no with respect to dynamic enclaves.
Have a good remainder of the weekend.
Dr. Greg
As always,
Greg Wettstein, Ph.D, Worker Autonomously self-defensive
Enjellic Systems Development, LLC IOT platforms and edge devices.
4206 N. 19th Ave.
Fargo, ND 58102
PH: 701-281-1686 EMAIL: greg@enjellic.com
------------------------------------------------------------------------------
"If you think nobody cares if you're alive, try missing a couple of car
payments."
-- Earl Wilson
next prev parent reply other threads:[~2020-11-15 19:00 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20201104145430.300542-1-jarkko.sakkinen@linux.intel.com>
2020-11-04 14:54 ` Jarkko Sakkinen
2020-11-05 16:04 ` Borislav Petkov
2020-11-05 17:33 ` Dave Hansen
2020-11-06 10:04 ` Mel Gorman
2020-11-06 16:51 ` Jarkko Sakkinen
2020-11-06 20:37 ` Borislav Petkov
2020-11-06 22:04 ` Jarkko Sakkinen
2020-11-06 22:31 ` Borislav Petkov
2020-11-06 17:43 ` Dr. Greg
2020-11-06 17:54 ` Dave Hansen
2020-11-07 15:09 ` Dr. Greg
2020-11-07 19:16 ` Dave Hansen
2020-11-12 20:58 ` Dr. Greg
2020-11-12 21:31 ` Dave Hansen
2020-11-12 22:41 ` Andy Lutomirski
2020-11-16 18:00 ` Dr. Greg
2020-11-19 1:39 ` Haitao Huang
2020-11-20 17:31 ` Dr. Greg
2020-11-15 18:59 ` Dr. Greg [this message]
2020-11-06 21:13 ` Matthew Wilcox
2020-11-06 21:23 ` Dave Hansen
2020-11-07 15:27 ` Dr. Greg
2020-11-04 14:54 ` [PATCH v40 11/24] x86/sgx: Add SGX misc driver interface Jarkko Sakkinen
[not found] ` <20201105011043.GA700495@kernel.org>
[not found] ` <20201105011615.GA701257@kernel.org>
2020-11-05 16:05 ` Borislav Petkov
2020-11-05 17:57 ` Jarkko Sakkinen
2020-11-05 18:10 ` Borislav Petkov
2020-11-06 16:07 ` Jarkko Sakkinen
2020-11-06 17:09 ` Borislav Petkov
2020-11-06 22:01 ` Jarkko Sakkinen
2020-11-04 14:54 ` [PATCH v40 21/24] x86/sgx: Add a page reclaimer Jarkko Sakkinen
2020-11-08 3:56 ` Hillf Danton
2020-11-09 19:59 ` Jarkko Sakkinen
2020-11-04 14:54 ` [PATCH v40 22/24] x86/sgx: Add ptrace() support for the SGX driver Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201115185950.GA26542@wind.enjellic.com \
--to=greg@enjellic.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=asapek@google.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=chenalexchen@google.com \
--cc=conradparker@google.com \
--cc=cyhanish@google.com \
--cc=darren.kenny@oracle.com \
--cc=dave.hansen@intel.com \
--cc=haitao.huang@intel.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jethro@fortanix.com \
--cc=kai.huang@intel.com \
--cc=kai.svahn@intel.com \
--cc=kmoy@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-sgx@vger.kernel.org \
--cc=ludloff@google.com \
--cc=luto@kernel.org \
--cc=mikko.ylinen@intel.com \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=puiterwijk@redhat.com \
--cc=rientjes@google.com \
--cc=sean.j.christopherson@intel.com \
--cc=tglx@linutronix.de \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
--cc=yaozhangx@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox