From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Jordan Hand <jorhand@linux.microsoft.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
linux-sgx@vger.kernel.org, akpm@linux-foundation.org,
dave.hansen@intel.com, nhorman@redhat.com, npmccallum@redhat.com,
haitao.huang@intel.com, andriy.shevchenko@linux.intel.com,
tglx@linutronix.de, kai.svahn@intel.com, bp@alien8.de,
josh@joshtriplett.org, luto@kernel.org, kai.huang@intel.com,
rientjes@google.com, cedric.xing@intel.com,
puiterwijk@redhat.com, linux-security-module@vger.kernel.org,
Suresh Siddha <suresh.b.siddha@intel.com>,
Haitao Huang <haitao.huang@linux.intel.com>
Subject: Re: [PATCH v26 10/22] x86/sgx: Linux Enclave Driver
Date: Thu, 20 Feb 2020 10:48:42 -0800 [thread overview]
Message-ID: <20200220184842.GE3972@linux.intel.com> (raw)
In-Reply-To: <7738b3cf-fb32-5306-5740-59974444e327@linux.microsoft.com>
On Thu, Feb 20, 2020 at 10:33:36AM -0800, Jordan Hand wrote:
> On 2/20/20 10:13 AM, Sean Christopherson wrote:
> > There are essentially two paths we can take:
> >
> > 1) Exempt EPC pages from RIE during mmap()/mprotect(), i.e. don't add
> > PROT_EXEC for enclaves.
> >
> > 2) Punt the issue to userspace.
> >
> > Option (1) is desirable in some ways:
> >
> > - Enclaves will get an executable stack if and only if the loader/creator
> > intentionally configures it to have an executable stack.
> >
> > - Separates enclaves from the personality of the loader.
> >
> > - Userspace doesn't have to do anything for the common case of not
> > wanting an executable stack for its enclaves.
> >
> > The big down side to (1) is that it'd require an ugly hook in architecture
> > agnostic code. And arguably, it reduces the overall security of the
> > platform (more below).
> >
> > For (2), userspace has a few options:
> >
> > a) Tell the linker the enclave loader doesn't need RIE, either via a .note
> > in assembly files or via the global "-z noexecstack" flag.
> >
> > b) Spawn a separate process to run/map the enclave if the enclave loader
> > needs RIE.
> >
> > c) Require enclaves to allow PROT_EXEC on all pages. Note, this is an
> > absolutely terrible idea and only included for completeness.
> >
> > As shown by the lack of a mmap()/mprotect() hook in this series to squash
> > RIE, we chose option (2). Given that enclave loaders are not legacy code
> > and hopefully following decent coding practices, option (2a) should suffice
> > for all loaders. The security benefit mentioned above is that forcing
> > enclave loaders to squash RIE eliminates an exectuable stack as an attack
> > vector on the loader.
>
> I see your point and I do agree that there are security benefits to (2a)
> and I think we could do that for our loader. That said, it does concern
> me that this breaks perfectly valid userspace behavior. If a userspace
> process decides to use RIE, I don't know that the SGX driver should
> disobey that decision.
>
> So option (3) would be to just honor RIE for enclave pages and when page
> permissions are set to PROT_READ in sgx_encl_page_alloc and RIE is set,
> also add PROT_EXEC.
Ah, right, IIRC that idea also came up in our internal discussions. Note,
SGX would need to implement this option by checking for RIE in
sgx_encl_may_map(), as the process that built the enclave may not be the
same process that is running the enclave.
> I understand your concerns that this using RIE is bad security practice
> and I'm not convinced that (3) is the way to go, but from a philosophy
> perspective I don't know that the kernel should be in the business of
> stopping userspace from doing valid things.
>
> If option (3) can't/shouldn't be done for some reason, option (1) at
> least keeps from breaking expected userspace behavior. But I do agree
> that (1) is ugly to implement.
My biggest concern for allowing PROT_EXEC if RIE is that it would result
in #PF(SGX) (#GP on Skylake) due to an EPCM violation if the enclave
actually tried to execute from such a page. This isn't a problem for the
kernel as the fault will be reported cleanly through the vDSO (or get
delivered as a SIGSEGV if the enclave isn't entered through the vDSO), but
it's a bit weird for userspace as userspace will see the #PF(SGX) and
likely assume the EPC was lost, e.g. silently restart the enclave instead
of logging an error that the enclave is broken.
next prev parent reply other threads:[~2020-02-20 18:48 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-09 21:25 [PATCH v26 00/22] Intel SGX foundations Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 01/22] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 02/22] x86/cpufeatures: x86/msr: Intel SGX Launch Control " Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 03/22] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 04/22] x86/sgx: Add SGX microarchitectural data structures Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 05/22] x86/sgx: Add wrappers for ENCLS leaf functions Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 06/22] x86/cpu/intel: Detect SGX supprt Jarkko Sakkinen
2020-02-12 16:57 ` Sean Christopherson
2020-02-13 18:04 ` Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 07/22] x86/sgx: Enumerate and track EPC sections Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 08/22] x86/sgx: Add functions to allocate and free EPC pages Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 09/22] mm: Introduce vm_ops->may_mprotect() Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 10/22] x86/sgx: Linux Enclave Driver Jarkko Sakkinen
2020-02-13 13:59 ` Jethro Beekman
2020-02-13 18:07 ` Sean Christopherson
2020-02-14 9:24 ` Jethro Beekman
2020-02-14 17:11 ` Sean Christopherson
2020-02-14 17:40 ` Andy Lutomirski
2020-02-14 17:52 ` Sean Christopherson
2020-02-15 16:56 ` Andy Lutomirski
2020-02-18 22:12 ` Sean Christopherson
2020-02-15 18:05 ` Dr. Greg
2020-02-15 7:32 ` Jarkko Sakkinen
2020-02-15 7:35 ` Jarkko Sakkinen
2020-02-19 3:26 ` Jordan Hand
2020-02-20 18:13 ` Sean Christopherson
2020-02-20 18:33 ` Jordan Hand
2020-02-20 18:48 ` Sean Christopherson [this message]
2020-02-20 22:16 ` Jarkko Sakkinen
2020-02-21 0:11 ` Jordan Hand
2020-02-21 12:53 ` Jarkko Sakkinen
2020-02-21 0:32 ` Andy Lutomirski
2020-02-21 13:01 ` Jarkko Sakkinen
2020-02-20 18:51 ` Andy Lutomirski
2020-02-20 19:15 ` Sean Christopherson
2020-02-20 22:10 ` Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 11/22] selftests/x86: Recurse into subdirectories Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 12/22] selftests/x86: Add a selftest for SGX Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 13/22] x86/sgx: Add provisioning Jarkko Sakkinen
2020-02-13 10:49 ` Jethro Beekman
2020-02-15 7:25 ` Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 14/22] x86/sgx: Add a page reclaimer Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 15/22] x86/sgx: ptrace() support for the SGX driver Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 16/22] x86/vdso: Add support for exception fixup in vDSO functions Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 17/22] x86/fault: Add helper function to sanitize error code Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 18/22] x86/traps: Attempt to fixup exceptions in vDSO before signaling Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 19/22] x86/vdso: Add __vdso_sgx_enter_enclave() to wrap SGX enclave transitions Jarkko Sakkinen
2020-02-13 13:29 ` Jethro Beekman
2020-02-15 7:26 ` Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 20/22] selftests/x86: Add vDSO selftest for SGX Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 21/22] x86/sgx: Update MAINTAINERS Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 22/22] docs: x86/sgx: Document SGX micro architecture and kernel internals Jarkko Sakkinen
2020-02-22 4:13 ` Randy Dunlap
2020-02-23 17:04 ` Jarkko Sakkinen
2020-02-23 17:05 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200220184842.GE3972@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=dave.hansen@intel.com \
--cc=haitao.huang@intel.com \
--cc=haitao.huang@linux.intel.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jorhand@linux.microsoft.com \
--cc=josh@joshtriplett.org \
--cc=kai.huang@intel.com \
--cc=kai.svahn@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=luto@kernel.org \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=puiterwijk@redhat.com \
--cc=rientjes@google.com \
--cc=suresh.b.siddha@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.