From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D06B5C55178 for ; Sat, 24 Oct 2020 15:33:28 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 40F2422203 for ; Sat, 24 Oct 2020 15:33:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=amacapital-net.20150623.gappssmtp.com header.i=@amacapital-net.20150623.gappssmtp.com header.b="dnxfuBjw" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 40F2422203 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=amacapital.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 236566B0062; Sat, 24 Oct 2020 11:33:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1E63D6B006C; Sat, 24 Oct 2020 11:33:27 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0AEBC6B006E; Sat, 24 Oct 2020 11:33:27 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0248.hostedemail.com [216.40.44.248]) by kanga.kvack.org (Postfix) with ESMTP id CED1B6B0062 for ; Sat, 24 Oct 2020 11:33:26 -0400 (EDT) Received: from smtpin19.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 5BC641EE6 for ; Sat, 24 Oct 2020 15:33:26 +0000 (UTC) X-FDA: 77407213212.19.cast84_200a07e27263 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin19.hostedemail.com (Postfix) with ESMTP id 3AB851AD1B5 for ; Sat, 24 Oct 2020 15:33:26 +0000 (UTC) X-HE-Tag: cast84_200a07e27263 X-Filterd-Recvd-Size: 6067 Received: from mail-pl1-f193.google.com (mail-pl1-f193.google.com [209.85.214.193]) by imf36.hostedemail.com (Postfix) with ESMTP for ; Sat, 24 Oct 2020 15:33:25 +0000 (UTC) Received: by mail-pl1-f193.google.com with SMTP id r10so2562417plx.3 for ; Sat, 24 Oct 2020 08:33:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=ib38EIy6KqLbCzhDsFX9vIfwgtD2o848KUSoNeoy71c=; b=dnxfuBjwv5FMkjO6AewL+ulzI0aF/VKrEXZJMr5COvNpsmDT169bdMvM7NAFMy0AIP 0cezUlAz0CdahUo02n5yI84ygZcW1WzrfudsjVjy2QhGQDcYEBHYMUEA4XX45C+72HZZ IX2k9rwBSrfDIkWxLLEnSgidw4Dn7VrnIUQmJOJFx3ZzrYyJ5teVXBFatRNCLdBFwPYD v3Gg8TmHdCOkTiD1waFy2JeJ3ybGwd8THrbi5b7w4f3pW731xWrvSHtV101NC/4hXHti C/OwfdP+LB+qYDi3Smw4SRTYyH35q5L6ZUX28af4OWofwyLnsPXNJMySEhXS3stk3u4X Dajg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=ib38EIy6KqLbCzhDsFX9vIfwgtD2o848KUSoNeoy71c=; b=MoGr4PDZf9sNB4kw2FGdblslHcYyJa/JRrwmHbfbykOZVUS7d8TDtqUYp5R5e+GUtu zNhBK1y4ghCDepR66GYFhmdbMzdClxstYqRn+UOkH04NOh+H0HW1jvJQ1RpE88nMx3/4 4v+uVH7dY780YLESSfIrDUQWIDVGF27siJXf0oG4ePLxWrmriqxSDDffYiSMu/Gi+LGb Q+ax98yPaRuxNetgfCodijt2/d5NiAZEIX8EvKD2WHxgHygvmny0+q6ThJ5FlRn5BEeH FnZSdi9TP+ViwEPpgHit/Jtxi2FILaaxa6plw+61SV1oLxo7/vooKmXy9/3WxynAcfn6 Y81Q== X-Gm-Message-State: AOAM533JDS7aUGI+whQE6DF8uYi3MlRwW3flhv4qivLUNVna3x8X+s87 E7Dm+9BQGbhNdS8g/6dPCa3TKA== X-Google-Smtp-Source: ABdhPJxBA1OZyZqcMV9ibL2S2g7SlFm4DL6rpdLSEd4A7N/ilAKtfPy3sv5WE+u1iBrACANzMleOVw== X-Received: by 2002:a17:90a:191b:: with SMTP id 27mr9285727pjg.115.1603553604710; Sat, 24 Oct 2020 08:33:24 -0700 (PDT) Received: from ?IPv6:2601:646:c200:1ef2:21c5:78e1:e2a4:4021? ([2601:646:c200:1ef2:21c5:78e1:e2a4:4021]) by smtp.gmail.com with ESMTPSA id 8sm6351973pfn.54.2020.10.24.08.33.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 24 Oct 2020 08:33:23 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Andy Lutomirski Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect() Date: Sat, 24 Oct 2020 08:33:21 -0700 Message-Id: <3655FF47-15D7-4433-81B7-FC070E32B541@amacapital.net> References: <20201024143744.GA17727@wind.enjellic.com> Cc: Sean Christopherson , Dave Hansen , Jarkko Sakkinen , Haitao Huang , Andy Lutomirski , X86 ML , linux-sgx@vger.kernel.org, LKML , Linux-MM , Andrew Morton , Matthew Wilcox , Jethro Beekman , Darren Kenny , Andy Shevchenko , asapek@google.com, Borislav Petkov , "Xing, Cedric" , chenalexchen@google.com, Conrad Parker , cyhanish@google.com, "Huang, Haitao" , Josh Triplett , "Huang, Kai" , "Svahn, Kai" , Keith Moyer , Christian Ludloff , Neil Horman , Nathaniel McCallum , Patrick Uiterwijk , David Rientjes , Thomas Gleixner , yaozhangx@google.com In-Reply-To: <20201024143744.GA17727@wind.enjellic.com> To: "Dr. Greg" X-Mailer: iPhone Mail (18A393) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: > On Oct 24, 2020, at 7:38 AM, Dr. Greg wrote: >=20 >=20 > I can't bring myself to believe that LSM's are going to be written > that will be making enclave security decisions on a page by page > basis. Given what I have written above, I think all of this comes > down to giving platform administrators one of three decisions, in > order of most to least secure: >=20 > 1.) Block dynamic code loading and execution. >=20 I don=E2=80=99t understand what you=E2=80=99re trying to say. Unless we=E2=80= =99re going to split enclaves into multiple VMAs with different permissions,= how do you expect to block dynamic code loading unless you have separate RW= and RX pages? That would be =E2=80=9Cpage-by-page=E2=80=9D, right? > 2.) Block access to RWX pages. >=20 > 3.) The wild west - no restrictions on enclave page protection manipulatio= n. >=20 > =46rom a security perspective I would argue for the wisdom of making > option 1 unconditional via a kernel command-line parameter. >=20 > It may be that ->mprotect is the right mechanism to implement this. > If that is the case, frame the discussion and documentation so that it > reflects the actual security threat and the consideration and means > for dealing with it. >=20 > Hopefully all of this is useful to the stakeholders in this > technology. >=20 > Have a good weekend. >=20 > Dr. Greg >=20 > As always, > Dr. Greg Wettstein, Ph.D, Worker Autonomously self-defensive > Enjellic Systems Development, LLC IOT platforms and edge devices. > 4206 19th Ave. N. > Fargo, ND 58102 > PH: 701-281-1686 EMAIL: greg@enjellic.com > --------------------------------------------------------------------------= ---- > "Politics is the business of getting power and privilege without possessin= g > merit." > -- P.J. O'Rourke