From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: linux-sgx@vger.kernel.org
Subject: Re: [PATCH 4/5] x86/sgx: Validate TCS permssions in sgx_validate_secinfo()
Date: Thu, 22 Aug 2019 19:38:07 +0300 [thread overview]
Message-ID: <d5cf6df5ad1b52f64c770227c33bd5ec8ec56886.camel@linux.intel.com> (raw)
In-Reply-To: <d0e8313b7817a43151b11602ad55b1136f614850.camel@linux.intel.com>
On Thu, 2019-08-22 at 19:31 +0300, Jarkko Sakkinen wrote:
> On Wed, 2019-08-21 at 20:55 -0700, Sean Christopherson wrote:
> > Why are we validating the TCS protection bits? Hardware ignores them, so
> > why do we care? sgx_ioc_enclave_add_page() sets the internal protection
> > bits so there's no danger of putting the wrong thing in the page tables.
>
> I think that in this commit I got it wrong but I think this is awkward:
>
> /*
> * TCS pages must always RW set for CPU access while the SECINFO
> * permissions are *always* zero - the CPU ignores the user provided
> * values and silently overwrites with zero permissions.
> */
> if ((secinfo.flags & SGX_SECINFO_PAGE_TYPE_MASK) == SGX_SECINFO_TCS)
> prot |= PROT_READ | PROT_WRITE;
>
> In my opinion the right thing to do would be check that SECINFO has *at
> minimum* RW and return -EINVAL if not.
>
> I don't like the SGX silently adjusting permissions like this.
For me any sane solution goes where we don't have that kind of tweaking
probably my "minimum RW" is more sane than my earlier proposal.
/Jarkko
next prev parent reply other threads:[~2019-08-22 16:38 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-19 15:25 [PATCH 0/5] x86/sgx: Improve permission handing Jarkko Sakkinen
2019-08-19 15:25 ` [PATCH 1/5] x86/sgx: Document permission handling better Jarkko Sakkinen
2019-08-22 3:43 ` Sean Christopherson
2019-08-22 16:04 ` Jarkko Sakkinen
2019-08-19 15:25 ` [PATCH 2/5] x86/sgx: Use memchr_inv() in sgx_validate_secinfo() Jarkko Sakkinen
2019-08-22 3:47 ` Sean Christopherson
2019-08-22 16:20 ` Jarkko Sakkinen
2019-08-19 15:25 ` [PATCH 3/5] x86/sgx: Make sgx_validate_secinfo() more readable Jarkko Sakkinen
2019-08-22 3:48 ` Sean Christopherson
2019-08-22 16:26 ` Jarkko Sakkinen
2019-08-22 10:39 ` Ayoun, Serge
2019-08-22 16:45 ` Jarkko Sakkinen
2019-08-19 15:25 ` [PATCH 4/5] x86/sgx: Validate TCS permssions in sgx_validate_secinfo() Jarkko Sakkinen
2019-08-21 18:45 ` Jarkko Sakkinen
2019-08-22 11:33 ` Ayoun, Serge
2019-08-22 14:27 ` Sean Christopherson
2019-08-22 16:46 ` Jarkko Sakkinen
2019-08-22 16:59 ` Jarkko Sakkinen
2019-08-22 3:55 ` Sean Christopherson
2019-08-22 16:31 ` Jarkko Sakkinen
2019-08-22 16:34 ` Sean Christopherson
2019-08-23 0:39 ` Jarkko Sakkinen
2019-08-23 0:57 ` Jarkko Sakkinen
2019-08-23 2:05 ` Sean Christopherson
2019-08-23 13:41 ` Jarkko Sakkinen
2019-08-22 16:38 ` Jarkko Sakkinen [this message]
2019-08-19 15:25 ` [PATCH 5/5] x86/sgx: Rename vm_prot_bits as max_vm_flags Jarkko Sakkinen
2019-08-22 4:00 ` Sean Christopherson
2019-08-22 16:43 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d5cf6df5ad1b52f64c770227c33bd5ec8ec56886.camel@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=linux-sgx@vger.kernel.org \
--cc=sean.j.christopherson@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).