From: Jordan Hand <jorhand@linux.microsoft.com>
To: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
linux-sgx@vger.kernel.org, akpm@linux-foundation.org,
dave.hansen@intel.com, nhorman@redhat.com, npmccallum@redhat.com,
haitao.huang@intel.com, andriy.shevchenko@linux.intel.com,
tglx@linutronix.de, kai.svahn@intel.com, bp@alien8.de,
josh@joshtriplett.org, luto@kernel.org, kai.huang@intel.com,
rientjes@google.com, cedric.xing@intel.com,
puiterwijk@redhat.com, linux-security-module@vger.kernel.org,
Suresh Siddha <suresh.b.siddha@intel.com>,
Haitao Huang <haitao.huang@linux.intel.com>
Subject: Re: [PATCH v26 10/22] x86/sgx: Linux Enclave Driver
Date: Thu, 20 Feb 2020 10:33:36 -0800 [thread overview]
Message-ID: <7738b3cf-fb32-5306-5740-59974444e327@linux.microsoft.com> (raw)
In-Reply-To: <20200220181345.GD3972@linux.intel.com>
On 2/20/20 10:13 AM, Sean Christopherson wrote:
> On Tue, Feb 18, 2020 at 07:26:31PM -0800, Jordan Hand wrote:
>> During mprotect (in mm/mprotect.c line 525) the following checks if
>> READ_IMPLIES_EXECUTE and a PROT_READ is being requested. If so and
>> VM_MAYEXEC is set, it also adds PROT_EXEC to the request.
>>
>> if (rier && (vma->vm_flags & VM_MAYEXEC))
>> prot |= PROT_EXEC;
>>
>> But if we look at sgx_encl_page_alloc(), we see vm_max_prot_bits is set
>> without taking VM_MAYEXEC into account:
>>
>> encl_page->vm_max_prot_bits = calc_vm_prot_bits(prot, 0);
>>
>> sgx_encl_may_map() checks that the requested protection can be added with:
>>
>> if (!page || (~page->vm_max_prot_bits & vm_prot_bits))
>> return -EACCESS
>>
>> This means that for any process where READ_IMPLIES_EXECUTE is set and
>> page where (vma->vm_flags & VM_MAYEXEC) == true, mmap/mprotect calls to
>> that request PROT_READ on a page that was not added with PROT_EXEC will
>> fail.
>
> I could've sworn this was discussed on the SGX list at one point, but
> apparently we only discussed it internally. Anyways...
>
> More than likely, the READ_IMPLIES_EXECUTE (RIE) crud rears its head
> because part of the enclave loader is written in assembly. Unless
> explicitly told otherwise, the linker assumes that any program with
> assembly code may need an executable stack, which leads to the RIE
> personality being set for the process. Here's a fantastic write up for
> more details: https://www.airs.com/blog/archives/518
>
> There are essentially two paths we can take:
>
> 1) Exempt EPC pages from RIE during mmap()/mprotect(), i.e. don't add
> PROT_EXEC for enclaves.
>
> 2) Punt the issue to userspace.
>
> Option (1) is desirable in some ways:
>
> - Enclaves will get an executable stack if and only if the loader/creator
> intentionally configures it to have an executable stack.
>
> - Separates enclaves from the personality of the loader.
>
> - Userspace doesn't have to do anything for the common case of not
> wanting an executable stack for its enclaves.
>
> The big down side to (1) is that it'd require an ugly hook in architecture
> agnostic code. And arguably, it reduces the overall security of the
> platform (more below).
>
> For (2), userspace has a few options:
>
> a) Tell the linker the enclave loader doesn't need RIE, either via a .note
> in assembly files or via the global "-z noexecstack" flag.
>
> b) Spawn a separate process to run/map the enclave if the enclave loader
> needs RIE.
>
> c) Require enclaves to allow PROT_EXEC on all pages. Note, this is an
> absolutely terrible idea and only included for completeness.
>
> As shown by the lack of a mmap()/mprotect() hook in this series to squash
> RIE, we chose option (2). Given that enclave loaders are not legacy code
> and hopefully following decent coding practices, option (2a) should suffice
> for all loaders. The security benefit mentioned above is that forcing
> enclave loaders to squash RIE eliminates an exectuable stack as an attack
> vector on the loader.
I see your point and I do agree that there are security benefits to (2a)
and I think we could do that for our loader. That said, it does concern
me that this breaks perfectly valid userspace behavior. If a userspace
process decides to use RIE, I don't know that the SGX driver should
disobey that decision.
So option (3) would be to just honor RIE for enclave pages and when page
permissions are set to PROT_READ in sgx_encl_page_alloc and RIE is set,
also add PROT_EXEC.
I understand your concerns that this using RIE is bad security practice
and I'm not convinced that (3) is the way to go, but from a philosophy
perspective I don't know that the kernel should be in the business of
stopping userspace from doing valid things.
If option (3) can't/shouldn't be done for some reason, option (1) at
least keeps from breaking expected userspace behavior. But I do agree
that (1) is ugly to implement.
-Jordan
next prev parent reply other threads:[~2020-02-20 18:33 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-09 21:25 [PATCH v26 00/22] Intel SGX foundations Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 01/22] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 02/22] x86/cpufeatures: x86/msr: Intel SGX Launch Control " Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 03/22] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 04/22] x86/sgx: Add SGX microarchitectural data structures Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 05/22] x86/sgx: Add wrappers for ENCLS leaf functions Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 06/22] x86/cpu/intel: Detect SGX supprt Jarkko Sakkinen
2020-02-12 16:57 ` Sean Christopherson
2020-02-13 18:04 ` Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 07/22] x86/sgx: Enumerate and track EPC sections Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 08/22] x86/sgx: Add functions to allocate and free EPC pages Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 09/22] mm: Introduce vm_ops->may_mprotect() Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 10/22] x86/sgx: Linux Enclave Driver Jarkko Sakkinen
2020-02-13 13:59 ` Jethro Beekman
2020-02-13 18:07 ` Sean Christopherson
2020-02-14 9:24 ` Jethro Beekman
2020-02-14 17:11 ` Sean Christopherson
2020-02-14 17:40 ` Andy Lutomirski
2020-02-14 17:52 ` Sean Christopherson
2020-02-15 16:56 ` Andy Lutomirski
2020-02-18 22:12 ` Sean Christopherson
2020-02-15 18:05 ` Dr. Greg
2020-02-15 7:32 ` Jarkko Sakkinen
2020-02-15 7:35 ` Jarkko Sakkinen
2020-02-19 3:26 ` Jordan Hand
2020-02-20 18:13 ` Sean Christopherson
2020-02-20 18:33 ` Jordan Hand [this message]
2020-02-20 18:48 ` Sean Christopherson
2020-02-20 22:16 ` Jarkko Sakkinen
2020-02-21 0:11 ` Jordan Hand
2020-02-21 12:53 ` Jarkko Sakkinen
2020-02-21 0:32 ` Andy Lutomirski
2020-02-21 13:01 ` Jarkko Sakkinen
2020-02-20 18:51 ` Andy Lutomirski
2020-02-20 19:15 ` Sean Christopherson
2020-02-20 22:10 ` Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 11/22] selftests/x86: Recurse into subdirectories Jarkko Sakkinen
2020-02-09 21:25 ` [PATCH v26 12/22] selftests/x86: Add a selftest for SGX Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 13/22] x86/sgx: Add provisioning Jarkko Sakkinen
2020-02-13 10:49 ` Jethro Beekman
2020-02-15 7:25 ` Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 14/22] x86/sgx: Add a page reclaimer Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 15/22] x86/sgx: ptrace() support for the SGX driver Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 16/22] x86/vdso: Add support for exception fixup in vDSO functions Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 17/22] x86/fault: Add helper function to sanitize error code Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 18/22] x86/traps: Attempt to fixup exceptions in vDSO before signaling Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 19/22] x86/vdso: Add __vdso_sgx_enter_enclave() to wrap SGX enclave transitions Jarkko Sakkinen
2020-02-13 13:29 ` Jethro Beekman
2020-02-15 7:26 ` Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 20/22] selftests/x86: Add vDSO selftest for SGX Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 21/22] x86/sgx: Update MAINTAINERS Jarkko Sakkinen
2020-02-09 21:26 ` [PATCH v26 22/22] docs: x86/sgx: Document SGX micro architecture and kernel internals Jarkko Sakkinen
2020-02-22 4:13 ` Randy Dunlap
2020-02-23 17:04 ` Jarkko Sakkinen
2020-02-23 17:05 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7738b3cf-fb32-5306-5740-59974444e327@linux.microsoft.com \
--to=jorhand@linux.microsoft.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=dave.hansen@intel.com \
--cc=haitao.huang@intel.com \
--cc=haitao.huang@linux.intel.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=josh@joshtriplett.org \
--cc=kai.huang@intel.com \
--cc=kai.svahn@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=luto@kernel.org \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=puiterwijk@redhat.com \
--cc=rientjes@google.com \
--cc=sean.j.christopherson@intel.com \
--cc=suresh.b.siddha@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).