From: Stephen Smalley <sds@tycho.nsa.gov>
To: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Cedric Xing <cedric.xing@intel.com>,
James Morris <jmorris@namei.org>,
"Serge E . Hallyn" <serge@hallyn.com>,
LSM List <linux-security-module@vger.kernel.org>,
Paul Moore <paul@paul-moore.com>,
Eric Paris <eparis@parisplace.org>,
selinux@vger.kernel.org, Jethro Beekman <jethro@fortanix.com>,
Dave Hansen <dave.hansen@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
linux-sgx@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
nhorman@redhat.com, npmccallum@redhat.com,
Serge Ayoun <serge.ayoun@intel.com>,
Shay Katz-zamir <shay.katz-zamir@intel.com>,
Haitao Huang <haitao.huang@intel.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Kai Svahn <kai.svahn@intel.com>, Borislav Petkov <bp@alien8.de>,
Josh Triplett <josh@joshtriplett.org>,
Kai Huang <kai.huang@intel.com>,
David Rientjes <rientjes@google.com>,
William Roberts <william.c.roberts@intel.com>,
Philip Tricca <philip.b.tricca@intel.com>
Subject: Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Date: Mon, 3 Jun 2019 14:38:31 -0400 [thread overview]
Message-ID: <7fa39363-78ec-8bd3-50e3-b5d05cd4593c@tycho.nsa.gov> (raw)
In-Reply-To: <20190603144251.GB13384@linux.intel.com>
On 6/3/19 10:42 AM, Sean Christopherson wrote:
> On Mon, Jun 03, 2019 at 10:19:18AM -0400, Stephen Smalley wrote:
>> On 5/31/19 7:31 PM, Sean Christopherson wrote:
>>> enclave_load() is roughly analogous to the existing file_mprotect().
>>>
>>> Due to the nature of SGX and its Enclave Page Cache (EPC), all enclave
>>> VMAs are backed by a single file, i.e. /dev/sgx/enclave, that must be
>>> MAP_SHARED. Furthermore, all enclaves need read, write and execute
>>> VMAs. As a result, file_mprotect() does not provide any meaningful
>>> security for enclaves since an LSM can only deny/grant access to the
>>> EPC as a whole.
>>>
>>> security_enclave_load() is called when SGX is first loading an enclave
>>> page, i.e. copying a page from normal memory into the EPC. The notable
>>> difference from file_mprotect() is the allowed_prot parameter, which
>>> is essentially an SGX-specific version of a VMA's MAY_{READ,WRITE,EXEC}
>>> flags. The purpose of allowed_prot is to enable checks such as
>>> SELinux's FILE__EXECMOD permission without having to track and update
>>> VMAs across multiple mm structs, i.e. SGX can ensure userspace doesn't
>>> overstep its bounds simply by restricting an enclave VMA's protections
>>> by vetting what is maximally allowed during build time.
>>>
>>> An alternative to the allowed_prot approach would be to use an enclave's
>>> SIGSTRUCT (a smallish structure that can uniquely identify an enclave)
>>> as a proxy for the enclave. For example, SGX could take and hold a
>>> reference to the file containing the SIGSTRUCT (if it's in a file) and
>>> call security_enclave_load() during mprotect(). While the SIGSTRUCT
>>> approach would provide better precision, the actual value added was
>>> deemed to be negligible. On the other hand, pinning a file for the
>>> lifetime of the enclave is ugly, and essentially caching LSM policies
>>> in each page's allowed_prot avoids having to make an extra LSM upcall
>>> during mprotect().
>>>
>>> Note, extensive discussion yielded no sane alternative to some form of
>>> SGX specific LSM hook[1].
>>>
>>> [1] https://lkml.kernel.org/r/CALCETrXf8mSK45h7sTK5Wf+pXLVn=Bjsc_RLpgO-h-qdzBRo5Q@mail.gmail.com
>>>
>>> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
>>> ---
>>> arch/x86/kernel/cpu/sgx/driver/ioctl.c | 14 +++++++++-----
>>> include/linux/lsm_hooks.h | 16 ++++++++++++++++
>>> include/linux/security.h | 2 ++
>>> security/security.c | 8 ++++++++
>>> 4 files changed, 35 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/arch/x86/kernel/cpu/sgx/driver/ioctl.c b/arch/x86/kernel/cpu/sgx/driver/ioctl.c
>>> index 5f71be7cbb01..260417ecbcff 100644
>>> --- a/arch/x86/kernel/cpu/sgx/driver/ioctl.c
>>> +++ b/arch/x86/kernel/cpu/sgx/driver/ioctl.c
>>> @@ -8,6 +8,7 @@
>>> #include <linux/highmem.h>
>>> #include <linux/ratelimit.h>
>>> #include <linux/sched/signal.h>
>>> +#include <linux/security.h>
>>> #include <linux/shmem_fs.h>
>>> #include <linux/slab.h>
>>> #include <linux/suspend.h>
>>> @@ -580,21 +581,24 @@ static int sgx_encl_page_protect(unsigned long src, unsigned long prot,
>>> unsigned long *allowed_prot)
>>> {
>>> struct vm_area_struct *vma;
>>> + int ret = 0;
>>> - if (!(*allowed_prot & VM_EXEC))
>>> + if (!(*allowed_prot & VM_EXEC) && !IS_ENABLED(CONFIG_SECURITY))
>>> goto do_check;
>>> down_read(¤t->mm->mmap_sem);
>>> vma = find_vma(current->mm, src);
>>> if (!vma || (vma->vm_file && path_noexec(&vma->vm_file->f_path)))
>>> *allowed_prot &= ~VM_EXEC;
>>> +#ifdef CONFIG_SECURITY
>>> + ret = security_enclave_load(vma, prot, allowed_prot);
>>> +#endif
>>
>> Normally you'd define a static inline stub for the hook in the #else clause
>> for CONFIG_SECURITY in include/linux/security.h and avoid any ifdef here.
>
> Ah, right.
>
>> What ensures that the mapping referenced by src can't be changed to an
>> entirely different one (with a different vm_file) between the time of check
>> (here) and the time of use?
>
> Nothing. Holding mmap_sem across copy_from_user() would suffice, correct?
I don't believe you can do that; copy_from_user() could stall
indefinitely. Not sure how to do what you want here or if it requires
changing the interface.
>
>>> up_read(¤t->mm->mmap_sem);
>>> do_check:
>>> - if (prot & ~*allowed_prot)
>>> - return -EACCES;
>>> -
>>> - return 0;
>>> + if (!ret && (prot & ~*allowed_prot))
>>> + ret = -EACCES;
>>> + return ret;
>>> }
>>> static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long addr,
next prev parent reply other threads:[~2019-06-03 18:39 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-31 23:31 [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM Sean Christopherson
2019-05-31 23:31 ` [RFC PATCH 1/9] x86/sgx: Remove unused local variable in sgx_encl_release() Sean Christopherson
2019-06-04 11:41 ` Jarkko Sakkinen
2019-05-31 23:31 ` [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address Sean Christopherson
2019-06-04 11:49 ` Jarkko Sakkinen
2019-06-04 20:16 ` Andy Lutomirski
2019-06-04 22:10 ` Xing, Cedric
2019-06-05 14:08 ` Sean Christopherson
2019-06-05 15:17 ` Jarkko Sakkinen
2019-06-05 20:14 ` Andy Lutomirski
2019-06-06 15:37 ` Jarkko Sakkinen
2019-06-13 13:48 ` Jarkko Sakkinen
2019-06-13 16:47 ` Xing, Cedric
2019-06-13 17:14 ` Sean Christopherson
2019-06-14 15:18 ` Jarkko Sakkinen
2019-06-05 15:15 ` Jarkko Sakkinen
2019-05-31 23:31 ` [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() Sean Christopherson
2019-06-03 6:26 ` Xing, Cedric
2019-06-03 20:08 ` Sean Christopherson
2019-06-03 20:39 ` Sean Christopherson
2019-06-03 23:45 ` Xing, Cedric
2019-06-04 0:54 ` Sean Christopherson
2019-06-04 20:18 ` Andy Lutomirski
2019-06-04 22:02 ` Xing, Cedric
2019-06-03 20:14 ` Dave Hansen
2019-06-03 20:37 ` Sean Christopherson
2019-06-03 20:39 ` Dave Hansen
2019-06-03 23:48 ` Xing, Cedric
2019-06-04 0:55 ` Sean Christopherson
2019-06-04 11:55 ` Jarkko Sakkinen
2019-05-31 23:31 ` [RFC PATCH 4/9] mm: Introduce vm_ops->mprotect() Sean Christopherson
2019-06-03 6:27 ` Xing, Cedric
2019-06-04 12:24 ` Jarkko Sakkinen
2019-06-04 14:51 ` Andy Lutomirski
2019-05-31 23:31 ` [RFC PATCH 5/9] x86/sgx: Restrict mapping without an enclave page to PROT_NONE Sean Christopherson
2019-06-03 6:28 ` Xing, Cedric
2019-06-04 15:32 ` Jarkko Sakkinen
2019-05-31 23:31 ` [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES Sean Christopherson
2019-06-03 6:28 ` Xing, Cedric
2019-06-04 16:23 ` Jarkko Sakkinen
2019-06-04 16:45 ` Sean Christopherson
2019-06-05 15:06 ` Jarkko Sakkinen
2019-06-04 20:23 ` Andy Lutomirski
2019-06-05 11:10 ` Ayoun, Serge
2019-06-05 23:58 ` Sean Christopherson
2019-05-31 23:31 ` [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves Sean Christopherson
2019-06-03 6:29 ` Xing, Cedric
2019-06-04 20:26 ` Andy Lutomirski
2019-06-04 16:25 ` Jarkko Sakkinen
2019-06-04 20:25 ` Andy Lutomirski
2019-06-04 20:34 ` Sean Christopherson
2019-06-04 21:54 ` Xing, Cedric
2019-06-05 15:10 ` Jarkko Sakkinen
2019-06-06 1:01 ` Sean Christopherson
2019-05-31 23:31 ` [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX Sean Christopherson
2019-06-03 6:28 ` Xing, Cedric
2019-06-03 14:19 ` Stephen Smalley
2019-06-03 14:42 ` Sean Christopherson
2019-06-03 18:38 ` Stephen Smalley [this message]
2019-06-03 18:45 ` Dave Hansen
2019-06-04 20:29 ` Andy Lutomirski
2019-06-04 20:36 ` Sean Christopherson
2019-06-04 21:43 ` Xing, Cedric
2019-06-06 2:04 ` Sean Christopherson
2019-05-31 23:31 ` [RFC PATCH 9/9] security/selinux: Add enclave_load() implementation Sean Christopherson
2019-06-03 15:01 ` Stephen Smalley
2019-06-03 15:50 ` Sean Christopherson
2019-06-02 7:29 ` [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM Xing, Cedric
2019-06-03 17:15 ` Sean Christopherson
2019-06-03 18:30 ` Xing, Cedric
2019-06-04 1:36 ` Sean Christopherson
2019-06-04 15:33 ` Stephen Smalley
2019-06-04 16:30 ` Sean Christopherson
2019-06-04 21:38 ` Xing, Cedric
2019-06-03 17:47 ` Stephen Smalley
2019-06-03 18:02 ` Xing, Cedric
2019-06-04 11:15 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7fa39363-78ec-8bd3-50e3-b5d05cd4593c@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=dave.hansen@intel.com \
--cc=eparis@parisplace.org \
--cc=haitao.huang@intel.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jethro@fortanix.com \
--cc=jmorris@namei.org \
--cc=josh@joshtriplett.org \
--cc=kai.huang@intel.com \
--cc=kai.svahn@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=luto@kernel.org \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=paul@paul-moore.com \
--cc=philip.b.tricca@intel.com \
--cc=rientjes@google.com \
--cc=sean.j.christopherson@intel.com \
--cc=selinux@vger.kernel.org \
--cc=serge.ayoun@intel.com \
--cc=serge@hallyn.com \
--cc=shay.katz-zamir@intel.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=william.c.roberts@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).