Re: [PATCH 03/25] x86/sgx: Support VMA permissions exceeding enclave permissions

From: Reinette Chatre
Date: Mon Dec 06 2021 - 16:17:30 EST

Next message: Sasha Levin: "[PATCH AUTOSEL 5.10 13/15] drm/amd/display: Fix for the no Audio bug with Tiled Displays"
Previous message: Sasha Levin: "[PATCH AUTOSEL 5.10 12/15] net: netlink: af_netlink: Prevent empty skb by adding a check on len."
In reply to: Jarkko Sakkinen: "Re: [PATCH 03/25] x86/sgx: Support VMA permissions exceeding enclave permissions"
Next in thread: Reinette Chatre: "[PATCH 13/25] x86/sgx: Support adding of pages to initialized enclave"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Jarkko,

On 12/4/2021 2:27 PM, Jarkko Sakkinen wrote:

On Sun, Dec 05, 2021 at 12:25:59AM +0200, Jarkko Sakkinen wrote:

On Wed, Dec 01, 2021 at 11:23:01AM -0800, Reinette Chatre wrote:

=== Summary ===

An SGX VMA can only be created if its permissions are the same or
weaker than the Enclave Page Cache Map (EPCM) permissions. After VMA
creation this rule continues to be enforced by the page fault handler.

With SGX2 the EPCM permissions of a page can change after VMA
creation resulting in the VMA exceeding the EPCM permissions and the
page fault handler incorrectly blocking access.

Enable the VMA's pages to remain accessible while ensuring that
the page table entries are installed to match the EPCM permissions
without exceeding the VMA perms issions.

I don't understand what the short summary means in English, and the
commit message is way too bloated to make any conclusions. It really
needs a rewrite.

These were the questions I could not find answer for:

1. Why it would be by any means safe to remove a permission check?

The permission check is redundant for SGX1 and incorrect for SGX2.

In the current SGX1 implementation the permission check in sgx_encl_load_page() is redundant because an SGX VMA can only be created if its permissions are the same or weaker than the EPCM permissions.

In SGX2 a user is able to change EPCM permissions during runtime (while VMA has the memory mapped). A RW VMA may thus originally have mapped an enclave page with RW EPCM permissions but since then the enclave page may have its permissions changed to read-only. The VMA should still be able to read those enclave pages but the check in sgx_encl_load_page() will prevent that.

2. Why not re-issuing mmap()'s is unfeasible? I.e. close existing
VMA's and mmap() new ones.

User is not prevented from closing existing VMAs and creating new ones.

3. Isn't this an API/ABI break?

Could you please elaborate where you see the API/ABI break? The rule that new VMAs cannot exceed EPCM permissions is untouched.

Reinette

Next message: Sasha Levin: "[PATCH AUTOSEL 5.10 13/15] drm/amd/display: Fix for the no Audio bug with Tiled Displays"
Previous message: Sasha Levin: "[PATCH AUTOSEL 5.10 12/15] net: netlink: af_netlink: Prevent empty skb by adding a check on len."
In reply to: Jarkko Sakkinen: "Re: [PATCH 03/25] x86/sgx: Support VMA permissions exceeding enclave permissions"
Next in thread: Reinette Chatre: "[PATCH 13/25] x86/sgx: Support adding of pages to initialized enclave"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]