[RFC PATCH v2 0/5] security: x86/sgx: SGX vs. LSM
Sean Christopherson
sean.j.christopherson at intel.com
Thu Jun 6 02:11:40 UTC 2019
This series is the result of a rather absurd amount of discussion over
how to get SGX to play nice with LSM policies, without having to resort
to evil shenanigans or put undue burden on userspace. Discussions are
still ongoing, e.g. folks are exploring alternatives to changing the
proposed SGX UAPI, but I wanted to get this updated version of the code
posted to show a fairly minimal implemenation(from a kernel perspective),
e.g. the diff stats aren't too scary, especially considering 50% of the
added lines are comments.
This series is a delta to Jarkko's ongoing SGX series and applies on
Jarkko's current master at https://github.com/jsakkine-intel/linux-sgx.git:
dfc89a83b5bc ("docs: x86/sgx: Document the enclave API")
The basic gist of the approach is to track an enclave's page protections
separately from any vmas that map the page, and separate from the hardware
enforced protections. The SGX UAPI is modified to require userspace to
explicitly define the protections for each enclave page, i.e. the ioctl
to add pages to an enclave is extended to take PROT_{READ,WRITE,EXEC}
flags.
An enclave page's protections are the maximal protections that userspace
can use to map the page, e.g. mprotect() and mmap() are rejected if the
protections for the vma would be more permissible than those of the
associated enclave page.
Tracking protections for an enclave page (in additional to vmas) allows
SGX to invoke LSM upcalls while the enclave is being built. This is
critical to enabling LSMs to implement policies for enclave pages that
are functionally equivalent to existing policies for normal pages.
v1: https://lkml.kernel.org/r/20190531233159.30992-1-sean.j.christopherson@intel.com
v2:
- Dropped the patch(es) to extend the SGX UAPI to allow adding multiple
enclave pages in a single syscall [Jarkko].
- Reject ioctl() immediately on LSM denial [Stephen].
- Rework SELinux code to avoid checking EXEMEM multiple times [Stephen].
- Adding missing equivalents to existing selinux_file_protect() checks
[Stephen].
- Hold mmap_sem across copy_to_user() to prevent a TOCTOU race when
checking the source vma [Stephen].
- Stubify security_enclave_load() if !CONFIG_SECURITY [Stephen].
- Make flags a 32-bit field [Andy].
- Don't validate the SECINFO protection flags against the enclave
page's protection flags [Andy].
- Rename mprotect() hook to may_mprotect() [Andy].
- Test 'vma->vm_flags & VM_MAYEXEC' instead of manually checking for
a noexec path [Jarkko].
- Drop the SGX defined flags (use PROT_*) [Jarkko].
- Improve comments and changelogs [Jarkko].
Sean Christopherson (5):
mm: Introduce vm_ops->may_mprotect()
x86/sgx: Require userspace to define enclave pages' protection bits
x86/sgx: Enforce noexec filesystem restriction for enclaves
LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
security/selinux: Add enclave_load() implementation
arch/x86/include/uapi/asm/sgx.h | 2 +
arch/x86/kernel/cpu/sgx/driver/ioctl.c | 57 ++++++++++++++++++---
arch/x86/kernel/cpu/sgx/driver/main.c | 5 ++
arch/x86/kernel/cpu/sgx/encl.c | 53 ++++++++++++++++++++
arch/x86/kernel/cpu/sgx/encl.h | 4 ++
include/linux/lsm_hooks.h | 13 +++++
include/linux/mm.h | 2 +
include/linux/security.h | 12 +++++
mm/mprotect.c | 15 ++++--
security/security.c | 7 +++
security/selinux/hooks.c | 69 ++++++++++++++++++++++++++
11 files changed, 228 insertions(+), 11 deletions(-)
--
2.21.0
More information about the Linux-security-module-archive
mailing list