On Fri, 19 Apr 2019, Jethro Beekman wrote: > On 2019-04-19 14:34, Thomas Gleixner wrote: > > And how so? You create writeable AND executable memory. That's a nono and > > you can argue in circles, that's not going to change with any of your > > proposed changes. > > On 2019-04-19 14:38, Thomas Gleixner wrote: > > You are working around LSM nothing else and that's just not going to fly. > > Based on your comments, I'm still unsure if we're on the same page with > regards to what I'm proposing. > > Here's a regular non-SGX flow that LSM would likely prevent: > > mmap(PROT_READ|PROT_WRITE) > memcpy() > mmap(PROT_READ|PROT_EXEC) <-- denied by LSM > > Or just something based on regular PT permissions: > > mmap(PROT_READ|PROT_EXEC) > memcpy() <-- SIGSEGV > > Now, the equivalent for SGX: > > mmap(PROT_READ|PROT_WRITE) > ioctl(EADD) > mmap(PROT_READ|PROT_EXEC) <-- denied by LSM This is completely irrelevant, really. The point is that the SGX driver loads and executes arbitrary data which is handed in from user space via an ioctl w/o any chance of verifying where that comes from. What Andy proposed is to open a file with the SGX payload and hand in the file descriptor. That way LSM can decide whether this is allowed or denied based on the file descriptor and whatever the security model/policy is in a particular setup. Right know the SGX driver and its proposed API prevent any form of LSM auditing and whatever permission checks you had in mind won't change that at all. Thanks, tglx
