Re: [PATCH 10/25] x86/sgx: Support enclave page permission changes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jarkko,

On 12/10/2021 11:57 PM, Jarkko Sakkinen wrote:
On Mon, 2021-12-06 at 13:42 -0800, Reinette Chatre wrote:
Hi Jarkko,

On 12/4/2021 3:08 PM, Jarkko Sakkinen wrote:
On Wed, Dec 01, 2021 at 11:23:08AM -0800, Reinette Chatre wrote:
In the initial (SGX1) version of SGX, pages in an enclave need to be
created with permissions that support all usages of the pages, from the
time the enclave is initialized until it is unloaded. For example,
pages used by a JIT compiler or when code needs to otherwise be
relocated need to always have RWX permissions.

SGX2 includes two functions that can be used to modify the enclave page
permissions of regular enclave pages within an initialized enclave.
ENCLS[EMODPR] is run from the OS and used to restrict enclave page
permissions while ENCLU[EMODPE] is run from within the enclave to
extend enclave page permissions.

Enclave page permission changes need to be approached with care and
for this reason this initial support is to allow enclave page
permission changes _only_ if the new permissions are the same or
more restrictive that the permissions originally vetted at the time the
pages were added to the enclave. Support for extending enclave page
permissions beyond what was originally vetted is deferred.

This paragraph is out-of-scope for a commit message. You could have
this in the cover letter but not here. I would just remove it.

I think this is essential information that is mentioned in the cover
letter _and_ in this changelog. I will follow Dave's guidance and avoid
"deferred" by just removing that last sentence.


Whether enclave page permissions are restricted or extended it
is necessary to ensure that the page table entries and enclave page
permissions are in sync. Introduce a new ioctl, SGX_IOC_PAGE_MODP, to

SGX_IOC_PAGE_MODP does not match the naming convetion of these:

* SGX_IOC_ENCLAVE_CREATE
* SGX_IOC_ENCLAVE_ADD_PAGES
* SGX_IOC_ENCLAVE_INIT

ah - my understanding was that the SGX_IOC_ENCLAVE prefix related to
operations related to the entire enclave and thus I introduced the
prefix SGX_IOC_PAGE to relate to operations on pages within an enclave.

SGX_IOC_ENCLAVE_ADD_PAGES is also operation working on pages within an
enclave.

Also, to be aligned with SGX_IOC_ENCLAVE_ADD_PAGES, the new operations
should also take secinfo as input.

ok, will do.




A better name would be SGX_IOC_ENCLAVE_MOD_PROTECTIONS. It doesn't
do harm to be a more verbose.

Will do. I see later you propose SGX_IOC_ENCLAVE_MODIFY_TYPE - would you
like them to be consistent wrt MOD/MODIFY?

I would considering introducing just one new ioctl:

   SGX_IOC_ENCLAVE_MODIFY_PAGES

and choose either operations based on e.g. a flag
(see flags field SGX_IOC_ENCLAVE_ADD_PAGES).


There seems to be different opinion about the single ioctl() as per:https://lore.kernel.org/lkml/0fb14185-5cc3-a963-253d-2e119b4a52bb@xxxxxxxxx/

I thus plan to proceed with the two ioctls, both taking secinfo as input. Would that be ok with you?

Reinette





[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux