Re: [RFC PATCH v2.1 14/30] x86/sgx: Support restricting of enclave page permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 09, 2022 at 10:52:22AM +0200, Jarkko Sakkinen wrote:
> On Fri, Mar 04, 2022 at 11:35:08AM +0200, Jarkko Sakkinen wrote:
> > +#define SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS \
> > +	_IOWR(SGX_MAGIC, 0x05, struct sgx_enclave_restrict_perm)
> 
> What if this was replaced with just SGX_IOC_ENCLAVE_RESET_PAGES, which
> would simply do EMODPR with PROT_NONE? The main ingredient of EMODPR is to
> flush out the TLB's, and move a page to pending state, which cannot be done
> from inside the enclave.
> 
> It's there because of microarchitecture constraints, and less so to work as
> a reasonable permission control mechanism (actually it does terrible job on
> that side and only confuses).
> 
> Once you have this magic TLB reset button in place you can just do one
> EACCEPT and EMODPE inside the enclave and you're done.
> 
> This is also kind of atomic in the sense that EACCEPT free's a page with no
> rights so no misuse can happend before EMODPE has tuned EPCM.

I wonder if this type of pattern could be made work out for Graphene:

1. SGX_IOC_ENCLAVE_RESET_PAGES
2. EACCEPT + EMODPE

This kind of delivers EMODP that everyone has been looking for.

BR, Jarkko



[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux