On Mon, Jun 10, 2019 at 12:03:03AM -0700, Cedric Xing wrote: > This series intends to make the new SGX subsystem and the existing LSM > architecture work together smoothly so that, say, SGX cannot be abused to work > around restrictions set forth by LSM. This series applies on top of Jarkko > Sakkinen's SGX series v20 (https://lkml.org/lkml/2019/4/17/344), where abundant > details of this SGX/LSM problem could be found. > > This series is an alternative to Sean Christopherson's recent RFC series > (https://lkml.org/lkml/2019/6/5/1070) that was trying to solve the same > problem. The key problem is for LSM to determine the "maximal (most permissive) > protection" allowed for individual enclave pages. Sean's approach is to take > that from user mode code as a parameter of the EADD ioctl, validate it with LSM > ahead of time, and then enforce it inside the SGX subsystem. The major > disadvantage IMHO is that a priori knowledge of "maximal protection" is needed, > but it isn't always available in certain use cases. In fact, it is an unusual > approach to take "maximal protection" from user code, as what SELinux is doing > today is to determine "maximal protection" of a vma using attributes associated > with vma->vm_file instead. When it comes to enclaves, vma->vm_file always > points /dev/sgx/enclave, so what's missing is a new way for LSM modules to > remember origins of enclave pages so that they don't solely depend on > vma->vm_file to determine "maximal protection". > > This series takes advantage of the fact that enclave pages cannot be remapped > (to different linear address), therefore the pair of { vma->vm_file, > linear_address } can be used to uniquely identify an enclave page. Then by > notifying LSM on creation of every enclave page (via a new LSM hook - > security_enclave_load), LSM modules would be able to track origin and > protection changes of every page, hence be able to judge correctly upon > mmap/mprotect requests. > > Cedric Xing (3): > LSM/x86/sgx: Add SGX specific LSM hooks > LSM/x86/sgx: Implement SGX specific hooks in SELinux > LSM/x86/sgx: Call new LSM hooks from SGX subsystem A patch set containing direct LSM changes should consider all LSMs. This will allow all the LSM maintainers to consider the changes. Now we have a limited audience and we are favoring one LSM. There is no good reason why direct LSM changes cannot be done post-upstreaming like we do for virtualization. Looking at Sean's patches, overally 1/5-3/5 make perfect sense. /Jarkko