lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160427124056.GA22003@intel.com>
Date:	Wed, 27 Apr 2016 15:40:56 +0300
From:	Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:	Jethro Beekman <kernel@...ekman.nl>
Cc:	gregkh@...uxfoundation.org,
	"open list:STAGING SUBSYSTEM" <devel@...verdev.osuosl.org>,
	"maintainer:X86 ARCHITECTURE 32-BIT AND 64-BIT" <x86@...nel.org>,
	"open list:X86 ARCHITECTURE 32-BIT AND 64-BIT" 
	<linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH 3/6] intel_sgx: driver for Intel Secure Guard eXtensions

On Tue, Apr 26, 2016 at 11:49:38PM -0700, Jethro Beekman wrote:
> On 25-04-16 10:34, Jarkko Sakkinen wrote:
> > diff --git a/drivers/staging/intel_sgx/isgx_ioctl.c
> b/drivers/staging/intel_sgx/isgx_ioctl.c
> > new file mode 100644
> > index 0000000..9d8b36b
> > --- /dev/null
> > +++ b/drivers/staging/intel_sgx/isgx_ioctl.c
> >
> > +static long isgx_ioctl_enclave_create(struct file *filep, unsigned int cmd,
> > + unsigned long arg)
> >
> > + secs->base = vm_mmap(filep, 0, secs->size,
> > + PROT_READ | PROT_WRITE | PROT_EXEC,
> > + MAP_SHARED, 0);
> 
> Why does the ioctl interface map userspace memory for an open device?
> There's already a perfectly good syscall for that: mmap.

You didn't explain what would be the value in doing this but after
thinking for a short while I found out two good reasons:

* The current API is ugly in a way that you can anyway call mmap
  directly too and have a useless zombie enclave. This would make
  the API less ambiguous.
* SGX_IOC_ENCLAVE_CREATE could be removed. SECS could be passed
  through SGX_IOC_ENCLAVE_ADD_PAGE thus simplifying the API a lot.

Given these circumstances I think this does make sense.

> > diff --git a/drivers/staging/intel_sgx/isgx_user.h b/drivers/staging/intel_sgx/isgx_user.h
> > new file mode 100644
> > index 0000000..672d19c
> > --- /dev/null
> > +++ b/drivers/staging/intel_sgx/isgx_user.h
> > 
> > +#define SGX_ADD_SKIP_EEXTEND 0x1
> > +
> > +struct sgx_add_param {
> > +	unsigned long		addr;
> > +	unsigned long		user_addr;
> > +	struct isgx_secinfo	*secinfo;
> > +	unsigned int		flags;
> > +};
> 
> The hardware supports calling EEXTEND on only a part of a page, I think the
> driver should also support that.

Why would you want to do that?

> Jethro

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ