lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 24 Oct 2017 15:39:13 +0200
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     Dave Hansen <dave.hansen@...el.com>
Cc:     Christoph Hellwig <hch@...radead.org>, viro@...iv.linux.org.uk,
        linux-kernel@...r.kernel.org, intel-sgx-kernel-dev@...ts.01.org,
        platform-driver-x86@...r.kernel.org
Subject: Re: [intel-sgx-kernel-dev] [PATCH v4 06/12] fs/pipe.c: export
 create_pipe_files() and replace_fd()

On Sun, Oct 22, 2017 at 10:09:16PM -0700, Dave Hansen wrote:
> On 10/22/2017 07:55 PM, Jarkko Sakkinen wrote:
> > On Fri, Oct 20, 2017 at 07:32:42AM -0700, Dave Hansen wrote:
> >> I've always been curious, and the changelog and thread are curiously
> >> oblique on this topic: what the heck does this driver use pipes *for*?
> > For communication with the process hosting the launch enclave.
> 
> But, why pipes?  Why does the kernel have to be the one setting these
> up?  Why is this communication necessary in the first place?

1. Kernel gives a SIGSTRUCT instance to the LE hosting process.
2. LE hosting process gives the SIGSTRUCT to the LE.
3. LE gives EINITTOKEN to the LE hosting process after generating it.
4. LE hosting process gives it back to the kernel.

I do not understand why using pipes for this is such a big crime to
implement this. I do have an alternative proposal if it is.

What I can do is to use one struct shmem_file instance and assing it
to a file descriptor instead. Kernel and LE hosting process can then
use that for communication.

It would simplify the infrastructure so I will vote that anyhow even if
using pipes would turn out to be acceptable. And does this solution does
not require new exports.

I would still like to hear a better explanation than Christoph gave why
using pipes is a crime and why coredump still uses them if it is.

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ