| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Sep 2018 22:13:34 +0000
From: "Huang, Kai" <kai.huang@...el.com>
To: "Christopherson, Sean J" <sean.j.christopherson@...el.com>,
"Jarkko Sakkinen" <jarkko.sakkinen@...ux.intel.com>
CC: "platform-driver-x86@...r.kernel.org"
<platform-driver-x86@...r.kernel.org>,
"x86@...nel.org" <x86@...nel.org>,
"nhorman@...hat.com" <nhorman@...hat.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"suresh.b.siddha@...el.com" <suresh.b.siddha@...el.com>,
"Ayoun, Serge" <serge.ayoun@...el.com>,
"hpa@...or.com" <hpa@...or.com>,
"npmccallum@...hat.com" <npmccallum@...hat.com>,
"mingo@...hat.com" <mingo@...hat.com>,
"linux-sgx@...r.kernel.org" <linux-sgx@...r.kernel.org>,
"Hansen, Dave" <dave.hansen@...el.com>
Subject: RE: [PATCH v13 10/13] x86/sgx: Add sgx_einit() for initializing
enclaves
> -----Original Message-----
> From: platform-driver-x86-owner@...r.kernel.org [mailto:platform-driver-x86-
> owner@...r.kernel.org] On Behalf Of Sean Christopherson
> Sent: Wednesday, September 5, 2018 4:36 AM
> To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
> Cc: Huang, Kai <kai.huang@...el.com>; platform-driver-x86@...r.kernel.org;
> x86@...nel.org; nhorman@...hat.com; linux-kernel@...r.kernel.org;
> tglx@...utronix.de; suresh.b.siddha@...el.com; Ayoun, Serge
> <serge.ayoun@...el.com>; hpa@...or.com; npmccallum@...hat.com;
> mingo@...hat.com; linux-sgx@...r.kernel.org; Hansen, Dave
> <dave.hansen@...el.com>
> Subject: Re: [PATCH v13 10/13] x86/sgx: Add sgx_einit() for initializing enclaves
>
> On Tue, Sep 04, 2018 at 06:30:21PM +0300, Jarkko Sakkinen wrote:
> > On Tue, Sep 04, 2018 at 07:54:51AM -0700, Sean Christopherson wrote:
> > > I don't see any value in trying to rule out specific causes of
> > > INVALID_TOKEN, but we should only retry EINIT if ret==INVALID_TOKEN
> > > and RDMSR(HASH0) != sgx_lepubkeyhash[0]. Only the first MSR needs
> > > to be checked for validity as they're a package deal, i.e. they'll
> > > all be valid or all be reset. There shouldn't be a limit on retry
> > > attempts, e.g. the MSRs could theoretically be reset between WRMSR and
> EINIT.
> >
> > Why is doing rdmsrs necessary? With the INVALID_TOKEN error we know we
> > are out-of-sync i.e. have been sleeping and then one just needs to do
> > wrmsrs.
>
> As Kai mentioned, INVALID_TOKEN is returned for other reasons, e.g. a
> production enclave trying to use a debug token or reserved bits set in the token.
> And in the KVM case, the hash and token are provided by the guest, so it's
> entirely possible the enclave/token is not signed with the key specified in the
> hash. RDMSR is relatively inexpensive compared to the overall cost of EINIT.
> Though of course EINIT failure isn't exactly a fast path, so I'm ok if you want to
> opt for simplicity and retry on INVALID_TOKEN without checking the MSRs, just
> make sure to add a comment indicating we're intentionally not checking the
> MSRs.
>
> > I think one retry should be enough given that VMM traps EINIT. One
> > retry is needed to take care of the guest itself (or host if we are
> > running on bare metal) having been in a sleep state.
>
> Assuming we do RDMSR(hash0), that should be sufficient to prevent infinite retry
> and
IMHO probably we need to review this assumption w/ crypto guys, at least Intel internally.
Thanks,
-Kai
it protects against the MSRs being lost between WRMSR and EINIT during
> retry. That being said, I'm ok retrying only once, especially if you want to omit
> the RDMSR. Disabling preemption should prevent the kernel from suspending
> between WRMSR and EINIT, I'm just being paranoid.
Powered by blists - more mailing lists