lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181219104015.GA4863@linux.intel.com>
Date:   Wed, 19 Dec 2018 12:43:59 +0200
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     Jethro Beekman <jethro@...tanix.com>
Cc:     Andy Lutomirski <luto@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        "x86@...nel.org" <x86@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Peter Zijlstra <peterz@...radead.org>,
        "sean.j.christopherson@...el.com" <sean.j.christopherson@...el.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-sgx@...r.kernel.org" <linux-sgx@...r.kernel.org>,
        Andy Lutomirski <luto@...capital.net>,
        Josh Triplett <josh@...htriplett.org>,
        Haitao Huang <haitao.huang@...ux.intel.com>,
        "Dr . Greg Wettstein" <greg@...ellic.com>
Subject: Re: x86/sgx: uapi change proposal

On Wed, Dec 19, 2018 at 09:36:16AM +0000, Jethro Beekman wrote:
> On 2018-12-19 14:41, Jarkko Sakkinen wrote:
> > On Wed, Dec 19, 2018 at 08:41:12AM +0000, Jethro Beekman wrote:
> > > One weird thing is the departure from the normal mmap behavior that the
> > > memory mapping persists even if the original fd is closed. (See man mmap:
> > > "closing the file descriptor does not unmap the region.")
> > 
> > The mmapped region and enclave would be completely disjoint to start
> > with. The enclave driver code would assume that an enclave VMA exists
> > when it maps enclave address space to a process.
> > 
> > I.e. VMA would no longer reference to the enclave or vice versa but
> > you would still create an enclave VMA with mmap().
> > 
> > This is IMHO very clear and well-defined semantics.
> > 
> > > > struct sgx_enclave_add_page {
> > > > 	__u64	enclave_fd;
> > > > 	__u64	src;
> > > > 	__u64	secinfo;
> > > > 	__u16	mrmask;
> > > > } __attribute__((__packed__));
> > > 
> > > Wouldn't you just pass enclave_fd as the ioctl fd parameter?
> > 
> > I'm still planning to keep the API in the device fd and use enclave_fd
> > as handle to the enclave address space. I don't see any obvious reason
> > to change that behavior.
> > 
> > And if we ever add any "global" ioctls, then we would have to define
> > APIs to both fd's, which would become a mess.
> > 
> > > How to specify the address of the page that is being added?
> > 
> > Yes, that is correct and my bad to remove it (just quickly drafted what
> > I had in mind).
> 
> So your plan is that to call EADD, userspace has to pass the device fd AND
> the enclave fd AND the enclave address? That seems a little superfluous.

If the enclave fd would have ioctls to add pages etc., two ioctls APIs
would be already needed now (create for device fd and rest to the
enclave fd). Which one would be more superfluous?

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ