[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c726caa3-e259-9971-0ab9-341380207628@intel.com>
Date: Fri, 6 Nov 2020 13:23:28 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: Matthew Wilcox <willy@...radead.org>,
"Dr. Greg" <greg@...ellic.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>, x86@...nel.org,
linux-sgx@...r.kernel.org, linux-kernel@...r.kernel.org,
Sean Christopherson <sean.j.christopherson@...el.com>,
linux-mm@...ck.org, Andrew Morton <akpm@...ux-foundation.org>,
Jethro Beekman <jethro@...tanix.com>,
Darren Kenny <darren.kenny@...cle.com>,
andriy.shevchenko@...ux.intel.com, asapek@...gle.com, bp@...en8.de,
cedric.xing@...el.com, chenalexchen@...gle.com,
conradparker@...gle.com, cyhanish@...gle.com,
haitao.huang@...el.com, kai.huang@...el.com, kai.svahn@...el.com,
kmoy@...gle.com, ludloff@...gle.com, luto@...nel.org,
nhorman@...hat.com, npmccallum@...hat.com, puiterwijk@...hat.com,
rientjes@...gle.com, tglx@...utronix.de, yaozhangx@...gle.com,
mikko.ylinen@...el.com
Subject: Re: [PATCH v40 10/24] mm: Add 'mprotect' hook to struct
vm_operations_struct
On 11/6/20 1:13 PM, Matthew Wilcox wrote:
> On Fri, Nov 06, 2020 at 11:43:59AM -0600, Dr. Greg wrote:
>> The 900 pound primate in the room, that no one is acknowledging, is
>> that this technology was designed to not allow the operating system to
>> have any control over what it is doing. In the mindset of kernel
>> developers, the operating system is the absolute authority on
>> security, so we find ourselves in a situation where the kernel needs
>> to try and work around this fact so any solutions will be imperfect at
>> best.
>>
>> As I've noted before, this is actually a primary objective of enclave
>> authors, since one of the desires for 'Confidential Computing' is to
>> hide things like proprietary algorithms from the platform owners. I
>> think the driver needs to acknowledge this fact and equip platform
>> owners with the simplest and most effective security solutions that
>> are available.
> Or we need to not merge "technology" that subverts the owner of
> the hardware. Remember: root kit authors are inventive buggers.
Machine owners have lots of ways to yield their own control of the
hardware. One is:
wget http://what-could-go-wrong.com -O foo.sh; sudo foo.sh
Another is to enable SGX in the BIOS. You're giving up some level of
control and yielding it to the hardware. If you don't trust the
hardware (aka. Intel), I'd stay far, far away from that BIOS option.
This mprotect() hook is trying to have the kernel enforce some rules
that yield *less* to enclave authors. Once a rootkit is in play, the
kernel isn't going to be providing meaningful protection and I'd expect
that this hook is rather useless.
Powered by blists - more mailing lists