| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jan 2022 18:49:36 +0200
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Reinette Chatre <reinette.chatre@...el.com>
Cc: Nathaniel McCallum <nathaniel@...fian.com>,
Haitao Huang <haitao.huang@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>, dave.hansen@...ux.intel.com,
tglx@...utronix.de, bp@...en8.de, mingo@...hat.com,
linux-sgx@...r.kernel.org, x86@...nel.org, seanjc@...gle.com,
kai.huang@...el.com, cathy.zhang@...el.com, cedric.xing@...el.com,
haitao.huang@...el.com, mark.shanahan@...el.com, hpa@...or.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 05/25] x86/sgx: Introduce runtime protection bits
On Sat, Jan 15, 2022 at 01:15:53AM +0200, Jarkko Sakkinen wrote:
> > After running ENCLU[EMODPE] user space uses SGX_IOC_ENCLAVE_MOD_PROTECTIONS
>
> OK, great.
>
> A minor nit: please call it SGX_IOC_ENCLAVE_MODIFY_PROTECTIONS.
I'm not confident after looking through the test case and ioctl
about EMODPE support but I do not want disturb this anymore. Bunch
of things have been nailed and I'm now running the code, which is
great.
The obviously wrong implementation choice in this ioctl is that
it is multi-function. It should be just split it into two ioctls:
sgx_restrict_page_permissions and sgx_extend_page_permissions.
They are conceptually different flows and I'm also basing this on earlier
discussion in this mailing list from which I conclude that it is also
consensus to not have such ioctls.
Might sound clanky but it is much easier to comprehend what is going
on "in the blackbox" by doing that split.
/Jarkko
Powered by blists - more mailing lists