Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES

2019-06-05 Thread Sean Christopherson
On Wed, Jun 05, 2019 at 04:10:44AM -0700, Ayoun, Serge wrote: > > From: Christopherson, Sean J > > Sent: Saturday, June 01, 2019 02:32 > > > > /** > > * struct sgx_enclave_add_pages - parameter structure for the > > *%SGX_IOC_ENCLAVE_ADD_PAGES ioctl > > @@

Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES

2019-06-05 Thread Jarkko Sakkinen
On Tue, Jun 04, 2019 at 09:45:14AM -0700, Sean Christopherson wrote: > Heh, yeah, it's not duplicating LSM functionality. What I was trying to > say is that this patch allows LSMs to implement policies that are > equivalent to their existing functionality, e.g. paves the way to add >

RE: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES

2019-06-05 Thread Ayoun, Serge
> From: Christopherson, Sean J > Sent: Saturday, June 01, 2019 02:32 > > /** > * struct sgx_enclave_add_pages - parameter structure for the > *%SGX_IOC_ENCLAVE_ADD_PAGES ioctl > @@ -39,6 +44,7 @@ struct sgx_enclave_create { > * @secinfo: address for the

Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES

2019-06-04 Thread Andy Lutomirski
On Fri, May 31, 2019 at 4:32 PM Sean Christopherson wrote: > > ...to support (the equivalent) of existing Linux Security Module > functionality. > > Because SGX manually manages EPC memory, all enclave VMAs are backed by > the same vm_file, i.e. /dev/sgx/enclave, so that SGX can implement the >

Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES

2019-06-04 Thread Sean Christopherson
On Tue, Jun 04, 2019 at 07:23:06PM +0300, Jarkko Sakkinen wrote: > On Fri, May 31, 2019 at 04:31:56PM -0700, Sean Christopherson wrote: > > ...to support (the equivalent) of existing Linux Security Module > > functionality. > > Long and short descriptions should be separate. Also this does not >

Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES

2019-06-04 Thread Jarkko Sakkinen
On Fri, May 31, 2019 at 04:31:56PM -0700, Sean Christopherson wrote: > ...to support (the equivalent) of existing Linux Security Module > functionality. Long and short descriptions should be separate. Also this does not make any sense. LSM is a framework with a set of hook to make access

RE: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES

2019-06-03 Thread Xing, Cedric
> From: Christopherson, Sean J > Sent: Friday, May 31, 2019 4:32 PM > > ...to support (the equivalent) of existing Linux Security Module > functionality. > > Because SGX manually manages EPC memory, all enclave VMAs are backed by the > same vm_file, > i.e. /dev/sgx/enclave, so that SGX can

[RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES

2019-05-31 Thread Sean Christopherson
...to support (the equivalent) of existing Linux Security Module functionality. Because SGX manually manages EPC memory, all enclave VMAs are backed by the same vm_file, i.e. /dev/sgx/enclave, so that SGX can implement the necessary hooks to move pages in/out of the EPC. And because EPC pages