Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-07-22 Thread Jarkko Sakkinen
On Sat, Jul 18, 2020 at 02:19:52PM -0400, Don Porter wrote: > On 6/25/20 5:37 PM, Jarkko Sakkinen wrote: > > > > Can unmodified Graphene-SGX used with these changes? > > > > Yes. I just double-checked that all of the needed changes have made it to > master branch. > > I also re-tested on 5.8-r

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-07-18 Thread Don Porter
On 6/25/20 5:37 PM, Jarkko Sakkinen wrote: Can unmodified Graphene-SGX used with these changes? Yes. I just double-checked that all of the needed changes have made it to master branch. I also re-tested on 5.8-rc1 with v13 of the patch, and it looks good.

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-06-25 Thread Jarkko Sakkinen
On Thu, Jun 25, 2020 at 11:30:54AM -0400, Don Porter wrote: > We are merging the changes to Graphene to run a patched 5.7 kernel with > these patches, so it should work for you (or anyone else) once all of the > changes are merged. I'd be happy to talk, perhaps off this thread, about > how we can

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-06-25 Thread Jarkko Sakkinen
On Thu, Jun 25, 2020 at 11:27:28AM -0400, Don Porter wrote: > On 5/29/20 11:27 AM, Wojtek Porczyk wrote: > > On Thu, May 28, 2020 at 11:38:01AM -0700, Andy Lutomirski wrote: > > > One useful test for the actual kernel patches would be to run your SGX > > > workload on a loaded core. That is, do so

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-06-25 Thread Don Porter
On 5/28/20 11:10 PM, Jarkko Sakkinen wrote: On Fri, May 29, 2020 at 06:07:23AM +0300, Jarkko Sakkinen wrote: Is there something then readily available to test such workload with SGX enabled? Or should I go patching Graphene? Not sure what I should take from that comment :-) For me the main poi

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-06-25 Thread Don Porter
On 5/29/20 11:27 AM, Wojtek Porczyk wrote: On Thu, May 28, 2020 at 11:38:01AM -0700, Andy Lutomirski wrote: One useful test for the actual kernel patches would be to run your SGX workload on a loaded core. That is, do something like taskset -c 0 graphene_thing and, simultaneously, write a trivi

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-29 Thread Wojtek Porczyk
On Thu, May 28, 2020 at 11:38:01AM -0700, Andy Lutomirski wrote: > One useful test for the actual kernel patches would be to run your SGX > workload on a loaded core. That is, do something like taskset -c > 0 graphene_thing and, simultaneously, write a trivial infinite loop program > and run that

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-28 Thread Jarkko Sakkinen
On Fri, May 29, 2020 at 06:07:23AM +0300, Jarkko Sakkinen wrote: > On Thu, May 28, 2020 at 03:41:57PM -0400, Sasha Levin wrote: > > On Thu, May 28, 2020 at 10:19:10PM +0300, Jarkko Sakkinen wrote: > > > On Thu, May 28, 2020 at 01:40:16PM -0400, Don Porter wrote: > > > > Hi Thomas, > > > > > > > >

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-28 Thread Jarkko Sakkinen
On Thu, May 28, 2020 at 03:41:57PM -0400, Sasha Levin wrote: > On Thu, May 28, 2020 at 10:19:10PM +0300, Jarkko Sakkinen wrote: > > On Thu, May 28, 2020 at 01:40:16PM -0400, Don Porter wrote: > > > Hi Thomas, > > > > > > On 5/28/20 6:29 AM, Thomas Gleixner wrote: > > > > > Until recently, we were

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-28 Thread Sasha Levin
On Thu, May 28, 2020 at 10:19:10PM +0300, Jarkko Sakkinen wrote: On Thu, May 28, 2020 at 01:40:16PM -0400, Don Porter wrote: Hi Thomas, On 5/28/20 6:29 AM, Thomas Gleixner wrote: > > Until recently, we were doing proof-of-concept research, not product > > development, and there are limited hour

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-28 Thread Jarkko Sakkinen
On Thu, May 28, 2020 at 01:40:16PM -0400, Don Porter wrote: > Hi Thomas, > > On 5/28/20 6:29 AM, Thomas Gleixner wrote: > > > Until recently, we were doing proof-of-concept research, not product > > > development, and there are limited hours in the day. I also hasten to > > > say that the product

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-28 Thread Andy Lutomirski
> On May 28, 2020, at 10:40 AM, Don Porter wrote: > > Hi Thomas, > > On 5/28/20 6:29 AM, Thomas Gleixner wrote: >>> Until recently, we were doing proof-of-concept research, not product >>> development, and there are limited hours in the day. I also hasten to >>> say that the product of rese

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-28 Thread Don Porter
Hi Thomas, On 5/28/20 6:29 AM, Thomas Gleixner wrote: Until recently, we were doing proof-of-concept research, not product development, and there are limited hours in the day. I also hasten to say that the product of research is an article, the software artifact serves as documentation of the e

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-28 Thread Don Porter
On 5/26/20 6:51 PM, Sasha Levin wrote: On Tue, May 26, 2020 at 06:03:35PM -0400, Don Porter wrote: On 5/26/20 4:27 PM, Sasha Levin wrote: I'm really worried about the disconnect between how you view the current state of Graphene (and the industry) vs Intel and the various cloud providers. So

Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-28 Thread Thomas Gleixner
Andi, Andi Kleen writes: >> Setting the fs register in userspace is an essential feature for running >> legacy code in SGX. We have been following LKML discussions on this >> instruction for years, and hoping this feature would be supported by Linux, > > If you need a feature you should comment

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-28 Thread Thomas Gleixner
Don, Don Porter writes: > On 5/22/20 8:45 PM, Thomas Gleixner wrote: > The threat model for Graphene, and most SGX papers, is quite explicit: > we assume that Intel’s CPU package, the software in the enclave, and > possibly Intel’s Attestation Service (IAS) are the only trusted > components.

Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-27 Thread Wojtek Porczyk
On Wed, May 27, 2020 at 11:20:08AM +0300, Jarkko Sakkinen wrote: > On Fri, 2020-05-22 at 16:14 -0400, Don Porter wrote: > > legacy code in SGX. We have been following LKML discussions on this > > instruction for years, and hoping this feature would be supported by > > Linux, so that we can retir

Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-27 Thread Jarkko Sakkinen
On Sun, 2020-05-24 at 12:45 -0700, h...@zytor.com wrote: > On a related topic (needless to say, this should never have happened > and is being raised at the highest levels inside Intel): > > There are legitimate reasons to write a root-hole module, the main one > being able to test security featur

Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-27 Thread Jarkko Sakkinen
On Fri, 2020-05-22 at 16:14 -0400, Don Porter wrote: > legacy code in SGX. We have been following LKML discussions on this > instruction for years, and hoping this feature would be supported by > Linux, so that we can retire this module. To our knowledge, every SGX Why have you followed this

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-26 Thread Sasha Levin
On Tue, May 26, 2020 at 06:03:35PM -0400, Don Porter wrote: On 5/26/20 4:27 PM, Sasha Levin wrote: I'm really worried about the disconnect between how you view the current state of Graphene (and the industry) vs Intel and the various cloud providers. You keep suggesting that its just past the a

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-26 Thread Don Porter
On 5/26/20 4:27 PM, Sasha Levin wrote: On Tue, May 26, 2020 at 08:42:09AM -0400, Don Porter wrote: On 5/22/20 8:45 PM, Thomas Gleixner wrote: let me clarify, that despite your intentions:     - there is not a single word in any paper, slide deck, documentation   etc. which mentions that lo

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-26 Thread Sasha Levin
On Tue, May 26, 2020 at 08:42:09AM -0400, Don Porter wrote: On 5/22/20 8:45 PM, Thomas Gleixner wrote: let me clarify, that despite your intentions: - there is not a single word in any paper, slide deck, documentation etc. which mentions that loading this module and enabling FSGSBASE

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-26 Thread Don Porter
Hi Thomas, On 5/22/20 8:45 PM, Thomas Gleixner wrote: Don, Don Porter writes: On 5/19/20 12:48 PM, Jarkko Sakkinen wrote: On Tue, May 19, 2020 at 01:03:25AM +0200, Thomas Gleixner wrote: That justifies to write books which recommend to load a kernel module which creates a full unpriviledge

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-26 Thread Richard Weinberger
ernel" , > "bp" , "Andy Lutomirski" , "Dave Hansen" > , "Tony Luck" > , "Ravi V Shankar" , "chang > seok bae" > Gesendet: Dienstag, 26. Mai 2020 10:12:02 > Betreff: RE: Re: [PATCH v12 00/18] Enable FSGSBASE instruct

RE: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-26 Thread David Laight
From: Richard Weinberger > Sent: 25 May 2020 08:55 ... > P: Sadly too. Mostly because customer has custom module and forgot to set it > GPL You want us to lie that custom modules are GPL? David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registra

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-25 Thread Tony Luck
pr_warn("** If you see this message and you are not debugging**\n"); >pr_warn("** the kernel, report this immediately to your vendor! > **\n"); >pr_warn("** > **\n"); >pr_warn("** NOTICE NOTICE NOTICE NOTICE

Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-25 Thread Richard Weinberger
On Sun, May 24, 2020 at 11:20 PM Sasha Levin wrote: > > On Sun, May 24, 2020 at 12:45:18PM -0700, h...@zytor.com wrote: > >There are legitimate reasons to write a root-hole module, the main one being > >able to test security features like SMAP. I have requested before a TAINT > >flag specificall

Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-24 Thread hpa
On May 24, 2020 2:19:45 PM PDT, Sasha Levin wrote: >On Sun, May 24, 2020 at 12:45:18PM -0700, h...@zytor.com wrote: >>There are legitimate reasons to write a root-hole module, the main one >being able to test security features like SMAP. I have requested before >a TAINT flag specifically for this

Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-24 Thread Sasha Levin
On Sun, May 24, 2020 at 12:45:18PM -0700, h...@zytor.com wrote: There are legitimate reasons to write a root-hole module, the main one being able to test security features like SMAP. I have requested before a TAINT flag specifically for this purpose, because TAINT_CRAP is nowhere near explicit

Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-24 Thread hpa
On May 22, 2020 5:45:39 PM PDT, Thomas Gleixner wrote: >Don, > >Don Porter writes: >> On 5/19/20 12:48 PM, Jarkko Sakkinen wrote: >>> On Tue, May 19, 2020 at 01:03:25AM +0200, Thomas Gleixner wrote: That justifies to write books which recommend to load a kernel >module which create

Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-22 Thread Andi Kleen
> Setting the fs register in userspace is an essential feature for running > legacy code in SGX. We have been following LKML discussions on this > instruction for years, and hoping this feature would be supported by Linux, If you need a feature you should comment on it. One of the reasons it took

Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-22 Thread Thomas Gleixner
Don, Don Porter writes: > On 5/19/20 12:48 PM, Jarkko Sakkinen wrote: >> On Tue, May 19, 2020 at 01:03:25AM +0200, Thomas Gleixner wrote: >>> >>> That justifies to write books which recommend to load a kernel module >>> which creates a full unpriviledged root hole. I bet none of these papers >>>

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-22 Thread Dave Hansen
On 5/22/20 1:14 PM, Don Porter wrote: > I wanted to clarify that we never intended the Graphene kernel module > you mention for production use, as well as to comment in support of this > patch. Could you also clarify: Did you know that the FSGSBASE kernel module introduced a root vulnerability? W

Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-22 Thread Don Porter
On 5/19/20 12:48 PM, Jarkko Sakkinen wrote: On Tue, May 19, 2020 at 01:03:25AM +0200, Thomas Gleixner wrote: Jarkko Sakkinen writes: On Mon, 2020-05-18 at 08:34 -0700, Andi Kleen wrote: Yes, for SGX this is functional feature because enclave entry points, thread control structures (aka TCS's)

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-19 Thread Jarkko Sakkinen
On Tue, May 19, 2020 at 01:03:25AM +0200, Thomas Gleixner wrote: > Jarkko Sakkinen writes: > > On Mon, 2020-05-18 at 08:34 -0700, Andi Kleen wrote: > >> > Yes, for SGX this is functional feature because enclave entry points, > >> > thread control structures (aka TCS's), reset FSBASE and GSBASE reg

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-18 Thread Thomas Gleixner
Jarkko Sakkinen writes: > On Mon, 2020-05-18 at 08:34 -0700, Andi Kleen wrote: >> > Yes, for SGX this is functional feature because enclave entry points, >> > thread control structures (aka TCS's), reset FSBASE and GSBASE registers >> > to fixed (albeit user defined) values. And syscall's can be d

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-18 Thread Jarkko Sakkinen
On Mon, 2020-05-18 at 08:34 -0700, Andi Kleen wrote: > > Yes, for SGX this is functional feature because enclave entry points, > > thread control structures (aka TCS's), reset FSBASE and GSBASE registers > > to fixed (albeit user defined) values. And syscall's can be done only > > outside of enclav

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-18 Thread Jarkko Sakkinen
On Mon, 2020-05-18 at 11:51 +0200, Thomas Gleixner wrote: > Sasha Levin writes: > > On Fri, May 15, 2020 at 12:24:14PM +0300, Jarkko Sakkinen wrote: > > > Can you put me to the CC-loop for this patches. Some SGX-enabled > > > frameworks such as Graphene use out-of-tree changes to achieve this. > >

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-18 Thread Thomas Gleixner
Sasha Levin writes: > On Mon, May 18, 2020 at 11:51:07AM +0200, Thomas Gleixner wrote: >>Sasha Levin writes: >>> On Fri, May 15, 2020 at 12:24:14PM +0300, Jarkko Sakkinen wrote: Can you put me to the CC-loop for this patches. Some SGX-enabled frameworks such as Graphene use out-of-tr

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-18 Thread Andi Kleen
> Yes, for SGX this is functional feature because enclave entry points, > thread control structures (aka TCS's), reset FSBASE and GSBASE registers > to fixed (albeit user defined) values. And syscall's can be done only > outside of enclave. > > This is a required feature for fancier runtimes (such

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-18 Thread Sasha Levin
On Mon, May 18, 2020 at 11:51:07AM +0200, Thomas Gleixner wrote: Sasha Levin writes: On Fri, May 15, 2020 at 12:24:14PM +0300, Jarkko Sakkinen wrote: Can you put me to the CC-loop for this patches. Some SGX-enabled frameworks such as Graphene use out-of-tree changes to achieve this. That's wh

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-18 Thread Thomas Gleixner
Cc: +x...@kernel.org Sasha Levin writes: > Benefits: > Currently a user process that wishes to read or write the FS/GS base must > make a system call. But recent X86 processors have added new instructions > for use in 64-bit mode that allow direct access to the FS and GS segment > base ad

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-18 Thread Sasha Levin
On Sun, May 17, 2020 at 11:18:36PM -0700, Christoph Hellwig wrote: On Mon, May 11, 2020 at 12:52:53AM -0400, Sasha Levin wrote: Benefits: Currently a user process that wishes to read or write the FS/GS base must make a system call. But recent X86 processors have added new instructions for use in

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-18 Thread Thomas Gleixner
Sasha Levin writes: > On Fri, May 15, 2020 at 12:24:14PM +0300, Jarkko Sakkinen wrote: >> >>Can you put me to the CC-loop for this patches. Some SGX-enabled >>frameworks such as Graphene use out-of-tree changes to achieve this. >>That's where the interest to possibly test this comes from. > > Inde

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-17 Thread Christoph Hellwig
On Mon, May 11, 2020 at 12:52:53AM -0400, Sasha Levin wrote: > Benefits: > Currently a user process that wishes to read or write the FS/GS base must > make a system call. But recent X86 processors have added new instructions > for use in 64-bit mode that allow direct access to the FS and GS segment

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-16 Thread Jarkko Sakkinen
On Fri, 2020-05-15 at 10:55 -0700, Andi Kleen wrote: > > Indeed, we've seen a few hacks that basically just enable FSGSBASE: > > > > - https://github.com/oscarlab/graphene-sgx-driver > > - https://github.com/occlum/enable_rdfsbase > > > > And would very much like to get rid of them... > > These

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-16 Thread Jarkko Sakkinen
On Fri, 2020-05-15 at 12:40 -0400, Sasha Levin wrote: > > Can you put me to the CC-loop for this patches. Some SGX-enabled > > Sure! > > > frameworks such as Graphene use out-of-tree changes to achieve this. > > That's where the interest to possibly test this comes from. > > Indeed, we've seen a

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-15 Thread Sasha Levin
On Fri, May 15, 2020 at 10:55:50AM -0700, Andi Kleen wrote: Indeed, we've seen a few hacks that basically just enable FSGSBASE: - https://github.com/oscarlab/graphene-sgx-driver - https://github.com/occlum/enable_rdfsbase And would very much like to get rid of them... These are insecure and o

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-15 Thread Andi Kleen
> Indeed, we've seen a few hacks that basically just enable FSGSBASE: > > - https://github.com/oscarlab/graphene-sgx-driver > - https://github.com/occlum/enable_rdfsbase > > And would very much like to get rid of them... These are insecure and open root holes without the patches used here. -And

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-15 Thread Sasha Levin
On Fri, May 15, 2020 at 12:24:14PM +0300, Jarkko Sakkinen wrote: On Mon, 2020-05-11 at 00:52 -0400, Sasha Levin wrote: Benefits: Currently a user process that wishes to read or write the FS/GS base must make a system call. But recent X86 processors have added new instructions for use in 64-bit m

Re: [PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-15 Thread Jarkko Sakkinen
On Mon, 2020-05-11 at 00:52 -0400, Sasha Levin wrote: > Benefits: > Currently a user process that wishes to read or write the FS/GS base must > make a system call. But recent X86 processors have added new instructions > for use in 64-bit mode that allow direct access to the FS and GS segment > base

[PATCH v12 00/18] Enable FSGSBASE instructions

2020-05-10 Thread Sasha Levin
Benefits: Currently a user process that wishes to read or write the FS/GS base must make a system call. But recent X86 processors have added new instructions for use in 64-bit mode that allow direct access to the FS and GS segment base addresses. The operating system controls whether applications