| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Nov 2018 15:04:37 -0700
From: Sean Christopherson <sean.j.christopherson@...el.com>
To: Jann Horn <jannh@...gle.com>
Cc: Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...el.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
dalias@...c.org, Dave Hansen <dave.hansen@...ux.intel.com>,
jethro@...tanix.com, jarkko.sakkinen@...ux.intel.com,
Florian Weimer <fweimer@...hat.com>,
Linux API <linux-api@...r.kernel.org>,
the arch/x86 maintainers <x86@...nel.org>,
linux-arch <linux-arch@...r.kernel.org>,
kernel list <linux-kernel@...r.kernel.org>,
Peter Zijlstra <peterz@...radead.org>, nhorman@...hat.com,
npmccallum@...hat.com, serge.ayoun@...el.com,
shay.katz-zamir@...el.com, linux-sgx@...r.kernel.org,
andriy.shevchenko@...ux.intel.com,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
carlos@...hat.com, adhemerval.zanella@...aro.org
Subject: Re: RFC: userspace exception fixups
On Fri, Nov 02, 2018 at 08:02:23PM +0100, Jann Horn wrote:
> On Fri, Nov 2, 2018 at 7:27 PM Sean Christopherson
> <sean.j.christopherson@...el.com> wrote:
> > On Fri, Nov 02, 2018 at 10:48:38AM -0700, Andy Lutomirski wrote:
> > > This whole mechanism seems very complicated, and it's not clear
> > > exactly what behavior user code wants.
> >
> > No argument there. That's why I like the approach of dumping the
> > exception to userspace without trying to do anything intelligent in
> > the kernel. Userspace can then do whatever it wants AND we don't
> > have to worry about mucking with stacks.
> >
> > One of the hiccups with the VDSO approach is that the enclave may
> > want to use the untrusted stack, i.e. the stack that has the VDSO's
> > stack frame. For example, Intel's SDK uses the untrusted stack to
> > pass parameters for EEXIT, which means an AEX might occur with what
> > is effectively a bad stack from the VDSO's perspective.
>
> What exactly does "uses the untrusted stack to pass parameters for
> EEXIT" mean? I guess you're saying that the enclave is writing to
> RSP+[0...some_positive_offset], and the written data needs to be
> visible to the code outside the enclave afterwards?
As is, they actually do it the other way around, i.e. negative offsets
relative to the untrusted %RSP. Going into the enclave there is no
reserved space on the stack. The SDK uses EEXIT like a function call,
i.e. pushing parameters on the stack and making an call outside of the
enclave, hence the name out-call. This allows the SDK to handle any
reasonable out-call without a priori knowledge of the application's
maximum out-call "size".
Rough outline of what happens in a non-faulting case.
1: Userspace executes EENTER
--------------------
| userspace stack |
-------------------- <-- %RSP at EENTER
2: Enclave does EEXIT to invoke out-call function
--------------------
| userspace stack |
-------------------- <-- %RSP at EENTER
| out-call func ID |
| param1 |
| ... |
| paramN |
-------------------- <-- %RSP at EEXIT
3: Userspace re-EENTERs enclave after handling EEXIT request
--------------------
| userspace stack |
-------------------- <-- %RSP at original EENTER
| out-call func ID |
| param1 |
| ... |
| paramN |
-------------------- <-- %RSP at post-EEXIT EENTER
4: Enclave cleans up the stack
--------------------
| userspace stack |
-------------------- <-- %RSP back at original EENTER
In the faulting case, an AEX can occur while the enclave is pushing
parameters onto the stack for EEXIT.
1: Userspace executes EENTER
--------------------
| userspace stack |
-------------------- <-- %RSP at EENTER
2: AEX occurs during enclave prep for EEXIT
--------------------
| userspace stack |
-------------------- <-- %RSP at EENTER
| out-call func ID |
| param1 |
| ... |
-------------------- <-- %RSP at AEX
3: Userspace re-EENTERs enclave to invoke enclave fault handler
--------------------
| userspace stack |
-------------------- <-- %RSP at original EENTER
| out-call func ID |
| param1 |
| ... |
-------------------- <-- %RSP at AEX
| userspace stack |
-------------------- <-- %RSP at EENTER to fault handler
4: Enclave handles the fault, EEXITs back to userspace
--------------------
| userspace stack |
-------------------- <-- %RSP at original EENTER
| out-call func ID |
| param1 |
| ... |
-------------------- <-- %RSP at AEX
| userspace stack |
-------------------- <-- %RSP at EEXIT from fault handler
5: Userspace pops its stack and ERESUMEs back to the enclave
--------------------
| userspace stack |
-------------------- <-- %RSP at original EENTER
| out-call func ID |
| param1 |
| ... |
-------------------- <-- %RSP at ERESUME
6: Enclave finishes its EEXIT to invoke out-call function
--------------------
| userspace stuff |
-------------------- <-- %RSP at original EENTER
| out-call func ID |
| param1 |
| ... |
| paramN |
-------------------- <-- %RSP at EEXIT
> In other words, the vDSO helper would have to not touch the stack
> pointer (only using the 128-byte redzone to store spilled data, at
> least across the enclave entry), and return by decrementing the stack
> pointer by 8 immediately before returning (storing the return pointer
> in the redzone)?
>
> So you'd call the vDSO helper with a normal "call
> vdso_helper_address", then the vDSO helper does "add rsp, 8", then the
> vDSO helper does its magic, and then it returns with "sub rsp, 8" and
> "ret"? That way you don't touch anything on the high-address side of
> RSP while still avoiding running into CET problems. (I'm assuming that
> you can use CET in a process that is hosting SGX enclaves?)
Powered by blists - more mailing lists