lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed,  5 Dec 2018 15:20:08 -0800
From:   Sean Christopherson <sean.j.christopherson@...el.com>
To:     Andy Lutomirski <luto@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        x86@...nel.org, Dave Hansen <dave.hansen@...ux.intel.com>,
        Peter Zijlstra <peterz@...radead.org>
Cc:     "H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
        Andy Lutomirski <luto@...capital.net>,
        Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
        Josh Triplett <josh@...htriplett.org>
Subject: [RFC PATCH 0/4] x86: Add vDSO exception fixup for SGX

First things first, this RFC is not intended to address whether or not
vDSO is the appropriate method for supporting SGX enclaves, but rather
its purpose is to hammer out the vDSO implementation *if* we decide it
is the best approach.

Though the code technically stands alone, the intent is to roll it
into the main SGX series once it has been beat on for a bit.  For that
reason there are no dependencies on CONFIG_SGX (which doesn't exist)
or any other bits that one might expect.

The quick and dirty is that for all intents and purposes, the SGX
architecture requires userspace to gracefully handle exceptions.  The
vast majority of enclaves are expected to leverage a library to handle
much of the plumbing.  Unfortunately for us (them?), putting two and
two together means SGX libraries would need to handle most signals on
behalf of the enclave's application, which is far from ideal.

One proposed solution for supporting SGX without requiring signals is
to wrap enclave transitions in a vDSO function so that SGX exceptions
can be intercepted via exception fixup and returned inline to the
caller.  This RFC series adds exception fixup and SGX support to the
vDSO.


Sean Christopherson (4):
  x86/vdso: Add support for exception fixup in vDSO functions
  x86/fault: Attempt to fixup unhandled #PF in vDSO before signaling
  x86/traps: Attempt to fixup exceptions in vDSO before signaling
  x86/vdso: Add __vdso_sgx_eenter() to wrap SGX enclave transitions

 arch/x86/entry/vdso/Makefile          |   5 +-
 arch/x86/entry/vdso/extable.c         |  37 +++++++++
 arch/x86/entry/vdso/extable.h         |  17 ++++
 arch/x86/entry/vdso/vdso-layout.lds.S |   9 ++-
 arch/x86/entry/vdso/vdso.lds.S        |   1 +
 arch/x86/entry/vdso/vdso2c.h          |  58 ++++++++++++--
 arch/x86/entry/vdso/vsgx_eenter.c     | 108 ++++++++++++++++++++++++++
 arch/x86/include/asm/vdso.h           |   5 ++
 arch/x86/kernel/traps.c               |  11 +++
 arch/x86/mm/fault.c                   |   7 ++
 10 files changed, 247 insertions(+), 11 deletions(-)
 create mode 100644 arch/x86/entry/vdso/extable.c
 create mode 100644 arch/x86/entry/vdso/extable.h
 create mode 100644 arch/x86/entry/vdso/vsgx_eenter.c

-- 
2.19.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ