| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Dec 2018 13:57:24 -0800
From: Sean Christopherson <sean.j.christopherson@...el.com>
To: Andy Lutomirski <luto@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
x86@...nel.org, Dave Hansen <dave.hansen@...ux.intel.com>,
Peter Zijlstra <peterz@...radead.org>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc: "H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
linux-sgx@...r.kernel.org, Andy Lutomirski <luto@...capital.net>,
Josh Triplett <josh@...htriplett.org>,
Haitao Huang <haitao.huang@...ux.intel.com>,
Jethro Beekman <jethro@...tanix.com>,
"Dr . Greg Wettstein" <greg@...ellic.com>
Subject: [RFC PATCH v5 0/5] x86: Add vDSO exception fixup for SGX
__vdso_sgx_enter_enclave() gets another rewrite, this time to strip
it down to the bare minimum and explicitly break compliance with the
x86-64 ABI. Feedback from v4 revealed that __vdso_sgx_enter_enclave()
would need to save (a lot) more than just the non-volatile GPRs to be
compliant with the x86-64 ABI, at which point breaking from the ABI
completely became much more palatable.
The non-standard ABI also solves the question of "which GPRs should be
marshalled to/from the enclave" by getting out of the way entirely and
letting userspace have free reign (except for RSP, which has a big ol'
DO NOT TOUCH sign on it).
[1] https://lkml.kernel.org/r/cda13cff-1a56-a40f-7d69-f0f1ab752f8e@fortanix.com
v1: https://lkml.kernel.org/r/20181205232012.28920-1-sean.j.christopherson@intel.com
v2: https://lkml.kernel.org/r/20181206221922.31012-1-sean.j.christopherson@intel.com
v3: https://lkml.kernel.org/r/20181210232141.5425-1-sean.j.christopherson@intel.com
v4: https://lkml.kernel.org/r/20181213213135.12913-1-sean.j.christopherson@intel.com
v5:
- Strip down __vdso_sgx_enter_enclave() so it only touches RSP and
GPRs that are already collateral damage of ENCLU[EENTER/ERESUME].
- Add a 16-byte reserved field to 'struct sgx_enclave_exception' so
the struct can grow in a backwards compatible fashion.
- Add a blurb at the end of the changelog for patch 1/5 explaining
why the vDSO fixup macros look different than the equivalent kernel
macros.
Sean Christopherson (5):
x86/vdso: Add support for exception fixup in vDSO functions
x86/fault: Add helper function to sanitize error code
x86/fault: Attempt to fixup unhandled #PF on ENCLU before signaling
x86/traps: Attempt to fixup exceptions in vDSO before signaling
x86/vdso: Add __vdso_sgx_enter_enclave() to wrap SGX enclave
transitions
arch/x86/entry/vdso/Makefile | 6 +-
arch/x86/entry/vdso/extable.c | 37 +++++++++
arch/x86/entry/vdso/extable.h | 29 +++++++
arch/x86/entry/vdso/vdso-layout.lds.S | 9 ++-
arch/x86/entry/vdso/vdso.lds.S | 1 +
arch/x86/entry/vdso/vdso2c.h | 58 ++++++++++++--
arch/x86/entry/vdso/vsgx_enter_enclave.S | 97 ++++++++++++++++++++++++
arch/x86/include/asm/vdso.h | 5 ++
arch/x86/include/uapi/asm/sgx.h | 18 +++++
arch/x86/kernel/traps.c | 14 ++++
arch/x86/mm/fault.c | 33 +++++---
11 files changed, 284 insertions(+), 23 deletions(-)
create mode 100644 arch/x86/entry/vdso/extable.c
create mode 100644 arch/x86/entry/vdso/extable.h
create mode 100644 arch/x86/entry/vdso/vsgx_enter_enclave.S
--
2.19.2
Powered by blists - more mailing lists