lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190711093809.4ogxe25laeoyp4ve@linux.intel.com>
Date:   Thu, 11 Jul 2019 12:38:09 +0300
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     "Xing, Cedric" <cedric.xing@...el.com>
Cc:     linux-kernel@...r.kernel.org, linux-sgx@...r.kernel.org,
        akpm@...ux-foundation.org, dave.hansen@...el.com,
        sean.j.christopherson@...el.com, serge.ayoun@...el.com,
        shay.katz-zamir@...el.com, haitao.huang@...el.com,
        kai.svahn@...el.com, kai.huang@...el.com
Subject: Re: [RFC PATCH v2 0/3] An alternative __vdso_sgx_enter_enclave() to
 allow enclave/host parameter passing using untrusted stack

On Wed, Jul 10, 2019 at 04:37:41PM -0700, Xing, Cedric wrote:
> On 7/10/2019 4:15 PM, Jarkko Sakkinen wrote:
> > On Thu, Jul 11, 2019 at 01:46:28AM +0300, Jarkko Sakkinen wrote:
> > > On Wed, Jul 10, 2019 at 11:08:37AM -0700, Xing, Cedric wrote:
> > > > > With these conclusions I think the current vDSO API is sufficient for
> > > > > Linux.
> > > > 
> > > > The new vDSO API is to support data exchange on stack. It has nothing to do
> > > > with debugging. BTW, the community has closed on this.
> > > 
> > > And how that is useful?
> > > 
> > > > The CFI directives are for stack unwinding. They don't affect what the code
> > > > does so you can just treat them as NOPs if you don't understand what they
> > > > do. However, they are useful to not only debuggers but also exception
> > > > handling code. libunwind also has a setjmp()/longjmp() implementation based
> > > > on CFI directives.
> > > 
> > > Of course I won't merge code of which usefulness I don't understand.
> > 
> > I re-read the cover letter [1] because it usually is the place
> > to "pitch" a feature.
> > 
> > It fails to address two things:
> > 
> > 1. How and in what circumstances is an untrusted stack is a better
> >     vessel for handling exceptions than the register based approach
> >     that we already have?
> 
> We are not judging which vessel is better (or the best) among all possible
> vessels. We are trying to enable more vessels. Every vessel has its pros and
> cons so there's *no* single best vessel.

I think reasonable metric is actually the coverage of the Intel SDK
based enclaves. How widely are they in the wild? If the user base is
large, it should be reasonable to support this just based on that.

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ