| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Mar 2020 11:44:52 -0700
From: Sean Christopherson <sean.j.christopherson@...el.com>
To: Nathaniel McCallum <npmccallum@...hat.com>
Cc: Jethro Beekman <jethro@...tanix.com>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
linux-kernel@...r.kernel.org, x86@...nel.org,
linux-sgx@...r.kernel.org, akpm@...ux-foundation.org,
dave.hansen@...el.com, Neil Horman <nhorman@...hat.com>,
"Huang, Haitao" <haitao.huang@...el.com>,
andriy.shevchenko@...ux.intel.com, tglx@...utronix.de,
"Svahn, Kai" <kai.svahn@...el.com>, bp@...en8.de,
Josh Triplett <josh@...htriplett.org>, luto@...nel.org,
kai.huang@...el.com, David Rientjes <rientjes@...gle.com>,
cedric.xing@...el.com, Patrick Uiterwijk <puiterwijk@...hat.com>,
Andy Lutomirski <luto@...capital.net>,
Connor Kuehl <ckuehl@...hat.com>,
Harald Hoyer <harald@...hat.com>,
Lily Sturmann <lsturman@...hat.com>
Subject: Re: [PATCH v28 21/22] x86/vdso: Implement a vDSO for Intel SGX
enclave call
On Fri, Mar 13, 2020 at 02:32:29PM -0400, Nathaniel McCallum wrote:
> On Fri, Mar 13, 2020 at 12:46 PM Sean Christopherson
> <sean.j.christopherson@...el.com> wrote:
> >
> > On Fri, Mar 13, 2020 at 11:48:54AM -0400, Nathaniel McCallum wrote:
> > > Therefore, I'd like to propose that __vdso_sgx_enter_enclave():
> > > * Preserve %rbx.
> >
> > At first glance, that looks sane. Being able to call __vdso... from C
> > would certainly be nice.
>
> Agreed. I think ergonomically we want __vdso...() to be called from C
> and the handler to be implemented in asm (optionally); without
> breaking the ability to call __vdso..() from asm in special cases.
>
> I think all ergonomic issues get solved by the following:
> * Pass a void * into the handler from C through __vdso...().
> * Allow the handler to pop parameters off of the output stack without hacks.
>
> This allows the handler to pop extra arguments off the stack and write
> them into the memory at the void *. Then the handler can be very small
> and pass logic back to the caller of __vdso...().
>
> Here's what this all means for the enclave. For maximum usability, the
> enclave should preserve all callee-saved registers (except %rbx, which
> is preserved by __vdso..()). For each ABI rule that the enclave
> breaks, you need logic in a handler to fix it. So if you push return
> params on the stack, the handler needs to undo that.
Or the untrusted runtime needs to wrap the __vdso() to save state that is
clobbered by the enclave. Just want to make it crystal clear that using a
handler is only required for stack shenanigans.
> This doesn't compromise the ability to treat __vsdo...() like ENCLU if
> you need the full power. But it does make it significantly easier to
> consume when you don't have special needs. So as I see it, __vdso...()
> should:
>
> 1. preserve %rbx
> 2. take leaf in %rcx
> 3. gain a void* stack param which is passed to the handler
Unless I'm misunderstanding the request, this already exists. %rsp at the
time of EEXIT is passed to the handler.
> 4. sub/add to %rsp rather than save/restore
Can you elaborate on why you want to sub/add to %rsp instead of having the
enclave unwind the stack? Preserving %rsp across EEXIT/ERESUME seems more
in line with function call semantics, which I assume is desirable? E.g.
push param3
push param2
push param1
enclu[EEXIT]
add $0x18, %rsp
> That would make this a very usable and fast interface without
> sacrificing any of its current power.
Powered by blists - more mailing lists