lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Aug 2020 12:38:42 -0700 From: Sean Christopherson <sean.j.christopherson@...el.com> To: Andy Lutomirski <luto@...capital.net> Cc: Andy Lutomirski <luto@...nel.org>, Nathaniel McCallum <npmccallum@...hat.com>, Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>, X86 ML <x86@...nel.org>, linux-sgx@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>, Jethro Beekman <jethro@...tanix.com>, Cedric Xing <cedric.xing@...el.com>, Andrew Morton <akpm@...ux-foundation.org>, Andy Shevchenko <andriy.shevchenko@...ux.intel.com>, asapek@...gle.com, Borislav Petkov <bp@...en8.de>, chenalexchen@...gle.com, Conrad Parker <conradparker@...gle.com>, cyhanish@...gle.com, Dave Hansen <dave.hansen@...el.com>, "Huang, Haitao" <haitao.huang@...el.com>, Josh Triplett <josh@...htriplett.org>, "Huang, Kai" <kai.huang@...el.com>, "Svahn, Kai" <kai.svahn@...el.com>, Keith Moyer <kmoy@...gle.com>, Christian Ludloff <ludloff@...gle.com>, Neil Horman <nhorman@...hat.com>, Patrick Uiterwijk <puiterwijk@...hat.com>, David Rientjes <rientjes@...gle.com>, Thomas Gleixner <tglx@...utronix.de>, yaozhangx@...gle.com Subject: Re: [PATCH v36 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call On Tue, Aug 11, 2020 at 08:16:54AM -0700, Andy Lutomirski wrote: > > > On Aug 10, 2020, at 5:52 PM, Andy Lutomirski <luto@...capital.net> wrote: > > > > > >>> On Aug 10, 2020, at 4:48 PM, Sean Christopherson <sean.j.christopherson@...el.com> wrote: > >>> > >>> On Mon, Aug 10, 2020 at 04:08:46PM -0700, Andy Lutomirski wrote: > >>> What am I missing? I still don't really understand why we are > >>> supporting this mechanism at all. Just the asm code to invoke the > >>> callback seems to be about half of the entire function. > >> > >> Because the Intel SDK (and other SDKs?) wants to use the host stack to pass > >> parameters out of the enclave. > > > > Ugh, right. I forgot about that particular abomination. > > > > I suppose that passing a context pointer would be reasonable. > > The alternative would be to pass in a parameter that gets put in RSP before > entering the enclave. The idea is that the untrusted runtime would allocate a > couple pages with guard pages at either end, and enclaves using the > regrettable arguments-on-the-stack scheme would end up using the alternative > stack. > > At the end of the day, none of this really matters too much. Languages that > can do inline asm but can’t do container_of() can get fixed or use > workarounds. So, is your "official" opinion Go update the vDSO to allow passing an arbitrary pointer. or Eh, don't bother.
Powered by blists - more mailing lists