| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201006025703.GG15803@linux.intel.com>
Date: Mon, 5 Oct 2020 19:57:05 -0700
From: Sean Christopherson <sean.j.christopherson@...el.com>
To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc: x86@...nel.org, linux-sgx@...r.kernel.org,
linux-kernel@...r.kernel.org,
Andy Lutomirski <luto@...capital.net>,
Jethro Beekman <jethro@...tanix.com>,
Cedric Xing <cedric.xing@...el.com>, akpm@...ux-foundation.org,
andriy.shevchenko@...ux.intel.com, asapek@...gle.com, bp@...en8.de,
chenalexchen@...gle.com, conradparker@...gle.com,
cyhanish@...gle.com, dave.hansen@...el.com, haitao.huang@...el.com,
kai.huang@...el.com, kai.svahn@...el.com, kmoy@...gle.com,
ludloff@...gle.com, luto@...nel.org, nhorman@...hat.com,
npmccallum@...hat.com, puiterwijk@...hat.com, rientjes@...gle.com,
tglx@...utronix.de, yaozhangx@...gle.com, mikko.ylinen@...el.com
Subject: Re: [PATCH v39 21/24] x86/vdso: Implement a vDSO for Intel SGX
enclave call
On Sat, Oct 03, 2020 at 07:50:56AM +0300, Jarkko Sakkinen wrote:
> From: Sean Christopherson <sean.j.christopherson@...el.com>
> + /* Validate that the reserved area contains only zeros. */
> + push %rax
> + push %rbx
> + mov $SGX_ENCLAVE_RUN_RESERVED_START, %rbx
> +1:
> + mov (%rcx, %rbx), %rax
> + cmpq $0, %rax
> + jne .Linvalid_input
> +
> + add $8, %rbx
> + cmpq $SGX_ENCLAVE_RUN_RESERVED_END, %rbx
> + jne 1b
> + pop %rbx
> + pop %rax
This can more succinctly be (untested):
movq SGX_ENCLAVE_RUN_RESERVED_1(%rbp), %rbx
orq SGX_ENCLAVE_RUN_RESERVED_2(%rbp), %rbx
orq SGX_ENCLAVE_RUN_RESERVED_3(%rbp), %rbx
jnz .Linvalid_input
Note, %rbx is getting clobbered anyways, no need to save/restore it.
> diff --git a/arch/x86/include/uapi/asm/sgx.h b/arch/x86/include/uapi/asm/sgx.h
> index b6ba036a9b82..3dd2df44d569 100644
> --- a/arch/x86/include/uapi/asm/sgx.h
> +++ b/arch/x86/include/uapi/asm/sgx.h
> @@ -74,4 +74,102 @@ struct sgx_enclave_provision {
> __u64 attribute_fd;
> };
>
> +struct sgx_enclave_run;
> +
> +/**
> + * typedef sgx_enclave_user_handler_t - Exit handler function accepted by
> + * __vdso_sgx_enter_enclave()
> + * @run: Pointer to the caller provided struct sgx_enclave_run
> + *
> + * The register parameters contain the snapshot of their values at enclave
> + * exit
> + *
> + * Return:
> + * 0 or negative to exit vDSO
> + * positive to re-enter enclave (must be EENTER or ERESUME leaf)
> + */
> +typedef int (*sgx_enclave_user_handler_t)(long rdi, long rsi, long rdx,
> + long rsp, long r8, long r9,
> + struct sgx_enclave_run *run);
> +
> +/**
> + * struct sgx_enclave_run - the execution context of __vdso_sgx_enter_enclave()
> + * @tcs: TCS used to enter the enclave
> + * @user_handler: User provided callback run on exception
> + * @user_data: Data passed to the user handler
> + * @leaf: The ENCLU leaf we were at (EENTER/ERESUME/EEXIT)
> + * @exception_vector: The interrupt vector of the exception
> + * @exception_error_code: The exception error code pulled out of the stack
> + * @exception_addr: The address that triggered the exception
> + * @reserved Reserved for possible future use
> + */
> +struct sgx_enclave_run {
> + __u64 tcs;
> + __u64 user_handler;
> + __u64 user_data;
> + __u32 leaf;
I am still very strongly opposed to omitting exit_reason. It is not at all
difficult to imagine scenarios where 'leaf' alone is insufficient for the
caller or its handler to deduce why the CPU exited the enclave. E.g. see
Jethro's request for intercepting interrupts.
I don't buy the argument that the N bytes needed for the exit_reason are at
all expensive.
> + __u16 exception_vector;
> + __u16 exception_error_code;
> + __u64 exception_addr;
> + __u8 reserved[24];
I also think it's a waste of space to bother with multiple reserved fields.
24 bytes isn't so much that it guarantees we'll never run into problems in
the future. But I care far less about this than I do about exit_reason.
> +};
Powered by blists - more mailing lists