lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20201007080408.GA4610@linux.intel.com>
Date:   Wed, 7 Oct 2020 11:04:08 +0300
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     Sean Christopherson <sean.j.christopherson@...el.com>
Cc:     Jethro Beekman <jethro@...tanix.com>, x86@...nel.org,
        linux-sgx@...r.kernel.org, linux-kernel@...r.kernel.org,
        Andy Lutomirski <luto@...capital.net>,
        Cedric Xing <cedric.xing@...el.com>, akpm@...ux-foundation.org,
        andriy.shevchenko@...ux.intel.com, asapek@...gle.com, bp@...en8.de,
        chenalexchen@...gle.com, conradparker@...gle.com,
        cyhanish@...gle.com, dave.hansen@...el.com, haitao.huang@...el.com,
        kai.huang@...el.com, kai.svahn@...el.com, kmoy@...gle.com,
        ludloff@...gle.com, luto@...nel.org, nhorman@...hat.com,
        npmccallum@...hat.com, puiterwijk@...hat.com, rientjes@...gle.com,
        tglx@...utronix.de, yaozhangx@...gle.com, mikko.ylinen@...el.com
Subject: Re: [PATCH v39 21/24] x86/vdso: Implement a vDSO for Intel SGX
 enclave call

On Wed, Oct 07, 2020 at 10:39:23AM +0300, Jarkko Sakkinen wrote:
> On Tue, Oct 06, 2020 at 09:34:19PM -0700, Sean Christopherson wrote:
> > Even more hypothetical would be if Andy gets one of his wishes, and EENTER2
> > comes along that doesn't allow the enclave to dictate the exit point,
> > "returns" an error code on enclave failure, and allows the kernel to
> > auto-restart the enclave on IRQs/NMIs.  That (very hypothetical) scenario
> > fits nicely into the exit_reason handling.
> > 
> > I'm not arguing that any of the above is even remotely likely.  I just don't
> > understand why we'd want an API that at best requires heuristics in userspace
> > to determine why the enclave stopped running, and at worst will saddle us with
> > an ugly mess in the future.  All to save 4 bytes that no one cares about (they
> > literally cost nothing), and a single MOV in a flow that is hundreds, if not
> > thousands, of cycles.
> 
> I don't care as much as saving bytes as defining API, which has zero
> ambiguous state variables.
> 
> And since the field 'leaf' is there, and was before too, no degrees of
> freedom are lost. Removing one variable does not make more of a mess.

I think the reserved space should be expanded though.

I'd go with that 256 bytes as it was before. It's still fast to validate
and the loop construct for that is already in place. I complement that
with addition to the changelog with the reasoning that I gave earlier.
That was lacking for that detail in earlier patch set versions.

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ