lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 26 Jul 2022 22:47:14 +1200
From:   Kai Huang <kai.huang@...el.com>
To:     Haitao Huang <haitao.huang@...ux.intel.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>
Cc:     Jarkko Sakkinen <jarkko@...nel.org>,
        Andy Lutomirski <luto@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        "H. Peter Anvin" <hpa@...or.com>,
        Sean Christopherson <seanjc@...gle.com>, x86@...nel.org,
        linux-sgx@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] [v2] x86/sgx: Allow enclaves to use Asynchrounous Exit
 Notification

On Tue, 2022-07-26 at 00:10 -0500, Haitao Huang wrote:
> On Mon, 25 Jul 2022 05:36:17 -0500, Kai Huang <kai.huang@...el.com> wrote:
> 
> > On Fri, 2022-07-22 at 08:21 -0700, Dave Hansen wrote:
> > > On 7/22/22 06:26, Kai Huang wrote:
> > > > Did a quick look at the spec.  It appears ENCLU[EDECCSSA] should be  
> > > used
> > > > together with AEX-notify.  So besides advertising the new
> > > > SGX_ATTR_ASYNC_EXIT_NOTIFY bit to the KVM guest, I think we should  
> > > also
> > > > advertise the ENCLU[EDECCSSA] support in guest's CPUID, like below  
> > > (untested)?
> > > 
> > > Sounds like a great follow-on patch!  It doesn't seem truly functionally
> > > required from the spec:
> > > 
> > > > EDECCSSA is a new Intel SGX user leaf function
> > > > (ENCLU[EDECCSSA]) that can facilitate AEX notification handling...
> > > 
> > > If that's wrong or imprecise, I'd love to hear more about it and also
> > > about how the spec will be updated.
> > > 
> > 
> > They are enumerated separately, but looks in practice the notify handler  
> > will
> > use it to switch back to the correct/targeted CSSA to continue to run  
> > normally
> > after handling the exit notify.  This is my understanding of the  
> > "facilitate"
> > mean in the spec.
> > 
> > Btw, in real hardware I think the two should come together, meaning no  
> > real
> > hardware will only support one.
> > 
> > Haitao, could you give us more information?
> > 
> You are right. They are enumerated separately and HW should come with both  
> or neither.
> My understanding it is also possible for enclaves choose not to receive  
> AEX notify
> but still use EDECCSSA.
> 

What is the use case of using EDECCSSA w/o using AEX notify?  

If I understand correctly EDECCSSA effectively switches to another thread (using
the previous SSA, which is the context of another TCS thread if I understand
correctly).  Won't this cause problem?

It probably makes sense to use only AEX notify w/o using EDECCSSA though, but
this should be the case that the enclave detects serious attack and don't want
to continue to run normally.  In another words, it is enclave's choice, but
hardware should always support both AEX notify and EDECCSSA.

-- 
Thanks,
-Kai

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ