From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Andy Lutomirski <luto@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
X86 ML <x86@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>,
"H. Peter Anvin" <hpa@zytor.com>,
LKML <linux-kernel@vger.kernel.org>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Josh Triplett <josh@joshtriplett.org>
Subject: Re: [RFC PATCH 4/4] x86/vdso: Add __vdso_sgx_eenter() to wrap SGX enclave transitions
Date: Thu, 6 Dec 2018 06:17:18 -0800 [thread overview]
Message-ID: <20181206141718.GB31263@linux.intel.com> (raw)
In-Reply-To: <20181206135546.GA31263@linux.intel.com>
On Thu, Dec 06, 2018 at 05:55:47AM -0800, Sean Christopherson wrote:
> On Wed, Dec 05, 2018 at 03:40:48PM -0800, Andy Lutomirski wrote:
> > On Wed, Dec 5, 2018 at 3:20 PM Sean Christopherson
> > <sean.j.christopherson@intel.com> wrote:
> > > +notrace long __vdso_sgx_eenter(void *tcs, void *priv,
> > > + struct sgx_eenter_fault_info *fault_info)
> > > +{
> > > + u32 trapnr, error_code;
> > > + long leaf;
> > > + u64 addr;
> > > +
> > > + /*
> > > + * %eax = EENTER
> > > + * %rbx = tcs
> > > + * %rcx = do_eresume
> > > + * %rdi = priv
> > > + * do_eenter:
> > > + * enclu
> > > + * jmp out
> > > + *
> > > + * do_eresume:
> > > + * enclu
> > > + * ud2
> >
> > Is the only reason for do_eresume to be different from do_eenter so
> > that you can do the ud2?
>
> No, it was a holdover from doing fixup via a magic prefix in user code.
> The fixup could only skip the ENCLU and so a second ENCLU was needed to
> differentiate between EENTER and ERESUME. The need for two ENCLUs got
> ingrained in my head. I can't think of anything that will break if we
> use a single ENCLU.
>
> > > + *
> > > + * out:
> > > + * <return to C code>
> > > + *
> > > + * fault_fixup:
> > > + * <extable loads RDI, DSI and RDX with fault info>
> > > + * jmp out
> > > + */
> >
> > This has the IMO excellent property that it's extremely awkward to use
> > it for a model where the enclave is reentrant. I think it's excellent
> > because reentrancy on the same enclave thread is just asking for
> > severe bugs. Of course, I fully expect the SDK to emulate reentrancy,
> > but then it's 100% their problem :) On the fiip side, it means that
> > you can't really recover from a reported fault, even if you want to,
> > because there's no way to ask for ERESUME. So maybe the API should
> > allow that after all.
>
> Doh. The ability to do ERESUME is an explicit requirement from the SDK
> folks. More code that I pulled from my userspace implementation and
> didn't revisit.
Is it ok to add a separate exported function for ERESUME? ERESUME can't
explicitly pass anything to the enclave, i.e. doesn't need a @priv param.
A separate function is a little prettier, e.g.:
static inline
long vdso_enter_enclave(enum sgx_enclu_leaf op, void *tcs, void *priv,
struct sgx_eenter_fault_info *fault_info)
{
...
}
notrace long __vdso_sgx_eenter(void *tcs, void *priv,
struct sgx_eenter_fault_info *fault_info)
{
return vdso_enter_enclave(SGX_EENTER, tcs, priv, fault_info);
}
notrace long __vdso_sgx_eresume(void *tcs,
struct sgx_eenter_fault_info *fault_info)
{
return vdso_enter_enclave(SGX_ERESUME, tcs, NULL, fault_info);
}
prev parent reply other threads:[~2018-12-06 14:17 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-05 23:20 [RFC PATCH 0/4] x86: Add vDSO exception fixup for SGX Sean Christopherson
2018-12-05 23:20 ` [RFC PATCH 1/4] x86/vdso: Add support for exception fixup in vDSO functions Sean Christopherson
2018-12-05 23:20 ` [RFC PATCH 2/4] x86/fault: Attempt to fixup unhandled #PF in vDSO before signaling Sean Christopherson
2018-12-06 18:17 ` Dave Hansen
2018-12-06 18:20 ` Sean Christopherson
2018-12-06 18:46 ` Andy Lutomirski
2018-12-05 23:20 ` [RFC PATCH 3/4] x86/traps: Attempt to fixup exceptions " Sean Christopherson
2018-12-06 18:22 ` Dave Hansen
2018-12-06 18:49 ` Andy Lutomirski
2018-12-05 23:20 ` [RFC PATCH 4/4] x86/vdso: Add __vdso_sgx_eenter() to wrap SGX enclave transitions Sean Christopherson
2018-12-05 23:40 ` Andy Lutomirski
2018-12-06 13:55 ` Sean Christopherson
2018-12-06 14:17 ` Sean Christopherson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181206141718.GB31263@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=josh@joshtriplett.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.