Re: [PATCH v33 15/21] x86/vdso: Add support for exception fixup in vDSO functions

[Sean Christopherson <sean.j.christopherson@intel.com>]

On Mon, Jun 29, 2020 at 07:10:22PM +0200, Borislav Petkov wrote:
> On Thu, Jun 18, 2020 at 01:08:37AM +0300, Jarkko Sakkinen wrote:
> ...
> > intended benefit of massaging GCC's inlining algorithm is unlikely to
> > realized in the vDSO any time soon, if ever.
> 
> That is a very good explanation and I would prefer if it would be in a
> sgx-specific README or so instead of it getting lost in git...
> 
> > +bool fixup_vdso_exception(struct pt_regs *regs, int trapnr,
> > +			  unsigned long error_code, unsigned long fault_addr)
> > +{
> > +	const struct vdso_image *image = current->mm->context.vdso_image;
> > +	const struct vdso_exception_table_entry *extable;
> > +	unsigned int nr_entries, i;
> > +	unsigned long base;
> > +
> > +	/*
> > +	 * Do not attempt to fixup #DB or #BP.  It's impossible to identify
> > +	 * whether or not a #DB/#BP originated from within an SGX enclave and
> > +	 * SGX enclaves are currently the only use case for vDSO fixup.
> > +	 */
> 
> So this is all fine and dandy but nowhere do I see the code doing:
> 
> 	if (am_I_an_sgx_enclave(tsk))
> 		fixup_vdso_exception()
> 
> because that vDSO exception fixup, albeit it looking kinda generic, is
> SGX-only for now. So it should be designed to run only for SGX enclaves
> for now.

That's not really feasible as there is no readily available identifier for
an SGX task.  The only indication that a relevant task is an SGX task is if
it has mmap()'d /dev/sgx/enclave, and hooking that would be heinous.  And
adding flag just to tag the task as SGX seems wasteful.

Even if we could easily condition the vDSO fixup on SGX tasks, I don't think
that'd be a good ABI for the SGX vDSO code.  The intended contract is that
fixup will happen simply by virtue of the code at the related IP taking a
fault (in userspace).  E.g. the vDSO function should get the fixup even if
userspace screws up mmap() and invokes __vdso_sgx_enter_enclave() without
being tagged an SGX task.

> Also, is there any particular reason for fixup_vdso_exception() to be in
> arch/x86/entry/vdso/extable.c instead of in arch/x86/mm/extable.c?
> 
> I mean, it gets called by traps.c so it looks like normal kernel code to
> me or am I missing some vdso magic?

No hard dependency, it's normal kernel code.  My reasoning for dropping it
in .../vdso was largely to co-locate it with vdso/extable.h due to the
dependency on the format of 'struct vdso_exception_table_entry'.  And I
put extable.h in .../vdso because it contains macros that are only for use
in actual vDSO code.
 
> And built only when CONFIG_INTEL_SGX is enabled.

Ya, shouldn't be a problem to stub it out for SGX=n.