Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp2366233imd; Fri, 2 Nov 2018 10:07:23 -0700 (PDT) X-Google-Smtp-Source: AJdET5fCbEcfskRjl2DwO3/q7IR/N1Y0oxbXn6cPmbfg34bRRdY/Jhz3EV92eR3MK0GlCMFHkcgT X-Received: by 2002:a62:6801:: with SMTP id d1-v6mr12457230pfc.7.1541178443444; Fri, 02 Nov 2018 10:07:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541178443; cv=none; d=google.com; s=arc-20160816; b=z9kxO0SofHE+O+tXdjZn/SEr5YU1Wb5l57/VvJMGCDxQI8m96HNCjdZmA2uBfahJmF X1nFA7JoVgVCBXDYJDaUfzxG/VzOJlQfnQCZEDyKPDae+ytJiPB+ux2Ltl+kvtU484Ao GVSrEdEdLU1YV3jsPc8nKzYVCWH+e79sc5YkKLO1YKCIvhys+biNLLhb9YZKYyaNHxjW MsLnLx8fjI0HMXXkZlzgzkfdBjNuHGfRW9bBbflxRCTkSahx31HUbrTXCBEs9FGyZR8L jvw++UXlLE/kxZyzpfn7+xXhhatQ2g4FRW+HqUwF8VZNTf40eAZjB5wlJu1nxrymJ3Mu 5qRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=0aeG07wMI1w9Uly+Z54sNZ1Lk11EuhJ9tc0daKkElXA=; b=xvMcUkwqzLDjKcyusgB24Gi12XIDA6r1NoYw2PH1jkMhf2ccyGrrdWfM/n8Cn3/2eF IHDIrRQOsjTH3n+2SHa8i/e+Zgi8UsHMam73LF0ebG8SDotoHbKKRUN6ryrFcyW+unen k5P/Dh3MSKqTO035b6mTtP6KoJ+GcLR4T9+d6FpxpEi/+KBMiYpnI5dmbaeyDNiObqNj E5QZVym5+SaA1+zSUn2gWJsAWZ//n6ZPqlUS6J+Nlmju99j9jtnrHx21D/wn5WQ6gGQl eX7l5u/nN1TxG7lYl5MRsztl71dM79xr6E8k8DcoBSOpWYIRN8rrF4J+YvDEf4C6n2pa d8xg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z25-v6si30652878pgl.405.2018.11.02.10.07.08; Fri, 02 Nov 2018 10:07:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727984AbeKCCOR (ORCPT + 99 others); Fri, 2 Nov 2018 22:14:17 -0400 Received: from mga02.intel.com ([134.134.136.20]:3919 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726318AbeKCCOR (ORCPT ); Fri, 2 Nov 2018 22:14:17 -0400 X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Nov 2018 10:06:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,456,1534834800"; d="scan'208";a="88141137" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.193]) by orsmga006.jf.intel.com with ESMTP; 02 Nov 2018 10:06:28 -0700 Date: Fri, 2 Nov 2018 10:06:28 -0700 From: Sean Christopherson To: Dave Hansen Cc: Andy Lutomirski , Linus Torvalds , Rich Felker , Jann Horn , Dave Hansen , Jethro Beekman , Jarkko Sakkinen , Florian Weimer , Linux API , X86 ML , linux-arch , LKML , Peter Zijlstra , nhorman@redhat.com, npmccallum@redhat.com, "Ayoun, Serge" , shay.katz-zamir@intel.com, linux-sgx@vger.kernel.org, Andy Shevchenko , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Carlos O'Donell , adhemerval.zanella@linaro.org Subject: Re: RFC: userspace exception fixups Message-ID: <20181102170627.GD7393@linux.intel.com> References: <20181101185225.GC5150@brightrain.aerifal.cx> <20181101193107.GE5150@brightrain.aerifal.cx> <20181102163034.GB7393@linux.intel.com> <7050972d-a874-dc08-3214-93e81181da60@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7050972d-a874-dc08-3214-93e81181da60@intel.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 02, 2018 at 09:56:44AM -0700, Dave Hansen wrote: > On 11/2/18 9:30 AM, Sean Christopherson wrote: > > What if rather than having userspace register an address for fixup, the > > kernel instead unconditionally does fixup on the ENCLU opcode? > > The problem is knowing what to do for the fixup. If we have a simple > action to take that's universal, like backing up %RIP, or setting some > other register state, it's not bad. Isn't the EENTER/RESUME behavior universal? Or am I missing something? > Think of our prefetch fixups in the page fault code. We do some > instruction decoding to look for them, and then largely return from the > fault and let the CPU retry. We know *exactly* what to do for these. > > But, if we need to call arbitrary code, or switch stacks, we need an > explicit ABI around it *anyway*, because the action to take isn't clear. > > For an enclave exit that's because of a hardware interrupt or page > fault, life is good. We really *could* just set %RIP to let ERESUME run > again, kinda like we do for (some) syscall situations. But the > situations for which we can't just call ERESUME, like the out-calls make > this more challenging. I think we'd need some explicit new interfaces > for those. I don't see how out-calls are a problem. Once EEXIT completes we're no longer in the enclave and EPCM faults are no longer a concern, i.e. we don't need to do fixup. Every other enclave exit is either an exception or an interrupt. And the only way to get back into the enclave is via ENCLU (EENTER or ERESUME).