Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp2406402imd; Fri, 2 Nov 2018 10:49:51 -0700 (PDT) X-Google-Smtp-Source: AJdET5eKy5Q0Y44S5PnsFn1PD/5X+BFFkP3Lzd0JNisXGYOpqRAVfLFjfZAC5ZAskbeXMvoY6jR0 X-Received: by 2002:a62:9642:: with SMTP id c63-v6mr13124361pfe.100.1541180991565; Fri, 02 Nov 2018 10:49:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541180991; cv=none; d=google.com; s=arc-20160816; b=f2EidjkA28jOZM5N0Z88yw9OFWb7gBKCjcOH9xdlST8vLu20A6DQLK6Rns9RbV6Ggn ae4vvVWgKmyBtUIgIoKaIcA84yl6UEtWEwW8WFCFC2DuhDuvhqTWDRd8OGbX1LKoyNDk GbEzQNmbuY8bb4RsFomSwXh5zBGPhxizEgtxbDO/pZ2UQ6Als0yvTjlrXyzDnMRbpShE H6bwVbLBsMvtDVlOp1ZR6bSDNLAFWnE5QMQJ+Bu/i9Yl/8Ai5G8t6m9dbBVTiffbkwOd Q8HW7FpZgU8tIE8rbTYSmIhqo5pu+3OPwkemqU3vYSfJxHjKDeA2BauDiFvNTq0bKkB1 thYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=utrZUYS4wfv0Lwul+ZvwhG1GP1FqxNiQO0W2ybLiOPU=; b=SMo3Eoz7SpMIIjuGDjRrJTTIJ2m/a2kw+mIs6FeIUE/YYG9bz0aRpGZqJ4Owkdtdxf UWe8k5ICFfzEYRX5NExZAHtGLAh+BkB81pPc2kF3cGlG01vef1oyeQwj+9WsFzV6gHjN BXMulg/D+mjXlH6DiQbk2p0XN+/hrHGEjk3FoCp6p10xphV0ZVPqpVMoH4Gb5RC6vnlB UL9lBf4s/4RNlV50vTJe7XHlcBW/2F5eop67k5PtniMkt2Y85R8QPb+ldjbapLiLRttG KmBQHkyZFdLOlrN268Id8Ec+efXb38tMrnkB66383FYKZCNZUTKbO9m/WnedWcGSNlBF ZZDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="G1feXU/x"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j28si3182704pgm.160.2018.11.02.10.49.35; Fri, 02 Nov 2018 10:49:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="G1feXU/x"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728126AbeKCC44 (ORCPT + 99 others); Fri, 2 Nov 2018 22:56:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:49838 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726700AbeKCC44 (ORCPT ); Fri, 2 Nov 2018 22:56:56 -0400 Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F2B6820843 for ; Fri, 2 Nov 2018 17:48:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541180936; bh=Y8GIf69pP+m9DmfderzUT/vxmSKPqCH2CKDT3DPFHI4=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=G1feXU/x8bYG3sPyl7o3s0fGdQD/+jtb2/WVbZFJOxYaIvJp92HE4C2XiFlkYE+jm XxMby6W9p7hYnkMBuYoIIlDM4vpGDFNmoffDylrzXA+jWu6G03ngRUFUvvmFRI3S8w h7EanP/o/A9HhZBrRYGSGpnsSQW8EKBZKoOskaUU= Received: by mail-wm1-f47.google.com with SMTP id s10-v6so2703439wmc.5 for ; Fri, 02 Nov 2018 10:48:55 -0700 (PDT) X-Gm-Message-State: AGRZ1gJdF5UIrevl4x+ZHraO2314VG89wSyd99kXRpKkSX+Q2pN+1Qgf xSBEhR/Z5HmDz82cdd2pSuc5hyVMXhQ8jFs5bl32cw== X-Received: by 2002:a1c:4b1a:: with SMTP id y26-v6mr5393wma.82.1541180934370; Fri, 02 Nov 2018 10:48:54 -0700 (PDT) MIME-Version: 1.0 References: <20181101185225.GC5150@brightrain.aerifal.cx> <20181101193107.GE5150@brightrain.aerifal.cx> <20181102163034.GB7393@linux.intel.com> <7050972d-a874-dc08-3214-93e81181da60@intel.com> <20181102170627.GD7393@linux.intel.com> <20181102173350.GF7393@linux.intel.com> In-Reply-To: <20181102173350.GF7393@linux.intel.com> From: Andy Lutomirski Date: Fri, 2 Nov 2018 10:48:38 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: RFC: userspace exception fixups To: "Christopherson, Sean J" Cc: Dave Hansen , Andrew Lutomirski , Linus Torvalds , Rich Felker , Jann Horn , Dave Hansen , Jethro Beekman , Jarkko Sakkinen , Florian Weimer , Linux API , X86 ML , linux-arch , LKML , Peter Zijlstra , nhorman@redhat.com, npmccallum@redhat.com, "Ayoun, Serge" , shay.katz-zamir@intel.com, linux-sgx@vger.kernel.org, Andy Shevchenko , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "Carlos O'Donell" , adhemerval.zanella@linaro.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 2, 2018 at 10:33 AM Sean Christopherson wrote: > > On Fri, Nov 02, 2018 at 10:13:23AM -0700, Dave Hansen wrote: > > On 11/2/18 10:06 AM, Sean Christopherson wrote: > > > On Fri, Nov 02, 2018 at 09:56:44AM -0700, Dave Hansen wrote: > > >> On 11/2/18 9:30 AM, Sean Christopherson wrote: > > >>> What if rather than having userspace register an address for fixup, the > > >>> kernel instead unconditionally does fixup on the ENCLU opcode? > > >> > > >> The problem is knowing what to do for the fixup. If we have a simple > > >> action to take that's universal, like backing up %RIP, or setting some > > >> other register state, it's not bad. > > > > > > Isn't the EENTER/RESUME behavior universal? Or am I missing something? > > > > Could someone write down all the ways we get in and out of the enclave? > > > > I think we always get in from userspace calling EENTER or ERESUME. We > > can't ever enter directly from the kernel, like via an IRET from what I > > understand. > > Correct, the only way to get into the enclave is EENTER or ERESUME. > My understanding is that even SMIs bounce through the AEX target > before transitioning to SMM. > > > We get *out* from exceptions, hardware interrupts, or enclave-explicit > > EEXITs. Did I miss any? Remind me where the hardware lands the control > > flow in each of those exit cases. > > And VMExits. There are basically two cases: EEXIT and everything else. > EEXIT is a glorified indirect jump, e.g. %RBX holds the target %RIP. > Everything else is an Asynchronous Enclave Exit (AEX). On an AEX, %RIP > is set to a value specified by EENTER/ERESUME, %RBP and %RSP are > restored to pre-enclave values and all other registers are loaded with > synthetic state. The actual interrupt/exception/VMExit then triggers, > e.g. the %RIP on the stack for an exception is always the AEX target, > not the %RIP inside the enclave that actually faulted. So what exactly happens when an enclave accesses non-enclave memory and takes a page fault, for example? The SDM says that the #PF vector and error code are stored in the SSA frame where the kernel can't see them. Is a real #PF then delivered? I guess that, if the memory in question gets faulted in, then the kernel resumes exection at the AEP address, which does ERESUME, and the enclave resumes. But if the access is bad, then the kernel delivers a signal (or uses some other new mechanism), and then what happens? Is the enclave just considered dead? Is user code supposed to EENTER back into the enclave to tell it that it got an error? This whole mechanism seems very complicated, and it's not clear exactly what behavior user code wants.