Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2193042imu; Tue, 6 Nov 2018 10:26:03 -0800 (PST) X-Google-Smtp-Source: AJdET5fVUaZb/9I8HgU0BSaT5zWq4gMuCvBWz8Obvpg6B77pU6pc2QsPGYbQ6IUt3TjCYxfTqnoS X-Received: by 2002:a63:5e43:: with SMTP id s64mr24864989pgb.101.1541528763268; Tue, 06 Nov 2018 10:26:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541528763; cv=none; d=google.com; s=arc-20160816; b=1JWiG4uG84EnaE3oV8SuJCtOCfVpR4bsTZi9DQY3grsVLYUzivVFmz2pS1tzoVVUUD 35pyQBJ9kmgKkzXT2jG7Icn1VLuRtm2zxbtWgpCb4fqr1xCobdLuu+Ro/JKKCTucKhD6 UDvnVYUK/WLM5COkgKPtE5qD26ucLKJVrbG0xfhbmIULDECrVog1DG8F6XeSn7W0usrS YiQ6TGrakPzrSqHpmZWR3xA7tWkjaR0novNlL4gYh/bGPcwdsbOIFO59B41KqZ1jZRp+ jntugGDEvSgnul3x4CdcRT3BxfywHjT0erMTuhujts5cvDG/LtnvEoYmTNrdiPOlzObI DQ1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=qDsnffpMgE1JXvMM5u4+JhNGpY4R62QM++WVmvsfdyg=; b=QQbYiOoRj7v9F/9vnWxu7r75zYMXf/YY2I+ujXzaa9YlAAwMRqAgd1UNbi/hm/XTeL ePtfZnQNHTvhXfRzD0djuFyY99qxrdrDXBUdlr7bGrj3LZbl6DxcGmeEfZL1/yqaDEni 1MYi5GCjEkTnxhFn0TXDlwaG7WLSJkbbRT3yovPuxHDBTY6BpPO0mlSlaAsvhs1oiDjq AAR8SIx2kpoLQXEUvLxwgz3S1XapgUIENHQIkyKwAYSiq28nESxHDu/7qmx0v6TRyfyp lvK/1LVYy8Y9I6ALr7MqoKhOYSI7QVvQ19BhHVusWVqQSMzBTHcc3lcVcvsyx4ax9dly nFAQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=XkgAtVTX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m39-v6si46557835plg.335.2018.11.06.10.25.47; Tue, 06 Nov 2018 10:26:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=XkgAtVTX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388314AbeKGDrB (ORCPT + 99 others); Tue, 6 Nov 2018 22:47:01 -0500 Received: from mail-pg1-f176.google.com ([209.85.215.176]:45217 "EHLO mail-pg1-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730477AbeKGDrA (ORCPT ); Tue, 6 Nov 2018 22:47:00 -0500 Received: by mail-pg1-f176.google.com with SMTP id y4so5727935pgc.12 for ; Tue, 06 Nov 2018 10:20:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=qDsnffpMgE1JXvMM5u4+JhNGpY4R62QM++WVmvsfdyg=; b=XkgAtVTXtJUS8OXK4wzkaLQMNdJLS4+AX8nS4VD1MGxBKiLTxZGGPUTTZTLGytlSiC V3GVIDzihnzJ0lub49J1WajK7ovl2yT8qehmBvsZCgu/ML9/NBuUqBwfGsWQLuqsxMGV AjmCSn8z0wd/TE2OSUIplOF3Fpf9P+YYP70C8RBS14OSIK5stZw14HPJAPCKaUkmcj9R ZFkrZLI8AfLzNwizlDlgAMeimICJKcpKBsx01l5rB0oYf7Vtblo315MzY2swjuXeGuHJ C+UnJlS5+xq6C65TeSBAL33rxp25w8j2rzUYMKAzx9rt7+9iIR38o07xHMDf6uP3P3q3 5AEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=qDsnffpMgE1JXvMM5u4+JhNGpY4R62QM++WVmvsfdyg=; b=apheUgUiaGqWWCG3AejKpVFRjHoQ/SiBlPJtFQ3pPH3aAVTsFlVBglYr/gAem9+ukg OhibzAYu2GMRN2IifgrcttGNEzL28QdWKH64yxkMcBexPob19/GyTK9IsoCBKQuZb8uf /k8JRXjNCRBLX61SR9goteU+GVqpOctxow2rse5XAgpDKVrkzkJvKSvUk98Y7x+TEJ7+ mVjB1o5v1PxZcAR3d3kU14BQp9immEc1yuRSDEOd+lRIklysVNT+Vu3DIRu08+N5+EY5 hiOOR2XXh4IujQNtlLf7R1kTGBnc5n9wJi6xg+67ffcFIjt5X+SHYtx5M4DXWB8Bw0c5 sW0Q== X-Gm-Message-State: AGRZ1gIWViYapQBCRKo+YZf73QdmmTIvdIa5EePRaNH7gvACoBptWJ7W lQCW8cHP91h+LCcimtp/rCF0kQ== X-Received: by 2002:a62:4784:: with SMTP id p4-v6mr26843289pfi.257.1541528430750; Tue, 06 Nov 2018 10:20:30 -0800 (PST) Received: from ?IPv6:2600:1010:b022:50cc:40e8:641b:7bb4:fb59? ([2600:1010:b022:50cc:40e8:641b:7bb4:fb59]) by smtp.gmail.com with ESMTPSA id v84-v6sm5926910pfd.182.2018.11.06.10.20.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Nov 2018 10:20:29 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: RFC: userspace exception fixups From: Andy Lutomirski X-Mailer: iPhone Mail (16A404) In-Reply-To: <1541524750.7839.51.camel@intel.com> Date: Tue, 6 Nov 2018 10:20:27 -0800 Cc: Andy Lutomirski , Jann Horn , Dave Hansen , Linus Torvalds , Rich Felker , Dave Hansen , Jethro Beekman , Jarkko Sakkinen , Florian Weimer , Linux API , X86 ML , linux-arch , LKML , Peter Zijlstra , nhorman@redhat.com, npmccallum@redhat.com, "Ayoun, Serge" , shay.katz-zamir@intel.com, linux-sgx@vger.kernel.org, Andy Shevchenko , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Carlos O'Donell , adhemerval.zanella@linaro.org Content-Transfer-Encoding: quoted-printable Message-Id: <22596E35-F5D1-4935-86AB-B510DCA0FABE@amacapital.net> References: <20181102163034.GB7393@linux.intel.com> <7050972d-a874-dc08-3214-93e81181da60@intel.com> <20181102170627.GD7393@linux.intel.com> <20181102173350.GF7393@linux.intel.com> <20181102182712.GG7393@linux.intel.com> <20181102220437.GI7393@linux.intel.com> <1541518670.7839.31.camel@intel.com> <1541524750.7839.51.camel@intel.com> To: Sean Christopherson Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Nov 6, 2018, at 9:19 AM, Sean Christopherson wrote: >=20 >> On Tue, 2018-11-06 at 08:57 -0800, Andy Lutomirski wrote: >>=20 >> So I guess the non-enclave code basically can=E2=80=99t trust its stack p= ointer >> because of these shenanigans. And the AEP code has to live with the fact >> that its RSP is basically arbitrary and probably can=E2=80=99t even be un= wound >> by a debugger? >=20 > The SDK provides a Python GDB plugin to hook into the out-call flow and > do more stack shenanigans. =46rom what I can tell it's fudging the stack > to make it look like a normal stack frame so the debugger can do it's > thing. >=20 >> And the EENTER code has to deal with the fact that its red zone can be >> blatantly violated by the enclave? >=20 > That's my understanding of things. So yeah, if it wasn't obvious before, > the trusted and untrusted parts of the SDK are very tightly coupled. Yuck. Just how far does this right coupling go? If there are enclaves that p= lay with, say, FSBASE or GSBASE, we=E2=80=99re going to start having problem= s. And the SGX handling of PKRU is complicated at best. I almost feel like the right solution is to call into SGX on its own private= stack or maybe even its own private address space.=20=