Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2464456imu; Tue, 6 Nov 2018 15:18:26 -0800 (PST) X-Google-Smtp-Source: AJdET5cHZcrFwWWpT8gBgo+6KAUIIFV8JptlP3CqOHL2MZAdfSlZDhHpulWb1WYUBFpOFVtNZDVe X-Received: by 2002:a65:6542:: with SMTP id a2mr25318800pgw.389.1541546306922; Tue, 06 Nov 2018 15:18:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541546306; cv=none; d=google.com; s=arc-20160816; b=RK8SOuzia6UFDbodQDkSuiQMJGLEPExgXtz00bQXbHPLVL8QW0gVnurnR7dy7lfH7C OyM6DGteN6eKCuh0hjgxHa6q7jSDv3brYlbAeUA5KXp5tHBkeK/4DTpYJ2hAhBC1HcCV s4523xAEG02jLfdQpINMk80XwfbHc2nVoDmWgpzuYUUv4LrBpdMvcO23pbqnW5lqNl3r YBnErz6XYRKfhiHJPeWn0Rl6Ln+tXpaTzH0X7WnbuPlMttUAck2oWnHs+83Xbb6lkL1O Q9mS0rwTKQDGCVhzQjy1jKcRUsDWtrEL0BHnith710JPV3YeLVDzaYBlxW7b8+slrONd t4OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=APjHD2OAu7gi4EcUs+gZxusU7n4aRrBkBKiAjtAS7iY=; b=k39ctRoWnUFezXQaTktj9WHzP6BEtBJy14QI1EpxmWf3UxswEWrMPrDjdfjt4H7AM3 FsfGRnELB1XkY6PAmf/6QSrek++Xc++sOHta8IkHtbPRieqnkdjMdpr5P92LQwPWHod/ CixrmtT3/xsLonCfwxh1Q2pyxKFYJCzli1XqIsDfjy1lEQzUwCof6bd9nS1LFMQ/hWGZ 6jj7TEjN9u9ycrY5jz6oedIZfvOO2Oc/FBnBkQvHD6EUrqH76jiYDCGMp9CHzhquMlXt jkQPjT3oivtUegoOHdinZd73YtcRaWXJ0bmIUyD618Bup1ylNo7yxi/PfmaLLgExjwhQ 4EhA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a61-v6si51626342pla.430.2018.11.06.15.18.12; Tue, 06 Nov 2018 15:18:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730884AbeKGIp2 (ORCPT + 99 others); Wed, 7 Nov 2018 03:45:28 -0500 Received: from 216-12-86-13.cv.mvl.ntelos.net ([216.12.86.13]:58144 "EHLO brightrain.aerifal.cx" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726403AbeKGIp2 (ORCPT ); Wed, 7 Nov 2018 03:45:28 -0500 Received: from dalias by brightrain.aerifal.cx with local (Exim 3.15 #2) id 1gKAbC-0005m3-00; Tue, 06 Nov 2018 23:17:30 +0000 Date: Tue, 6 Nov 2018 18:17:30 -0500 From: Rich Felker To: Andy Lutomirski Cc: Dave Hansen , "Christopherson, Sean J" , Jann Horn , Linus Torvalds , Dave Hansen , Jethro Beekman , Jarkko Sakkinen , Florian Weimer , Linux API , X86 ML , linux-arch , LKML , Peter Zijlstra , nhorman@redhat.com, npmccallum@redhat.com, "Ayoun, Serge" , shay.katz-zamir@intel.com, linux-sgx@vger.kernel.org, Andy Shevchenko , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Carlos O'Donell , adhemerval.zanella@linaro.org Subject: Re: RFC: userspace exception fixups Message-ID: <20181106231730.GR5150@brightrain.aerifal.cx> References: <20181102220437.GI7393@linux.intel.com> <1541518670.7839.31.camel@intel.com> <1541524750.7839.51.camel@intel.com> <22596E35-F5D1-4935-86AB-B510DCA0FABE@amacapital.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 06, 2018 at 11:02:11AM -0800, Andy Lutomirski wrote: > On Tue, Nov 6, 2018 at 10:41 AM Dave Hansen wrote: > > > > On 11/6/18 10:20 AM, Andy Lutomirski wrote: > > > I almost feel like the right solution is to call into SGX on its own > > > private stack or maybe even its own private address space. > > > > Yeah, I had the same gut feeling. Couldn't the debugger even treat the > > enclave like its own "thread" with its own stack and its own set of > > registers and context? That seems like a much more workable model than > > trying to weave it together with the EENTER context. > > So maybe the API should be, roughly > > sgx_exit_reason_t sgx_enter_enclave(pointer_to_enclave, struct > host_state *state); > sgx_exit_reason_t sgx_resume_enclave(same args); > > where host_state is something like: > > struct host_state { > unsigned long bp, sp, ax, bx, cx, dx, si, di; > }; > > and the values in host_state explicitly have nothing to do with the > actual host registers. So, if you want to use the outcall mechanism, > you'd allocate some memory, point sp to that memory, call > sgx_enter_enclave(), and then read that memory to do the outcall. > > Actually implementing this would be distinctly nontrivial, and would > almost certainly need some degree of kernel help to avoid an explosion > when a signal gets delivered while we have host_state.sp loaded into > the actual SP register. Maybe rseq could help with this? > > The ISA here is IMO not well thought through. Maybe I'm mistaken about some fundamentals here, but my understanding of SGX is that the whole point is that the host application and the code running in the enclave are mutually adversarial towards one another. Do any or all of the proposed protocols here account for this and fully protect the host application from malicious code in the enclave? It seems that having control over the register file on exit from the enclave is fundamentally problematic but I assume there must be some way I'm missing that this is fixed up. Rich