Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2481232imu; Tue, 6 Nov 2018 15:40:58 -0800 (PST) X-Google-Smtp-Source: AJdET5fQSLyW2TOUws7qKGmqwELzRk/2H4XU8d+abtf80PggQKEdZVNjGWE092/sDIBVoQJrPl0o X-Received: by 2002:a65:6491:: with SMTP id e17mr6836160pgv.418.1541547658228; Tue, 06 Nov 2018 15:40:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541547658; cv=none; d=google.com; s=arc-20160816; b=Ex1kYlJr9V9CwQLfpVSfS4CC5XiQ/WtZo8NyZEaWU6sIHxz344NhjS76i9xKy/UEXN mqVF+iBUdLrjya3fHP9T43D/5svPDgipk/xa0xDVxm9eJkPPQM67tvA2vUgWwvlmxORi 5c9juMnfDC6ia0t57hItEi5200Z2VhmaZUiSAIXk37oCuV9imJ/V8f0jK6LMlDJFZxII V1vz33cfP9pW20jRM8A2kSvb4Ocxr7HdwTuMuVO0FYhMonx4lZnNPxmshOUC1D14ppNw m90VsVQXciSUjkPH56oS6RVwoRIRxmozoi55O9XMyahNBpDSE/IuTZyQib6jj/dq0vOb 3iMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=nrM/6yurUdYUPqLyTWSKVR55swOHLfK/mQ72U+2WF6E=; b=PZ6wXXvbjchPMU9VbgzBmwrmmKxkEUP93qecpJ5A4Y7XZ+HGpUPztVh9UcRekteRy+ l2Kgb78vWzoEJ2bn4+HynWQyUiEVu+ALU/QQll7c3MPccAzNgo9kwHWkAS0u6dIi9XL6 Fqj6PfG277eJo/GmswnnmImj5Omd2ZG/mBsIdfarHGTl3KoKkVTgWaOPqx3wJs9/2Dkj TJjYGNED2V6DcY1ptpGAbLuktgvfX5jIt5cGQaRJAqgTovC+SkHKed5b0I+PxYFEY7QR K/Lo5ikXIdj0mfXuETFXUg0uX3dIM0DtAhaTnJub6L7nFiFkPY4vniH84DbL/J2jU9i5 QdLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="sv/URmoD"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y10-v6si13463524plt.145.2018.11.06.15.40.42; Tue, 06 Nov 2018 15:40:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="sv/URmoD"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731085AbeKGJHp (ORCPT + 99 others); Wed, 7 Nov 2018 04:07:45 -0500 Received: from mail.kernel.org ([198.145.29.99]:56264 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731067AbeKGJHp (ORCPT ); Wed, 7 Nov 2018 04:07:45 -0500 Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5DA3E21479 for ; Tue, 6 Nov 2018 23:40:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541547602; bh=+uFstgdPuQ7BsxuODoPg3qjcikQEXR5tf05WB+k5kUg=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=sv/URmoDfGm8gwv8VE4pp24CRfxho3cfscO8RWTGbITTxIxz5aP/nnzP+PrpBR6tL bO8/eZq6zmXkeY4Oeg/HodZY8JXcG/CUVjFN1oixYMavvbjyGJa5oMokDZJQ6Wb8IE sJv6MJcB1pPtGvz3uRm7ZGWKFXSz0ynUMAiNg2ow= Received: by mail-wr1-f51.google.com with SMTP id d10-v6so15473935wrs.5 for ; Tue, 06 Nov 2018 15:40:02 -0800 (PST) X-Gm-Message-State: AGRZ1gIuK/B8ZmH/+KUU+gddnxgM+bfJ65n3QCHX/16ZPeOOpN8p1YVz lxAlsGXwTJPUHjV5eLLPITZ0RNgIaU8SJK8iaVtoIA== X-Received: by 2002:adf:82c9:: with SMTP id 67-v6mr24043904wrc.131.1541547600631; Tue, 06 Nov 2018 15:40:00 -0800 (PST) MIME-Version: 1.0 References: <22596E35-F5D1-4935-86AB-B510DCA0FABE@amacapital.net> <1C426267-492F-4AE7-8BE8-C7FE278531F9@amacapital.net> <209cf4a5-eda9-2495-539f-fed22252cf02@intel.com> <9B76E95B-5745-412E-8007-7FAA7F83D6FB@amacapital.net> <1541541565.8854.13.camel@intel.com> <7FF4802E-FBC5-4E6D-A8F6-8A65114F18C7@amacapital.net> <20181106233515.GB11101@linux.intel.com> In-Reply-To: <20181106233515.GB11101@linux.intel.com> From: Andy Lutomirski Date: Tue, 6 Nov 2018 15:39:48 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: RFC: userspace exception fixups To: "Christopherson, Sean J" Cc: Andrew Lutomirski , Dave Hansen , Jann Horn , Linus Torvalds , Rich Felker , Dave Hansen , Jethro Beekman , Jarkko Sakkinen , Florian Weimer , Linux API , X86 ML , linux-arch , LKML , Peter Zijlstra , nhorman@redhat.com, npmccallum@redhat.com, "Ayoun, Serge" , shay.katz-zamir@intel.com, linux-sgx@vger.kernel.org, Andy Shevchenko , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "Carlos O'Donell" , adhemerval.zanella@linaro.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 6, 2018 at 3:35 PM Sean Christopherson wrote: > > On Tue, Nov 06, 2018 at 03:00:56PM -0800, Andy Lutomirski wrote: > > > > > > >> On Nov 6, 2018, at 1:59 PM, Sean Christopherson wrote: > > >> > > >>> On Tue, 2018-11-06 at 13:41 -0800, Andy Lutomirski wrote: > > >> Sean, how does the current SDK AEX handler decide whether to do > > >> EENTER, ERESUME, or just bail and consider the enclave dead? It seems > > >> like the *CPU* could give a big hint, but I don't see where there is > > >> any architectural indication of why the AEX code got called or any > > >> obvious way for the user code to know whether the exit was fixed up by > > >> the kernel? > > > > > > The SDK "unconditionally" does ERESUME at the AEP location, but that's > > > bit misleading because its signal handler may muck with the context's > > > RIP, e.g. to abort the enclave on a fatal fault. > > > > > > On an event/exception from within an enclave, the event is immediately > > > delivered after loading synthetic state and changing RIP to the AEP. > > > In other words, jamming CPU state is essentially a bunch of vectoring > > > ucode preamble, but from software's perspective it's a normal event > > > that happens to point at the AEP instead of somewhere in the enclave. > > > And because the signals the SDK cares about are all synchronous, the > > > SDK can simply hardcode ERESUME at the AEP since all of the fault logic > > > resides in its signal handler. IRQs and whatnot simply trampoline back > > > into the enclave. > > > > > > Userspace can do something funky instead of ERESUME, but only *after* > > > IRET/RSM/VMRESUME has returned to the AEP location, and in Linux's > > > case, after the trap handler has run. > > > > > > Jumping back a bit, how much do we care about preventing userspace > > > from doing stupid things? > > > > My general feeling is that userspace should be allowed to do apparently > > stupid things. For example, as far as the kernel is concerned, Wine and > > DOSEMU are just user programs that do stupid things. Linux generally tries > > to provide a reasonably complete view of architectural behavior. This is > > in contrast to, say, Windows, where IIUC doing an unapproved WRFSBASE May > > cause very odd behavior indeed. So magic fixups that do non-architectural > > things are not so great. > > Sorry if I'm beating a dead horse, but what if we only did fixup on ENCLU > with a specific (ignored) prefix pattern? I.e. effectively make the magic > fixup opt-in, falling back to signals. Jamming RIP to skip ENCLU isn't > that far off the architecture, e.g. EENTER stuffs RCX with the next RIP so > that the enclave can EEXIT to immediately after the EENTER location. > How does that even work, though? On an AEX, RIP points to the ERESUME instruction, not the EENTER instruction, so if we skip it we just end up in lala land. How averse would everyone be to making enclave entry be a syscall? The user code would do sys_sgx_enter_enclave(), and the kernel would stash away the register state (vm86()-style), point RIP to the vDSO's ENCLU instruction, point RCX to another vDSO ENCLU instruction, and SYSRET. The trap handlers would understand what's going on and restore register state accordingly. On non-Meltdown hardware (hah!) this would even be fairly fast. --Andy