Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3727099img;
        Mon, 25 Mar 2019 16:55:26 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzFLmddDdLdiwgifWU7wlGgngl/5N54u47SSnhuxCxUjKf4oRY2MMyeCVEIgPNdAZBVLUFf
X-Received: by 2002:a65:6098:: with SMTP id t24mr26360484pgu.57.1553558126776;
        Mon, 25 Mar 2019 16:55:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553558126; cv=none;
        d=google.com; s=arc-20160816;
        b=pUOaBhB3F95Iy/TvpjNuBIP/yrbOzVsgCBdzNjqa1LaMUy2x3ZS3t9wdAArmoRMUWX
         KkSTZeksYYO5KsY4mW3Wj698LGdqaCiYexvfPPBO1UI7TQSh5atcY5VvaKzIhxMBjA6t
         y46wuUDhpnap6quB+5jf655g1NFGn4oxeR2HU143ggDH4JMcO4iPJZWSbZ4aT7v6rJAt
         PEbOiqH13yHZENSREec915/C/0pSHUE8Jz3FpSr94l2rpUgEKlF7XFtYg6ob18qQhbtI
         NN5C/tihbUkVDNu23kvQ9gohTP32pFDNbxYJ0dQ1KnGDjkSh4+0ArQ6SwCIycw+z2NI0
         75jA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=sf4Zgo8LsaF6yFeASpEbsI/6LNWjJksYhLspDcrVhrQ=;
        b=fYSM65uq+pR97iCiEnll0Hc1rfGMbJyuUl6XEGuS71h6rMzd0FXelSohxNBvaOx484
         WBseeX4+i8you3j1ZH1WoJ/z9hel47zhTqWAtuIQN5kg4PfxhZ2WzWKBYrcxZ+lSvXPM
         HQC11d3j/FlaY6rfL+JdqUWraOQYP2a1xd7e7QoDtqtIH/8i1vdIX0FoVQaVAbO9ofv7
         zvAteJPHtRAI3avwuoTcFMEkw82d9zsWPw4I/l8wKE8hycLn5Ua4LkaPXYTN+e93O+8p
         bToBDqegR9yBxgqLZZMstwDTX/CDbz7k8MGLmk8PvDC7Zu97NCQoIAgHe6JebYnJWzoq
         Kw8Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="XzC69H/t";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j16si14695369pfe.152.2019.03.25.16.55.11;
        Mon, 25 Mar 2019 16:55:26 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="XzC69H/t";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727626AbfCYXyh (ORCPT <rfc822;ablacktshirt@gmail.com>
        + 99 others); Mon, 25 Mar 2019 19:54:37 -0400
Received: from mail.kernel.org ([198.145.29.99]:53122 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726301AbfCYXyh (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 25 Mar 2019 19:54:37 -0400
Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id AFFEF20870
        for <linux-kernel@vger.kernel.org>; Mon, 25 Mar 2019 23:54:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1553558076;
        bh=7IXy9PmaCQVWs3dr2OsZDsoJ+4vRKTCXqWnIvRBz76k=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=XzC69H/tN4lPBbDrQRBTbjkRY6pxU0kBw05NZkNo+WwxSSCEW+YwwBkPfcL+qKXc7
         DJ0EU73PLPfGHUC2u0kMPObp5DuSB1wL4y1Cvg6PeFGwRd0jd25QMTAt3j45p/DmMS
         2ofeIPxMjX+kFyYDBDh/oQrIshVWbKj7oRQpLq10=
Received: by mail-wr1-f54.google.com with SMTP id k11so4810241wro.5
        for <linux-kernel@vger.kernel.org>; Mon, 25 Mar 2019 16:54:35 -0700 (PDT)
X-Gm-Message-State: APjAAAWlyHBkEERK8Z5a39mM52fMG8fFcPUcNvt/8zrJtCuhH0ZhfvJ8
        ozUz1I//4a8MdBzNUwRS3frbtmEKlNr3hK8P74zjLQ==
X-Received: by 2002:adf:f011:: with SMTP id j17mr15065852wro.330.1553558074255;
 Mon, 25 Mar 2019 16:54:34 -0700 (PDT)
MIME-Version: 1.0
References: <20190320162119.4469-1-jarkko.sakkinen@linux.intel.com>
 <20190320162119.4469-25-jarkko.sakkinen@linux.intel.com> <960B34DE67B9E140824F1DCDEC400C0F4E85C484@ORSMSX116.amr.corp.intel.com>
 <20190320191318.GF30469@linux.intel.com> <960B34DE67B9E140824F1DCDEC400C0F4E85C5AB@ORSMSX116.amr.corp.intel.com>
 <20190322215903.GE12666@linux.intel.com> <960B34DE67B9E140824F1DCDEC400C0F4E85E481@ORSMSX116.amr.corp.intel.com>
 <CALCETrV589POrG3RaPHBWOFuytkWjeJgJgLHk4OKbizOgJVKZQ@mail.gmail.com> <960B34DE67B9E140824F1DCDEC400C0F4E85E989@ORSMSX116.amr.corp.intel.com>
In-Reply-To: <960B34DE67B9E140824F1DCDEC400C0F4E85E989@ORSMSX116.amr.corp.intel.com>
From:   Andy Lutomirski <luto@kernel.org>
Date:   Mon, 25 Mar 2019 16:54:23 -0700
X-Gmail-Original-Message-ID: <CALCETrWdc2d2HJ-aoE7-889sHN-YJiKXrEkssyWJ6QQTykb+EQ@mail.gmail.com>
Message-ID: <CALCETrWdc2d2HJ-aoE7-889sHN-YJiKXrEkssyWJ6QQTykb+EQ@mail.gmail.com>
Subject: Re: [PATCH v19,RESEND 24/27] x86/vdso: Add __vdso_sgx_enter_enclave()
 to wrap SGX enclave transitions
To:     "Xing, Cedric" <cedric.xing@intel.com>
Cc:     Andy Lutomirski <luto@kernel.org>,
        "Christopherson, Sean J" <sean.j.christopherson@intel.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "x86@kernel.org" <x86@kernel.org>,
        "linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
        "akpm@linux-foundation.org" <akpm@linux-foundation.org>,
        "Hansen, Dave" <dave.hansen@intel.com>,
        "nhorman@redhat.com" <nhorman@redhat.com>,
        "npmccallum@redhat.com" <npmccallum@redhat.com>,
        "Ayoun, Serge" <serge.ayoun@intel.com>,
        "Katz-zamir, Shay" <shay.katz-zamir@intel.com>,
        "Huang, Haitao" <haitao.huang@intel.com>,
        "andriy.shevchenko@linux.intel.com" 
        <andriy.shevchenko@linux.intel.com>,
        "tglx@linutronix.de" <tglx@linutronix.de>,
        "Svahn, Kai" <kai.svahn@intel.com>, "bp@alien8.de" <bp@alien8.de>,
        "josh@joshtriplett.org" <josh@joshtriplett.org>,
        "Huang, Kai" <kai.huang@intel.com>,
        "rientjes@google.com" <rientjes@google.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Haitao Huang <haitao.huang@linux.intel.com>,
        Jethro Beekman <jethro@fortanix.com>,
        "Dr . Greg Wettstein" <greg@enjellic.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Mar 24, 2019 at 1:59 AM Xing, Cedric <cedric.xing@intel.com> wrote:
>
> Hi Andy,
>
> Thank you for your valuable feedbacks!
>
> Per what you have been saying, your feedbacks come from different angles =
- i.e. functionality vs. security, but they are mixed up somehow.

I think you're misunderstanding me.  I'm not talking about security at
all here.  SGX isn't a sandbox, full stop.  I'm talking about the
degree to which an SGX enclave acts like a well-behaved black box.

>
> > I=E2=80=99m going to put my vDSO maintainer hat on for a minute.  Cedri=
c, your
> > proposal has the following issues related specifically to the vDSO:
> >
> > It inherently contains indirect branches.  This means that, on retpolin=
e
> > configurations, it probably needs to use retpolines.  This is doable,
> > but it=E2=80=99s nasty, and you need to worry about register clobbers.
>
> Only the weakest link matters in security. With dynamic linking in use, t=
his additional indirect CALL can't make things worse. But I'm open to, and =
in fact also willing to, apply whatever mitigation that you think is satisf=
actory (or that has been applied to other indirect branches, such as in PLT=
), such as retpoline. Btw, don't worry about register clobbers because we h=
ave at least %rax at our disposal.

There is no actual fundamental reason that dynamic linking has to work
this way, and in principle, one could even use retpolines to the call
the vDSO.  In any event, the vDSO is currently compiled with
retpolines enabled, and if we decide to turn that off, it would be
decision to be made independently of SGX.

>
> >
> > It uses effectively unbounded stack space. The vDSO timing functions ar=
e
> > already a problem for Go, and this is worse.
>
> If targeting the same functionality (i.e. no exit callback), my API uses =
exactly 24 bytes more than Sean's. Is it really the case that those 24 byte=
s will break Go?

You're counting wrong.  Your version uses 24 bytes + the stack size of
the exit handler + the amount of stack consumed by the enclave, which
is effectively unbounded.  So this whole scheme becomes unusable on
anything other than a stack that is "large" for a totally undefined
value of large and that has guard pages.

>
> >
> > Cedric, your proposal allows an enclave to muck with RSP, but not in a
> > way that=E2=80=99s particularly pleasant.
>
> From security perspective, it is SGX ISA, but NOT any particular ABI, tha=
t allows enclaves "to muck with RSP".

Again, this has nothing to do with security.  With your proposal, it's
not possible for the caller of an enclave to decide, in an ocall
handler, to pause and do something else.  This isn't just theoretical.
Suppose someone wants to send a network request in an ocall handler.
With the current RSP approach, it's difficult to do this in a program
that uses poll / select / epoll -- you can't return out from the ocall
until you have an answer.