Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp225387yba; Tue, 23 Apr 2019 23:28:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqx7BLhbGifmnUbM5OqCuZSPuZ5Jioa4ZlFCS26SP1Ebe0gofEU33lm5+HLpL2blbMPyvhFJ X-Received: by 2002:a17:902:7d90:: with SMTP id a16mr27607602plm.122.1556087298927; Tue, 23 Apr 2019 23:28:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556087298; cv=none; d=google.com; s=arc-20160816; b=WgeloXxOTdB9bOKL+uZpCGVP9QSzq0DWA6lZuy1umxmHHhleqLYjgb1+adNf8uAltv jzniDEwn+HRvgwkECxjI3J19LqlLhAPQtc7K9k2fMPH91kkPFJ+01iOY+Ap4DiPvKlqB eppv9xhgzYciNLMAmwc7WgBrh7e+MsPHqq+VLDshjsNlTb8X4HvfrEccKUeHFH8kFV38 r93fQPLyM7Q4WQIsJhGCEqkQmJ8URg7wHNd6RTyD0QQoafTwMOtuPztm01c99GPik+fL ya1JrRNe98t5dE6lfDl6xTbkD430pHsaWaN9zt41eFF+8RiNKTwzn/+BcDfuFuTFA8bv WVDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=DZlPpU2OLUKo1p2++GmVPbvc7jI5mMJlYqrQ7Mnx2Gs=; b=z2yHprxuaVkepk9mhP9VmFZp5hM5A70e+4gFeg4XGA+doel+qGAJ2y6/6Jx0K6HY5T tLeUviqlsV2I5AWb6ixkqv8D0BAAaUtI9g/ogl7UT1wI/7ZG9ZE8ZXeDNzNz0s0+SEsm LasbchLblmer4OCVc92K6EHWNMiA7qJGVh95zKd2FbXk7urWUt2r6epzjuLA1kD+Q/fR y9idNnYLVh6VYPB3QM7FZeonU7RuOuFHmhsNDP9mAuHxTQVBR4D5xOMgvr7tU6z+KG8/ /WX00AljTL4friiHfl2XhftFVqyMJoifSDLMKVW+3ZDju80KXmfIJiw1baO+vc21sTZm zpPw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c9si14204687pgp.258.2019.04.23.23.28.03; Tue, 23 Apr 2019 23:28:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729719AbfDXG0Z (ORCPT + 99 others); Wed, 24 Apr 2019 02:26:25 -0400 Received: from mga03.intel.com ([134.134.136.65]:4222 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726002AbfDXG0Z (ORCPT ); Wed, 24 Apr 2019 02:26:25 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Apr 2019 23:26:24 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,388,1549958400"; d="scan'208";a="145368045" Received: from bxing-ubuntu.jf.intel.com ([10.23.30.27]) by fmsmga007.fm.intel.com with ESMTP; 23 Apr 2019 23:26:23 -0700 From: Cedric Xing To: linux-kernel@vger.kernel.org, linux-sgx@vger.kernel.org Cc: cedric.xing@intel.com, akpm@linux-foundation.org, dave.hansen@intel.com, sean.j.christopherson@intel.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, haitao.huang@intel.com, kai.svahn@intel.com, kai.huang@intel.com, jarkko.sakkinen@linux.intel.com Subject: [RFC PATCH v2 0/3] An alternative __vdso_sgx_enter_enclave() to allow enclave/host parameter passing using untrusted stack Date: Tue, 23 Apr 2019 23:26:20 -0700 Message-Id: <20190424062623.4345-1-cedric.xing@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The current proposed __vdso_sgx_enter_enclave() requires enclaves to preserve %rsp, which prohibits enclaves from allocating space on the untrusted stack. However, there are existing enclaves (e.g. those built with current Intel SGX SDK libraries) relying on the untrusted stack for passing parameters to untrusted functions (aka. o-calls), which requires allocating space on the untrusted stack by enclaves. And given its simplicity and convenience, it could be desired by future SGX applications as well. This patchset introduces a new ABI for __vdso_sgx_enter_enclave() to anchor its stack frame on %rbp (instead of %rsp), so as to allow enclaves to "push" onto the untrusted stack by decrementing the untrusted %rsp. Additionally, this new __vdso_sgx_enter_enclave() will take one more parameter - a callback function, to be invoked upon all enclave exits (both AEX and normal exits). The callback function will be given the value of %rsp left off by the enclave, so that data "pushed" by the enclave (if any) could be addressed/accessed. Please note that the callback function is optional, and if not supplied (i.e. null), __vdso_sgx_enter_enclave() will just return (i.e. behave the same as the current implementation) after the enclave exits (or AEX due to exceptions). The SGX selftest is augmented by two new tests. One exercises the new callback interface, and serves as a simple example to showcase how to use it; while the other validates the hand-crafted CFI directives in __vdso_sgx_enter_enclave() by single-stepping through it and unwinding call stack at every instruction. v2: - Revised comments in __vdso_sgx_enter_enclave(). See patch 2/3. - Added stack unwind test. See patch 3/3. v1: https://lkml.org/lkml/2019/4/22/871 Note: This patchset is based upon SGX1 patch v20 (https://lkml.org/lkml/2019/4/17/344) by Jarkko Sakkinen Cedric Xing (3): selftests/x86: Fixed Makefile for SGX selftest x86/vdso: Modify __vdso_sgx_enter_enclave() to allow parameter passing on untrusted stack selftests/x86: Augment SGX selftest to test new __vdso_sgx_enter_enclave() and its callback interface arch/x86/entry/vdso/vsgx_enter_enclave.S | 175 +++++++---- arch/x86/include/uapi/asm/sgx.h | 14 +- tools/testing/selftests/x86/Makefile | 12 +- tools/testing/selftests/x86/sgx/Makefile | 49 ++-- tools/testing/selftests/x86/sgx/main.c | 323 ++++++++++++++++++--- tools/testing/selftests/x86/sgx/sgx_call.S | 40 ++- 6 files changed, 471 insertions(+), 142 deletions(-) -- 2.17.1