Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp9076468ybi; Wed, 10 Jul 2019 04:18:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqwD8Uu2S1jqozt7sfw1XL7OVDXUCHG4V96sgY8cPjr4148Okn6tjtEul95CjDm5WOFIe8N4 X-Received: by 2002:a17:902:820c:: with SMTP id x12mr38450208pln.216.1562757519681; Wed, 10 Jul 2019 04:18:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562757519; cv=none; d=google.com; s=arc-20160816; b=Ii3CjbbWY0d+ifdnj4ZW5OPbE2YaeVMu1v1rFqGV4Go6sKXiOgfVPnSYLiUOYfZzeZ afXyRyZMpavvNKqZnBxAPBWKSC4j9cSNafwEFO091ndURWoWsU2qzUXT/y47kcrXxWbz SqlJBHrnBVSKn9PUNatJOYmdZ/3WDZQIeWkZXt2rFz68zyz4dCRFw0CrieQZWKcWM01O L0nSOslSsDpcnoL7JDsrhf1kJhkyjhsQvwL9qUzAz3KoZUcHZfzmGiGJOqK8D0Syq0EV GMMWwODl8v4z+oD6NIJXgX/wAhQtn2RkTBZMEoWAdt1zKQ2AlkiI4I4dAJQ2lR74rk0G zfmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=Hou3XG8iElm2SKSKr3Q0k05JF532htn32N6ZfEySWZg=; b=smpHkw0PCkvp+T8xM2CHfm9V/ta8+kqy8bmLJFSLhT1akqmryBw0uyVLJ5Y/YMbfPo XkXIeH5ojnq+KdidWVi3+EhusWp/U1xrJnmT2i2ozKF/DjpmaCEK7mTEP8FNhzcn/Yjp +RDRsA1uHvMXasHzdjSU0+/RTTzQvweJfFeyYMwMHSPaXFUwI3tpj+PDW6FoM9tY7aqJ k0v5ooM2ghTf6y/qXRWHdJb6YblJ1QnOVjgUWTL6foOjuUpY7o+01SY53QnuV2jI1SCW SpMafOJz9AZ6uvasKer6JzoJgmC0pLI4iaX2x/zVyq1jQBEpjkVqTJK+4dbIzY9TlvDY EvzA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e36si26567pgm.17.2019.07.10.04.18.23; Wed, 10 Jul 2019 04:18:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727158AbfGJLR1 (ORCPT + 99 others); Wed, 10 Jul 2019 07:17:27 -0400 Received: from mga07.intel.com ([134.134.136.100]:57923 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725956AbfGJLR1 (ORCPT ); Wed, 10 Jul 2019 07:17:27 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Jul 2019 04:17:26 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,474,1557212400"; d="scan'208";a="364901022" Received: from marcindx-mobl1.ger.corp.intel.com (HELO localhost) ([10.249.33.247]) by fmsmga006.fm.intel.com with ESMTP; 10 Jul 2019 04:17:20 -0700 Date: Wed, 10 Jul 2019 14:17:19 +0300 From: Jarkko Sakkinen To: Cedric Xing Cc: linux-kernel@vger.kernel.org, linux-sgx@vger.kernel.org, akpm@linux-foundation.org, dave.hansen@intel.com, sean.j.christopherson@intel.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, haitao.huang@intel.com, kai.svahn@intel.com, kai.huang@intel.com Subject: Re: [RFC PATCH v2 0/3] An alternative __vdso_sgx_enter_enclave() to allow enclave/host parameter passing using untrusted stack Message-ID: <20190710111719.nnoedfo4wvbfghq7@linux.intel.com> References: <20190424062623.4345-1-cedric.xing@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190424062623.4345-1-cedric.xing@intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 23, 2019 at 11:26:20PM -0700, Cedric Xing wrote: > The current proposed __vdso_sgx_enter_enclave() requires enclaves to preserve > %rsp, which prohibits enclaves from allocating space on the untrusted stack. > However, there are existing enclaves (e.g. those built with current Intel SGX > SDK libraries) relying on the untrusted stack for passing parameters to > untrusted functions (aka. o-calls), which requires allocating space on the > untrusted stack by enclaves. And given its simplicity and convenience, it could > be desired by future SGX applications as well. > > This patchset introduces a new ABI for __vdso_sgx_enter_enclave() to anchor its > stack frame on %rbp (instead of %rsp), so as to allow enclaves to "push" onto > the untrusted stack by decrementing the untrusted %rsp. Additionally, this new > __vdso_sgx_enter_enclave() will take one more parameter - a callback function, > to be invoked upon all enclave exits (both AEX and normal exits). The callback > function will be given the value of %rsp left off by the enclave, so that data > "pushed" by the enclave (if any) could be addressed/accessed. Please note that > the callback function is optional, and if not supplied (i.e. null), > __vdso_sgx_enter_enclave() will just return (i.e. behave the same as the > current implementation) after the enclave exits (or AEX due to exceptions). > > The SGX selftest is augmented by two new tests. One exercises the new callback > interface, and serves as a simple example to showcase how to use it; while the > other validates the hand-crafted CFI directives in __vdso_sgx_enter_enclave() > by single-stepping through it and unwinding call stack at every instruction. Why does the SDK anyway use real enclaves when step debugging? I don't think kernel needs to scale to that. For me it looks more like a bad architectural choice in the SDK implementation than anything else. You should design SDK in a way that it doesn't run the code inside real enclave at first. It is just the sanest development model to use. The current SDK has an unacceptable requirement that the workstation used to develop code destined to run inside enclave must possess an appropriate hardware. I don't think that is acceptable no matter what kind of API kernel provides to invoke enclaves. I think "real" debug enclaves are only good for production testing when you have more or less ready to release/deploy something but still want to be able to get a memory dump of the enclave on occassion. With these conclusions I think the current vDSO API is sufficient for Linux. /Jarkko