Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp3039446ybh; Mon, 16 Mar 2020 14:39:11 -0700 (PDT) X-Google-Smtp-Source: ADFU+vudGxTaaD8iUiwN9kWpVBtvwky9J6VN4hKpvPDU0Rk4pxFl9ZZT9uGfk/EeEdydzRiZGa9p X-Received: by 2002:a9d:336:: with SMTP id 51mr1096518otv.202.1584394751809; Mon, 16 Mar 2020 14:39:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584394751; cv=none; d=google.com; s=arc-20160816; b=UvNPWf+cBlCWBsoKIWkPwin2gKEYfmwLGZx+vKlSQClbCyhD3hu1IyhOfRsSOxN7CG yBZ7FL6hFPMl+au/q1In2BUNZPnxLTjHA1kRN+dZDtKSz43ktFrlgJcAAzIqBl6435KU fbM4DvdOqDwoL3HL9PwPCUmq2ypSzxi6ak9OedbOv2FWsrCR50kuGZ0X1xiatnv2m1Pp 5vmu5zVpd4glgFrHU7Ndz/F1/rxlCVDu3rNPi/XGhUbQW9r801pWOfnqQAOr7Xna+q9O l1vcszPl3PFVAunwTiuVNztrnxTz8hT1J8qXBtqPvhbR3mq8j2kBlXSKxJ5ErMGT0geD obAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:organization:references:in-reply-to:date:cc:to:from :subject:message-id:ironport-sdr:ironport-sdr; bh=N2MNK2ZM7ZWafSFRFTS/cSsa9nl5Qy/je3vPWic74hA=; b=Lj5afgoFI7xDmQilDHhaG1/78xItmXM2fRCDM80TEjHAQBzSa9rZQeVibs4HYq6usA 7L1U/cRvwJCUX0yqW5pF1qthds5GDjY3OW3rgF8AiHeDI/AIs93Q5WoRI3QK4u6dJmSi fX8/LA9kbFWPQcv7mmUjbhczBu4E5nbulkbm8qtRDCp4ozGkqTsgDfevEI7EJzOZZ/MB UHm4V1Pyi6MG5AmBsDS7mX+AXkghVZoIQRvDxOKvGaoEk7XFoYkLimeP1MqWrOTEYFLT 3l5cXvDCsETRNrH/eyHttbdJwDcfSQxxzfQ2kjrI5wf5fA34IqSGvCDuuJSkMhg7eN/H LxDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d8si585146oic.192.2020.03.16.14.38.58; Mon, 16 Mar 2020 14:39:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732683AbgCPVim (ORCPT + 99 others); Mon, 16 Mar 2020 17:38:42 -0400 Received: from mga03.intel.com ([134.134.136.65]:28330 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732636AbgCPVil (ORCPT ); Mon, 16 Mar 2020 17:38:41 -0400 IronPort-SDR: 6IR9cFmyYmBG5EBnA6y5qHhRzqq9OV8fPq8WJfvZmyMJSBVdPcP7QfB+Q1Ve2pW6NKDWSMhnw4 1zdYFaevX1fg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2020 14:38:40 -0700 IronPort-SDR: TvOJG61Ox6hrvSI80oh8c+/5N4DhZ+KBz+j4mb2/g+5nZvWHuAdCL4oLv7GFZYtJbdbVGugyDg 8QdLNM8sleeQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,561,1574150400"; d="scan'208";a="244276630" Received: from oaizenbe-mobl.ger.corp.intel.com ([10.254.149.199]) by orsmga003.jf.intel.com with ESMTP; 16 Mar 2020 14:38:25 -0700 Message-ID: <5dc2ec4bc9433f9beae824759f411c32b45d4b74.camel@linux.intel.com> Subject: Re: [PATCH v28 21/22] x86/vdso: Implement a vDSO for Intel SGX enclave call From: Jarkko Sakkinen To: Nathaniel McCallum Cc: linux-kernel@vger.kernel.org, x86@kernel.org, linux-sgx@vger.kernel.org, akpm@linux-foundation.org, dave.hansen@intel.com, "Christopherson, Sean J" , Neil Horman , "Huang, Haitao" , andriy.shevchenko@linux.intel.com, tglx@linutronix.de, "Svahn, Kai" , bp@alien8.de, Josh Triplett , luto@kernel.org, kai.huang@intel.com, David Rientjes , cedric.xing@intel.com, Patrick Uiterwijk , Andy Lutomirski , Jethro Beekman , Connor Kuehl , Harald Hoyer , Lily Sturmann Date: Mon, 16 Mar 2020 23:38:24 +0200 In-Reply-To: References: <20200303233609.713348-1-jarkko.sakkinen@linux.intel.com> <20200303233609.713348-22-jarkko.sakkinen@linux.intel.com> <20200315012523.GC208715@linux.intel.com> <94ce05323c4de721c4a6347223885f2ad9f541af.camel@linux.intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.35.92-1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2020-03-16 at 10:01 -0400, Nathaniel McCallum wrote: > On Mon, Mar 16, 2020 at 9:56 AM Jarkko Sakkinen > wrote: > > On Sun, 2020-03-15 at 13:53 -0400, Nathaniel McCallum wrote: > > > On Sat, Mar 14, 2020 at 9:25 PM Jarkko Sakkinen > > > wrote: > > > > On Wed, Mar 11, 2020 at 01:30:07PM -0400, Nathaniel McCallum wrote: > > > > > Currently, the selftest has a wrapper around > > > > > __vdso_sgx_enter_enclave() which preserves all x86-64 ABI callee-saved > > > > > registers (CSRs), though it uses none of them. Then it calls this > > > > > function which uses %rbx but preserves none of the CSRs. Then it jumps > > > > > into an enclave which zeroes all these registers before returning. > > > > > Thus: > > > > > > > > > > 1. wrapper saves all CSRs > > > > > 2. wrapper repositions stack arguments > > > > > 3. __vdso_sgx_enter_enclave() modifies, but does not save %rbx > > > > > 4. selftest zeros all CSRs > > > > > 5. wrapper loads all CSRs > > > > > > > > > > I'd like to propose instead that the enclave be responsible for saving > > > > > and restoring CSRs. So instead of the above we have: > > > > > 1. __vdso_sgx_enter_enclave() saves %rbx > > > > > 2. enclave saves CSRs > > > > > 3. enclave loads CSRs > > > > > 4. __vdso_sgx_enter_enclave() loads %rbx > > > > > > > > > > I know that lots of other stuff happens during enclave transitions, > > > > > but at the very least we could reduce the number of instructions > > > > > through this critical path. > > > > > > > > What Jethro said and also that it is a good general principle to cut > > > > down the semantics of any vdso as minimal as possible. > > > > > > > > I.e. even if saving RBX would make somehow sense it *can* be left > > > > out without loss in terms of what can be done with the vDSO. > > > > > > Please read the rest of the thread. Sean and I have hammered out some > > > sensible and effective changes. > > > > Have skimmed through that discussion but it comes down how much you get > > by obviously degrading some of the robustness. Complexity of the calling > > pattern is not something that should be emphasized as that is something > > that is anyway hidden inside the runtime. > > My suggestions explicitly maintained robustness, and in fact increased > it. If you think we've lost capability, please speak with specificity > rather than in vague generalities. Under my suggestions we can: > 1. call the vDSO from C > 2. pass context to the handler > 3. have additional stack manipulation options in the handler > > The cost for this is a net 2 additional instructions. No existing > capability is lost. My vague generality in this case is just that the whole design approach so far has been to minimize the amount of wrapping to EENTER. And since this has been kind of agreed by most of the stakeholders doing something against the chosen strategy is something I do hold some resistance. I get the idea technically what you are suggesting. Please understand these are orthogonal axes that I have to care about. In coummunity sense, it opens a possibility to unknown unknowns [1]. [1] https://www.youtube.com/watch?v=GiPe1OiKQuk /Jarkko