Re: RFC: userspace exception fixups

From: Dave Hansen
Date: Tue Nov 06 2018 - 16:00:52 EST

Next message: Vitaly Chikunov: "[PATCH v4 0/3] crypto: streebog - add Streebog hash function"
Previous message: tip-bot for Daniel Vacek: "[tip:x86/timers] x86/tsc: Make calibration refinement more robust"
In reply to: Andy Lutomirski: "Re: RFC: userspace exception fixups"
Next in thread: Andy Lutomirski: "Re: RFC: userspace exception fixups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/6/18 12:12 PM, Andy Lutomirski wrote:
> True, but what if we have a nasty enclave that writes to memory just
> below SP *before* decrementing SP?

Yeah, that would be unfortunate. If an enclave did this (roughly):

1. EENTER
2. Hardware sets eenter_hwframe->sp = %sp
3. Enclave runs... wants to do out-call
4. Enclave sets up parameters:
memcpy(&eenter_hwframe->sp[-offset], arg1, size);
...
5. Enclave sets eenter_hwframe->sp -= offset

If we got a signal between 4 and 5, we'd clobber the copy of 'arg1' that
was on the stack. The enclave could easily fix this by moving ->sp first.

But, this is one of those "fun" parts of the ABI that I think we need to
talk about. If we do this, we also basically require that the code
which handles asynchronous exits must *not* write to the stack. That's
not hard because it's typically just a single ERESUME instruction, but
it *is* a requirement.

It means fun stuff like that you absolutely can't just async-exit to C code.

Next message: Vitaly Chikunov: "[PATCH v4 0/3] crypto: streebog - add Streebog hash function"
Previous message: tip-bot for Daniel Vacek: "[tip:x86/timers] x86/tsc: Make calibration refinement more robust"
In reply to: Andy Lutomirski: "Re: RFC: userspace exception fixups"
Next in thread: Andy Lutomirski: "Re: RFC: userspace exception fixups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]