On 11/6/18 12:12 PM, Andy Lutomirski wrote: > True, but what if we have a nasty enclave that writes to memory just > below SP *before* decrementing SP? Yeah, that would be unfortunate. If an enclave did this (roughly): 1. EENTER 2. Hardware sets eenter_hwframe->sp = %sp 3. Enclave runs... wants to do out-call 4. Enclave sets up parameters: memcpy(&eenter_hwframe->sp[-offset], arg1, size); ... 5. Enclave sets eenter_hwframe->sp -= offset If we got a signal between 4 and 5, we'd clobber the copy of 'arg1' that was on the stack. The enclave could easily fix this by moving ->sp first. But, this is one of those "fun" parts of the ABI that I think we need to talk about. If we do this, we also basically require that the code which handles asynchronous exits must *not* write to the stack. That's not hard because it's typically just a single ERESUME instruction, but it *is* a requirement. It means fun stuff like that you absolutely can't just async-exit to C code.
