On Tue, Mar 17, 2020 at 03:36:57PM -0700, Xing, Cedric wrote: > On 3/17/2020 3:09 PM, Sean Christopherson wrote: > >On Tue, Mar 17, 2020 at 02:40:34PM -0700, Xing, Cedric wrote: > >>Hi Nathaniel, > >> > >>I reread your email today and thought I might have misunderstood your email > >>earlier. What changes are you asking for exactly? Is that just passing @leaf > >>in %ecx rather than in %eax? If so, I wouldn't have any problem. I agree > >>with you that the resulted API would then be callable from C, even though it > >>wouldn't be able to return back to C due to tampered %rbx. But I think the > >>vDSO API can preserve %rbx too, given it is used by both EENTER and EEXIT > >>(so is unavailable for parameter passing anyway). Alternatively, the C > >>caller can setjmp() to be longjmp()'d back from within the exit handler. > > > >Yep, exactly. The other proposed change that is fairly straightforward is > >to make the save/restore of %rsp across the exit handler call relative > >instead of absolute, i.e. allow the exit handler to modify %rsp. I don't > >think this would conflict with the Intel SDK usage model? > > > >diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S > >index 94a8e5f99961..05d54f79b557 100644 > >--- a/arch/x86/entry/vdso/vsgx_enter_enclave.S > >+++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S > >@@ -139,8 +139,9 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave) > > /* Pass the untrusted RSP (at exit) to the callback via %rcx. */ > > mov %rsp, %rcx > > > >- /* Save the untrusted RSP in %rbx (non-volatile register). */ > >+ /* Save the untrusted RSP offset in %rbx (non-volatile register). */ > > mov %rsp, %rbx > >+ and $0xf, %rbx > > > > /* > > * Align stack per x86_64 ABI. Note, %rsp needs to be 16-byte aligned > >@@ -161,8 +162,8 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave) > > mov 0x20(%rbp), %rax > > call .Lretpoline > > > >- /* Restore %rsp to its post-exit value. */ > >- mov %rbx, %rsp > >+ /* Undo the post-exit %rsp adjustment. */ > >+ lea 0x20(%rsp,%rbx), %rsp > > > Yep. Though it looks a bit uncommon, I do think it will work. Heh, I had about the same level of confidence. I'll put together a set of patches tomorrow and post them to linux-sgx (and cc relevant parties). It'll be easier to continue the discussion with code to look at and we can stop spamming LKML for a bit :-)
