> On Aug 10, 2020, at 5:52 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > > >>> On Aug 10, 2020, at 4:48 PM, Sean Christopherson <sean.j.christopherson@xxxxxxxxx> wrote: >>> >>> On Mon, Aug 10, 2020 at 04:08:46PM -0700, Andy Lutomirski wrote: >>> What am I missing? I still don't really understand why we are >>> supporting this mechanism at all. Just the asm code to invoke the >>> callback seems to be about half of the entire function. >> >> Because the Intel SDK (and other SDKs?) wants to use the host stack to pass >> parameters out of the enclave. > > Ugh, right. I forgot about that particular abomination. > > I suppose that passing a context pointer would be reasonable. The alternative would be to pass in a parameter that gets put in RSP before entering the enclave. The idea is that the untrusted runtime would allocate a couple pages with guard pages at either end, and enclaves using the regrettable arguments-on-the-stack scheme would end up using the alternative stack. At the end of the day, none of this really matters too much. Languages that can do inline asm but can’t do container_of() can get fixed or use workarounds.