[RFC PATCH 0/4] x86/vdso: x86/sgx: Rework SGX vDSO API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Rework __vdso_sgx_enter_enclave() to move all input/output params, except
for pass-through GPRs, into a single struct.  With the new struct, add
two new features (requested by Nathaniel and Jethro), and fix a
long-standing nit (from Andy).

 1. Add an opaque param to pass data from the runtime to its handler.
    https://lkml.kernel.org/r/CAOASepOFh-vOrNZEVDFrDSuHs+9GEzzpXUTG-fZMuyjWAkpRWw@xxxxxxxxxxxxxx

 2. Allow the runtime to exit the vDSO on interrupts, e.g. for context
    switching when doing M:N scheduling of enclave threads.
    https://lkml.kernel.org/r/dcebec2e-ea46-48ec-e49b-292b10282373@xxxxxxxxxxxx

 3. Use a dedicated exit reason instead of using -EFAULT for "exception"
    (and effectively -EINTR for interrupts, too).
    https://lkml.kernel.org/r/90D05734-1583-4306-A9A4-18E4A1390F3B@xxxxxxxxxxxxxx

Patch 1 is a bug fix I found by inspection when reworking the code.

Reworking so much of the code this late in the game is a bit scary, but
the alternative is massive param lists for both the vDSO and the handler,
especially if we add both a flags param and an opaque pointer.  And IMO,
the result is also a tiny bit cleaner than what we have today, even
without adding @flags and @opaque.

typedef int (*vdso_sgx_enter_enclave_t)(unsigned long rdi, unsigned long rsi,
                                        unsigned long rdx, unsigned int leaf,
                                        unsigned long r8,  unsigned long r9,
                                        struct sgx_enclave_run *r);

typedef int (*sgx_enclave_exit_handler_t)(long rdi, long rsi, long rdx,
                                          long ursp, long r8, long r9,
                                          struct sgx_enclave_run *r);

vs.

typedef int (*vdso_sgx_enter_enclave_t)(unsigned long rdi, unsigned long rsi,
                                        unsigned long rdx, unsigned int leaf,
                                        unsigned long r8,  unsigned long r9,
                                        void *tcs,
                                        struct sgx_enclave_exception *e,
                                        sgx_enclave_exit_handler_t handler,
                                        unsigned long flags,
                                        unsigned long opaque);

typedef int (*sgx_enclave_exit_handler_t)(long rdi, long rsi, long rdx,
                                          long ursp, long r8, long r9,
                                          void *tcs, int ret,
                                          struct sgx_enclave_exception *e,
                                          unsigned long opaque);

Sean Christopherson (4):
  x86/vdso: x86/sgx: Explicitly force 8-byte CMP for detecting user
    handler
  x86/vdso: x86/sgx: Rework __vdso_sgx_enter_enclave() API
  x86/vdso: x86/sgx: Introduce dedicated SGX exit reasons for vDSO
  x86/vdso: x86/sgx: Allow the user to exit the vDSO loop on interrupts

 arch/x86/entry/vdso/vsgx_enter_enclave.S | 94 +++++++++++++++++------
 arch/x86/include/uapi/asm/sgx.h          | 96 ++++++++++++++++--------
 2 files changed, 135 insertions(+), 55 deletions(-)

-- 
2.28.0
[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux