On 2020-08-18 19:15, Andy Lutomirski wrote: > On Mon, Aug 17, 2020 at 9:24 PM Sean Christopherson > <sean.j.christopherson@xxxxxxxxx> wrote: >> >> Allow userspace to exit the vDSO on interrupts that are acknowledged >> while the enclave is active. This allows the user's runtime to switch >> contexts at opportune times without additional overhead, e.g. when using >> an M:N threading model (where M user threads run N TCSs, with N > M). > > This is IMO rather odd. We don't support this type of notification on > interrupts for normal user code. The fact user code can detect > interrupts during enclave execution is IMO an oddity of SGX, and I > have asked Intel to consider replacing the AEX mechanism with > something more transparent to user mode. If this ever happens, this > mechanism is toast. Let's design the current interface for the current architecture. We can deal with a new architecture if and when Intel provides it. > Even without architecture changes, building a *reliable* M:N threading > mechanism on top of this will be difficult or impossible, as there is > no particular guarantee that a thread will get timing interrupts at> all or that these interrupts will get lucky and hit enclave code, thus > triggering an AEX. We certainly don't, and probably never will, > support any corresponding feature for non-enclave code. There's no guarantee, but this vDSO exit mechanism is a prerequisite. Both for context switching and aborting an enclave, userspace *must* have a way to trigger exit from enclave mode *and* recover the user stack in a sane manner. Userspace *should* also be able to do this in a way that's compatible with library use, so calling timer_create or pthread_kill to deliver a signal would be ok, but installing a signal handler should be avoided (the whole reason behind this vDSO call). > So this seems like an odd, and possibly unsupportable, feature to add. I can implement all this without the vDSO call today, so why not support it? That just means not everyone is going to use the vDSO call, again resulting in potential problems when multiple libraries want to use enclaves. > --Andy > -- Jethro Beekman | Fortanix
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
