On Mon, Sep 28, 2020 at 9:44 AM Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote: > > On 28/09/2020 01:58, Jarkko Sakkinen wrote: > > On Fri, Sep 25, 2020 at 07:23:59PM +0100, Andrew Cooper wrote: > >> On 15/09/2020 12:28, Jarkko Sakkinen wrote: > >>> diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S > >>> new file mode 100644 > >>> index 000000000000..adbd59d41517 > >>> --- /dev/null > >>> +++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S > >>> @@ -0,0 +1,157 @@ > >>> +SYM_FUNC_START(__vdso_sgx_enter_enclave) > >>> <snip> > >>> +.Lretpoline: > >>> + call 2f > >>> +1: pause > >>> + lfence > >>> + jmp 1b > >>> +2: mov %rax, (%rsp) > >>> + ret > >> I hate to throw further spanners in the work, but this is not compatible > >> with CET, and the user shadow stack work in progress. > > CET goes beyond my expertise. Can you describe, at least rudimentary, > > how this code is not compatible? > > CET Shadow Stacks detect attacks which modify the return address on the > stack. > > Retpoline *is* a ROP gadget. It really does modify the return address > on the stack, even if its purpose is defensive (vs Spectre v2) rather > than malicious. > > >> Whichever of these two large series lands first is going to inflict > >> fixing this problem on the other. > >> > >> As the vdso text is global (to a first approximation), it must not be a > >> retpoline if any other process is liable to want to use CET-SS. > > Why is that? > > Because when CET-SS is enabled, the ret will suffer a #CP exception > (return address on the stack not matching the one recorded in the shadow > stack), which I presume/hope is wired into SIGSEGV. > Here is the CET compatible retpoline: endbr64 /* Check if shadow stack is in use. NB: R11 is the only usable scratch register for function calls. */ xorl %r11d, %r11d rdsspq %r11 testq %r11, %r11 jnz 3f call 2f 1: pause lfence jmp 1b 2: mov %rax, (%rsp) ret 3: /* Shadow stack is in use. Make the indirect call. */ call *%rax ret -- H.J.
