Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Andy Lutomirski <luto@xxxxxxxxxx>, "H.J. Lu" <hjl.tools@xxxxxxxxx>
Subject: Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call
From: Dave Hansen <dave.hansen@xxxxxxxxx>
Date: Mon, 28 Sep 2020 11:17:42 -0700
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>, the arch/x86 maintainers <x86@xxxxxxxxxx>, linux-sgx@xxxxxxxxxxxxxxx, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Sean Christopherson <sean.j.christopherson@xxxxxxxxx>, Jethro Beekman <jethro@xxxxxxxxxxxx>, Cedric Xing <cedric.xing@xxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>, asapek@xxxxxxxxxx, Borislav Petkov <bp@xxxxxxxxx>, chenalexchen@xxxxxxxxxx, Conrad Parker <conradparker@xxxxxxxxxx>, cyhanish@xxxxxxxxxx, "Huang, Haitao" <haitao.huang@xxxxxxxxx>, Josh Triplett <josh@xxxxxxxxxxxxxxxx>, "Huang, Kai" <kai.huang@xxxxxxxxx>, "Svahn, Kai" <kai.svahn@xxxxxxxxx>, Keith Moyer <kmoy@xxxxxxxxxx>, Christian Ludloff <ludloff@xxxxxxxxxx>, Neil Horman <nhorman@xxxxxxxxxx>, Nathaniel McCallum <npmccallum@xxxxxxxxxx>, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>, David Rientjes <rientjes@xxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, yaozhangx@xxxxxxxxxx, Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
In-reply-to: <CALCETrU4Rhc0fwzzKLSUgan2YmSovxVFYOZEmFnBHC4DbZ5RfQ@mail.gmail.com>
References: <20200915112842.897265-1-jarkko.sakkinen@linux.intel.com> <20200915112842.897265-22-jarkko.sakkinen@linux.intel.com> <721ca14e-21df-3df1-7bef-0b00d0ff90c3@citrix.com> <20200928005842.GC6704@linux.intel.com> <85bc15d5-93cd-e332-ae9a-1e1e66e1181d@citrix.com> <CAMe9rOpzXW0cSD=9E7drGEHH=pcm_NqvPiaR0pBJzYLeAt0_3g@mail.gmail.com> <CALCETrU4Rhc0fwzzKLSUgan2YmSovxVFYOZEmFnBHC4DbZ5RfQ@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0

On 9/28/20 11:12 AM, Andy Lutomirski wrote:
>> endbr64
>> /* Check if shadow stack is in use.  NB: R11 is the only usable
>>    scratch register for function calls.  */
>> xorl %r11d, %r11d
>> rdsspq %r11
>> testq %r11, %r11
>> jnz 3f
>> call 2f
>> 1:
>> pause
>> lfence
>> jmp 1b
>> 2:
>> mov %rax, (%rsp)
>> ret
>> 3:
>> /* Shadow stack is in use.  Make the indirect call.  */
>> call *%rax
>> ret
> What do we expect user programs to do on CET systems?  It would be
> nice if we could instead ALTERNATIVE this out if X86_FEATURE_SHSTK.

Shouldn't we just be able to use X86_FEATURE_RETPOLINE?

We probably need a mechanism to force X86_FEATURE_SHSTK and
X86_FEATURE_RETPOLINE to be mutually exclusive if we don't have one already.

Follow-Ups:
- Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call
  - From: Jarkko Sakkinen

References:
- [PATCH v38 00/24] Intel SGX foundations
  - From: Jarkko Sakkinen
- [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call
  - From: Jarkko Sakkinen
- Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call
  - From: Andrew Cooper
- Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call
  - From: Jarkko Sakkinen
- Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call
  - From: Andrew Cooper
- Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call
  - From: H.J. Lu
- Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call
  - From: Andy Lutomirski

Prev by Date: Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call
Next by Date: Re: [PATCH v38 10/24] mm: Add vm_ops->mprotect()
Previous by thread: Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call
Next by thread: Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call
Index(es):
- Date
- Thread

[Index of Archives] [AMD Graphics] [Linux USB Devel] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]