On Mon, Sep 28, 2020 at 05:44:35PM +0100, Andrew Cooper wrote: > On 28/09/2020 01:58, Jarkko Sakkinen wrote: > > On Fri, Sep 25, 2020 at 07:23:59PM +0100, Andrew Cooper wrote: > >> On 15/09/2020 12:28, Jarkko Sakkinen wrote: > >>> diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S > >>> new file mode 100644 > >>> index 000000000000..adbd59d41517 > >>> --- /dev/null > >>> +++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S > >>> @@ -0,0 +1,157 @@ > >>> +SYM_FUNC_START(__vdso_sgx_enter_enclave) > >>> <snip> > >>> +.Lretpoline: > >>> + call 2f > >>> +1: pause > >>> + lfence > >>> + jmp 1b > >>> +2: mov %rax, (%rsp) > >>> + ret > >> I hate to throw further spanners in the work, but this is not compatible > >> with CET, and the user shadow stack work in progress. > > CET goes beyond my expertise. Can you describe, at least rudimentary, > > how this code is not compatible? > > CET Shadow Stacks detect attacks which modify the return address on the > stack. > > Retpoline *is* a ROP gadget. It really does modify the return address > on the stack, even if its purpose is defensive (vs Spectre v2) rather > than malicious. Aah. I get that, yes. Kernel is full of retpoline but I presume that ring-0 does not use CET. The situation with callback is follows: for a run-time the user_handler by all practical means is always the same. There is ever only one user handler that gets executed. I.e. the indirect callback will always lead to the same thing. I wonder how much assets an adversary would get if we just remove retpoline bits (not much thinking done yet on that). /Jarkko