On 2020-11-04 15:54, Jarkko Sakkinen wrote: > From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx> > > Enclaves encounter exceptions for lots of reasons: everything from enclave > page faults to NULL pointer dereferences, to system calls that must be > “proxied” to the kernel from outside the enclave. > > In addition to the code contained inside an enclave, there is also > supporting code outside the enclave called an “SGX runtime”, which is > virtually always implemented inside a shared library. The runtime helps > build the enclave and handles things like *re*building the enclave if it > got destroyed by something like a suspend/resume cycle. > > The rebuilding has traditionally been handled in SIGSEGV handlers, > registered by the library. But, being process-wide, shared state, signal > handling and shared libraries do not mix well. > > Introduce a vDSO function call that wraps the enclave entry functions > (EENTER/ERESUME functions of the ENCLU instruciton) and returns information > about any exceptions to the caller in the SGX runtime. > > Instead of generating a signal, the kernel places exception information in > RDI, RSI and RDX. The kernel-provided userspace portion of the vDSO handler > will place this information in a user-provided buffer or trigger a > user-provided callback at the time of the exception. > > The vDSO function calling convention uses the standard RDI RSI, RDX, RCX, > R8 and R9 registers. This makes it possible to declare the vDSO as a C > prototype, but other than that there is no specific support for SystemV > ABI. Things like storing XSAVE are the responsibility of the enclave and > the runtime. I suppose this may be covered under "no specific support for SystemV ABI" but with sgx_enclave_run.user_handler=NULL, R12~R15 *will* get clobbered when __vdso_sgx_enter_enclave returns from an SGX AEX. IMO this makes the whole "try to be like System V ABI" rather useless, but I suppose it doesn't matter too much. -- Jethro Beekman | Fortanix
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
