Linux-Sgx Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH for_v21] x86/vdso: Do not attempt to fixup #DB or #BP exceptions
@ 2019-07-11 21:47 Sean Christopherson
  2019-07-12  4:00 ` Jarkko Sakkinen
  0 siblings, 1 reply; 2+ messages in thread
From: Sean Christopherson @ 2019-07-11 21:47 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: linux-sgx

Do not fixup #DB or #BP exceptions that are reported on the SGX vDSO's
ENCLU, as it's impossible to determine whether or not the exception
originated from within an enclave, e.g. a #DB in an enclave will look
identical to a #DB on the ENCLU itself.  Even if hardware provided a
magic flag to identify enclave exceptions, #DB still has scenarios where
the intended recipient is ambiguous, e.g. a data breakpoint encountered
in the enclave but on an address outside of the enclave, a breakpoint
encountered in the enclave and a simultaneouls code breakpoint on ENCLU,
and so on and so forth.

An alternative solution would be to simply not call the vDSO fixup
routine for #DB or #BP.  Rejecting fixup from within vDSO explicitly
documents that #DB/#BP are intentionally skipped and provides a single
location for determining what exceptions are indeed handled by vDSO
fixup.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 arch/x86/entry/vdso/extable.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/arch/x86/entry/vdso/extable.c b/arch/x86/entry/vdso/extable.c
index 49284d560d36..afcf5b65beef 100644
--- a/arch/x86/entry/vdso/extable.c
+++ b/arch/x86/entry/vdso/extable.c
@@ -2,6 +2,7 @@
 #include <linux/err.h>
 #include <linux/mm.h>
 #include <asm/current.h>
+#include <asm/traps.h>
 #include <asm/vdso.h>
 
 struct vdso_exception_table_entry {
@@ -16,6 +17,14 @@ bool fixup_vdso_exception(struct pt_regs *regs, int trapnr,
 	unsigned int nr_entries, i;
 	unsigned long base;
 
+	/*
+	 * Do not attempt to fixup #DB or #BP.  It's impossible to identify
+	 * whether or not a #DB/#BP originated from within an SGX enclave and
+	 * SGX enclaves are currently the only use case for vDSO fixup.
+	 */
+	if (trapnr == X86_TRAP_DB || trapnr == X86_TRAP_BP)
+		return false;
+
 	if (!current->mm->context.vdso)
 		return false;
 
-- 
2.22.0


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH for_v21] x86/vdso: Do not attempt to fixup #DB or #BP exceptions
  2019-07-11 21:47 [PATCH for_v21] x86/vdso: Do not attempt to fixup #DB or #BP exceptions Sean Christopherson
@ 2019-07-12  4:00 ` Jarkko Sakkinen
  0 siblings, 0 replies; 2+ messages in thread
From: Jarkko Sakkinen @ 2019-07-12  4:00 UTC (permalink / raw)
  To: Sean Christopherson; +Cc: linux-sgx

On Thu, Jul 11, 2019 at 02:47:51PM -0700, Sean Christopherson wrote:
> Do not fixup #DB or #BP exceptions that are reported on the SGX vDSO's > ENCLU, as it's impossible to determine whether or not the exception
> originated from within an enclave, e.g. a #DB in an enclave will look
> identical to a #DB on the ENCLU itself.  Even if hardware provided a
> magic flag to identify enclave exceptions, #DB still has scenarios where
> the intended recipient is ambiguous, e.g. a data breakpoint encountered
> in the enclave but on an address outside of the enclave, a breakpoint
> encountered in the enclave and a simultaneouls code breakpoint on ENCLU,
> and so on and so forth.
> 
> An alternative solution would be to simply not call the vDSO fixup
> routine for #DB or #BP.  Rejecting fixup from within vDSO explicitly
> documents that #DB/#BP are intentionally skipped and provides a single
> location for determining what exceptions are indeed handled by vDSO
> fixup.

I think this is better and good use of the boolean return value i.e.
consolidate the decision to a single place.

> 
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> ---
>  arch/x86/entry/vdso/extable.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/arch/x86/entry/vdso/extable.c b/arch/x86/entry/vdso/extable.c
> index 49284d560d36..afcf5b65beef 100644
> --- a/arch/x86/entry/vdso/extable.c
> +++ b/arch/x86/entry/vdso/extable.c
> @@ -2,6 +2,7 @@
>  #include <linux/err.h>
>  #include <linux/mm.h>
>  #include <asm/current.h>
> +#include <asm/traps.h>
>  #include <asm/vdso.h>
>  
>  struct vdso_exception_table_entry {
> @@ -16,6 +17,14 @@ bool fixup_vdso_exception(struct pt_regs *regs, int trapnr,
>  	unsigned int nr_entries, i;
>  	unsigned long base;
>  
> +	/*
> +	 * Do not attempt to fixup #DB or #BP.  It's impossible to identify
> +	 * whether or not a #DB/#BP originated from within an SGX enclave and
> +	 * SGX enclaves are currently the only use case for vDSO fixup.
> +	 */
> +	if (trapnr == X86_TRAP_DB || trapnr == X86_TRAP_BP)
> +		return false;
> +
>  	if (!current->mm->context.vdso)
>  		return false;
>  
> -- 
> 2.22.0
> 

Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

/Jarkko

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-11 21:47 [PATCH for_v21] x86/vdso: Do not attempt to fixup #DB or #BP exceptions Sean Christopherson
2019-07-12  4:00 ` Jarkko Sakkinen

Linux-Sgx Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-sgx/0 linux-sgx/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-sgx linux-sgx/ https://lore.kernel.org/linux-sgx \
		linux-sgx@vger.kernel.org linux-sgx@archiver.kernel.org
	public-inbox-index linux-sgx


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-sgx


AGPL code for this site: git clone https://public-inbox.org/ public-inbox