Linux-Sgx Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH for_v23 0/5]  x86/vdso: sgx: Bug fixes
@ 2019-10-11  0:40 Sean Christopherson
  2019-10-11  0:40 ` [PATCH for_v23 1/5] x86/vdso: sgx: Fix misaligned stack bug when invoking exit handler Sean Christopherson
                   ` (5 more replies)
  0 siblings, 6 replies; 12+ messages in thread
From: Sean Christopherson @ 2019-10-11  0:40 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: linux-sgx

Fix gwo bugs that were introduced in the refactoring, and tweak the
callback prototype to make it more readable.

Please don't apply patches 3/5 -> 5/5 until Cedric has weighed in.  The
CFI patch may or may not be correct, and the prototype change is a
continuation of a discussion (sending a patch seemed like the easiest
way to move forward).

Sean Christopherson (5):
  x86/vdso: sgx: Fix misaligned stack bug when invoking exit handler
  selftests/x86/sgx: Add check to verify exit handler stack alignment
  x86/vdso: sgx: Fix unwinder support
  x86/vdso: sgx: Reorder params to callback to improve readability
  selftests/x86/sgx: Update the callbacks function parameters

 arch/x86/entry/vdso/vsgx_enter_enclave.S  | 18 ++++++++---------
 arch/x86/include/uapi/asm/sgx.h           | 10 +++++-----
 tools/testing/selftests/x86/sgx/defines.h |  1 +
 tools/testing/selftests/x86/sgx/main.c    | 24 ++++++++++++++++++-----
 4 files changed, 34 insertions(+), 19 deletions(-)

-- 
2.22.0


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH for_v23 1/5] x86/vdso: sgx: Fix misaligned stack bug when invoking exit handler
  2019-10-11  0:40 [PATCH for_v23 0/5] x86/vdso: sgx: Bug fixes Sean Christopherson
@ 2019-10-11  0:40 ` Sean Christopherson
  2019-10-11  0:40 ` [PATCH for_v23 2/5] selftests/x86/sgx: Add check to verify exit handler stack alignment Sean Christopherson
                   ` (4 subsequent siblings)
  5 siblings, 0 replies; 12+ messages in thread
From: Sean Christopherson @ 2019-10-11  0:40 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: linux-sgx

Fix a recently introduced bug where an odd number of 8-byte parameters
are pushed on the stack prior to invoking the userspace callback, which
causes the CALL to execute with an unaligned stack and violate the
x86_64 ABI.

Reported-by: Cedric Xing <cedric.xing@intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 arch/x86/entry/vdso/vsgx_enter_enclave.S | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S
index fc5622dcd2fa..b63091818df1 100644
--- a/arch/x86/entry/vdso/vsgx_enter_enclave.S
+++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S
@@ -135,10 +135,12 @@ ENTRY(__vdso_sgx_enter_enclave)
 .Linvoke_userspace_handler:
 	/*
 	 * Align stack per x86_64 ABI. Save the original %rsp in %rbx to be
-	 * restored after the callback returns.
+	 * restored after the callback returns.  Note, %rsp needs to be 16-byte
+	 * aligned _after_ pushing the three parameters on the stack.
 	 */
 	mov	%rsp, %rbx
 	and	$-0x10, %rsp
+	sub	$0x8, %rsp
 
 	/* Push @e, u_rsp and @tcs as parameters to the callback. */
 	push	0x18(%rbp)
-- 
2.22.0


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH for_v23 2/5] selftests/x86/sgx: Add check to verify exit handler stack alignment
  2019-10-11  0:40 [PATCH for_v23 0/5] x86/vdso: sgx: Bug fixes Sean Christopherson
  2019-10-11  0:40 ` [PATCH for_v23 1/5] x86/vdso: sgx: Fix misaligned stack bug when invoking exit handler Sean Christopherson
@ 2019-10-11  0:40 ` Sean Christopherson
  2019-10-14 21:09   ` Jarkko Sakkinen
  2019-10-11  0:40 ` [PATCH for_v23 3/5] x86/vdso: sgx: Fix unwinder support Sean Christopherson
                   ` (3 subsequent siblings)
  5 siblings, 1 reply; 12+ messages in thread
From: Sean Christopherson @ 2019-10-11  0:40 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: linux-sgx

Add an assembly trampoline to the basic exit handler to snapshot the
pre-CALL %rsp in order to verify that the stack is 16-byte aligned as
required by the x86_64 ABI.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 tools/testing/selftests/x86/sgx/defines.h |  1 +
 tools/testing/selftests/x86/sgx/main.c    | 20 +++++++++++++++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/tools/testing/selftests/x86/sgx/defines.h b/tools/testing/selftests/x86/sgx/defines.h
index 199a830e198a..8ddd3cfd1070 100644
--- a/tools/testing/selftests/x86/sgx/defines.h
+++ b/tools/testing/selftests/x86/sgx/defines.h
@@ -15,6 +15,7 @@ typedef uint64_t u64;
 
 #define __aligned(x) __attribute__((__aligned__(x)))
 #define __packed __attribute__((packed))
+#define __used __attribute__((__used__))
 
 /* Derived from asm-generic/bitsperlong.h. */
 #if __x86_64__
diff --git a/tools/testing/selftests/x86/sgx/main.c b/tools/testing/selftests/x86/sgx/main.c
index 029502d81ac9..f46e5c8fdac4 100644
--- a/tools/testing/selftests/x86/sgx/main.c
+++ b/tools/testing/selftests/x86/sgx/main.c
@@ -331,14 +331,28 @@ static void test_vdso_no_exit_handler(struct sgx_secs *secs)
 	ASSERT_EQ(exception.leaf, ENCLU_EENTER);
 }
 
-static int basic_exit_handler(long rdi, long rsi, long rdx, int ret,
-			      long r8, long r9, void *tcs, long ursp,
-			      struct sgx_enclave_exception *e)
+static int __used __basic_exit_handler(long rdi, long rsi, long rdx, int ret,
+				       long r8, long r9, void *tcs, long ursp,
+				       struct sgx_enclave_exception *e)
 {
+	TEST_ASSERT(!(r9 & 0xf), "Pre-CALL RSP not 16-byte aligned: %lx\n", r9);
 	ASSERT_EQ(ret, 0);
 	return 0;
 }
 
+extern void *basic_exit_handler;
+
+static void __used basic_exit_handler_trampoline(void)
+{
+	/* Load the pre-CALL %rsp into %r9 to verify correct alignment. */
+	asm volatile("1:\n\t"
+		     "lea 0x8(%%rsp), %%r9\n\t"
+		     "jmp __basic_exit_handler\n\t"
+		     "basic_exit_handler: .quad 1b\n\t"
+		     ".global basic_exit_handler"
+		     ::: "memory");
+}
+
 static int nr_page_faults;
 
 static int mprotect_exit_handler(long rdi, long rsi, long rdx, int ret,
-- 
2.22.0


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH for_v23 3/5] x86/vdso: sgx: Fix unwinder support
  2019-10-11  0:40 [PATCH for_v23 0/5] x86/vdso: sgx: Bug fixes Sean Christopherson
  2019-10-11  0:40 ` [PATCH for_v23 1/5] x86/vdso: sgx: Fix misaligned stack bug when invoking exit handler Sean Christopherson
  2019-10-11  0:40 ` [PATCH for_v23 2/5] selftests/x86/sgx: Add check to verify exit handler stack alignment Sean Christopherson
@ 2019-10-11  0:40 ` Sean Christopherson
  2019-10-16 22:25   ` Xing, Cedric
  2019-10-11  0:40 ` [PATCH for_v23 4/5] x86/vdso: sgx: Reorder params to callback to improve readability Sean Christopherson
                   ` (2 subsequent siblings)
  5 siblings, 1 reply; 12+ messages in thread
From: Sean Christopherson @ 2019-10-11  0:40 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: linux-sgx

Relocate the .cfi_endproc directive to the RET that actually returns
from the vDSO function.  During recent refactoring, it was inadvertantly
left next to the RET used for the retpoline.

Reported-by: Cedric Xing <cedric.xing@intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 arch/x86/entry/vdso/vsgx_enter_enclave.S | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S
index b63091818df1..3dd22780b7ef 100644
--- a/arch/x86/entry/vdso/vsgx_enter_enclave.S
+++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S
@@ -113,6 +113,7 @@ ENTRY(__vdso_sgx_enter_enclave)
 	leave
 	.cfi_def_cfa		%rsp, 8
 	ret
+	.cfi_endproc
 
 .Linvalid_leaf:
 	mov	$(-EINVAL), %eax
@@ -176,7 +177,6 @@ ENTRY(__vdso_sgx_enter_enclave)
 	jmp	1b
 2:	mov	%rax, (%rsp)
 	ret
-	.cfi_endproc
 
 _ASM_VDSO_EXTABLE_HANDLE(.Lenclu_eenter_eresume, .Lhandle_exception)
 
-- 
2.22.0


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH for_v23 4/5] x86/vdso: sgx: Reorder params to callback to improve readability
  2019-10-11  0:40 [PATCH for_v23 0/5] x86/vdso: sgx: Bug fixes Sean Christopherson
                   ` (2 preceding siblings ...)
  2019-10-11  0:40 ` [PATCH for_v23 3/5] x86/vdso: sgx: Fix unwinder support Sean Christopherson
@ 2019-10-11  0:40 ` Sean Christopherson
  2019-10-16 22:24   ` Xing, Cedric
  2019-10-11  0:40 ` [PATCH for_v23 5/5] selftests/x86/sgx: Update the callbacks function parameters Sean Christopherson
  2019-10-14 21:27 ` [PATCH for_v23 0/5] x86/vdso: sgx: Bug fixes Jarkko Sakkinen
  5 siblings, 1 reply; 12+ messages in thread
From: Sean Christopherson @ 2019-10-11  0:40 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: linux-sgx

Swap @ret and @ursp in the callback prototype so that the output from
the vDSO itself, @ret and @e, are grouped together.  Having the first
N parameters all share a type also makes the prototype easier to parse
by (some) humans.  And, passing @ursp via register saves one whole
MOV instruction!

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 arch/x86/entry/vdso/vsgx_enter_enclave.S | 16 +++++++---------
 arch/x86/include/uapi/asm/sgx.h          | 10 +++++-----
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S
index 3dd22780b7ef..94f613b53b13 100644
--- a/arch/x86/entry/vdso/vsgx_enter_enclave.S
+++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S
@@ -134,23 +134,21 @@ ENTRY(__vdso_sgx_enter_enclave)
 	jmp	.Lhandle_exit
 
 .Linvoke_userspace_handler:
+	/* Pass the untrusted RSP (at exit) to the callback via %rcx. */
+	mov	%rsp, %rcx
+
 	/*
-	 * Align stack per x86_64 ABI. Save the original %rsp in %rbx to be
-	 * restored after the callback returns.  Note, %rsp needs to be 16-byte
-	 * aligned _after_ pushing the three parameters on the stack.
+	 * Align stack per x86_64 ABI. Note, %rsp needs to be 16-byte aligned
+	 * _after_ pushing the three parameters on the stack.
 	 */
-	mov	%rsp, %rbx
 	and	$-0x10, %rsp
 	sub	$0x8, %rsp
 
-	/* Push @e, u_rsp and @tcs as parameters to the callback. */
+	/* Push @e, the "return" value and @tcs as params to the callback. */
 	push	0x18(%rbp)
-	push	%rbx
+	push	%rax
 	push	0x10(%rbp)
 
-	/* Pass the "return" value to the callback via %rcx. */
-	mov	%eax, %ecx
-
 	/* Clear RFLAGS.DF per x86_64 ABI */
 	cld
 
diff --git a/arch/x86/include/uapi/asm/sgx.h b/arch/x86/include/uapi/asm/sgx.h
index 255392f5054f..95f69f938b58 100644
--- a/arch/x86/include/uapi/asm/sgx.h
+++ b/arch/x86/include/uapi/asm/sgx.h
@@ -88,16 +88,16 @@ struct sgx_enclave_exception {
  * @rdi:	RDI at the time of enclave exit
  * @rsi:	RSI at the time of enclave exit
  * @rdx:	RDX at the time of enclave exit
- * @ret:	0 on success (EEXIT), -EFAULT on an exception
+ * @ursp:	RSP at the time of enclave exit (untrusted stack)
  * @r8:		R8 at the time of enclave exit
  * @r9:		R9 at the time of enclave exit
  * @tcs:	Thread Control Structure used to enter enclave
- * @ursp:	RSP at the time of enclave exit
+ * @ret:	0 on success (EEXIT), -EFAULT on an exception
  * @e:		Pointer to struct sgx_enclave_exception (as provided by caller)
  */
-typedef int (*sgx_enclave_exit_handler_t)(long rdi, long rsi, long rdx, int ret,
-					  long r8, long r9, void *tcs,
-					  long ursp,
+typedef int (*sgx_enclave_exit_handler_t)(long rdi, long rsi, long rdx,
+					  long ursp, long r8, long r9,
+					  void *tcs, int ret,
 					  struct sgx_enclave_exception *e);
 
 #endif /* _UAPI_ASM_X86_SGX_H */
-- 
2.22.0


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH for_v23 5/5] selftests/x86/sgx: Update the callbacks function parameters
  2019-10-11  0:40 [PATCH for_v23 0/5] x86/vdso: sgx: Bug fixes Sean Christopherson
                   ` (3 preceding siblings ...)
  2019-10-11  0:40 ` [PATCH for_v23 4/5] x86/vdso: sgx: Reorder params to callback to improve readability Sean Christopherson
@ 2019-10-11  0:40 ` Sean Christopherson
  2019-10-14 21:27 ` [PATCH for_v23 0/5] x86/vdso: sgx: Bug fixes Jarkko Sakkinen
  5 siblings, 0 replies; 12+ messages in thread
From: Sean Christopherson @ 2019-10-11  0:40 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: linux-sgx

Swap @ursp and @ret in the exit handler callbacks to match a recent
kernel change.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 tools/testing/selftests/x86/sgx/main.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/testing/selftests/x86/sgx/main.c b/tools/testing/selftests/x86/sgx/main.c
index f46e5c8fdac4..b84ffbf6e1e2 100644
--- a/tools/testing/selftests/x86/sgx/main.c
+++ b/tools/testing/selftests/x86/sgx/main.c
@@ -331,8 +331,8 @@ static void test_vdso_no_exit_handler(struct sgx_secs *secs)
 	ASSERT_EQ(exception.leaf, ENCLU_EENTER);
 }
 
-static int __used __basic_exit_handler(long rdi, long rsi, long rdx, int ret,
-				       long r8, long r9, void *tcs, long ursp,
+static int __used __basic_exit_handler(long rdi, long rsi, long rdx, long ursp,
+				       long r8, long r9, void *tcs, int ret,
 				       struct sgx_enclave_exception *e)
 {
 	TEST_ASSERT(!(r9 & 0xf), "Pre-CALL RSP not 16-byte aligned: %lx\n", r9);
@@ -355,8 +355,8 @@ static void __used basic_exit_handler_trampoline(void)
 
 static int nr_page_faults;
 
-static int mprotect_exit_handler(long rdi, long rsi, long rdx, int ret,
-				 long r8, long r9, void *tcs, long ursp,
+static int mprotect_exit_handler(long rdi, long rsi, long rdx, long ursp,
+				 long r8, long r9, void *tcs, int ret,
 				 struct sgx_enclave_exception *e)
 {
 	int prot, rc;
-- 
2.22.0


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH for_v23 2/5] selftests/x86/sgx: Add check to verify exit handler stack alignment
  2019-10-11  0:40 ` [PATCH for_v23 2/5] selftests/x86/sgx: Add check to verify exit handler stack alignment Sean Christopherson
@ 2019-10-14 21:09   ` Jarkko Sakkinen
  2019-10-14 21:14     ` Jarkko Sakkinen
  0 siblings, 1 reply; 12+ messages in thread
From: Jarkko Sakkinen @ 2019-10-14 21:09 UTC (permalink / raw)
  To: Sean Christopherson; +Cc: linux-sgx

On Thu, Oct 10, 2019 at 05:40:56PM -0700, Sean Christopherson wrote:
> Add an assembly trampoline to the basic exit handler to snapshot the
> pre-CALL %rsp in order to verify that the stack is 16-byte aligned as
> required by the x86_64 ABI.
> 
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>

I'll rework the existing selftest commit in my tree to use the
"non-VDSO" (aka plain EENTER) call path. Please then provide me commits
for vDSO selftests. These commits will be their own commits in the patch
set. I'll move my selftest commit earlier in the patch set before the
vDSO commits.

Should be more than obvious why this makes sene, so I skip explaining
it but can provide rationale on demand basis.

I'll work this change out tomorrow.

/Jarkko

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH for_v23 2/5] selftests/x86/sgx: Add check to verify exit handler stack alignment
  2019-10-14 21:09   ` Jarkko Sakkinen
@ 2019-10-14 21:14     ` Jarkko Sakkinen
  0 siblings, 0 replies; 12+ messages in thread
From: Jarkko Sakkinen @ 2019-10-14 21:14 UTC (permalink / raw)
  To: Sean Christopherson; +Cc: linux-sgx

On Tue, Oct 15, 2019 at 12:09:40AM +0300, Jarkko Sakkinen wrote:
> On Thu, Oct 10, 2019 at 05:40:56PM -0700, Sean Christopherson wrote:
> > Add an assembly trampoline to the basic exit handler to snapshot the
> > pre-CALL %rsp in order to verify that the stack is 16-byte aligned as
> > required by the x86_64 ABI.
> > 
> > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> 
> I'll rework the existing selftest commit in my tree to use the
> "non-VDSO" (aka plain EENTER) call path. Please then provide me commits
> for vDSO selftests. These commits will be their own commits in the patch
> set. I'll move my selftest commit earlier in the patch set before the
> vDSO commits.
> 
> Should be more than obvious why this makes sene, so I skip explaining
> it but can provide rationale on demand basis.
> 
> I'll work this change out tomorrow.

I'd be also happy to get more clean commit messages for the vDSO
commits. It is more important than refining documentation because commit
log is immutable. I've already stated what is wrong ATM but I'll explain
it once more shortly.

When writing a commit message you should always go below your
expectations what reviewers already know. You want to make them easily
accessible for maintainers who have to deal with dozens of patches
on a daily basis.

/Jarkko

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH for_v23 0/5]  x86/vdso: sgx: Bug fixes
  2019-10-11  0:40 [PATCH for_v23 0/5] x86/vdso: sgx: Bug fixes Sean Christopherson
                   ` (4 preceding siblings ...)
  2019-10-11  0:40 ` [PATCH for_v23 5/5] selftests/x86/sgx: Update the callbacks function parameters Sean Christopherson
@ 2019-10-14 21:27 ` Jarkko Sakkinen
  5 siblings, 0 replies; 12+ messages in thread
From: Jarkko Sakkinen @ 2019-10-14 21:27 UTC (permalink / raw)
  To: Sean Christopherson; +Cc: linux-sgx

On Thu, Oct 10, 2019 at 05:40:54PM -0700, Sean Christopherson wrote:
> Fix gwo bugs that were introduced in the refactoring, and tweak the
> callback prototype to make it more readable.
> 
> Please don't apply patches 3/5 -> 5/5 until Cedric has weighed in.  The
> CFI patch may or may not be correct, and the prototype change is a
> continuation of a discussion (sending a patch seemed like the easiest
> way to move forward).

Cedric, Sean, thank you.

I merged everything except the selftest updates.

/Jarkko

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH for_v23 4/5] x86/vdso: sgx: Reorder params to callback to improve readability
  2019-10-11  0:40 ` [PATCH for_v23 4/5] x86/vdso: sgx: Reorder params to callback to improve readability Sean Christopherson
@ 2019-10-16 22:24   ` Xing, Cedric
  2019-10-16 23:06     ` Sean Christopherson
  0 siblings, 1 reply; 12+ messages in thread
From: Xing, Cedric @ 2019-10-16 22:24 UTC (permalink / raw)
  To: Sean Christopherson, Jarkko Sakkinen; +Cc: linux-sgx

On 10/10/2019 5:40 PM, Sean Christopherson wrote:
> Swap @ret and @ursp in the callback prototype so that the output from
> the vDSO itself, @ret and @e, are grouped together.  Having the first
> N parameters all share a type also makes the prototype easier to parse
> by (some) humans.  And, passing @ursp via register saves one whole
> MOV instruction!
> 
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> ---
>   arch/x86/entry/vdso/vsgx_enter_enclave.S | 16 +++++++---------
>   arch/x86/include/uapi/asm/sgx.h          | 10 +++++-----
>   2 files changed, 12 insertions(+), 14 deletions(-)
> 
> diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S
> index 3dd22780b7ef..94f613b53b13 100644
> --- a/arch/x86/entry/vdso/vsgx_enter_enclave.S
> +++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S
> @@ -134,23 +134,21 @@ ENTRY(__vdso_sgx_enter_enclave)
>   	jmp	.Lhandle_exit
>   
>   .Linvoke_userspace_handler:
> +	/* Pass the untrusted RSP (at exit) to the callback via %rcx. */
> +	mov	%rsp, %rcx
> +
>   	/*
> -	 * Align stack per x86_64 ABI. Save the original %rsp in %rbx to be
> -	 * restored after the callback returns.  Note, %rsp needs to be 16-byte
> -	 * aligned _after_ pushing the three parameters on the stack.
> +	 * Align stack per x86_64 ABI. Note, %rsp needs to be 16-byte aligned
> +	 * _after_ pushing the three parameters on the stack.
>   	 */
> -	mov	%rsp, %rbx

Per x86_64 ABI, %rcx is _not_ preserved across function call. How are 
you going to restore the stack after callback returns?

>   	and	$-0x10, %rsp
>   	sub	$0x8, %rsp

Usually compilers would just use a 1-byte "push" instead of a 4-byte 
"sub" instruction here.

>   
> -	/* Push @e, u_rsp and @tcs as parameters to the callback. */
> +	/* Push @e, the "return" value and @tcs as params to the callback. */
>   	push	0x18(%rbp)
> -	push	%rbx
> +	push	%rax
>   	push	0x10(%rbp)
>   
> -	/* Pass the "return" value to the callback via %rcx. */
> -	mov	%eax, %ecx
> -
>   	/* Clear RFLAGS.DF per x86_64 ABI */
>   	cld
>   
> diff --git a/arch/x86/include/uapi/asm/sgx.h b/arch/x86/include/uapi/asm/sgx.h
> index 255392f5054f..95f69f938b58 100644
> --- a/arch/x86/include/uapi/asm/sgx.h
> +++ b/arch/x86/include/uapi/asm/sgx.h
> @@ -88,16 +88,16 @@ struct sgx_enclave_exception {
>    * @rdi:	RDI at the time of enclave exit
>    * @rsi:	RSI at the time of enclave exit
>    * @rdx:	RDX at the time of enclave exit
> - * @ret:	0 on success (EEXIT), -EFAULT on an exception
> + * @ursp:	RSP at the time of enclave exit (untrusted stack)
>    * @r8:		R8 at the time of enclave exit
>    * @r9:		R9 at the time of enclave exit
>    * @tcs:	Thread Control Structure used to enter enclave
> - * @ursp:	RSP at the time of enclave exit
> + * @ret:	0 on success (EEXIT), -EFAULT on an exception
>    * @e:		Pointer to struct sgx_enclave_exception (as provided by caller)
>    */
> -typedef int (*sgx_enclave_exit_handler_t)(long rdi, long rsi, long rdx, int ret,
> -					  long r8, long r9, void *tcs,
> -					  long ursp,
> +typedef int (*sgx_enclave_exit_handler_t)(long rdi, long rsi, long rdx,
> +					  long ursp, long r8, long r9,
> +					  void *tcs, int ret,
>   					  struct sgx_enclave_exception *e);
>   
>   #endif /* _UAPI_ASM_X86_SGX_H */
> 

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH for_v23 3/5] x86/vdso: sgx: Fix unwinder support
  2019-10-11  0:40 ` [PATCH for_v23 3/5] x86/vdso: sgx: Fix unwinder support Sean Christopherson
@ 2019-10-16 22:25   ` Xing, Cedric
  0 siblings, 0 replies; 12+ messages in thread
From: Xing, Cedric @ 2019-10-16 22:25 UTC (permalink / raw)
  To: Sean Christopherson, Jarkko Sakkinen; +Cc: linux-sgx



On 10/10/2019 5:40 PM, Sean Christopherson wrote:
> Relocate the .cfi_endproc directive to the RET that actually returns
> from the vDSO function.  During recent refactoring, it was inadvertantly
> left next to the RET used for the retpoline.
> 
> Reported-by: Cedric Xing <cedric.xing@intel.com>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> ---
>   arch/x86/entry/vdso/vsgx_enter_enclave.S | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S
> index b63091818df1..3dd22780b7ef 100644
> --- a/arch/x86/entry/vdso/vsgx_enter_enclave.S
> +++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S
> @@ -113,6 +113,7 @@ ENTRY(__vdso_sgx_enter_enclave)
>   	leave
>   	.cfi_def_cfa		%rsp, 8
>   	ret
> +	.cfi_endproc

As mentioned in my other email, the above won't work.

>   
>   .Linvalid_leaf:
>   	mov	$(-EINVAL), %eax
> @@ -176,7 +177,6 @@ ENTRY(__vdso_sgx_enter_enclave)
>   	jmp	1b
>   2:	mov	%rax, (%rsp)
>   	ret
> -	.cfi_endproc
>   
>   _ASM_VDSO_EXTABLE_HANDLE(.Lenclu_eenter_eresume, .Lhandle_exception)
>   
> 

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH for_v23 4/5] x86/vdso: sgx: Reorder params to callback to improve readability
  2019-10-16 22:24   ` Xing, Cedric
@ 2019-10-16 23:06     ` Sean Christopherson
  0 siblings, 0 replies; 12+ messages in thread
From: Sean Christopherson @ 2019-10-16 23:06 UTC (permalink / raw)
  To: Xing, Cedric; +Cc: Jarkko Sakkinen, linux-sgx

On Wed, Oct 16, 2019 at 03:24:54PM -0700, Xing, Cedric wrote:
> On 10/10/2019 5:40 PM, Sean Christopherson wrote:
> >Swap @ret and @ursp in the callback prototype so that the output from
> >the vDSO itself, @ret and @e, are grouped together.  Having the first
> >N parameters all share a type also makes the prototype easier to parse
> >by (some) humans.  And, passing @ursp via register saves one whole
> >MOV instruction!
> >
> >Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> >---
> >  arch/x86/entry/vdso/vsgx_enter_enclave.S | 16 +++++++---------
> >  arch/x86/include/uapi/asm/sgx.h          | 10 +++++-----
> >  2 files changed, 12 insertions(+), 14 deletions(-)
> >
> >diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S
> >index 3dd22780b7ef..94f613b53b13 100644
> >--- a/arch/x86/entry/vdso/vsgx_enter_enclave.S
> >+++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S
> >@@ -134,23 +134,21 @@ ENTRY(__vdso_sgx_enter_enclave)
> >  	jmp	.Lhandle_exit
> >  .Linvoke_userspace_handler:
> >+	/* Pass the untrusted RSP (at exit) to the callback via %rcx. */
> >+	mov	%rsp, %rcx
> >+
> >  	/*
> >-	 * Align stack per x86_64 ABI. Save the original %rsp in %rbx to be
> >-	 * restored after the callback returns.  Note, %rsp needs to be 16-byte
> >-	 * aligned _after_ pushing the three parameters on the stack.
> >+	 * Align stack per x86_64 ABI. Note, %rsp needs to be 16-byte aligned
> >+	 * _after_ pushing the three parameters on the stack.
> >  	 */
> >-	mov	%rsp, %rbx
> 
> Per x86_64 ABI, %rcx is _not_ preserved across function call. How are you
> going to restore the stack after callback returns?

Magic?

I completely spaced on restoring RSP, as evidenced by the fact that I
didn't even change the restoration code to use RCX.

> 
> >  	and	$-0x10, %rsp
> >  	sub	$0x8, %rsp
> 
> Usually compilers would just use a 1-byte "push" instead of a 4-byte "sub"
> instruction here.

Ah!  Took me a minute to understand 'N-byte' was referring to the opcode...

I'll update to use a push.

> 
> >-	/* Push @e, u_rsp and @tcs as parameters to the callback. */
> >+	/* Push @e, the "return" value and @tcs as params to the callback. */
> >  	push	0x18(%rbp)
> >-	push	%rbx
> >+	push	%rax
> >  	push	0x10(%rbp)
> >-	/* Pass the "return" value to the callback via %rcx. */
> >-	mov	%eax, %ecx
> >-
> >  	/* Clear RFLAGS.DF per x86_64 ABI */
> >  	cld
> >diff --git a/arch/x86/include/uapi/asm/sgx.h b/arch/x86/include/uapi/asm/sgx.h
> >index 255392f5054f..95f69f938b58 100644
> >--- a/arch/x86/include/uapi/asm/sgx.h
> >+++ b/arch/x86/include/uapi/asm/sgx.h
> >@@ -88,16 +88,16 @@ struct sgx_enclave_exception {
> >   * @rdi:	RDI at the time of enclave exit
> >   * @rsi:	RSI at the time of enclave exit
> >   * @rdx:	RDX at the time of enclave exit
> >- * @ret:	0 on success (EEXIT), -EFAULT on an exception
> >+ * @ursp:	RSP at the time of enclave exit (untrusted stack)
> >   * @r8:		R8 at the time of enclave exit
> >   * @r9:		R9 at the time of enclave exit
> >   * @tcs:	Thread Control Structure used to enter enclave
> >- * @ursp:	RSP at the time of enclave exit
> >+ * @ret:	0 on success (EEXIT), -EFAULT on an exception
> >   * @e:		Pointer to struct sgx_enclave_exception (as provided by caller)
> >   */
> >-typedef int (*sgx_enclave_exit_handler_t)(long rdi, long rsi, long rdx, int ret,
> >-					  long r8, long r9, void *tcs,
> >-					  long ursp,
> >+typedef int (*sgx_enclave_exit_handler_t)(long rdi, long rsi, long rdx,
> >+					  long ursp, long r8, long r9,
> >+					  void *tcs, int ret,
> >  					  struct sgx_enclave_exception *e);
> >  #endif /* _UAPI_ASM_X86_SGX_H */
> >

^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, back to index

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-11  0:40 [PATCH for_v23 0/5] x86/vdso: sgx: Bug fixes Sean Christopherson
2019-10-11  0:40 ` [PATCH for_v23 1/5] x86/vdso: sgx: Fix misaligned stack bug when invoking exit handler Sean Christopherson
2019-10-11  0:40 ` [PATCH for_v23 2/5] selftests/x86/sgx: Add check to verify exit handler stack alignment Sean Christopherson
2019-10-14 21:09   ` Jarkko Sakkinen
2019-10-14 21:14     ` Jarkko Sakkinen
2019-10-11  0:40 ` [PATCH for_v23 3/5] x86/vdso: sgx: Fix unwinder support Sean Christopherson
2019-10-16 22:25   ` Xing, Cedric
2019-10-11  0:40 ` [PATCH for_v23 4/5] x86/vdso: sgx: Reorder params to callback to improve readability Sean Christopherson
2019-10-16 22:24   ` Xing, Cedric
2019-10-16 23:06     ` Sean Christopherson
2019-10-11  0:40 ` [PATCH for_v23 5/5] selftests/x86/sgx: Update the callbacks function parameters Sean Christopherson
2019-10-14 21:27 ` [PATCH for_v23 0/5] x86/vdso: sgx: Bug fixes Jarkko Sakkinen

Linux-Sgx Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-sgx/0 linux-sgx/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-sgx linux-sgx/ https://lore.kernel.org/linux-sgx \
		linux-sgx@vger.kernel.org
	public-inbox-index linux-sgx

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-sgx


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git