Linux-Sgx Archive on lore.kernel.org
 help / color / Atom feed
From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Nathaniel McCallum <npmccallum@redhat.com>,
	Cedric Xing <cedric.xing@intel.com>,
	Jethro Beekman <jethro@fortanix.com>,
	Andy Lutomirski <luto@amacapital.net>,
	linux-sgx@vger.kernel.org
Subject: [PATCH for_v29 2/8] x86/sgx: vdso: Make the %rsp fixup on return from handler relative
Date: Wed, 18 Mar 2020 18:11:24 -0700
Message-ID: <20200319011130.8556-3-sean.j.christopherson@intel.com> (raw)
In-Reply-To: <20200319011130.8556-1-sean.j.christopherson@intel.com>

Modify the %rsp fixup after returning from the exit handler to be
relative instead of absolute to avoid clobbering any %rsp adjustments
made by the exit handler, e.g. if the exit handler modifies the stack
prior to re-entering the enclave.

Reported-by: Nathaniel McCallum <npmccallum@redhat.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---

I'm on the fence as to whether or not this is a good idea.  It's not super
painful, but it's not exactly standard/obvious code.  Part of me thinks
its a bug to not let the exit handler manipulate %rsp, the other part of
me thinks it's straight up crazy :-)

 arch/x86/entry/vdso/vsgx_enter_enclave.S | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S
index 22a22e0774d8..14f07d5e47ae 100644
--- a/arch/x86/entry/vdso/vsgx_enter_enclave.S
+++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S
@@ -137,8 +137,9 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave)
 	/* Pass the untrusted RSP (at exit) to the callback via %rcx. */
 	mov	%rsp, %rcx
 
-	/* Save the untrusted RSP in %rbx (non-volatile register). */
+	/* Save the untrusted RSP offset in %rbx (non-volatile register). */
 	mov	%rsp, %rbx
+	and	$0xf, %rbx
 
 	/*
 	 * Align stack per x86_64 ABI. Note, %rsp needs to be 16-byte aligned
@@ -159,8 +160,8 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave)
 	mov	0x20(%rbp), %rax
 	call	.Lretpoline
 
-	/* Restore %rsp to its post-exit value. */
-	mov	%rbx, %rsp
+	/* Undo the post-exit %rsp adjustment. */
+	lea	0x20(%rsp,%rbx), %rsp
 
 	/*
 	 * If the return from callback is zero or negative, return immediately,
-- 
2.24.1


  parent reply index

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-19  1:11 [PATCH for_v29 0/8] x86/sgx: Make vDSO callable from C Sean Christopherson
2020-03-19  1:11 ` [PATCH for_v29 1/8] x86/sgx: vdso: Remove an incorrect statement the enter enclave comment Sean Christopherson
2020-03-19 20:49   ` Jarkko Sakkinen
2020-03-19  1:11 ` Sean Christopherson [this message]
2020-03-20  2:39   ` [PATCH for_v29 2/8] x86/sgx: vdso: Make the %rsp fixup on return from handler relative Jarkko Sakkinen
2020-03-20  2:42     ` Jarkko Sakkinen
2020-03-19  1:11 ` [PATCH for_v29 3/8] x86/sgx: vdso: Make __vdso_sgx_enter_enclave() callable from C code Sean Christopherson
2020-03-19 20:03   ` Xing, Cedric
2020-03-19 20:11     ` Sean Christopherson
2020-03-20  3:07       ` Jarkko Sakkinen
2020-03-20 23:26         ` Sean Christopherson
2020-03-21  0:57           ` Jarkko Sakkinen
2020-03-19  1:11 ` [PATCH for_v29 4/8] x86/sgx: vdso: Define a typedef for __vdso_sgx_enter_enclave Sean Christopherson
2020-03-19  1:11 ` [PATCH for_v29 5/8] selftests/x86: sgx: Zero out @result before invoking vDSO sub-test Sean Christopherson
2020-03-19  1:11 ` [PATCH for_v29 6/8] selftests/x86: sgx: Pass EENTER to vDSO wrapper instead of hardcoding Sean Christopherson
2020-03-19  1:11 ` [PATCH for_v29 7/8] selftests/x86: sgx: Stop clobbering non-volatile registers Sean Christopherson
2020-03-19  1:11 ` [PATCH for_v29 8/8] selftests/x86: Add selftest to invoke __vsgx_enter_enclave() from C Sean Christopherson
2020-03-20  0:57 ` [PATCH for_v29 0/8] x86/sgx: Make vDSO callable " Jarkko Sakkinen
2020-03-20 23:25   ` Sean Christopherson
2020-03-21  0:55     ` Jarkko Sakkinen
2020-03-21 20:11       ` Sean Christopherson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200319011130.8556-3-sean.j.christopherson@intel.com \
    --to=sean.j.christopherson@intel.com \
    --cc=cedric.xing@intel.com \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=jethro@fortanix.com \
    --cc=linux-sgx@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=npmccallum@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Sgx Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-sgx/0 linux-sgx/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-sgx linux-sgx/ https://lore.kernel.org/linux-sgx \
		linux-sgx@vger.kernel.org
	public-inbox-index linux-sgx

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-sgx


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git