| Message ID | cover.1555965327.git.cedric.xing@intel.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | An alternative __vdso_sgx_enter_enclave() to allow enclave/host parameter passing using untrusted stack | expand |
On Mon, Apr 22, 2019 at 01:42:56PM -0700, Cedric Xing wrote: > The current proposed __vdso_sgx_enter_enclave() requires enclaves to preserve > %rsp, which prohibits enclaves from allocating space on the untrusted stack. > However, there are existing enclaves (e.g. those built with current Intel SGX > SDK libraries) relying on the untrusted stack for passing parameters to > untrusted functions (aka. o-calls), which requires allocating space on the > untrusted stack by enclaves. And given its simplicity and convenience, it > could be desired by future SGX applications as well. > > This patchset introduces a new ABI for __vdso_sgx_enter_enclave() to anchor > its stack frame on %rbp (instead of %rsp), so as to allow enclaves to "push" > onto the untrusted stack by decrementing the untrusted %rsp. Additionally, > this new __vdso_sgx_enter_enclave() will take one more parameter - a callback > function, to be invoked upon all enclave exits (both AEX and normal exits). > The callback function will be given the value of %rsp left off by the > enclave, so that data "pushed" by the enclave (if any) could be > addressed/accessed. Please note that the callback function is optional, and > if not supplied (i.e. null), __vdso_sgx_enter_enclave() will just return > (i.e. behave the same as the current implementation) after the enclave exits > (or AEX due to exceptions). > > The SGX selftest is augmented to test out the new callback interface, and to > serve as a simple example to showcase how to use the callback interface in > practice. Please wrap your emails, or use an editor that will do it for you. 75 chars, plus or minus a few, is generally preferred. > Cedric Xing (3): > selftests/x86: Fixed Makefile for SGX selftest > x86/vdso: Modify __vdso_sgx_enter_enclave() to allow parameter passing > on untrusted stack > selftests/x86: Augment SGX selftest to test new > __vdso_sgx_enter_enclave() and its callback interface > > arch/x86/entry/vdso/vsgx_enter_enclave.S | 156 ++++++++++++--------- > arch/x86/include/uapi/asm/sgx.h | 14 +- > tools/testing/selftests/x86/Makefile | 12 +- > tools/testing/selftests/x86/sgx/Makefile | 45 +++--- > tools/testing/selftests/x86/sgx/main.c | 123 +++++++++++++--- > tools/testing/selftests/x86/sgx/sgx_call.S | 40 +++++- > 6 files changed, 264 insertions(+), 126 deletions(-) > > -- > 2.17.1 >
The current proposed __vdso_sgx_enter_enclave() requires enclaves to preserve %rsp, which prohibits enclaves from allocating space on the untrusted stack. However, there are existing enclaves (e.g. those built with current Intel SGX SDK libraries) relying on the untrusted stack for passing parameters to untrusted functions (aka. o-calls), which requires allocating space on the untrusted stack by enclaves. And given its simplicity and convenience, it could be desired by future SGX applications as well. This patchset introduces a new ABI for __vdso_sgx_enter_enclave() to anchor its stack frame on %rbp (instead of %rsp), so as to allow enclaves to "push" onto the untrusted stack by decrementing the untrusted %rsp. Additionally, this new __vdso_sgx_enter_enclave() will take one more parameter - a callback function, to be invoked upon all enclave exits (both AEX and normal exits). The callback function will be given the value of %rsp left off by the enclave, so that data "pushed" by the enclave (if any) could be addressed/accessed. Please note that the callback function is optional, and if not supplied (i.e. null), __vdso_sgx_enter_enclave() will just return (i.e. behave the same as the current implementation) after the enclave exits (or AEX due to exceptions). The SGX selftest is augmented to test out the new callback interface, and to serve as a simple example to showcase how to use the callback interface in practice. Cedric Xing (3): selftests/x86: Fixed Makefile for SGX selftest x86/vdso: Modify __vdso_sgx_enter_enclave() to allow parameter passing on untrusted stack selftests/x86: Augment SGX selftest to test new __vdso_sgx_enter_enclave() and its callback interface arch/x86/entry/vdso/vsgx_enter_enclave.S | 156 ++++++++++++--------- arch/x86/include/uapi/asm/sgx.h | 14 +- tools/testing/selftests/x86/Makefile | 12 +- tools/testing/selftests/x86/sgx/Makefile | 45 +++--- tools/testing/selftests/x86/sgx/main.c | 123 +++++++++++++--- tools/testing/selftests/x86/sgx/sgx_call.S | 40 +++++- 6 files changed, 264 insertions(+), 126 deletions(-)