Re: RFC: userspace exception fixups

From: Dave Hansen
Date: Tue Nov 06 2018 - 12:00:42 EST

Next message: Kalle Valo: "Re: [PATCH 07/20] iwlegacy: 4965-mac: mark expected switch fall-through"
Previous message: Kalle Valo: "Re: [PATCH 1/2] rtl8xxxu: Mark expected switch fall-throughs"
In reply to: Sean Christopherson: "Re: RFC: userspace exception fixups"
Next in thread: Jarkko Sakkinen: "Re: RFC: userspace exception fixups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/6/18 7:37 AM, Sean Christopherson wrote:
>
> void *sgx_alloc_untrusted_stack(size_t size)
> {
> struct sgx_encl_tls *tls = get_encl_tls();
> struct sgx_out_call_context *context;
> void *tmp;
>
> /* create a frame on the trusted stack to hold the out-call context */
> tls->trusted_stack -= sizeof(struct sgx_out_call_context);
>
> /* save the untrusted %RSP into the out-call context */
> context = (struct sgx_out_call_context *)tls->trusted_stack;
> context->untrusted_stack = tls->save_state_area[SSA_RSP];
>
> /* allocate space on the untrusted stack */
> tmp = (void *)(tls->save_state_area[SSA_RSP] - size);
> tls->save_state_area[SSA_RSP] = tmp;
>
> return tmp;
> }

Why does it bother to go to all the trouble of mucking with the
untrusted stack? It could *easily* just leave it alone and do out-calls
if it needs to allocate memory for parameter storage. Heck, that could
theoretically even be _on_ the stack if the untrusted runtime was being
clever.

The only downside would be that the untrusted runtime would have to keep
track of the space a bit more explicitly so it could be cleaned up if
the enclave didn't do it.

Next message: Kalle Valo: "Re: [PATCH 07/20] iwlegacy: 4965-mac: mark expected switch fall-through"
Previous message: Kalle Valo: "Re: [PATCH 1/2] rtl8xxxu: Mark expected switch fall-throughs"
In reply to: Sean Christopherson: "Re: RFC: userspace exception fixups"
Next in thread: Jarkko Sakkinen: "Re: RFC: userspace exception fixups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]