Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call
From: Jarkko Sakkinen
Date: Mon Sep 28 2020 - 16:43:09 EST
On Mon, Sep 28, 2020 at 05:44:35PM +0100, Andrew Cooper wrote:
> On 28/09/2020 01:58, Jarkko Sakkinen wrote:
> > On Fri, Sep 25, 2020 at 07:23:59PM +0100, Andrew Cooper wrote:
> >> On 15/09/2020 12:28, Jarkko Sakkinen wrote:
> >>> diff --git a/arch/x86/entry/vdso/vsgx_enter_enclave.S b/arch/x86/entry/vdso/vsgx_enter_enclave.S
> >>> new file mode 100644
> >>> index 000000000000..adbd59d41517
> >>> --- /dev/null
> >>> +++ b/arch/x86/entry/vdso/vsgx_enter_enclave.S
> >>> @@ -0,0 +1,157 @@
> >>> +SYM_FUNC_START(__vdso_sgx_enter_enclave)
> >>> <snip>
> >>> +.Lretpoline:
> >>> + call 2f
> >>> +1: pause
> >>> + lfence
> >>> + jmp 1b
> >>> +2: mov %rax, (%rsp)
> >>> + ret
> >> I hate to throw further spanners in the work, but this is not compatible
> >> with CET, and the user shadow stack work in progress.
> > CET goes beyond my expertise. Can you describe, at least rudimentary,
> > how this code is not compatible?
>
> CET Shadow Stacks detect attacks which modify the return address on the
> stack.
>
> Retpoline *is* a ROP gadget. It really does modify the return address
> on the stack, even if its purpose is defensive (vs Spectre v2) rather
> than malicious.
Aah. I get that, yes.
Kernel is full of retpoline but I presume that ring-0 does not use CET.
The situation with callback is follows: for a run-time the user_handler
by all practical means is always the same. There is ever only one user
handler that gets executed. I.e. the indirect callback will always lead
to the same thing. I wonder how much assets an adversary would get if
we just remove retpoline bits (not much thinking done yet on that).
/Jarkko