Re: [RFC PATCH v2 0/3] An alternative __vdso_sgx_enter_enclave() to allow enclave/host parameter passing using untrusted stack

From: Xing, Cedric
Date: Thu Jul 11 2019 - 15:49:08 EST


On 7/11/2019 2:36 AM, Jarkko Sakkinen wrote:
On Wed, Jul 10, 2019 at 03:54:20PM -0700, Xing, Cedric wrote:
On 7/10/2019 3:46 PM, Jarkko Sakkinen wrote:
On Wed, Jul 10, 2019 at 11:08:37AM -0700, Xing, Cedric wrote:
With these conclusions I think the current vDSO API is sufficient for
Linux.

The new vDSO API is to support data exchange on stack. It has nothing to do
with debugging. BTW, the community has closed on this.

And how that is useful?

There is a lengthy discussion on its usefulness so I don't want to repeat.
In short, it allows using untrusted stack as a convenient method to exchange
data with the enclave. It is currently being used by Intel's SGX SDK for
e/o-calls parameters.

The CFI directives are for stack unwinding. They don't affect what the code
does so you can just treat them as NOPs if you don't understand what they
do. However, they are useful to not only debuggers but also exception
handling code. libunwind also has a setjmp()/longjmp() implementation based
on CFI directives.

Of course I won't merge code of which usefulness I don't understand.

Sure.

Any other questions I can help with?

I dissected my concerns in other email. We can merge this feature after
v21 if it makes sense.

Sent out v3 of vDSO changes last night. I hope your concerns have been properly addressed.

The new vDSO API is a community consensus. I can help on whatever technical problems you may have but I don't see a reason you should reject it.

/Jarkko