• Sean Christopherson's avatar
    x86/traps: Attempt to fixup exceptions in vDSO before signaling · 334872a0
    Sean Christopherson authored
    vDSO functions can now leverage an exception fixup mechanism similar to
    kernel exception fixup.  For vDSO exception fixup, the initial user is
    Intel's Software Guard Extensions (SGX), which will wrap the low-level
    transitions to/from the enclave, i.e. EENTER and ERESUME instructions,
    in a vDSO function and leverage fixup to intercept exceptions that would
    otherwise generate a signal.  This allows the vDSO wrapper to return the
    fault information directly to its caller, obviating the need for SGX
    applications and libraries to juggle signal handlers.
    
    Attempt to fixup vDSO exceptions immediately prior to populating and
    sending signal information.  Except for the delivery mechanism, an
    exception in a vDSO function should be treated like any other exception
    in userspace, e.g. any fault that is successfully handled by the kernel
    should not be directly visible to userspace.
    
    Although it's debatable whether or not all exceptions are of interest to
    enclaves, defer to the vDSO fixup to decide whether to do fixup or
    generate a signal.  Future users of vDSO fixup, if there ever are any,
    will undoubtedly have different requirements than SGX enclaves, e.g. the
    fixup vs. signal logic can be made function specific if/when necessary.
    Suggested-by: default avatarAndy Lutomirski <luto@amacapital.net>
    Signed-off-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
    Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    Acked-by: default avatarJethro Beekman <jethro@fortanix.com>
    Link: https://lkml.kernel.org/r/20201112220135.165028-19-jarkko@kernel.org
    334872a0
fault.c 40.6 KB