On 11/6/18 12:12 PM, Andy Lutomirski wrote:
> True, but what if we have a nasty enclave that writes to memory just
> below SP *before* decrementing SP?
Yeah, that would be unfortunate. If an enclave did this (roughly):
1. EENTER
2. Hardware sets eenter_hwframe->sp = %sp
3. Enclave runs... wants to do out-call
4. Enclave sets up parameters:
memcpy(&eenter_hwframe->sp[-offset], arg1, size);
...
5. Enclave sets eenter_hwframe->sp -= offset
If we got a signal between 4 and 5, we'd clobber the copy of 'arg1' that
was on the stack. The enclave could easily fix this by moving ->sp first.
But, this is one of those "fun" parts of the ABI that I think we need to
talk about. If we do this, we also basically require that the code
which handles asynchronous exits must *not* write to the stack. That's
not hard because it's typically just a single ERESUME instruction, but
it *is* a requirement.
It means fun stuff like that you absolutely can't just async-exit to C code.
