Incomplete/unsafe signal handling with SGX1

[prp]

Background

With SGX1 enclaves, it is not possible to obtain information inside the enclave about #PF and #GP exceptions.

The current behaviour of OE is therefore to not deliver #PF and #GP exceptions to the enclave. This causes problems for applications running with SGX-LKL that need to register signal handlers for SIGSEGV to work correctly, e.g. the OpenJDK JVM.

Therefore the SGX-LKL OE branch contains a workaround that delivers #PF exceptions to the enclave, even though these exceptions cannot be validated by the enclave. Since this is an attack vector, SGX-LKL now has an enclave_config parameter unsafe_host_signals, which controls if this behaviour is permitted.

Open issues

• Currently, unsafe_host_signals has a default value of true, as otherwise all Java CI tests and tests that require SIGSEGV to be handled are broken. Due to its security implications, the default for unsafe_host_signals should be false.

• The current support for SIGSEGVs with unsafe_host_signals exposes the signal to the enclave but it does not relay the address that caused the page fault to the enclave. This results in unstable JVM execution (see Some Java DaCapo benchmarks fail with unhandled SIGSEGVs in hw mode #645). It is not clear if there is a way of obtaining the faulting address with SGX1.

• The OE patch for #PF exception support in the feature/sgx-lkl-support branch of OE is a workaround that cannot be upstreamed to master. It should be redesigned to find a more permanent solution for SGX1 exception handling.

(cc: @mikbras @davidchisnall @letmaik @paulcallen)

The first of these is p1, once this is done the remainder should be marked as p2.