Regarding Intel TSX instruction set, it does not notify the OS if an sigsegv occurs but it just abort the transaction and roll back the operations done. What would imply notifying the OS of the sigsegv in term of the processor performances? Ideally would it be reasonable to modify the acting if the TSX in that sense?
Thanks very much,
What would imply notifying the OS of the sigsegv in term of the processor performances?
The issue is not one of performance, but semantics and correctness. You would have to commit the transaction (making all of its writes so far globally visible) before you could notify the OS, but that would break the isolation that TSX is giving you. You might have committed a transaction which would later abort, or exposed an incomplete state which shouldn't be globally visible.
This would be like arbitrarily dropping a lock surrounding a critical section on a pagefault inside the critical section...
Ideally would it be reasonable to modify the acting if the TSX in that sense?
For the reasons above the answer is "No, it would not be reasonable"
But wouldn't make sense just abort the transaction without committing it and in this moment notifying the OS?
No, because if the transaction aborts then it should have no effects at all. If the code in the transaction conceptually didn't execute, then it can't have caused a SEGV (or page-fault), so there is nothing to report.
I was thinking about an attacker trying to probe the memory location to find writable ones without causing an exception to the OS that may terminate the process he is using and uses TSX to do this silent probing. How can Intel TSX can be modified in order to avoid that?
Surely if you are already executing inside the process, you have complete control anyway, so this seems uninteresting. On Linux you could open /proc/self/maps and find out the whole of the process memory map!
However, I am not a security expert. If you have an attack, please report it and I can assure you it will be taken very seriously!
I am actually referring to the context of an Intel SGX enclave that is calling TSX instructions from inside it so it does not have access to the memory mapping and it wants to blindly probe memory locations to produce an ROP attack.
The whole procedure is described in the following paper: https://arxiv.org/abs/1902.03256
The main point is that we need to notify the OS when an segv occurs inside the transaction. In any case a transaction that is subject to a segmentation fault will be aborted and none of its actions will be committed so where is the problem in notifying the OS?
So you don't feel that you have been dropped... I am trying to find someone. It would also be useful if you could complete your profile so that we can communicate with you off-list.