The x86 ENTER instruction leaks read/write page-fault counts into userspace

[rptb1]

Reported by @drj11 on the mps-discussion mailing list, https://mailman.ravenbrook.com/pipermail/mps-discussion/2024-August/000225.html says:

[The x86 ENTER instruction leaks read/write page-fault counts into userspace] because it's not restartable (!)

https://infosec.exchange/@jann/112983458910799814

I didn't work through all the details but the basics seem to be that if ENTER is used copy an overlapping region downwards on the stack (not its normal use), then restarting it is not idempotent, and the subsequent data can be inspected to count how many faults occurred.

[drj11]

Some additional thoughts:

1. this is a footnote in the userspace transparency documentation: this is a particular case where the MPS is not (or cannot) be transparent to memory accesses. It's CPU architectural and my understanding is that it's the same deal for all sorts of memory protection (including OS stacks / DLLs / and so on);

2. we wouldn't normally be in a situation where the mutator has a stack that crosses a page boundary, and have the MPS have different protection levels on those two pages.