Mirrors/rust
1
0
Fork 0
mirror of https://github.com/rust-lang/rust.git synced 2026-06-02 06:28:20 +03:00
Code Issues Packages Projects Releases Wiki Activity

Prevent attacker from manipulating FPU tag word used in SGX enclave

Browse Source 
Insufficient sanitization of the x87 FPU tag word in the trusted enclave runtime allowed unprivileged adversaries in the containing host application to induce incoherent or unexpected results for ABI-compliant compiled enclave application code that uses the x87 FPU.

Vulnerability was disclosed to us by Fritz Alder, Jo Van Bulck, David Oswald and Frank Piessens
This commit is contained in:
Raoul Strackx
2020-06-17 18:07:12 +02:00
parent e55d3f9c52
commit daedb7920f
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/libstd/sys/sgx/abi/entry.S
+7
View File
@@ -177,6 +177,13 @@ sgx_entry:
jz .Lskip_debug_init
mov %r10,%gs:tcsls_debug_panic_buf_ptr
.Lskip_debug_init:
/* reset cpu state */
mov %rdx, %r10
mov $-1, %rax
mov $-1, %rdx
xrstor .Lxsave_clear(%rip)
mov %r10, %rdx
/* check if returning from usercall */
mov %gs:tcsls_last_rsp,%r11
test %r11,%r11